From 1f32b8bfc14ec9129156cae9a9398aa97548df74 Mon Sep 17 00:00:00 2001 From: Hung-ying Tyan Date: Fri, 26 Apr 2019 16:14:52 +0800 Subject: [PATCH 001/163] Sepolicy: add dynamic_system_prop and allow shell and system_app (Settings) to set it to enable Dynamic System Update. Also allow priv_app (user of the API) to read it. Bug: 119647479 Bug: 129060539 Test: run the following command on crosshatch-user: adb shell setprop persist.sys.fflag.override.settings_dynamic_system 1 Change-Id: I24a5382649c64d36fd05a59bc87faca87e6f0eb8 --- private/compat/28.0/28.0.ignore.cil | 1 + private/priv_app.te | 3 +++ private/property_contexts | 1 + private/system_app.te | 2 ++ public/property.te | 2 ++ public/shell.te | 2 ++ 6 files changed, 11 insertions(+) diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil index 644602b46..37fccb30d 100644 --- a/private/compat/28.0/28.0.ignore.cil +++ b/private/compat/28.0/28.0.ignore.cil @@ -47,6 +47,7 @@ device_config_sys_traced_prop dnsresolver_service dynamic_system_service + dynamic_system_prop face_service face_vendor_data_file fastbootd diff --git a/private/priv_app.te b/private/priv_app.te index c5251a9b7..ab3847b4c 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -162,6 +162,9 @@ allow priv_app incidentd:fifo_file { read write }; # profileable/debuggable. can_profile_heap(priv_app) +# Allow priv_apps to check whether Dynamic System Update is enabled +get_prop(priv_app, dynamic_system_prop) + # suppress denials for non-API accesses. dontaudit priv_app exec_type:file getattr; dontaudit priv_app device:dir read; diff --git a/private/property_contexts b/private/property_contexts index da09b8210..dd08c32ff 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -59,6 +59,7 @@ persist.mmc. u:object_r:mmc_prop:s0 persist.netd.stable_secret u:object_r:netd_stable_secret_prop:s0 persist.sys. u:object_r:system_prop:s0 persist.sys.safemode u:object_r:safemode_prop:s0 +persist.sys.fflag.override.settings_dynamic_system u:object_r:dynamic_system_prop:s0 ro.sys.safemode u:object_r:safemode_prop:s0 persist.sys.audit_safemode u:object_r:safemode_prop:s0 persist.service. u:object_r:system_prop:s0 diff --git a/private/system_app.te b/private/system_app.te index d71ef72e8..e8627151e 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -49,6 +49,8 @@ userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)') auditallow system_app net_radio_prop:property_service set; auditallow system_app system_radio_prop:property_service set; auditallow system_app exported_system_radio_prop:property_service set; +# Allow Settings to enable Dynamic System Update +set_prop(system_app, dynamic_system_prop) # ctl interface set_prop(system_app, ctl_default_prop) diff --git a/public/property.te b/public/property.te index a5b5e9514..8cb19fb86 100644 --- a/public/property.te +++ b/public/property.te @@ -43,6 +43,7 @@ type device_logging_prop, property_type; type dhcp_prop, property_type, core_property_type; type dumpstate_options_prop, property_type; type dumpstate_prop, property_type, core_property_type; +type dynamic_system_prop, property_type; type exported_secure_prop, property_type; type ffs_prop, property_type, core_property_type; type fingerprint_prop, property_type, core_property_type; @@ -423,6 +424,7 @@ compatible_property_only(` -device_config_runtime_native_prop -device_config_media_native_prop -device_config_sys_traced_prop + -dynamic_system_prop -gsid_prop -heapprofd_enabled_prop -heapprofd_prop diff --git a/public/shell.te b/public/shell.te index 42a19b038..56196c3d2 100644 --- a/public/shell.te +++ b/public/shell.te @@ -80,6 +80,8 @@ userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)') set_prop(shell, heapprofd_enabled_prop) # Allow shell to start/stop gsid via ctl.start|stop|restart gsid. set_prop(shell, ctl_gsid_prop) +# Allow shell to enable Dynamic System Update +set_prop(shell, dynamic_system_prop) userdebug_or_eng(` # "systrace --boot" support - allow boottrace service to run From 56dfc06397d1ac61f868be96ae3d518e96a93cc8 Mon Sep 17 00:00:00 2001 From: Roshan Pius Date: Thu, 25 Apr 2019 15:19:58 -0700 Subject: [PATCH 002/163] sepolicy: Remove offload HAL sepolicy rules This is unused currently & there are no concrete plans to use it in the future. Bug: 130080335 Test: Device boots up & connects to networks. Test: Will send for regression tests Change-Id: I785389bc2c934c8792c8f631362d6aa0298007af --- private/compat/26.0/26.0.cil | 4 ++++ private/compat/27.0/27.0.cil | 6 ++++++ private/compat/28.0/28.0.cil | 6 ++++++ private/hwservice_contexts | 1 - private/system_server.te | 1 - private/wificond.te | 1 - public/attributes | 1 - public/hal_wifi_offload.te | 8 -------- public/hwservice.te | 1 - public/su.te | 1 - vendor/file_contexts | 1 - vendor/hal_wifi_offload_default.te | 5 ----- 12 files changed, 16 insertions(+), 20 deletions(-) delete mode 100644 public/hal_wifi_offload.te delete mode 100644 vendor/hal_wifi_offload_default.te diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil index abd5fc33f..ba5b20e8f 100644 --- a/private/compat/26.0/26.0.cil +++ b/private/compat/26.0/26.0.cil @@ -2,11 +2,15 @@ (typeattribute hal_wifi_keystore) (typeattribute hal_wifi_keystore_client) (typeattribute hal_wifi_keystore_server) +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) ;; types removed from current policy (type untrusted_v2_app) (type asan_reboot_prop) (type commontime_management_service) +(type hal_wifi_offload_hwservice) (type log_device) (type mediacasserver_service) (type mediacodec) diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil index 09a01859d..c7e1f8e0a 100644 --- a/private/compat/27.0/27.0.cil +++ b/private/compat/27.0/27.0.cil @@ -1,5 +1,11 @@ +;; attributes removed from current policy +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) + ;; types removed from current policy (type commontime_management_service) +(type hal_wifi_offload_hwservice) (type mediacodec) (type mediacodec_exec) (type qtaguid_proc) diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil index a9c42df7f..8e3853fb2 100644 --- a/private/compat/28.0/28.0.cil +++ b/private/compat/28.0/28.0.cil @@ -1,3 +1,8 @@ +;; attributes removed from current policy +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) + ;; types removed from current policy (type alarm_device) (type audio_seq_device) @@ -5,6 +10,7 @@ (type commontime_management_service) (type cpuctl_device) (type full_device) +(type hal_wifi_offload_hwservice) (type i2c_device) (type kmem_device) (type mediacodec) diff --git a/private/hwservice_contexts b/private/hwservice_contexts index f3745a3a3..f69ac8b8f 100644 --- a/private/hwservice_contexts +++ b/private/hwservice_contexts @@ -69,7 +69,6 @@ android.hardware.vr::IVr u:object_r:hal_v android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0 android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0 android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0 -android.hardware.wifi.offload::IOffload u:object_r:hal_wifi_offload_hwservice:s0 android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0 android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0 android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0 diff --git a/private/system_server.te b/private/system_server.te index 53626329e..5c20c9839 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -232,7 +232,6 @@ hal_client_domain(system_server, hal_vr) hal_client_domain(system_server, hal_weaver) hal_client_domain(system_server, hal_wifi) hal_client_domain(system_server, hal_wifi_hostapd) -hal_client_domain(system_server, hal_wifi_offload) hal_client_domain(system_server, hal_wifi_supplicant) # Talk with graphics composer fences diff --git a/private/wificond.te b/private/wificond.te index cc7644745..5476e3385 100644 --- a/private/wificond.te +++ b/private/wificond.te @@ -1,4 +1,3 @@ typeattribute wificond coredomain; init_daemon_domain(wificond) -hal_client_domain(wificond, hal_wifi_offload) diff --git a/public/attributes b/public/attributes index 67979dafb..61a0914c3 100644 --- a/public/attributes +++ b/public/attributes @@ -293,7 +293,6 @@ hal_attribute(vr); hal_attribute(weaver); hal_attribute(wifi); hal_attribute(wifi_hostapd); -hal_attribute(wifi_offload); hal_attribute(wifi_supplicant); # HwBinder services offered across the core-vendor boundary diff --git a/public/hal_wifi_offload.te b/public/hal_wifi_offload.te deleted file mode 100644 index 765e72a82..000000000 --- a/public/hal_wifi_offload.te +++ /dev/null @@ -1,8 +0,0 @@ -## HwBinder IPC from client to server, and callbacks -binder_call(hal_wifi_offload_client, hal_wifi_offload_server) -binder_call(hal_wifi_offload_server, hal_wifi_offload_client) - -hal_attribute_hwservice(hal_wifi_offload, hal_wifi_offload_hwservice) - -r_dir_file(hal_wifi_offload, proc_net_type) -r_dir_file(hal_wifi_offload, sysfs_type) diff --git a/public/hwservice.te b/public/hwservice.te index 7425878db..60378a3cb 100644 --- a/public/hwservice.te +++ b/public/hwservice.te @@ -58,7 +58,6 @@ type hal_vr_hwservice, hwservice_manager_type; type hal_weaver_hwservice, hwservice_manager_type; type hal_wifi_hwservice, hwservice_manager_type; type hal_wifi_hostapd_hwservice, hwservice_manager_type; -type hal_wifi_offload_hwservice, hwservice_manager_type; type hal_wifi_supplicant_hwservice, hwservice_manager_type; type hidl_allocator_hwservice, hwservice_manager_type, coredomain_hwservice; type hidl_base_hwservice, hwservice_manager_type; diff --git a/public/su.te b/public/su.te index 346b1fe98..511a8394c 100644 --- a/public/su.te +++ b/public/su.te @@ -98,6 +98,5 @@ userdebug_or_eng(` typeattribute su hal_weaver_client; typeattribute su hal_wifi_client; typeattribute su hal_wifi_hostapd_client; - typeattribute su hal_wifi_offload_client; typeattribute su hal_wifi_supplicant_client; ') diff --git a/vendor/file_contexts b/vendor/file_contexts index 9da79f463..b73c65aef 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -58,7 +58,6 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi\.offload@1\.0-service u:object_r:hal_wifi_offload_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-lazy u:object_r:hal_wifi_default_exec:s0 /(vendor|system/vendor)/bin/hw/hostapd u:object_r:hal_wifi_hostapd_default_exec:s0 diff --git a/vendor/hal_wifi_offload_default.te b/vendor/hal_wifi_offload_default.te deleted file mode 100644 index 44bd3063b..000000000 --- a/vendor/hal_wifi_offload_default.te +++ /dev/null @@ -1,5 +0,0 @@ -type hal_wifi_offload_default, domain; -hal_server_domain(hal_wifi_offload_default, hal_wifi_offload) - -type hal_wifi_offload_default_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_wifi_offload_default) From 99902a175b62d242a40ab7957b284f667a03b424 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Mon, 13 May 2019 12:54:39 +0900 Subject: [PATCH 003/163] Don't use apexd when TARGET_FLATTEN_APEX == true /system/apex/com.android.runtime is labeled as runtime_apex_dir and init is allowed to mount on it. When TARGET_FLATTEN_APEX is true (= ro.apex.updatable is unset or set to false), apexd is not used to activate the built-in flattened APEXes. Init simply bind-mounts /system/apex to /apex. However, there is a special case here. The runtime APEX is installed as either /system/apex/com.android.runtime.debug or /system/apex/com.android.runtime.release, whereas it should be activated on /apex/com.android.runtime - without the .debug or .release suffix. To handle that case, the build system creates an empty directory /system/apex/com.android.runtime and the .debug or .release directory is bind-mounted to the empty directory by init at runtime. Bug: 132413565 Test: marlin is bootable Change-Id: I3fde5ff831429723fecd1fa5c10e44f636a63f09 --- private/compat/26.0/26.0.ignore.cil | 1 + private/compat/27.0/27.0.ignore.cil | 1 + private/compat/28.0/28.0.ignore.cil | 1 + private/file_contexts | 1 + public/file.te | 2 ++ public/init.te | 3 +++ 6 files changed, 9 insertions(+) diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index 3c6ba08b2..293d97d24 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -136,6 +136,7 @@ recovery_socket role_service runas_app + runtime_apex_dir runtime_service secure_element secure_element_device diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index 3b9bd52e0..fbc241ae8 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -123,6 +123,7 @@ recovery_socket role_service runas_app + runtime_apex_dir runtime_service secure_element secure_element_device diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil index d01bfe252..3b6d2c185 100644 --- a/private/compat/28.0/28.0.ignore.cil +++ b/private/compat/28.0/28.0.ignore.cil @@ -114,6 +114,7 @@ rss_hwm_reset_exec runas_app runas_app_tmpfs + runtime_apex_dir runtime_service sdcard_block_device sensor_privacy_service diff --git a/private/file_contexts b/private/file_contexts index c2f9e152d..dfeeb8a95 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -179,6 +179,7 @@ # System files # /system(/.*)? u:object_r:system_file:s0 +/system/apex/com.android.runtime u:object_r:runtime_apex_dir:s0 /system/lib(64)?(/.*)? u:object_r:system_lib_file:s0 /system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0 /system/bin/atrace u:object_r:atrace_exec:s0 diff --git a/public/file.te b/public/file.te index 53811e01f..c78ddd5b9 100644 --- a/public/file.te +++ b/public/file.te @@ -172,6 +172,8 @@ type vendor_cgroup_desc_file, vendor_file_type, file_type; type task_profiles_file, system_file_type, file_type; # Vendor task profiles file under /vendor/etc/task_profiles.json type vendor_task_profiles_file, vendor_file_type, file_type; +# Type for /system/apex/com.android.runtime +type runtime_apex_dir, system_file_type, file_type; # Default type for directories search for # HAL implementations diff --git a/public/init.te b/public/init.te index 5ceef721a..0536b73ed 100644 --- a/public/init.te +++ b/public/init.te @@ -92,6 +92,9 @@ allow init device:dir mounton; # Mount tmpfs on /apex allow init apex_mnt_dir:dir mounton; +# Bind-mount on /system/apex/com.android.runtime +allow init runtime_apex_dir:dir mounton; + # Create and remove symlinks in /. allow init rootfs:lnk_file { create unlink }; From 67cb30fabf50e3ce2f08e9edd4e14214c11571a4 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Thu, 1 Aug 2019 14:05:05 -0700 Subject: [PATCH 004/163] Add uce service to core policy. This service is requested by AOSP framework, but there is no context for it defined. Bug: 136023468 Test: N/A Change-Id: Ibc5b048aaa1c9eda7b9180caca92cb876c3f6b28 --- private/radio.te | 2 ++ private/service.te | 1 + private/service_contexts | 1 + 3 files changed, 4 insertions(+) diff --git a/private/radio.te b/private/radio.te index 9ac2cf17f..b6b7b8eac 100644 --- a/private/radio.te +++ b/private/radio.te @@ -6,3 +6,5 @@ read_runtime_log_tags(radio) # Telephony code contains time / time zone detection logic so it reads the associated properties. get_prop(radio, time_prop) + +allow radio uce_service:service_manager find; diff --git a/private/service.te b/private/service.te index a8ee19559..08133ed46 100644 --- a/private/service.te +++ b/private/service.te @@ -5,3 +5,4 @@ type gsi_service, service_manager_type; type incidentcompanion_service, system_api_service, system_server_service, service_manager_type; type stats_service, service_manager_type; type statscompanion_service, system_server_service, service_manager_type; +type uce_service, service_manager_type; diff --git a/private/service_contexts b/private/service_contexts index 4da89228a..e6d18b971 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -197,6 +197,7 @@ timezone u:object_r:timezone_service:s0 thermalservice u:object_r:thermal_service:s0 trust u:object_r:trust_service:s0 tv_input u:object_r:tv_input_service:s0 +uce u:object_r:uce_service:s0 uimode u:object_r:uimode_service:s0 updatelock u:object_r:updatelock_service:s0 uri_grants u:object_r:uri_grants_service:s0 From 9d9df06aff276bd8c77203c8303af2b83ba6ff43 Mon Sep 17 00:00:00 2001 From: Martin Stjernholm Date: Fri, 5 Jul 2019 22:55:06 +0100 Subject: [PATCH 005/163] Split off ART rules for new ART APEX. Test: Build & boot Bug: 135753770 Change-Id: Iab56f6b5bb7a59fbeaad214a64fbd959060574f4 --- ...ug-file_contexts => com.android.art.debug-file_contexts} | 1 - ...-file_contexts => com.android.art.release-file_contexts} | 1 - apex/com.android.runtime-file_contexts | 6 ++++++ private/file_contexts | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) rename apex/{com.android.runtime.debug-file_contexts => com.android.art.debug-file_contexts} (88%) rename apex/{com.android.runtime.release-file_contexts => com.android.art.release-file_contexts} (84%) create mode 100644 apex/com.android.runtime-file_contexts diff --git a/apex/com.android.runtime.debug-file_contexts b/apex/com.android.art.debug-file_contexts similarity index 88% rename from apex/com.android.runtime.debug-file_contexts rename to apex/com.android.art.debug-file_contexts index 642c61c7e..e90cea413 100644 --- a/apex/com.android.runtime.debug-file_contexts +++ b/apex/com.android.art.debug-file_contexts @@ -5,7 +5,6 @@ /bin/dex2oat(d)? u:object_r:dex2oat_exec:s0 /bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0 /bin/profman(d)? u:object_r:profman_exec:s0 -/bin/linker(64)? u:object_r:system_linker_exec:s0 /lib(64)?(/.*)? u:object_r:system_lib_file:s0 /bin/art_preinstall_hook(.*)? u:object_r:art_apex_preinstall_exec:s0 /bin/art_postinstall_hook(.*)? u:object_r:art_apex_postinstall_exec:s0 diff --git a/apex/com.android.runtime.release-file_contexts b/apex/com.android.art.release-file_contexts similarity index 84% rename from apex/com.android.runtime.release-file_contexts rename to apex/com.android.art.release-file_contexts index 29c5c1fe0..08688fbc6 100644 --- a/apex/com.android.runtime.release-file_contexts +++ b/apex/com.android.art.release-file_contexts @@ -5,5 +5,4 @@ /bin/dex2oat u:object_r:dex2oat_exec:s0 /bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0 /bin/profman u:object_r:profman_exec:s0 -/bin/linker(64)? u:object_r:system_linker_exec:s0 /lib(64)?(/.*)? u:object_r:system_lib_file:s0 diff --git a/apex/com.android.runtime-file_contexts b/apex/com.android.runtime-file_contexts new file mode 100644 index 000000000..7878b20ac --- /dev/null +++ b/apex/com.android.runtime-file_contexts @@ -0,0 +1,6 @@ +############################# +# System files +# +(/.*)? u:object_r:system_file:s0 +/bin/linker(64)? u:object_r:system_linker_exec:s0 +/lib(64)?(/.*)? u:object_r:system_lib_file:s0 diff --git a/private/file_contexts b/private/file_contexts index 0a18fc34e..255454fac 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -180,7 +180,7 @@ # System files # /system(/.*)? u:object_r:system_file:s0 -/system/apex/com.android.runtime u:object_r:runtime_apex_dir:s0 +/system/apex/com.android.art u:object_r:runtime_apex_dir:s0 /system/lib(64)?(/.*)? u:object_r:system_lib_file:s0 /system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0 /system/bin/atrace u:object_r:atrace_exec:s0 From 1f6eda4111a8114df013dcf5c0d2f09c64feaa89 Mon Sep 17 00:00:00 2001 From: Mathieu Chartier Date: Fri, 30 Aug 2019 10:11:18 -0700 Subject: [PATCH 006/163] Remove ability to set profilebootimage and profilesystemserver These properties should no longer be specified in the vendor rom. Bug: 139883463 Test: manual Change-Id: I510c917fa3c60dcbd3f104ebe619f34c69c821e6 --- public/property_contexts | 2 -- 1 file changed, 2 deletions(-) diff --git a/public/property_contexts b/public/property_contexts index 5a8b2f503..e88d94b9a 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -61,8 +61,6 @@ dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.profilebootimage u:object_r:exported_dalvik_prop:s0 exact bool dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int From 580375c923d422ebf40264b0649a08488fde320c Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Thu, 22 Aug 2019 00:04:50 +0900 Subject: [PATCH 007/163] Access to HALs from untrusted apps is blacklist-based Before this change, access to HALs from untrusted apps was prohibited except for the whitelisted ones like the gralloc HAL, the renderscript HAL, etc. As a result, any HAL that is added by partners can't be accessed from apps. This sometimes is a big restriction for them when they want to access their own HALs in the same-process HALs running in apps. Although this is a vendor-to-vendor communication and thus is not a Treble violation, that was not allowed because their HALs are not in the whitelist in AOSP. This change fixes the problem by doing the access control in the opposite way; access to HALs are restricted only for the blacklisted ones. All the hwservice context that were not in the whitelist are now put to blacklist. This change also removes the neverallow rule for the binder access to the halserverdomain types. This is not needed as the protected hwservices living in the HAL processes are already not accessible; we have a neverallow rule for preventing hwservice_manager from finding those protected hwservices from untrusted apps. Bug: 139645938 Test: m Change-Id: I1e63c11143f56217eeec05e2288ae7c91e5fe585 --- private/app_neverallows.te | 58 ++-------------- public/attributes | 3 + public/hwservice.te | 139 +++++++++++++++++++++---------------- 3 files changed, 86 insertions(+), 114 deletions(-) diff --git a/private/app_neverallows.te b/private/app_neverallows.te index 05ec95cc0..e5c6aee2c 100644 --- a/private/app_neverallows.te +++ b/private/app_neverallows.te @@ -205,11 +205,11 @@ neverallow all_untrusted_apps system_file:file lock; # other than find actions for services listed below neverallow all_untrusted_apps *:hwservice_manager ~find; -# Do not permit access from apps which host arbitrary code to HwBinder services, -# except those considered sufficiently safe for access from such apps. +# Do not permit access from apps which host arbitrary code to the protected HwBinder +# services. # The two main reasons for this are: -# 1. HwBinder servers do not perform client authentication because HIDL -# currently does not expose caller UID information and, even if it did, many +# 1. Protected HwBinder servers do not perform client authentication because HIDL +# currently does not expose caller UID information and, even if it did, those # HwBinder services either operate at a level below that of apps (e.g., HALs) # or must not rely on app identity for authorization. Thus, to be safe, the # default assumption is that every HwBinder service treats all its clients as @@ -218,37 +218,7 @@ neverallow all_untrusted_apps *:hwservice_manager ~find; # incidence rate of security issues than system/core components and have # access to lower layes of the stack (all the way down to hardware) thus # increasing opportunities for bypassing the Android security model. -# -# Safe services include: -# - same process services: because they by definition run in the process -# of the client and thus have the same access as the client domain in which -# the process runs -# - coredomain_hwservice: are considered safe because they do not pose risks -# associated with reason #2 above. -# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been -# designed for use by any domain. -# - hal_graphics_allocator_hwservice: because these operations are also offered -# by surfaceflinger Binder service, which apps are permitted to access -# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec -# Binder service which apps were permitted to access. -# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice. -neverallow all_untrusted_apps { - hwservice_manager_type - -fwk_bufferhub_hwservice - -hal_cas_hwservice - -hal_codec2_hwservice - -hal_configstore_ISurfaceFlingerConfigs - -hal_graphics_allocator_hwservice - -hal_graphics_mapper_hwservice - -hal_neuralnetworks_hwservice - -hal_omx_hwservice - -hal_renderscript_hwservice - -hidl_allocator_hwservice - -hidl_manager_hwservice - -hidl_memory_hwservice - -hidl_token_hwservice - -untrusted_app_visible_hwservice_violators -}:hwservice_manager find; +neverallow all_untrusted_apps protected_hwservice:hwservice_manager find; neverallow all_untrusted_apps { vendor_service @@ -257,24 +227,6 @@ neverallow all_untrusted_apps { # SELinux is not an API for untrusted apps to use neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms; -# Restrict *Binder access from apps to HAL domains. We can only do this on full -# Treble devices where *Binder communications between apps and HALs are tightly -# restricted. -full_treble_only(` - neverallow all_untrusted_apps { - halserverdomain - -coredomain - -hal_cas_server - -hal_codec2_server - -hal_configstore_server - -hal_graphics_allocator_server - -hal_neuralnetworks_server - -hal_omx_server - -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone - -untrusted_app_visible_halserver_violators - }:binder { call transfer }; -') - # Access to /proc/tty/drivers, to allow apps to determine if they # are running in an emulated environment. # b/33214085 b/33814662 b/33791054 b/33211769 diff --git a/public/attributes b/public/attributes index 3bf04cf5f..62ccd4a26 100644 --- a/public/attributes +++ b/public/attributes @@ -120,6 +120,9 @@ attribute same_process_hwservice; # All HwBinder services guaranteed to be offered only by core domain components attribute coredomain_hwservice; +# All HwBinder services that untrusted apps can't directly access +attribute protected_hwservice; + # All types used for services managed by vndservicemanager attribute vndservice_manager_type; diff --git a/public/hwservice.te b/public/hwservice.te index 7d395d95f..b86dcd734 100644 --- a/public/hwservice.te +++ b/public/hwservice.te @@ -1,77 +1,94 @@ -type default_android_hwservice, hwservice_manager_type; +# hwservice types. By default most of the HALs are protected_hwservice, which means +# access from untrusted apps is prohibited. +type default_android_hwservice, hwservice_manager_type, protected_hwservice; +type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type hal_atrace_hwservice, hwservice_manager_type, protected_hwservice; +type hal_audio_hwservice, hwservice_manager_type, protected_hwservice; +type hal_audiocontrol_hwservice, hwservice_manager_type, protected_hwservice; +type hal_authsecret_hwservice, hwservice_manager_type, protected_hwservice; +type hal_bluetooth_hwservice, hwservice_manager_type, protected_hwservice; +type hal_bootctl_hwservice, hwservice_manager_type, protected_hwservice; +type hal_broadcastradio_hwservice, hwservice_manager_type, protected_hwservice; +type hal_camera_hwservice, hwservice_manager_type, protected_hwservice; +type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice; +type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice; +type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice; +type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice; +type hal_drm_hwservice, hwservice_manager_type, protected_hwservice; +type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice; +type hal_evs_hwservice, hwservice_manager_type, protected_hwservice; +type hal_face_hwservice, hwservice_manager_type, protected_hwservice; +type hal_fingerprint_hwservice, hwservice_manager_type, protected_hwservice; +type hal_gatekeeper_hwservice, hwservice_manager_type, protected_hwservice; +type hal_gnss_hwservice, hwservice_manager_type, protected_hwservice; +type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice; +type hal_health_hwservice, hwservice_manager_type, protected_hwservice; +type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice; +type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice; +type hal_ir_hwservice, hwservice_manager_type, protected_hwservice; +type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice; +type hal_light_hwservice, hwservice_manager_type, protected_hwservice; +type hal_lowpan_hwservice, hwservice_manager_type, protected_hwservice; +type hal_memtrack_hwservice, hwservice_manager_type, protected_hwservice; +type hal_nfc_hwservice, hwservice_manager_type, protected_hwservice; +type hal_oemlock_hwservice, hwservice_manager_type, protected_hwservice; +type hal_power_hwservice, hwservice_manager_type, protected_hwservice; +type hal_power_stats_hwservice, hwservice_manager_type, protected_hwservice; +type hal_secure_element_hwservice, hwservice_manager_type, protected_hwservice; +type hal_sensors_hwservice, hwservice_manager_type, protected_hwservice; +type hal_telephony_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tetheroffload_hwservice, hwservice_manager_type, protected_hwservice; +type hal_thermal_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_cec_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_input_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_tuner_hwservice, hwservice_manager_type, protected_hwservice; +type hal_usb_gadget_hwservice, hwservice_manager_type, protected_hwservice; +type hal_usb_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vehicle_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vibrator_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vr_hwservice, hwservice_manager_type, protected_hwservice; +type hal_weaver_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_hostapd_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_supplicant_hwservice, hwservice_manager_type, protected_hwservice; +type system_ashmem_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type thermalcallback_hwservice, hwservice_manager_type, protected_hwservice; + +# Following is the hwservices that are explicitly not marked with protected_hwservice. +# These are directly accessible from untrusted apps. +# - same process services: because they by definition run in the process +# of the client and thus have the same access as the client domain in which +# the process runs +# - coredomain_hwservice: are considered safer than ordinary hwservices which +# are from vendor partition +# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been +# designed for use by any domain. +# - hal_graphics_allocator_hwservice: because these operations are also offered +# by surfaceflinger Binder service, which apps are permitted to access +# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec +# Binder service which apps were permitted to access. +# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice. type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice; -type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice; -type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice; -type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice; -type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice; -type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice; -type hal_atrace_hwservice, hwservice_manager_type; -type hal_audiocontrol_hwservice, hwservice_manager_type; -type hal_audio_hwservice, hwservice_manager_type; -type hal_authsecret_hwservice, hwservice_manager_type; -type hal_bluetooth_hwservice, hwservice_manager_type; -type hal_bootctl_hwservice, hwservice_manager_type; -type hal_broadcastradio_hwservice, hwservice_manager_type; -type hal_camera_hwservice, hwservice_manager_type; -type hal_can_bus_hwservice, hwservice_manager_type; -type hal_can_controller_hwservice, hwservice_manager_type; +type hal_cas_hwservice, hwservice_manager_type; type hal_codec2_hwservice, hwservice_manager_type; type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type; -type hal_confirmationui_hwservice, hwservice_manager_type; -type hal_contexthub_hwservice, hwservice_manager_type; -type hal_drm_hwservice, hwservice_manager_type; -type hal_cas_hwservice, hwservice_manager_type; -type hal_dumpstate_hwservice, hwservice_manager_type; -type hal_evs_hwservice, hwservice_manager_type; -type hal_face_hwservice, hwservice_manager_type; -type hal_fingerprint_hwservice, hwservice_manager_type; -type hal_gatekeeper_hwservice, hwservice_manager_type; -type hal_gnss_hwservice, hwservice_manager_type; type hal_graphics_allocator_hwservice, hwservice_manager_type; -type hal_graphics_composer_hwservice, hwservice_manager_type; type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice; -type hal_health_hwservice, hwservice_manager_type; -type hal_health_storage_hwservice, hwservice_manager_type; -type hal_input_classifier_hwservice, hwservice_manager_type; -type hal_ir_hwservice, hwservice_manager_type; -type hal_keymaster_hwservice, hwservice_manager_type; -type hal_light_hwservice, hwservice_manager_type; -type hal_lowpan_hwservice, hwservice_manager_type; -type hal_memtrack_hwservice, hwservice_manager_type; type hal_neuralnetworks_hwservice, hwservice_manager_type; -type hal_nfc_hwservice, hwservice_manager_type; -type hal_oemlock_hwservice, hwservice_manager_type; type hal_omx_hwservice, hwservice_manager_type; -type hal_power_hwservice, hwservice_manager_type; -type hal_power_stats_hwservice, hwservice_manager_type; type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice; -type hal_secure_element_hwservice, hwservice_manager_type; -type hal_sensors_hwservice, hwservice_manager_type; -type hal_telephony_hwservice, hwservice_manager_type; -type hal_tetheroffload_hwservice, hwservice_manager_type; -type hal_thermal_hwservice, hwservice_manager_type; -type hal_tv_cec_hwservice, hwservice_manager_type; -type hal_tv_input_hwservice, hwservice_manager_type; -type hal_tv_tuner_hwservice, hwservice_manager_type; -type hal_usb_hwservice, hwservice_manager_type; -type hal_usb_gadget_hwservice, hwservice_manager_type; -type hal_vehicle_hwservice, hwservice_manager_type; -type hal_vibrator_hwservice, hwservice_manager_type; -type hal_vr_hwservice, hwservice_manager_type; -type hal_weaver_hwservice, hwservice_manager_type; -type hal_wifi_hwservice, hwservice_manager_type; -type hal_wifi_hostapd_hwservice, hwservice_manager_type; -type hal_wifi_supplicant_hwservice, hwservice_manager_type; type hidl_allocator_hwservice, hwservice_manager_type, coredomain_hwservice; type hidl_base_hwservice, hwservice_manager_type; type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice; type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice; type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice; -type system_ashmem_hwservice, hwservice_manager_type, coredomain_hwservice; -type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice; -type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice; -type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice; -type thermalcallback_hwservice, hwservice_manager_type; ### ### Neverallow rules From 98797d7dbed288da30c6d9aadfec8367cf57612c Mon Sep 17 00:00:00 2001 From: Steven Thomas Date: Wed, 28 Aug 2019 17:03:21 -0700 Subject: [PATCH 008/163] Allow access to the "refresh_rate_switching" system property Bug: 136592946 Bug: 138261472 Test: Ran with the patch applied, confirmed surface flinger can access the system property. Change-Id: I259a488399c5e698de384322852ea81ea1a96e7d Exempt-From-Owner-Approval: Approved internally --- public/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/public/property_contexts b/public/property_contexts index 5a8b2f503..e626328fc 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -404,3 +404,4 @@ ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool From 6cf715b5fa020376a4945155f0bb30e020dec52c Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Tue, 16 Jul 2019 14:57:41 -0700 Subject: [PATCH 009/163] Allow apps to access hal_drm Bug: 134787536 Bug: 139315093 Test: MediaDrmClearkeyTest#testClearKeyPlaybackCenc Change-Id: I931ccdfa3b78c7210f9f94e94b48d2d6908a371d --- private/technical_debt.cil | 4 ++++ public/hwservice.te | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/private/technical_debt.cil b/private/technical_debt.cil index 289f69e20..fdcd0a332 100644 --- a/private/technical_debt.cil +++ b/private/technical_debt.cil @@ -20,6 +20,10 @@ ; Unfortunately, we can't currently express this in module policy language: (typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app)))))) +; Apps, except isolated apps, are clients of Drm-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_drm_client ((and (appdomain) ((not (isolated_app)))))) + ; Apps, except isolated apps, are clients of Configstore HAL ; Unfortunately, we can't currently express this in module policy language: ; typeattribute { appdomain -isolated_app } hal_configstore_client; diff --git a/public/hwservice.te b/public/hwservice.te index b86dcd734..7b7a4c83d 100644 --- a/public/hwservice.te +++ b/public/hwservice.te @@ -18,7 +18,6 @@ type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice; type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice; type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice; type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice; -type hal_drm_hwservice, hwservice_manager_type, protected_hwservice; type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice; type hal_evs_hwservice, hwservice_manager_type, protected_hwservice; type hal_face_hwservice, hwservice_manager_type, protected_hwservice; @@ -75,10 +74,13 @@ type thermalcallback_hwservice, hwservice_manager_type, protected_hwservice; # - hal_omx_hwservice: because this is a HwBinder version of the mediacodec # Binder service which apps were permitted to access. # - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice. +# - hal_drm_hwservice: versions > API 29 are designed specifically with +# untrusted app access in mind. type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice; type hal_cas_hwservice, hwservice_manager_type; type hal_codec2_hwservice, hwservice_manager_type; type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type; +type hal_drm_hwservice, hwservice_manager_type; type hal_graphics_allocator_hwservice, hwservice_manager_type; type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice; type hal_neuralnetworks_hwservice, hwservice_manager_type; From 3be11e7abb8f4fd651295f9ccb0ce087855c1cc0 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Thu, 26 Sep 2019 15:14:55 +0900 Subject: [PATCH 010/163] Add BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW A new sysprop neverallow rules are mandatory only for devices launching with R or later. For devices already launched, neverallow rules can be relaxed with adding following line to BoardConfig.mk: BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true Bug: 131162102 Test: Set PRODUCT_SHIPPING_API_LEVEL := 30 and try building with changing some system_public_prop to system_internal_prop Test: m cts sepolicy_tests Change-Id: Id978b4d81a8683a57304bb639961105e2d91fa9a --- Android.mk | 25 +++++++++++++++ definitions.mk | 1 + public/property.te | 4 +-- public/te_macros | 76 ++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 98 insertions(+), 8 deletions(-) diff --git a/Android.mk b/Android.mk index 5f35f53dd..a2a65da46 100644 --- a/Android.mk +++ b/Android.mk @@ -193,6 +193,19 @@ ifeq ($(NATIVE_COVERAGE),true) with_native_coverage := true endif +treble_sysprop_neverallow := true +ifeq ($(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW),true) + treble_sysprop_neverallow := false +endif + +ifeq ($(PRODUCT_SHIPPING_API_LEVEL),) + #$(warning no product shipping level defined) +else ifneq ($(call math_lt,29,$(PRODUCT_SHIPPING_API_LEVEL)),) + ifneq ($(BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW),) + $(error BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW cannot be set on a device shipping with R or later, and this is tested by CTS.) + endif +endif + # Library extension for host-side tests ifeq ($(HOST_OS),darwin) SHAREDLIB_EXT=dylib @@ -484,6 +497,7 @@ $(reqd_policy_mask.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_cove $(reqd_policy_mask.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(reqd_policy_mask.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT) $(reqd_policy_mask.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(reqd_policy_mask.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(reqd_policy_mask.conf): PRIVATE_POLICY_FILES := $(policy_files) $(reqd_policy_mask.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -529,6 +543,7 @@ $(pub_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage) $(pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT) $(pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(pub_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -586,6 +601,7 @@ $(plat_pub_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_cover $(plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT) $(plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(plat_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(plat_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(plat_pub_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -627,6 +643,7 @@ $(plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage) $(plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT) $(plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(plat_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -672,6 +689,7 @@ $(userdebug_plat_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native $(userdebug_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(userdebug_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT) $(userdebug_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(userdebug_plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(userdebug_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(userdebug_plat_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -774,6 +792,7 @@ $(product_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_covera $(product_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(product_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT) $(product_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(product_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(product_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(product_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -946,6 +965,7 @@ $(vendor_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverag $(vendor_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(vendor_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT) $(vendor_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(vendor_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(vendor_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(vendor_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -1001,6 +1021,7 @@ $(odm_policy.conf): PRIVATE_TGT_WITH_NATIVE_COVERAGE := $(with_native_coverage) $(odm_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(odm_policy.conf): PRIVATE_SEPOLICY_SPLIT := $(PRODUCT_SEPOLICY_SPLIT) $(odm_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(odm_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(odm_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(odm_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -1327,6 +1348,7 @@ $(LOCAL_BUILT_MODULE): PRIVATE_TGT_ARCH := $(my_target_arch) $(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts $(LOCAL_BUILT_MODULE): PRIVATE_COMPATIBLE_PROPERTY := cts +$(LOCAL_BUILT_MODULE): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := cts $(LOCAL_BUILT_MODULE): PRIVATE_EXCLUDE_BUILD_TEST := true $(LOCAL_BUILT_MODULE): PRIVATE_POLICY_FILES := $(policy_files) $(LOCAL_BUILT_MODULE): $(policy_files) $(M4) @@ -1535,6 +1557,7 @@ $(base_plat_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan) $(base_plat_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(base_plat_policy.conf): PRIVATE_SEPOLICY_SPLIT := true $(base_plat_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(base_plat_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(base_plat_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(base_plat_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -1565,6 +1588,7 @@ $(base_plat_pub_policy.conf): PRIVATE_TGT_WITH_ASAN := $(with_asan) $(base_plat_pub_policy.conf): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS) $(base_plat_pub_policy.conf): PRIVATE_SEPOLICY_SPLIT := true $(base_plat_pub_policy.conf): PRIVATE_COMPATIBLE_PROPERTY := $(PRODUCT_COMPATIBLE_PROPERTY) +$(base_plat_pub_policy.conf): PRIVATE_TREBLE_SYSPROP_NEVERALLOW := $(treble_sysprop_neverallow) $(base_plat_pub_policy.conf): PRIVATE_POLICY_FILES := $(policy_files) $(base_plat_pub_policy.conf): $(policy_files) $(M4) $(transform-policy-to-conf) @@ -1663,6 +1687,7 @@ built_sepolicy_neverallows := built_plat_svc := built_vendor_svc := built_plat_sepolicy := +treble_sysprop_neverallow := mapping_policy := my_target_arch := pub_policy.cil := diff --git a/definitions.mk b/definitions.mk index 1a7d06efa..6bb4f249d 100644 --- a/definitions.mk +++ b/definitions.mk @@ -11,6 +11,7 @@ $(hide) $(M4) --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \ -D target_with_native_coverage=$(PRIVATE_TGT_WITH_NATIVE_COVERAGE) \ -D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \ -D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \ + -D target_treble_sysprop_neverallow=$(PRIVATE_TREBLE_SYSPROP_NEVERALLOW) \ -D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \ $(PRIVATE_TGT_RECOVERY) \ -s $(PRIVATE_POLICY_FILES) > $@ diff --git a/public/property.te b/public/property.te index 10be0baba..f82ab8956 100644 --- a/public/property.te +++ b/public/property.te @@ -140,10 +140,10 @@ allow property_type tmpfs:filesystem associate; ### Neverallow rules ### -compatible_property_only(` +treble_sysprop_neverallow(` # TODO(b/131162102): uncomment these after assigning ownership attributes to all properties -# neverallow * { +# neverallow domain { # property_type # -system_property_type # -product_property_type diff --git a/public/te_macros b/public/te_macros index cb0ebd1a0..b97a6bb7a 100644 --- a/public/te_macros +++ b/public/te_macros @@ -724,6 +724,28 @@ define(`dump_hal', ` allow $1_server dumpstate:fd use; ') +##################################### +# treble_sysprop_neverallow(rules) +# SELinux neverallow rules which enforces the owner of each property and accessibility +# outside the owner. +# +# For devices launching with R or later, all properties must be explicitly marked as one of: +# system_property_type, vendor_property_type, or product_property_type. +# Also, exported properties must be explicitly marked as "restricted" or "public", +# depending on the accessibility outside the owner. +# For devices launching with Q or eariler, this neverallow rules can be relaxed with defining +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true on device.mk. +# See {partition}_{accessibility}_prop macros below. +# +# CTS uses these rules only for devices launching with R or later. +# +define(`treble_sysprop_neverallow', ifelse(target_treble_sysprop_neverallow, `true', $1, +ifelse(target_treble_sysprop_neverallow, `cts', +# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify +$1 +# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify +, ))) + ########################################### # define_prop(name, owner, scope) # Define a property with given owner and scope @@ -735,14 +757,28 @@ define(`define_prop', ` ########################################### # system_internal_prop(name) # Define a /system-owned property used only in /system +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true # -define(`system_internal_prop', `define_prop($1, system, internal)') +define(`system_internal_prop', ` + define_prop($1, system, internal) + treble_sysprop_neverallow(` + neverallow {domain -coredomain} $1:file no_rw_file_perms; + ') +') ########################################### # system_restricted_prop(name) # Define a /system-owned property which can't be written outside /system +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true # -define(`system_restricted_prop', `define_prop($1, system, restricted)') +define(`system_restricted_prop', ` + define_prop($1, system, restricted) + treble_sysprop_neverallow(` + neverallow {domain -coredomain} $1:property_service set; + ') +') ########################################### # system_public_prop(name) @@ -753,14 +789,28 @@ define(`system_public_prop', `define_prop($1, system, public)') ########################################### # product_internal_prop(name) # Define a /product-owned property used only in /product +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true # -define(`product_internal_prop', `define_prop($1, product, internal)') +define(`product_internal_prop', ` + define_prop($1, product, internal) + treble_sysprop_neverallow(` + neverallow {domain -coredomain} $1:file no_rw_file_perms; + ') +') ########################################### # product_restricted_prop(name) # Define a /product-owned property which can't be written outside /product +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true # -define(`product_restricted_prop', `define_prop($1, product, restricted)') +define(`product_restricted_prop', ` + define_prop($1, product, restricted) + treble_sysprop_neverallow(` + neverallow {domain -coredomain} $1:property_service set; + ') +') ########################################### # product_public_prop(name) @@ -771,14 +821,28 @@ define(`product_public_prop', `define_prop($1, product, public)') ########################################### # vendor_internal_prop(name) # Define a /vendor-owned property used only in /vendor +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true # -define(`vendor_internal_prop', `define_prop($1, vendor, internal)') +define(`vendor_internal_prop', ` + define_prop($1, vendor, internal) + treble_sysprop_neverallow(` + neverallow coredomain $1:file no_rw_file_perms; + ') +') ########################################### # vendor_restricted_prop(name) # Define a /vendor-owned property which can't be written outside /vendor +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true # -define(`vendor_restricted_prop', `define_prop($1, vendor, restricted)') +define(`vendor_restricted_prop', ` + define_prop($1, vendor, restricted) + treble_sysprop_neverallow(` + neverallow coredomain $1:property_service set; + ') +') ########################################### # vendor_public_prop(name) From ce0df3b9d59a4621d63eab534ffebfc9410318b8 Mon Sep 17 00:00:00 2001 From: Roshan Pius Date: Sun, 20 Oct 2019 19:44:38 -0700 Subject: [PATCH 011/163] sepolicy: Move wifi keystore HAL service to wificond Bug: 142969896 Test: Verified connecting to passpoint networks. Change-Id: Iac72b13e24f45bbf834d698cfcfd0fe9177a80d3 --- private/keystore.te | 4 ---- public/wificond.te | 11 +++++++++++ 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/private/keystore.te b/private/keystore.te index 7f71028ba..ee6dbdf2a 100644 --- a/private/keystore.te +++ b/private/keystore.te @@ -11,9 +11,5 @@ hal_client_domain(keystore, hal_confirmationui) # This is used for the ConfirmationUI async callback. allow keystore platform_app:binder call; -# Offer the Wifi Keystore HwBinder service -typeattribute keystore wifi_keystore_service_server; -add_hwservice(keystore, system_wifi_keystore_hwservice) - # Allow to check whether security logging is enabled. get_prop(keystore, device_logging_prop) diff --git a/public/wificond.te b/public/wificond.te index e11d45d23..a55872abb 100644 --- a/public/wificond.te +++ b/public/wificond.te @@ -30,3 +30,14 @@ allow wificond permission_service:service_manager find; # dumpstate support allow wificond dumpstate:fd use; allow wificond dumpstate:fifo_file write; + +#### Offer the Wifi Keystore HwBinder service ### +hwbinder_use(wificond) +get_prop(wificond, hwservicemanager_prop) +typeattribute wificond wifi_keystore_service_server; +add_hwservice(wificond, system_wifi_keystore_hwservice) + +# Allow keystore binder access to serve the HwBinder service. +allow wificond keystore_service:service_manager find; +allow wificond keystore:binder call; +allow wificond keystore:keystore_key get; From f39968942cca96761403a15b8757cf6c2f2ed125 Mon Sep 17 00:00:00 2001 From: Dianne Hackborn Date: Tue, 29 Oct 2019 12:56:06 -0700 Subject: [PATCH 012/163] Rework platform version to hide codenames. The public platform version no longer can be a codename, it is always the most recently released platform. A new build property and API provides either the offical version or the current codename as appropriate. This will avoid breaking apps that look at the platform version while development is under a codename. Bug: 143175463 Test: manual Change-Id: I64f9ccec7ec1a44a9e5f0c6446cb0113b3f3368f --- public/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/public/property_contexts b/public/property_contexts index bcc4b5120..fbbb14406 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -248,6 +248,7 @@ ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.release u:object_r:exported2_default_prop:s0 exact string +ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string ro.crypto.state u:object_r:exported_vold_prop:s0 exact string From 1b933223733dcd759c76205b3a5a8b54c68d3f43 Mon Sep 17 00:00:00 2001 From: Kevin Lau Fang Date: Thu, 14 Nov 2019 20:07:49 +0000 Subject: [PATCH 013/163] Revert submission Reason for revert: This causes a boot issue on Taimen (b/144480969). It wasn't caught by TreeHugger due to Taimen tests being disabled due to a different lab outage (b/144350336). Change-Id: Id5cc13fd09a6e9c1a75264beb5f8745f6a7c6c7f --- public/property_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/public/property_contexts b/public/property_contexts index fbbb14406..bcc4b5120 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -248,7 +248,6 @@ ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.release u:object_r:exported2_default_prop:s0 exact string -ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string ro.crypto.state u:object_r:exported_vold_prop:s0 exact string From a51d4d294eb50d592de974ae2966771fa9cb1c8f Mon Sep 17 00:00:00 2001 From: markchien Date: Wed, 18 Dec 2019 19:40:48 +0800 Subject: [PATCH 014/163] Change Tethering package name Tethering apex module is renmae from com.android.tethering.aepx to com.android.tethering. Renmae tethering apex file context accordingly. Also add filegroup for tethering apex. Bug: 146471733 Test: build, flash, boot atest TetheringTests atest CtsTetheringTest Change-Id: I41ec17604067c684123085841182408c4e315ec2 --- apex/Android.bp | 7 +++++++ ...x-file_contexts => com.android.tethering-file_contexts} | 0 2 files changed, 7 insertions(+) rename apex/{com.android.tethering.apex-file_contexts => com.android.tethering-file_contexts} (100%) diff --git a/apex/Android.bp b/apex/Android.bp index 2ae29054b..219652965 100644 --- a/apex/Android.bp +++ b/apex/Android.bp @@ -159,3 +159,10 @@ filegroup { "com.android.wifi-file_contexts", ], } + +filegroup { + name: "com.android.tethering-file_contexts", + srcs: [ + "com.android.tethering-file_contexts", + ], +} diff --git a/apex/com.android.tethering.apex-file_contexts b/apex/com.android.tethering-file_contexts similarity index 100% rename from apex/com.android.tethering.apex-file_contexts rename to apex/com.android.tethering-file_contexts From a9ea7fa13552d7668a815e0d263b4954b58f4ac7 Mon Sep 17 00:00:00 2001 From: Luke Huang Date: Thu, 19 Dec 2019 21:02:18 +0800 Subject: [PATCH 015/163] Make cronet file_contexts as "android:path" property It follows examples of other APEX to make file_contexts of cronet module as "android:path" property Bug: 146416755 Test: atest cronet_e2e_tests Test: atest CronetApiTest Change-Id: I0608eb4bb43cee50f49217f19fb53f297fbf5ead --- apex/Android.bp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/apex/Android.bp b/apex/Android.bp index 2ae29054b..a450dcf56 100644 --- a/apex/Android.bp +++ b/apex/Android.bp @@ -62,6 +62,13 @@ filegroup { ], } +filegroup { + name: "com.android.cronet-file_contexts", + srcs: [ + "com.android.cronet-file_contexts", + ], +} + filegroup { name: "com.android.ipsec-file_contexts", srcs: [ From 6505573c36dcc6153af37895e968400f722119ea Mon Sep 17 00:00:00 2001 From: Anton Hansson Date: Mon, 6 Jan 2020 17:29:13 +0000 Subject: [PATCH 016/163] Rename sdkext sepolicy to sdkextensions The module is getting renamed, so rename all the policy relating to it at the same time. Bug: 137191822 Test: presubmit Change-Id: Ia9d966ca9884ce068bd96cf5734e4a459158c85b --- apex/Android.bp | 14 +++++++------- private/compat/29.0/29.0.ignore.cil | 2 +- private/derive_sdk.te | 4 ++-- private/domain.te | 4 ++-- private/property_contexts | 4 ++-- public/property.te | 4 ++-- public/property_contexts | 2 +- public/vendor_init.te | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) diff --git a/apex/Android.bp b/apex/Android.bp index 385b84466..4a860e19d 100644 --- a/apex/Android.bp +++ b/apex/Android.bp @@ -27,6 +27,13 @@ filegroup { ], } +filegroup { + name: "com.android.sdkext-file_contexts", + srcs: [ + "com.android.sdkext-file_contexts", + ], +} + filegroup { name: "com.android.art.debug-file_contexts", srcs: [ @@ -139,13 +146,6 @@ filegroup { ], } -filegroup { - name: "com.android.sdkext-file_contexts", - srcs: [ - "com.android.sdkext-file_contexts", - ], -} - filegroup { name: "com.android.telephony-file_contexts", srcs: [ diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 77f0ce0a8..07ceabd7e 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -47,7 +47,7 @@ linker_prop linkerconfig_file mock_ota_prop - module_sdkext_prop + module_sdkextensions_prop ota_metadata_file ota_prop art_apex_dir diff --git a/private/derive_sdk.te b/private/derive_sdk.te index 98cda204f..1f60e3446 100644 --- a/private/derive_sdk.te +++ b/private/derive_sdk.te @@ -8,5 +8,5 @@ init_daemon_domain(derive_sdk) allow derive_sdk apex_mnt_dir:dir r_dir_perms; # Prop rules: writable by derive_sdk, readable by bootclasspath (apps) -set_prop(derive_sdk, module_sdkext_prop) -neverallow {domain -init -derive_sdk} module_sdkext_prop:property_service set; +set_prop(derive_sdk, module_sdkextensions_prop) +neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set; diff --git a/private/domain.te b/private/domain.te index defe99de0..907d1b860 100644 --- a/private/domain.te +++ b/private/domain.te @@ -45,8 +45,8 @@ get_prop(domain, use_memfd_prop); # Allow to read properties for linker get_prop(domain, linker_prop); -# Read access to sdkext props -get_prop(domain, module_sdkext_prop) +# Read access to sdkextensions props +get_prop(domain, module_sdkextensions_prop) # For now, everyone can access core property files # Device specific properties are not granted by default diff --git a/private/property_contexts b/private/property_contexts index b2b6abcda..faa425b8e 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -226,5 +226,5 @@ ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0 ota.warm_reset u:object_r:ota_prop:s0 # Module properties -com.android.sdkext. u:object_r:module_sdkext_prop:s0 -persist.com.android.sdkext. u:object_r:module_sdkext_prop:s0 +com.android.sdkext. u:object_r:module_sdkextensions_prop:s0 +persist.com.android.sdkext. u:object_r:module_sdkextensions_prop:s0 diff --git a/public/property.te b/public/property.te index bfb78c406..f2bf870dd 100644 --- a/public/property.te +++ b/public/property.te @@ -60,7 +60,7 @@ compatible_property_only(` # Properties which can't be written outside system system_restricted_prop(linker_prop) -system_restricted_prop(module_sdkext_prop) +system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(restorecon_prop) system_restricted_prop(system_boot_reason_prop) @@ -630,7 +630,7 @@ compatible_property_only(` -heapprofd_prop -hwservicemanager_prop -last_boot_reason_prop - -module_sdkext_prop + -module_sdkextensions_prop -system_lmk_prop -linker_prop -log_prop diff --git a/public/property_contexts b/public/property_contexts index 31281f200..5608b9624 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -254,10 +254,10 @@ ro.build.tags u:object_r:exported2_default_prop:s0 exact string ro.build.user u:object_r:exported2_default_prop:s0 exact string ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string +ro.build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.release u:object_r:exported2_default_prop:s0 exact string -ro.build.version.extensions. u:object_r:module_sdkext_prop:s0 prefix int ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string ro.crypto.state u:object_r:exported_vold_prop:s0 exact string diff --git a/public/vendor_init.te b/public/vendor_init.te index 0bdfc4a0d..4af41ee27 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -221,7 +221,7 @@ not_compatible_property(` -nnapi_ext_deny_product_prop -init_svc_debug_prop -linker_prop - -module_sdkext_prop + -module_sdkextensions_prop -userspace_reboot_exported_prop -userspace_reboot_prop -vndk_prop From afa84c96ac64868b277545985da47a755e81ba78 Mon Sep 17 00:00:00 2001 From: Dianne Hackborn Date: Tue, 29 Oct 2019 12:56:06 -0700 Subject: [PATCH 017/163] Reland: Rework platform version to hide codenames. The public platform version no longer can be a codename, it is always the most recently released platform. A new build property and API provides either the offical version or the current codename as appropriate. This will avoid breaking apps that look at the platform version while development is under a codename. Bug: 143175463 Test: manual Change-Id: I257ca42672e4712841c90b0608202c846bda628c --- public/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/public/property_contexts b/public/property_contexts index 1ec412777..c0382732b 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -258,6 +258,7 @@ ro.build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.release u:object_r:exported2_default_prop:s0 exact string +ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string ro.crypto.state u:object_r:exported_vold_prop:s0 exact string From 4f23084a674197e2272ec9ce8514e032d967862e Mon Sep 17 00:00:00 2001 From: Jeffrey Huang Date: Wed, 5 Feb 2020 14:00:10 -0800 Subject: [PATCH 018/163] Allow system server to add StatsHal Bug: 148794952 Test: m -j Change-Id: I14cc282bb262f1ec62ab3473d9229763c1a02e21 --- private/statsd.te | 1 - private/system_server.te | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/private/statsd.te b/private/statsd.te index 1e56b6789..148315604 100644 --- a/private/statsd.te +++ b/private/statsd.te @@ -1,5 +1,4 @@ typeattribute statsd coredomain; -typeattribute statsd stats_service_server; init_daemon_domain(statsd) diff --git a/private/system_server.te b/private/system_server.te index 5a1124e23..e0c7a7b27 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -7,6 +7,7 @@ typeattribute system_server coredomain; typeattribute system_server mlstrustedsubject; typeattribute system_server scheduler_service_server; typeattribute system_server sensor_service_server; +typeattribute system_server stats_service_server; # Define a type for tmpfs-backed ashmem regions. tmpfs_domain(system_server) From fde1dadc71f4a8dd9b447552c9292cac7b229e8e Mon Sep 17 00:00:00 2001 From: Etan Cohen Date: Wed, 12 Feb 2020 10:55:12 -0800 Subject: [PATCH 019/163] [WIFICOND] Rename service to nl80211 Per API council feedback. Bug: 149105833 Bug: 148680192 Test: atest android.net.wifi Test: atest com.android.server.wifi Test: manual - flash/boot - verify Wi-Fi scan/associate Change-Id: Idaf7603d4ab79ddde5c223097ed9fe8734299eea --- private/compat/29.0/29.0.cil | 3 ++- private/service_contexts | 2 +- private/system_server.te | 2 +- public/service.te | 2 +- public/wificond.te | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil index 60e6fb16b..5231498e1 100644 --- a/private/compat/29.0/29.0.cil +++ b/private/compat/29.0/29.0.cil @@ -7,6 +7,7 @@ (type perfprofd_data_file) (type perfprofd_service) (type sysfs_mac_address) +(type wificond_service) (expandtypeattribute (accessibility_service_29_0) true) (expandtypeattribute (account_service_29_0) true) @@ -1949,7 +1950,7 @@ (typeattributeset wifiaware_service_29_0 (wifiaware_service)) (typeattributeset wificond_29_0 (wificond)) (typeattributeset wificond_exec_29_0 (wificond_exec)) -(typeattributeset wificond_service_29_0 (wificond_service)) +(typeattributeset wificond_service_29_0 (wificond_service wifinl80211_service)) (typeattributeset wifi_data_file_29_0 (wifi_data_file)) (typeattributeset wifi_log_prop_29_0 (wifi_log_prop)) (typeattributeset wifip2p_service_29_0 (wifip2p_service)) diff --git a/private/service_contexts b/private/service_contexts index 19d3b0dfa..756106433 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -239,7 +239,7 @@ webviewupdate u:object_r:webviewupdate_service:s0 wifip2p u:object_r:wifip2p_service:s0 wifiscanner u:object_r:wifiscanner_service:s0 wifi u:object_r:wifi_service:s0 -wificond u:object_r:wificond_service:s0 +wifinl80211 u:object_r:wifinl80211_service:s0 wifiaware u:object_r:wifiaware_service:s0 wifirtt u:object_r:rttmanager_service:s0 window u:object_r:window_service:s0 diff --git a/private/system_server.te b/private/system_server.te index 4e543ae4e..e7ecc7994 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -764,7 +764,7 @@ allow system_server storaged_service:service_manager find; allow system_server surfaceflinger_service:service_manager find; allow system_server update_engine_service:service_manager find; allow system_server vold_service:service_manager find; -allow system_server wificond_service:service_manager find; +allow system_server wifinl80211_service:service_manager find; add_service(system_server, batteryproperties_service) diff --git a/public/service.te b/public/service.te index 79cce0e01..a8d97f242 100644 --- a/public/service.te +++ b/public/service.te @@ -195,7 +195,7 @@ type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_s type wifip2p_service, app_api_service, system_server_service, service_manager_type; type wifiscanner_service, system_api_service, system_server_service, service_manager_type; type wifi_service, app_api_service, system_server_service, service_manager_type; -type wificond_service, service_manager_type; +type wifinl80211_service, service_manager_type; type wifiaware_service, app_api_service, system_server_service, service_manager_type; type window_service, system_api_service, system_server_service, service_manager_type; type inputflinger_service, system_api_service, system_server_service, service_manager_type; diff --git a/public/wificond.te b/public/wificond.te index af295113d..b429884c5 100644 --- a/public/wificond.te +++ b/public/wificond.te @@ -6,7 +6,7 @@ binder_use(wificond) binder_call(wificond, system_server) binder_call(wificond, keystore) -add_service(wificond, wificond_service) +add_service(wificond, wifinl80211_service) set_prop(wificond, exported_wifi_prop) set_prop(wificond, wifi_prop) From 77a48d64ba52de89cda26161fb63fbb9de0911de Mon Sep 17 00:00:00 2001 From: Kiyoung Kim Date: Sat, 15 Feb 2020 09:39:35 +0900 Subject: [PATCH 020/163] Remove sys.linker property sys.linker property was defined to enable / disable generate linker configuration, but the property has been removed. Remove sys.linker property definition as it is no longer in use Bug: 149335054 Test: m -j passed && cuttlefish worked without sepolicy error Change-Id: Iacb2d561317d0920f93104717ce4f4bb424cc095 --- private/compat/29.0/29.0.ignore.cil | 1 - private/domain.te | 3 --- private/property_contexts | 1 - private/shell.te | 5 ----- public/property.te | 8 -------- 5 files changed, 18 deletions(-) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index fd5700765..4419ff2fc 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -59,7 +59,6 @@ mediatranscoding_tmpfs mirror_data_file light_service - linker_prop linkerconfig_file metadata_bootstat_file mnt_pass_through_file diff --git a/private/domain.te b/private/domain.te index 1614ecbd4..f1f18968b 100644 --- a/private/domain.te +++ b/private/domain.te @@ -61,9 +61,6 @@ allow domain vendor_task_profiles_file:file r_file_perms; # if memfd support can be used if device supports it get_prop(domain, use_memfd_prop); -# Allow to read properties for linker -get_prop(domain, linker_prop); - # Read access to sdkextensions props get_prop(domain, module_sdkextensions_prop) diff --git a/private/property_contexts b/private/property_contexts index 59bc9ef42..54f2df975 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -24,7 +24,6 @@ ro.hw. u:object_r:system_prop:s0 sys. u:object_r:system_prop:s0 sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0 sys.cppreopt u:object_r:cppreopt_prop:s0 -sys.linker. u:object_r:linker_prop:s0 sys.lpdumpd u:object_r:lpdumpd_prop:s0 sys.powerctl u:object_r:powerctl_prop:s0 sys.usb.ffs. u:object_r:ffs_prop:s0 diff --git a/private/shell.te b/private/shell.te index 8bd4e1d45..2c69f95ee 100644 --- a/private/shell.te +++ b/private/shell.te @@ -73,11 +73,6 @@ allow shell rs_exec:file rx_file_perms; set_prop(shell, lpdumpd_prop); binder_call(shell, lpdumpd) -# Allow shell to set linker property -userdebug_or_eng(` - set_prop(shell, linker_prop) -') - # Allow shell to get encryption policy of /data/local/tmp/, for CTS allowxperm shell shell_data_file:dir ioctl { FS_IOC_GET_ENCRYPTION_POLICY diff --git a/public/property.te b/public/property.te index f309036ec..bb44a64dc 100644 --- a/public/property.te +++ b/public/property.te @@ -65,7 +65,6 @@ compatible_property_only(` system_restricted_prop(binder_cache_bluetooth_server_prop) system_restricted_prop(binder_cache_system_server_prop) system_restricted_prop(bq_config_prop) -system_restricted_prop(linker_prop) system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(restorecon_prop) @@ -365,13 +364,6 @@ dontaudit domain { ctl_rildaemon_prop }:property_service set; -# Do now allow to modify linker properties except shell and init -neverallow { - domain - -init - userdebug_or_eng(`-shell') -} linker_prop:property_service set; - neverallow { domain -init From 07625d5b4cbfe69359438de441e1c5115a46f548 Mon Sep 17 00:00:00 2001 From: Automerger Merge Worker Date: Sat, 22 Feb 2020 03:13:09 +0000 Subject: [PATCH 021/163] cut down bpf related privileges MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is driven by 3 things: - netd no longer needs setattr, since this is now done by bpfloader - nothing should ever unpin maps or programs - generic cleanups and additional neverallows Test: build, atest Bug: 150040815 Signed-off-by: Maciej Żenczykowski Change-Id: I881cc8bf9fe062aaff709727406c5a51fc363c8e Merged-In: I881cc8bf9fe062aaff709727406c5a51fc363c8e --- private/bpfloader.te | 28 +++++++++++++++++++--------- public/netd.te | 2 +- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/private/bpfloader.te b/private/bpfloader.te index 8271add5b..249f3df72 100644 --- a/private/bpfloader.te +++ b/private/bpfloader.te @@ -3,26 +3,36 @@ type bpfloader, domain; type bpfloader_exec, system_file_type, exec_type, file_type; typeattribute bpfloader coredomain; -# These permission is required for pin bpf program for netd. -allow bpfloader fs_bpf:dir create_dir_perms; -allow bpfloader fs_bpf:file create_file_perms; -allow bpfloader devpts:chr_file { read write }; +# These permissions are required to pin ebpf maps & programs. +allow bpfloader fs_bpf:dir { search write add_name }; +allow bpfloader fs_bpf:file { create setattr }; -# Allow bpfloader to create bpf maps and programs. The map_read and map_write permission is needed -# for retrieving a pinned map when bpfloader do a run time restart. -allow bpfloader self:bpf { prog_load prog_run map_read map_write map_create }; +# Allow bpfloader to create bpf maps and programs. +allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run }; allow bpfloader self:capability { chown sys_admin }; ### ### Neverallow rules ### + +# TODO: get rid of init & vendor_init +neverallow { domain -init -vendor_init } fs_bpf:dir setattr; +neverallow { domain -bpfloader } fs_bpf:dir { write add_name }; +neverallow domain fs_bpf:dir { reparent rename rmdir }; + +# TODO: get rid of init & vendor_init +neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr; +neverallow { domain -bpfloader } fs_bpf:file create; +neverallow domain fs_bpf:file { rename unlink }; + neverallow { domain -bpfloader } *:bpf { map_create prog_load }; neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run; +neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write }; + neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans }; + neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *; -# only system_server, netd and bpfloader can read/write the bpf maps -neverallow { domain -system_server -netd -bpfloader} *:bpf { map_read map_write }; # No domain should be allowed to ptrace bpfloader neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace; diff --git a/public/netd.te b/public/netd.te index 92c2ed164..8005406d6 100644 --- a/public/netd.te +++ b/public/netd.te @@ -63,7 +63,7 @@ allow netd sysfs_usb:file write; r_dir_file(netd, cgroup_bpf) allow netd fs_bpf:dir search; -allow netd fs_bpf:file { read write setattr }; +allow netd fs_bpf:file { read write }; # TODO: netd previously thought it needed these permissions to do WiFi related # work. However, after all the WiFi stuff is gone, we still need them. From 7f3120d5e198c0deac6c86d693c9d94dc502e9df Mon Sep 17 00:00:00 2001 From: Roshan Pius Date: Wed, 19 Feb 2020 06:59:53 -0800 Subject: [PATCH 022/163] sepolicy(wifi): Allow wifi service access to wifi apex directories Bug: 148660313 Test: Compiles Change-Id: I4a973c4516fda5f96f17f82cd3a424b0ca89004b Merged-In: I4a973c4516fda5f96f17f82cd3a424b0ca89004b --- private/apexd.te | 2 ++ private/compat/29.0/29.0.ignore.cil | 1 + private/file_contexts | 3 +++ private/system_server.te | 2 ++ private/vold_prepare_subdirs.te | 2 ++ public/file.te | 1 + 6 files changed, 11 insertions(+) diff --git a/private/apexd.te b/private/apexd.te index 36b799903..9e702dd91 100644 --- a/private/apexd.te +++ b/private/apexd.te @@ -18,6 +18,8 @@ allow apexd apex_module_data_file:dir { create_dir_perms relabelfrom }; allow apexd apex_module_data_file:file { create_file_perms relabelfrom }; allow apexd apex_rollback_data_file:dir create_dir_perms; allow apexd apex_rollback_data_file:file create_file_perms; +allow apexd apex_wifi_data_file:dir { create_dir_perms relabelto }; +allow apexd apex_wifi_data_file:file { create_file_perms relabelto }; # Allow apexd to read directories under /data/misc_de in order to snapshot and # restore apex data for all users. diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index f21f28f59..108e741ec 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -12,6 +12,7 @@ apex_module_data_file apex_permission_data_file apex_rollback_data_file + apex_wifi_data_file app_integrity_service app_search_service auth_service diff --git a/private/file_contexts b/private/file_contexts index 58bae9b71..557321ed4 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -516,6 +516,7 @@ /data/misc/adb(/.*)? u:object_r:adb_keys_file:s0 /data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0 /data/misc/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 +/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 /data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0 /data/misc/apns(/.*)? u:object_r:radio_data_file:s0 /data/misc/audio(/.*)? u:object_r:audio_data_file:s0 @@ -608,6 +609,8 @@ /data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0 /data/misc_de/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 /data/misc_ce/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 +/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 +/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 # Apex rollback directories /data/misc_de/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0 diff --git a/private/system_server.te b/private/system_server.te index 9b9c675ff..a86c7b585 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -1099,6 +1099,8 @@ allow system_server vendor_apex_file:file r_file_perms; allow system_server apex_module_data_file:dir { getattr search }; allow system_server apex_permission_data_file:dir create_dir_perms; allow system_server apex_permission_data_file:file create_file_perms; +allow system_server apex_wifi_data_file:dir create_dir_perms; +allow system_server apex_wifi_data_file:file create_file_perms; # Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can # communicate which slots are available for use. diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te index 157ee5571..f3ec05859 100644 --- a/private/vold_prepare_subdirs.te +++ b/private/vold_prepare_subdirs.te @@ -17,6 +17,7 @@ allow vold_prepare_subdirs { apex_module_data_file apex_permission_data_file apex_rollback_data_file + apex_wifi_data_file backup_data_file face_vendor_data_file fingerprint_vendor_data_file @@ -29,6 +30,7 @@ allow vold_prepare_subdirs { apex_module_data_file apex_permission_data_file apex_rollback_data_file + apex_wifi_data_file backup_data_file face_vendor_data_file fingerprint_vendor_data_file diff --git a/public/file.te b/public/file.te index 5f7f5cdcf..1cc34f59e 100644 --- a/public/file.te +++ b/public/file.te @@ -352,6 +352,7 @@ type adb_keys_file, file_type, data_file_type, core_data_file_type; type apex_module_data_file, file_type, data_file_type, core_data_file_type; type apex_permission_data_file, file_type, data_file_type, core_data_file_type; type apex_rollback_data_file, file_type, data_file_type, core_data_file_type; +type apex_wifi_data_file, file_type, data_file_type, core_data_file_type; type audio_data_file, file_type, data_file_type, core_data_file_type; type audioserver_data_file, file_type, data_file_type, core_data_file_type; type bluetooth_data_file, file_type, data_file_type, core_data_file_type; From 7f4526612d0f3247586533a46be935f429cf424f Mon Sep 17 00:00:00 2001 From: Amy Date: Thu, 7 Nov 2019 15:32:40 -0800 Subject: [PATCH 023/163] Adding sepolicy of tuner resource manager service This is to allow adding the Tuner Resource Manager as a system service Test: cuttlefish Bug: 147380513 Change-Id: I3f61f2542c7fd934bb69dde08079f830196e2344 (cherry picked from commit 3791549dc46361d7d6d415844b7706d73e0cf798) --- private/compat/29.0/29.0.ignore.cil | 1 + private/service_contexts | 1 + public/service.te | 1 + 3 files changed, 3 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 108e741ec..f9a41e1bb 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -101,6 +101,7 @@ userspace_reboot_exported_prop userspace_reboot_log_prop vehicle_hal_prop + tv_tuner_resource_mgr_service vendor_apex_file vendor_boringssl_self_test vendor_incremental_module diff --git a/private/service_contexts b/private/service_contexts index bab62d623..079f0a1be 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -222,6 +222,7 @@ timezone u:object_r:timezone_service:s0 thermalservice u:object_r:thermal_service:s0 trust u:object_r:trust_service:s0 tv_input u:object_r:tv_input_service:s0 +tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0 uce u:object_r:uce_service:s0 uimode u:object_r:uimode_service:s0 updatelock u:object_r:updatelock_service:s0 diff --git a/public/service.te b/public/service.te index a2e5df053..91eb6ae5a 100644 --- a/public/service.te +++ b/public/service.te @@ -182,6 +182,7 @@ type timezone_service, system_server_service, service_manager_type; type timezonedetector_service, system_server_service, service_manager_type; type trust_service, app_api_service, system_server_service, service_manager_type; type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type tv_tuner_resource_mgr_service, system_server_service, service_manager_type; type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type updatelock_service, system_api_service, system_server_service, service_manager_type; type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; From 7160105c14a8367ae43e619b800cc868650ef472 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Tue, 25 Feb 2020 19:37:20 +0100 Subject: [PATCH 024/163] app: allow PROT_EXEC on ashmem objects This fixes a bug introduced in aosp/1143430 where the permission should have been included for the newly introduced ashmem_libcutils_device type. Test: Build Fixes: 150193534 Change-Id: I5b1ed8d9548f9dab4ad9373f98e21614c07c3d38 (cherry picked from commit 789ebf03ba416efedfc1d5d37c38ddf87e495459) --- private/system_server.te | 2 +- public/app.te | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/private/system_server.te b/private/system_server.te index a86c7b585..8122d43b6 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -1057,7 +1057,7 @@ neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perm ifelse(target_requires_insecure_execmem_for_swiftshader, `true', `allow system_server self:process execmem;', `neverallow system_server self:process execmem;') -neverallow system_server ashmem_device:chr_file execute; +neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute; # TODO: deal with tmpfs_domain pub/priv split properly neverallow system_server system_server_tmpfs:file execute; diff --git a/public/app.te b/public/app.te index 4ceb4a66d..235d3f808 100644 --- a/public/app.te +++ b/public/app.te @@ -11,7 +11,7 @@ type appdomain_tmpfs, file_type; # WebView and other application-specific JIT compilers allow appdomain self:process execmem; -allow appdomain ashmem_device:chr_file execute; +allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute; # Receive and use open file descriptors inherited from zygote. allow appdomain zygote:fd use; From cfd767180d5ecb8c92f569428edca0a25dc08c7d Mon Sep 17 00:00:00 2001 From: Ryan Savitski Date: Wed, 19 Feb 2020 14:59:17 +0000 Subject: [PATCH 025/163] traced_perf sepolicy tweaks * allow shell to enable/disable the daemon via a sysprop * don't audit signals, as some denials are expected * exclude zygote from the profileable set of targets on debug builds. I've not caught any crashes in practice, but believe there's a possibility that the zygote forks while holding a non-whitelisted fd due to the signal handler. Bug: 144281346 Merged-In: Ib237d4edfb40b200a3bd52e6341f13c4777de3f1 Change-Id: Ib237d4edfb40b200a3bd52e6341f13c4777de3f1 (cherry picked from commit 008465e5ec0603f9ce610584d42fba67e73ebfc5) --- private/compat/29.0/29.0.ignore.cil | 1 + private/domain.te | 4 +++- private/property_contexts | 1 + private/traced_perf.te | 5 +++++ public/property.te | 1 + public/shell.te | 3 +++ 6 files changed, 14 insertions(+), 1 deletion(-) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 108e741ec..e8a6f7327 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -93,6 +93,7 @@ system_unsolzygote_socket tethering_service traced_perf + traced_perf_enabled_prop traced_perf_socket timezonedetector_service untrusted_app_29 diff --git a/private/domain.te b/private/domain.te index f54f2c965..32b40c179 100644 --- a/private/domain.te +++ b/private/domain.te @@ -29,7 +29,8 @@ userdebug_or_eng(`can_profile_heap_userdebug_or_eng({ })') # As above, allow perf profiling most processes on debug builds. -# Do not diverge the two lists without a really good reason. +# zygote is excluded as system-wide profiling could end up with it +# (unexpectedly) holding an open fd across a fork. userdebug_or_eng(`can_profile_perf({ domain -bpfloader @@ -45,6 +46,7 @@ userdebug_or_eng(`can_profile_perf({ -ueventd -vendor_init -vold + -zygote })') # Path resolution access in cgroups. diff --git a/private/property_contexts b/private/property_contexts index 6315c888f..cba09a536 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -77,6 +77,7 @@ persist.security. u:object_r:system_prop:s0 persist.traced.enable u:object_r:traced_enabled_prop:s0 traced.lazy. u:object_r:traced_lazy_prop:s0 persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0 +persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0 persist.vendor.overlay. u:object_r:overlay_prop:s0 ro.boot.vendor.overlay. u:object_r:overlay_prop:s0 ro.boottime. u:object_r:boottime_prop:s0 diff --git a/private/traced_perf.te b/private/traced_perf.te index 7a78d7904..9483e6cb4 100644 --- a/private/traced_perf.te +++ b/private/traced_perf.te @@ -36,6 +36,11 @@ r_dir_file(traced_perf, vendor_file_type) # domains that it cannot read. dontaudit traced_perf domain:dir { search getattr open }; +# Do not audit failures to signal a process, as there are cases when this is +# expected (native processes on debug builds use the policy for enforcing which +# processes are profileable). +dontaudit traced_perf domain:process signal; + # Never allow access to app data files neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *; diff --git a/public/property.te b/public/property.te index 469666881..21e220d6c 100644 --- a/public/property.te +++ b/public/property.te @@ -22,6 +22,7 @@ system_internal_prop(pm_prop) system_internal_prop(userspace_reboot_log_prop) system_internal_prop(system_adbd_prop) system_internal_prop(adbd_prop) +system_internal_prop(traced_perf_enabled_prop) compatible_property_only(` # DO NOT ADD ANY PROPERTIES HERE diff --git a/public/shell.te b/public/shell.te index 0a9746599..79d5c89b3 100644 --- a/public/shell.te +++ b/public/shell.te @@ -78,6 +78,9 @@ userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)') # Allow shell to start/stop heapprofd via the persist.heapprofd.enable # property. set_prop(shell, heapprofd_enabled_prop) +# Allow shell to start/stop traced_perf via the persist.traced_perf.enable +# property. +set_prop(shell, traced_perf_enabled_prop) # Allow shell to start/stop gsid via ctl.start|stop|restart gsid. set_prop(shell, ctl_gsid_prop) # Allow shell to enable Dynamic System Update From 4400876ec01713fc9d0a828a9393714e5498927c Mon Sep 17 00:00:00 2001 From: Automerger Merge Worker Date: Tue, 25 Feb 2020 11:44:23 +0000 Subject: [PATCH 026/163] Merge "allow priv_apps to read from incremental_control_file" am: bb4a0467f8 am: e45d2de45f am: 1e69a4a655 am: 98e8848e22 am: ef728f532b BUG: 150475334 Change-Id: I013cf8a90c48bfb758606d91ced84b345aa9d1ac (cherry picked from commit 78902f27bea6de7f4c9cfcdf24223d29ace85d8f) --- private/priv_app.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/private/priv_app.te b/private/priv_app.te index 75e9732a9..dd4d5c744 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -150,6 +150,9 @@ allow priv_app system_server:udp_socket { # the Incremental File System allowxperm priv_app apk_data_file:file ioctl INCFS_IOCTL_READ_SIGNATURE; +# allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System +allow priv_app incremental_control_file:file { read getattr }; + ### ### neverallow rules ### From 3198f0970963bf2b18d21f54bea7b13e41d52098 Mon Sep 17 00:00:00 2001 From: Changyeon Jo Date: Fri, 7 Feb 2020 00:57:16 +0000 Subject: [PATCH 027/163] Update automotive display service rules This change updates sepolicies for automotive display service to make it available to the vendor processes. Bug: 149017572 Test: m -j selinux_policy Change-Id: I48708fe25e260f9302e02749c3777c0ca0d84e4b Signed-off-by: Changyeon Jo (cherry picked from commit 17b38d526db6e19f9d128196463c03c03ca27974) --- private/automotive_display_service.te | 31 ++++++++++++++------ private/automotive_display_service_server.te | 1 - private/compat/29.0/29.0.ignore.cil | 4 +-- private/file_contexts | 2 +- private/hwservice_contexts | 2 +- vendor/hal_evs_default.te | 7 ++++- 6 files changed, 32 insertions(+), 15 deletions(-) delete mode 100644 private/automotive_display_service_server.te diff --git a/private/automotive_display_service.te b/private/automotive_display_service.te index e397d1047..fa11ca424 100644 --- a/private/automotive_display_service.te +++ b/private/automotive_display_service.te @@ -1,20 +1,33 @@ -# Display service for Automotive -type automotive_display, domain, coredomain; -type automotive_display_exec, system_file_type, exec_type, file_type; +# Display proxy service for Automotive +type automotive_display_service, domain, coredomain; +type automotive_display_service_exec, system_file_type, exec_type, file_type; -init_daemon_domain(automotive_display) +typeattribute automotive_display_service automotive_display_service_server; + +# Allow to add a display service to the manager +add_hwservice(automotive_display_service, fwk_automotive_display_hwservice); + +# Allow init to launch automotive display service +init_daemon_domain(automotive_display_service) # Allow to use Binder IPC for SurfaceFlinger. -binder_use(automotive_display) +binder_use(automotive_display_service) # Allow to use HwBinder IPC for HAL implementations. -hwbinder_use(automotive_display) +hwbinder_use(automotive_display_service) +hal_client_domain(automotive_display_service, hal_graphics_composer) # Allow to read the target property. -get_prop(automotive_display, hwservicemanager_prop) +get_prop(automotive_display_service, hwservicemanager_prop) # Allow to find SurfaceFlinger. -allow automotive_display surfaceflinger_service:service_manager find; +allow automotive_display_service surfaceflinger_service:service_manager find; # Allow client domain to do binder IPC to serverdomain. -binder_call(automotive_display, surfaceflinger) +binder_call(automotive_display_service, surfaceflinger) + +# Allow to use a graphics mapper +allow automotive_display_service hal_graphics_mapper_hwservice:hwservice_manager find; + +# Allow to use hidl token service +allow automotive_display_service hidl_token_hwservice:hwservice_manager find; diff --git a/private/automotive_display_service_server.te b/private/automotive_display_service_server.te deleted file mode 100644 index a916de8af..000000000 --- a/private/automotive_display_service_server.te +++ /dev/null @@ -1 +0,0 @@ -add_hwservice(automotive_display, fwk_automotive_display_hwservice) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 108e741ec..1d86159a4 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -16,8 +16,8 @@ app_integrity_service app_search_service auth_service - automotive_display - automotive_display_exec + automotive_display_service + automotive_display_service_exec ashmem_libcutils_device blob_store_service binder_cache_bluetooth_server_prop diff --git a/private/file_contexts b/private/file_contexts index 557321ed4..9da83a9be 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -346,7 +346,7 @@ /system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0 /system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0 /system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0 -/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_exec:s0 +/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0 ############################# # Vendor files diff --git a/private/hwservice_contexts b/private/hwservice_contexts index 84bb88c12..6f92556f7 100644 --- a/private/hwservice_contexts +++ b/private/hwservice_contexts @@ -1,10 +1,10 @@ +android.frameworks.automotive.display::IAutomotiveDisplayProxyService u:object_r:fwk_automotive_display_hwservice:s0 android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0 android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0 android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0 android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0 android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0 android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0 -android.frameworks.automotive.display::ICarWindowService u:object_r:fwk_automotive_display_hwservice:s0 android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0 android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0 android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0 diff --git a/vendor/hal_evs_default.te b/vendor/hal_evs_default.te index b927f1e54..57a0299be 100644 --- a/vendor/hal_evs_default.te +++ b/vendor/hal_evs_default.te @@ -6,5 +6,10 @@ hal_server_domain(hal_evs_default, hal_evs) type hal_evs_default_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_evs_default) -allow hal_evs_default hal_graphics_allocator_default:fd use; +allow hal_evs_default hal_graphics_allocator_server:fd use; +# allow to use surface flinger +allow hal_evs_default automotive_display_service_server:fd use; + +# allow to use automotive display service +allow hal_evs_default fwk_automotive_display_hwservice:hwservice_manager find; From 2834fb274ba1df2e86388deae4d158fce377e212 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Fri, 28 Feb 2020 17:20:47 -0800 Subject: [PATCH 028/163] vold: allow to set boottime prop Bug: 149595111 Bug: 149844577 Bug: 138909685 Signed-off-by: Jaegeuk Kim Change-Id: I46b8828569dd008944685a1f0c45cbddc4870002 Merged-In: I46b8828569dd008944685a1f0c45cbddc4870002 --- public/vold.te | 1 + 1 file changed, 1 insertion(+) diff --git a/public/vold.te b/public/vold.te index fd3ed84a9..e17113da0 100644 --- a/public/vold.te +++ b/public/vold.te @@ -204,6 +204,7 @@ set_prop(vold, powerctl_prop) set_prop(vold, ctl_fuse_prop) set_prop(vold, restorecon_prop) set_prop(vold, ota_prop) +set_prop(vold, boottime_prop) # ASEC allow vold asec_image_file:file create_file_perms; From 8a04a13978e23c453bfa885e6147eb86df5dbbc7 Mon Sep 17 00:00:00 2001 From: Kris Chen Date: Tue, 3 Mar 2020 16:10:39 +0800 Subject: [PATCH 029/163] Add rules to dump fingerprint hal traces Bug: 150008549 Test: adb shell am hang Test: adb bugreport Change-Id: I0440bb8fd3cc1205a43eca6c7ef5f8d0afc92396 Merged-In: I0440bb8fd3cc1205a43eca6c7ef5f8d0afc92396 --- private/system_server.te | 1 + public/dumpstate.te | 1 + 2 files changed, 2 insertions(+) diff --git a/private/system_server.te b/private/system_server.te index a86c7b585..3fdfe12e4 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -300,6 +300,7 @@ allow system_server { hal_camera_server hal_codec2_server hal_face_server + hal_fingerprint_server hal_graphics_allocator_server hal_graphics_composer_server hal_health_server diff --git a/public/dumpstate.te b/public/dumpstate.te index a9c1990dd..9823f4af6 100644 --- a/public/dumpstate.te +++ b/public/dumpstate.te @@ -81,6 +81,7 @@ allow dumpstate { hal_codec2_server hal_drm_server hal_face_server + hal_fingerprint_server hal_graphics_allocator_server hal_graphics_composer_server hal_health_server From 4930db74ea9c99e197e990831634dfa48030719b Mon Sep 17 00:00:00 2001 From: Howard Chen Date: Wed, 26 Feb 2020 17:19:10 +0800 Subject: [PATCH 030/163] Allow gsid to callback system server for oneway method Bug: 149790245 Bug: 149716497 Test: adb shell am start-activity \ -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ -a android.os.image.action.START_INSTALL \ -d file:///storage/emulated/0/Download/system.raw.gz \ --el KEY_SYSTEM_SIZE $(du -b system.raw|cut -f1) \ --el KEY_USERDATA_SIZE 8589934592 Change-Id: I41c7b1278cfc103c90282b6a6781eab66fc9dcdb Merged-In: I41c7b1278cfc103c90282b6a6781eab66fc9dcdb (cherry picked from commit 389bc7baec4e10ccc56798969c7c247f6c6ab722) --- private/gsid.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/private/gsid.te b/private/gsid.te index 5d7b04370..3ff9d678d 100644 --- a/private/gsid.te +++ b/private/gsid.te @@ -135,6 +135,8 @@ allowxperm gsid { ota_image_data_file }:file ioctl FS_IOC_FIEMAP; +allow gsid system_server:binder call; + neverallow { domain -init From 65a20f1ccd079f87aeaa1cbe6e113b13a9e3e7dd Mon Sep 17 00:00:00 2001 From: Sudheer Shanka Date: Wed, 4 Mar 2020 08:24:04 -0800 Subject: [PATCH 031/163] Allow apps to use mmap on fuse fds. This is needed for the following denial: type=1400 audit(0.0:124): avc: denied { map } for comm=54696D652D6C696D69746564207465 path="/mnt/appfuse/10182_2/2" dev="fuse" ino=2 scontext=u:r:untrusted_app:s0:c182,c256,c512,c768 tcontext=u:object_r:app_fuse_file:s0 tclass=file permissive=0 Bug: 150801745 Test: atest CtsBlobStoreTestCases:com.android.cts.blob.BlobStoreManagerTest#testOpenBlob -- --abi x86 Change-Id: Ib7ca64e11b24f8835874698df15a9a0fdce67454 --- public/app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/app.te b/public/app.te index 4ceb4a66d..642286903 100644 --- a/public/app.te +++ b/public/app.te @@ -317,7 +317,7 @@ allow appdomain same_process_hal_file:file { execute read open getattr map }; allow appdomain proc_meminfo:file r_file_perms; # For app fuse. -allow appdomain app_fuse_file:file { getattr read append write }; +allow appdomain app_fuse_file:file { getattr read append write map }; pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client) pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager) From 16cd4912972df1325fa21505650e3b16bd5f1729 Mon Sep 17 00:00:00 2001 From: Yifan Hong Date: Mon, 2 Mar 2020 18:19:15 -0800 Subject: [PATCH 032/163] Allow update_engine to search metadata_file:dir. This is previously needed by snapshotctl to initiate the merge, but now update_engine is responsible for initiating the merge. Bug: 147696014 Test: no selinux denial on boot. Change-Id: I7804af1354d95683f4d05fc5593d78602aefe5a7 Merged-In: I7804af1354d95683f4d05fc5593d78602aefe5a7 --- public/update_engine_common.te | 1 + 1 file changed, 1 insertion(+) diff --git a/public/update_engine_common.te b/public/update_engine_common.te index 806944f8d..57d8e7e3a 100644 --- a/public/update_engine_common.te +++ b/public/update_engine_common.te @@ -81,5 +81,6 @@ unix_socket_send(update_engine_common, statsdw, statsd) get_prop(update_engine_common, virtual_ab_prop) # Allow to read/write/create OTA metadata files for snapshot status and COW file status. +allow update_engine_common metadata_file:dir search; allow update_engine_common ota_metadata_file:dir rw_dir_perms; allow update_engine_common ota_metadata_file:file create_file_perms; From 5d7887850bd14ec7dcdea02962616eee9bfdacb2 Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Thu, 5 Mar 2020 15:36:16 -0800 Subject: [PATCH 033/163] [sepolicy] remove vendor_incremental_module from global sepolicy rules Moving to pixel-sepolicy BUG: 150882666 Test: atest PackageManagerShellCommandIncrementalTest Change-Id: I55f5d53ee32d0557e06c070961526631e1bb1fc5 --- private/compat/29.0/29.0.ignore.cil | 1 - private/file_contexts | 1 - public/domain.te | 2 +- public/file.te | 2 -- public/vold.te | 5 ----- 5 files changed, 1 insertion(+), 10 deletions(-) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 14a3a5dba..242a9a21a 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -105,7 +105,6 @@ tv_tuner_resource_mgr_service vendor_apex_file vendor_boringssl_self_test - vendor_incremental_module vendor_install_recovery vendor_install_recovery_exec vendor_socket_hook_prop diff --git a/private/file_contexts b/private/file_contexts index 9da83a9be..44f28f2ac 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -374,7 +374,6 @@ /(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0 /(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0 /(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0 -(/vendor|system/vendor)/lib(64)?/modules/incrementalfs\.ko u:object_r:vendor_incremental_module:s0 # HAL location /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 diff --git a/public/domain.te b/public/domain.te index ede2c967b..c7f851d5c 100644 --- a/public/domain.te +++ b/public/domain.te @@ -996,6 +996,7 @@ full_treble_only(` -system_executes_vendor_violators -traced_perf # library/binary access for symbolization -ueventd # reads /vendor/ueventd.rc + -vold # loads incremental fs driver } { vendor_file_type -same_process_hal_file @@ -1009,7 +1010,6 @@ full_treble_only(` -vendor_overlay_file -vendor_public_lib_file -vendor_task_profiles_file - -vendor_incremental_module -vndk_sp_file }:file *; ') diff --git a/public/file.te b/public/file.te index 1cc34f59e..58386c148 100644 --- a/public/file.te +++ b/public/file.te @@ -210,8 +210,6 @@ type vendor_overlay_file, vendor_file_type, file_type; # Type for all vendor public libraries. These libs should only be exposed to # apps. ABI stability of these libs is vendor's responsibility. type vendor_public_lib_file, vendor_file_type, file_type; -# Default type for incremental file system driver -type vendor_incremental_module, vendor_file_type, file_type; # Input configuration type vendor_keylayout_file, vendor_file_type, file_type; diff --git a/public/vold.te b/public/vold.te index e17113da0..37396e6fe 100644 --- a/public/vold.te +++ b/public/vold.te @@ -52,11 +52,6 @@ allowxperm vold data_file_type:dir ioctl { FS_IOC_REMOVE_ENCRYPTION_KEY }; -# Allow to load incremental file system driver -allow vold self:capability sys_module; -allow vold vendor_incremental_module:file r_file_perms; -allow vold vendor_incremental_module:system module_load; - # Only vold and init should ever set file-based encryption policies. neverallowxperm { domain From 9a8ba7f64b5993510e3a652bd982362f315694f1 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Tue, 3 Mar 2020 19:40:41 -0800 Subject: [PATCH 034/163] sepolicy: introduce boottime props in public Bug: 146053177 Bug: 146053658 Bug: 149844577 Change-Id: Iddfefedc4538044c6abcc2eea29b86e3f038aee0 Merged-In: Iddfefedc4538044c6abcc2eea29b86e3f038aee0 Signed-off-by: Jaegeuk Kim (cherry picked from commit 19df15400ee76df1938ae95d2f92217ce776a956) --- prebuilts/api/26.0/public/property.te | 1 + prebuilts/api/27.0/public/property.te | 1 + prebuilts/api/28.0/public/property.te | 1 + prebuilts/api/29.0/public/property.te | 2 ++ prebuilts/api/29.0/public/property_contexts | 2 ++ public/property.te | 1 + public/property_contexts | 2 ++ public/vold.te | 1 + 8 files changed, 11 insertions(+) diff --git a/prebuilts/api/26.0/public/property.te b/prebuilts/api/26.0/public/property.te index d6fa86801..232872cdc 100644 --- a/prebuilts/api/26.0/public/property.te +++ b/prebuilts/api/26.0/public/property.te @@ -1,6 +1,7 @@ type asan_reboot_prop, property_type; type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_prop, property_type; type config_prop, property_type, core_property_type; type cppreopt_prop, property_type, core_property_type; diff --git a/prebuilts/api/27.0/public/property.te b/prebuilts/api/27.0/public/property.te index 95efcaa78..2c716c53c 100644 --- a/prebuilts/api/27.0/public/property.te +++ b/prebuilts/api/27.0/public/property.te @@ -1,5 +1,6 @@ type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_prop, property_type; type config_prop, property_type, core_property_type; type cppreopt_prop, property_type, core_property_type; diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te index b0397e957..a4f0d87a1 100644 --- a/prebuilts/api/28.0/public/property.te +++ b/prebuilts/api/28.0/public/property.te @@ -1,5 +1,6 @@ type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_a2dp_offload_prop, property_type; type bluetooth_prop, property_type; type bootloader_boot_reason_prop, property_type; diff --git a/prebuilts/api/29.0/public/property.te b/prebuilts/api/29.0/public/property.te index cea50aca0..4ccd8ac85 100644 --- a/prebuilts/api/29.0/public/property.te +++ b/prebuilts/api/29.0/public/property.te @@ -1,6 +1,7 @@ type apexd_prop, property_type; type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_a2dp_offload_prop, property_type; type bluetooth_audio_hal_prop, property_type; type bluetooth_prop, property_type; @@ -361,6 +362,7 @@ compatible_property_only(` -bluetooth_prop -bootloader_boot_reason_prop -boottime_prop + -boottime_public_prop -bpf_progs_loaded_prop -config_prop -cppreopt_prop diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts index 9944ae93d..865502e07 100644 --- a/prebuilts/api/29.0/public/property_contexts +++ b/prebuilts/api/29.0/public/property_contexts @@ -215,6 +215,8 @@ ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string ro.boot.console u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string diff --git a/public/property.te b/public/property.te index cfaa1905f..c3b9f8c4f 100644 --- a/public/property.te +++ b/public/property.te @@ -69,6 +69,7 @@ compatible_property_only(` system_restricted_prop(binder_cache_bluetooth_server_prop) system_restricted_prop(binder_cache_system_server_prop) system_restricted_prop(binder_cache_telephony_server_prop) +system_restricted_prop(boottime_public_prop) system_restricted_prop(bq_config_prop) system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) diff --git a/public/property_contexts b/public/property_contexts index 86f6f0305..d0ea764af 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -234,6 +234,8 @@ ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string ro.boot.console u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string diff --git a/public/vold.te b/public/vold.te index e17113da0..9b465b9de 100644 --- a/public/vold.te +++ b/public/vold.te @@ -205,6 +205,7 @@ set_prop(vold, ctl_fuse_prop) set_prop(vold, restorecon_prop) set_prop(vold, ota_prop) set_prop(vold, boottime_prop) +set_prop(vold, boottime_public_prop) # ASEC allow vold asec_image_file:file create_file_perms; From bfceeabe3cfc9ba664283d8019c44b89586067f9 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Thu, 5 Mar 2020 09:41:37 -0800 Subject: [PATCH 035/163] Allow vndservicemanager to self-register. This is useful for tools like dumpsys, so that they work on all services equally as well. Also, so that there is no difference with the regular service manager. Bug: 150579832 Test: 'adb shell /vendor/bin/dumpsys -l' shows 'manager' Test: denial is no longer present: 03-05 12:23:47.346 221 221 E SELinux : avc: denied { add } for pid=221 uid=1000 name=manager scontext=u:r:vndservicemanager:s0 tcontext=u:object_r:service_manager_vndservice:s0 tclass=service_manager permissive=0 Change-Id: Id6126e8277462a2c4d5f6022ab67a4bacaa3241e (cherry picked from commit 52a96cc7dd2385b1c341e4a02842ed575cbc0652) --- private/compat/29.0/29.0.ignore.cil | 2 ++ public/vndservice.te | 1 + vendor/vndservice_contexts | 1 + vendor/vndservicemanager.te | 2 ++ 4 files changed, 6 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 14a3a5dba..e0123ae49 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -80,6 +80,7 @@ art_apex_dir rebootescrow_hal_prop service_manager_service + service_manager_vndservice simpleperf snapshotctl_log_data_file socket_hook_prop @@ -109,4 +110,5 @@ vendor_install_recovery vendor_install_recovery_exec vendor_socket_hook_prop + vendor_socket_hook_prop virtual_ab_prop)) diff --git a/public/vndservice.te b/public/vndservice.te index 0d309bf71..efd9adf92 100644 --- a/public/vndservice.te +++ b/public/vndservice.te @@ -1 +1,2 @@ +type service_manager_vndservice, vndservice_manager_type; type default_android_vndservice, vndservice_manager_type; diff --git a/vendor/vndservice_contexts b/vendor/vndservice_contexts index 4cca2fb65..068056f53 100644 --- a/vendor/vndservice_contexts +++ b/vendor/vndservice_contexts @@ -1 +1,2 @@ +manager u:object_r:service_manager_vndservice:s0 * u:object_r:default_android_vndservice:s0 diff --git a/vendor/vndservicemanager.te b/vendor/vndservicemanager.te index 6e5c391f8..497e027b0 100644 --- a/vendor/vndservicemanager.te +++ b/vendor/vndservicemanager.te @@ -13,6 +13,8 @@ allow vndservicemanager vndbinder_device:chr_file rw_file_perms; # Read vndservice_contexts allow vndservicemanager vndservice_contexts_file:file r_file_perms; +add_service(vndservicemanager, service_manager_vndservice) + # Start lazy services set_prop(vndservicemanager, ctl_interface_start_prop) From 2f5e44eb49b2bb6206b18f6d641b32724b230744 Mon Sep 17 00:00:00 2001 From: Jaegeuk Kim Date: Tue, 3 Mar 2020 19:40:41 -0800 Subject: [PATCH 036/163] sepolicy: introduce boottime props in public Bug: 146053177 Bug: 146053658 Bug: 149844577 Change-Id: Iddfefedc4538044c6abcc2eea29b86e3f038aee0 Merged-In: Iddfefedc4538044c6abcc2eea29b86e3f038aee0 Signed-off-by: Jaegeuk Kim --- prebuilts/api/26.0/public/property.te | 1 + prebuilts/api/27.0/public/property.te | 1 + prebuilts/api/28.0/public/property.te | 1 + prebuilts/api/29.0/public/property.te | 2 ++ prebuilts/api/29.0/public/property_contexts | 2 ++ public/property.te | 1 + public/property_contexts | 2 ++ public/vold.te | 1 + 8 files changed, 11 insertions(+) diff --git a/prebuilts/api/26.0/public/property.te b/prebuilts/api/26.0/public/property.te index d6fa86801..232872cdc 100644 --- a/prebuilts/api/26.0/public/property.te +++ b/prebuilts/api/26.0/public/property.te @@ -1,6 +1,7 @@ type asan_reboot_prop, property_type; type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_prop, property_type; type config_prop, property_type, core_property_type; type cppreopt_prop, property_type, core_property_type; diff --git a/prebuilts/api/27.0/public/property.te b/prebuilts/api/27.0/public/property.te index 95efcaa78..2c716c53c 100644 --- a/prebuilts/api/27.0/public/property.te +++ b/prebuilts/api/27.0/public/property.te @@ -1,5 +1,6 @@ type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_prop, property_type; type config_prop, property_type, core_property_type; type cppreopt_prop, property_type, core_property_type; diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te index b0397e957..a4f0d87a1 100644 --- a/prebuilts/api/28.0/public/property.te +++ b/prebuilts/api/28.0/public/property.te @@ -1,5 +1,6 @@ type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_a2dp_offload_prop, property_type; type bluetooth_prop, property_type; type bootloader_boot_reason_prop, property_type; diff --git a/prebuilts/api/29.0/public/property.te b/prebuilts/api/29.0/public/property.te index cea50aca0..4ccd8ac85 100644 --- a/prebuilts/api/29.0/public/property.te +++ b/prebuilts/api/29.0/public/property.te @@ -1,6 +1,7 @@ type apexd_prop, property_type; type audio_prop, property_type, core_property_type; type boottime_prop, property_type; +type boottime_public_prop, property_type; type bluetooth_a2dp_offload_prop, property_type; type bluetooth_audio_hal_prop, property_type; type bluetooth_prop, property_type; @@ -361,6 +362,7 @@ compatible_property_only(` -bluetooth_prop -bootloader_boot_reason_prop -boottime_prop + -boottime_public_prop -bpf_progs_loaded_prop -config_prop -cppreopt_prop diff --git a/prebuilts/api/29.0/public/property_contexts b/prebuilts/api/29.0/public/property_contexts index 9944ae93d..865502e07 100644 --- a/prebuilts/api/29.0/public/property_contexts +++ b/prebuilts/api/29.0/public/property_contexts @@ -215,6 +215,8 @@ ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string ro.boot.console u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string diff --git a/public/property.te b/public/property.te index 21e220d6c..d7c1f4eaf 100644 --- a/public/property.te +++ b/public/property.te @@ -67,6 +67,7 @@ compatible_property_only(` # Properties used by binder caches system_restricted_prop(binder_cache_bluetooth_server_prop) system_restricted_prop(binder_cache_system_server_prop) +system_restricted_prop(boottime_public_prop) system_restricted_prop(bq_config_prop) system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) diff --git a/public/property_contexts b/public/property_contexts index a81373fd7..5640aa4c8 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -234,6 +234,8 @@ ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string ro.boot.console u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string diff --git a/public/vold.te b/public/vold.te index e17113da0..9b465b9de 100644 --- a/public/vold.te +++ b/public/vold.te @@ -205,6 +205,7 @@ set_prop(vold, ctl_fuse_prop) set_prop(vold, restorecon_prop) set_prop(vold, ota_prop) set_prop(vold, boottime_prop) +set_prop(vold, boottime_public_prop) # ASEC allow vold asec_image_file:file create_file_perms; From 745f9caa6f48a5e175b7c266b2e9b6d192093b23 Mon Sep 17 00:00:00 2001 From: Roopesh Nataraja Date: Mon, 24 Feb 2020 18:48:00 -0800 Subject: [PATCH 037/163] sepolicy: Add context for ro.boot.product.vendor.sku ro.boot.product.vendor.sku can be set and read in vendor. This property can be used to differentiate configuration at runtime. Bug : 148582757 Test: Set this property in vendor and use it for building capabilities via SystemConfig. Change-Id: I4ac29097f26e2f19b90b0d001820bb9144963d21 (cherry picked from commit efff8e2820d032276197ca088cd1c7382891bed2) Merged-In: I4ac29097f26e2f19b90b0d001820bb9144963d21 --- public/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/public/property_contexts b/public/property_contexts index a81373fd7..7d6bfa701 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -306,6 +306,7 @@ ro.board.platform u:object_r:exported_default_prop:s0 exact string ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string +ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int From 0058302270e279477281e3093d345727ae6fc39a Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 11 Mar 2020 16:00:08 +0800 Subject: [PATCH 038/163] gmscore_app: suppress denials on /mnt Bug: 149543390 Bug: 149062700 Bug: 151195371 Test: boot with no gmscore_app avc error Change-Id: I70f20b88ce5b9e017e644cdbb5dc81f798c61640 --- private/gmscore_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/private/gmscore_app.te b/private/gmscore_app.te index b70a39795..235532676 100644 --- a/private/gmscore_app.te +++ b/private/gmscore_app.te @@ -56,6 +56,7 @@ dontaudit gmscore_app sysfs_loop:file r_file_perms; dontaudit gmscore_app wifi_prop:file r_file_perms; dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms; dontaudit gmscore_app mirror_data_file:dir search; +dontaudit gmscore_app mnt_vendor_file:dir search; # Access the network net_domain(gmscore_app) From 7f400c6841528818709fdbca36f598da2abec19f Mon Sep 17 00:00:00 2001 From: Hongyi Zhang Date: Thu, 27 Feb 2020 14:05:05 -0800 Subject: [PATCH 039/163] Whitelist prop persist.device_config.configuration. For system prop flags from DeviceConfig namespace "Configuration". Test: Build and run on local device Bug: 149420506 Change-Id: If4196b4bf231e7c52f98b92cc0031a08dad06120 Merged-In: If4196b4bf231e7c52f98b92cc0031a08dad06120 --- private/compat/29.0/29.0.ignore.cil | 1 + private/property_contexts | 1 + private/system_server.te | 1 + public/flags_health_check.te | 1 + public/property.te | 1 + 5 files changed, 5 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index b4d39bb2e..9d5684fec 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -39,6 +39,7 @@ device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop + device_config_configuration_prop exported_camera_prop file_integrity_service fwk_automotive_display_hwservice diff --git a/private/property_contexts b/private/property_contexts index cba09a536..9175d10fe 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -203,6 +203,7 @@ persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_na persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0 persist.device_config.storage_native_boot. u:object_r:device_config_storage_native_boot_prop:s0 persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0 +persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0 # Properties that relate to legacy server configurable flags persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0 diff --git a/private/system_server.te b/private/system_server.te index c9f5821f6..3b72518c3 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -636,6 +636,7 @@ set_prop(system_server, device_config_media_native_prop) set_prop(system_server, device_config_storage_native_boot_prop) set_prop(system_server, device_config_sys_traced_prop) set_prop(system_server, device_config_window_manager_native_boot_prop) +set_prop(system_server, device_config_configuration_prop) # BootReceiver to read ro.boot.bootreason get_prop(system_server, bootloader_boot_reason_prop) diff --git a/public/flags_health_check.te b/public/flags_health_check.te index cf33ce7d9..6315d44e4 100644 --- a/public/flags_health_check.te +++ b/public/flags_health_check.te @@ -13,6 +13,7 @@ set_prop(flags_health_check, device_config_media_native_prop) set_prop(flags_health_check, device_config_storage_native_boot_prop) set_prop(flags_health_check, device_config_sys_traced_prop) set_prop(flags_health_check, device_config_window_manager_native_boot_prop) +set_prop(flags_health_check, device_config_configuration_prop) allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms; allow flags_health_check server_configurable_flags_data_file:file create_file_perms; diff --git a/public/property.te b/public/property.te index d7c1f4eaf..65281ea45 100644 --- a/public/property.te +++ b/public/property.te @@ -12,6 +12,7 @@ system_internal_prop(device_config_runtime_native_prop) system_internal_prop(device_config_storage_native_boot_prop) system_internal_prop(device_config_sys_traced_prop) system_internal_prop(device_config_window_manager_native_boot_prop) +system_internal_prop(device_config_configuration_prop) system_internal_prop(firstboot_prop) system_internal_prop(gsid_prop) system_internal_prop(init_perf_lsm_hooks_prop) From 83502bfba9be53009349c823d2ac9f018d79052b Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Mon, 9 Mar 2020 19:48:37 +0900 Subject: [PATCH 040/163] Merge public/property_contexts into private Originally public/property_contexts was introduced to create a whitelist of system properties which can be accessed from vendor, and to be used from VTS to ensure that the whitelist isn't modified. But it doesn't fit well on sepolicy public/private split as the split isn't for stability, but for letting vendor compile their sepolicy with public types. Also it doesn't make sense only to check the whitelist on VTS, because platform internal ones must also be unchanged. This commit merges public/property_contexts into private as before. This gives consistency with other context files such as file_contexts which are already containing entries for vendor but are only defined in private. This also simplifies property_contexts as there will be only one property_contexts file. Another benefit is that VTS will check all entries defined by system, not only exported ones. Bug: 150331497 Test: m && run VtsTrebleSysProp manually Change-Id: Ib9429e27b645ef21a36946fbaea069a718c3c6eb Merged-In: Ib9429e27b645ef21a36946fbaea069a718c3c6eb (cherry picked from commit 31391fa78e5da1ed29d5bccd4d46165b69adcbfb) --- private/property_contexts | 572 ++++++++++++++++++++++++++++++++++++++ public/property_contexts | 457 ------------------------------ 2 files changed, 572 insertions(+), 457 deletions(-) delete mode 100644 public/property_contexts diff --git a/private/property_contexts b/private/property_contexts index 9175d10fe..e48836278 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -246,3 +246,575 @@ persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 # by devices with video decoding pipelines long enough to overflow the default # history size. ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 + +# vendor-init-readable +persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int + +# vendor-init-settable +af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int + +audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool +audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool +audio.offload.video u:object_r:exported3_default_prop:s0 exact bool +audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int + +camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool +camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int + +dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int + +drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool + +keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool + +media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool + +media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string +media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool + +persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string +persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool +persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool +persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool + +persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string + +persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int +persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int +persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int + +persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string + +persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string +persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool +persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool +persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int +persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string +persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int + +pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool +pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int +pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string + +ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int + +ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int + +ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool + +ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool + +ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string +ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string + +ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string + +ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int +ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool + +ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool +ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool + +ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string +ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int +ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string +ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool +ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string + +ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string + +ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int + +ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool +ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int +ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool +ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string + +ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string + +ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool + +ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string +ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool + +ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string +ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool + +ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int +ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int +ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.low u:object_r:exported3_default_prop:s0 exact int +ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int +ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int +ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int +ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int +ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int + +ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string +ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int +ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string + +ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int + +ro.opengles.version u:object_r:exported3_default_prop:s0 exact int + +ro.radio.noril u:object_r:exported3_default_prop:s0 exact string + +ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string + +ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string + +ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool + +ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool +ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int + +ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool + +ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool +ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int +ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string + +ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string + +ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string + +ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int +ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int +ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int + +ro.zygote u:object_r:exported3_default_prop:s0 exact string + +sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string + +sys.usb.controller u:object_r:exported2_system_prop:s0 exact string +sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int +sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int +sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool +sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int +sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool +sys.usb.state u:object_r:exported2_system_prop:s0 exact string + +telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int + +tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int + +vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int + +vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool + +wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded + +zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool + +# vendor-init-readable +apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready + +dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool + +persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string +persist.sys.theme u:object_r:theme_prop:s0 exact string +persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string + +sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool +sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int +sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool +sys.vdso u:object_r:exported3_system_prop:s0 exact string + +# vendor-init-settable +persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool + +sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string +sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int + +# public-readable +aac_drc_boost u:object_r:exported2_default_prop:s0 exact int +aac_drc_cut u:object_r:exported2_default_prop:s0 exact int +aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int +aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int +aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int + +build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int + +ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int + +drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool + +dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool +dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool + +hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool + +init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string +init.svc.console u:object_r:exported2_default_prop:s0 exact string +init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string +init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string +init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string +init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string +init.svc.zygote u:object_r:exported2_default_prop:s0 exact string + +libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string +libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string +libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string + +net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool + +persist.sys.locale u:object_r:exported_system_prop:s0 exact string +persist.sys.timezone u:object_r:exported_system_prop:s0 exact string +persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool + +ro.adb.secure u:object_r:exported_secure_prop:s0 exact int + +ro.arch u:object_r:exported2_default_prop:s0 exact string + +ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool + +ro.baseband u:object_r:exported2_default_prop:s0 exact string + +ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string +ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string +ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string +ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string +ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boot.console u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string +ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string +ro.boot.mode u:object_r:exported2_default_prop:s0 exact string +ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string +ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string +ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string +ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string +ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string + +ro.bootloader u:object_r:exported2_default_prop:s0 exact string + +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string + +ro.build.date u:object_r:exported2_default_prop:s0 exact string +ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int +ro.build.description u:object_r:exported2_default_prop:s0 exact string +ro.build.display.id u:object_r:exported2_default_prop:s0 exact string +ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string +ro.build.host u:object_r:exported2_default_prop:s0 exact string +ro.build.id u:object_r:exported2_default_prop:s0 exact string +ro.build.product u:object_r:exported2_default_prop:s0 exact string +ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool +ro.build.tags u:object_r:exported2_default_prop:s0 exact string +ro.build.user u:object_r:exported2_default_prop:s0 exact string +ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string +ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string +ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string +ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int +ro.build.version.release u:object_r:exported2_default_prop:s0 exact string +ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string +ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int +ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string + +ro.crypto.state u:object_r:exported_vold_prop:s0 exact string +ro.crypto.type u:object_r:exported_vold_prop:s0 exact string + +ro.debuggable u:object_r:exported2_default_prop:s0 exact int + +ro.hardware u:object_r:exported2_default_prop:s0 exact string + +ro.product.brand u:object_r:exported2_default_prop:s0 exact string +ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string +ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string +ro.product.device u:object_r:exported2_default_prop:s0 exact string +ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string +ro.product.model u:object_r:exported2_default_prop:s0 exact string +ro.product.name u:object_r:exported2_default_prop:s0 exact string + +ro.property_service.version u:object_r:exported2_default_prop:s0 exact int + +ro.revision u:object_r:exported2_default_prop:s0 exact string + +ro.secure u:object_r:exported_secure_prop:s0 exact int + +ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool + +service.bootanim.exit u:object_r:exported_system_prop:s0 exact int + +sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int +sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool +sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool + +vold.decrypt u:object_r:exported_vold_prop:s0 exact string + +# vendor-init-settable|public-readable +aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int +aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int +aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int +aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int +aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int +aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int + +config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool + +gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string + +media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool + +persist.rcs.supported u:object_r:exported_default_prop:s0 exact int + +rcs.publish.status u:object_r:exported_radio_prop:s0 exact string + +ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string + +ro.board.platform u:object_r:exported_default_prop:s0 exact string + +ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int +ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string +ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string +ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string +ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string + +ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string +ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string + +ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool + +ro.build.ab_update u:object_r:exported_default_prop:s0 exact string +ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string +ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string + +ro.carrier u:object_r:exported_default_prop:s0 exact string + +ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool +ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int + +ro.frp.pst u:object_r:exported_default_prop:s0 exact string + +ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string +ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string +ro.hardware.camera u:object_r:exported_default_prop:s0 exact string +ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string +ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string +ro.hardware.egl u:object_r:exported_default_prop:s0 exact string +ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.hardware.flp u:object_r:exported_default_prop:s0 exact string +ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string +ro.hardware.gps u:object_r:exported_default_prop:s0 exact string +ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string +ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string +ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string +ro.hardware.input u:object_r:exported_default_prop:s0 exact string +ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string +ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string +ro.hardware.lights u:object_r:exported_default_prop:s0 exact string +ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string +ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string +ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string +ro.hardware.power u:object_r:exported_default_prop:s0 exact string +ro.hardware.radio u:object_r:exported_default_prop:s0 exact string +ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string +ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string +ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string +ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string +ro.hardware.type u:object_r:exported_default_prop:s0 exact string +ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string +ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string +ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string +ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string + +ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool + +ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool +ro.kernel.qemu. u:object_r:exported_default_prop:s0 +ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int + +ro.odm.build.date u:object_r:exported_default_prop:s0 exact string +ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string + +ro.oem.key1 u:object_r:exported_default_prop:s0 exact string + +ro.product.board u:object_r:exported_default_prop:s0 exact string +ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string +ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string +ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int +ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string +ro.product.odm.device u:object_r:exported_default_prop:s0 exact string +ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string +ro.product.odm.model u:object_r:exported_default_prop:s0 exact string +ro.product.odm.name u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string +ro.product.vndk.version u:object_r:vndk_prop:s0 exact string + +ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted + +ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string +ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string + +ro.vndk.lite u:object_r:vndk_prop:s0 exact bool +ro.vndk.version u:object_r:vndk_prop:s0 exact string + +ro.vts.coverage u:object_r:exported_default_prop:s0 exact int + +wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string +wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string +wifi.direct.interface u:object_r:exported_default_prop:s0 exact string +wifi.interface u:object_r:exported_default_prop:s0 exact string + +ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool + +ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool + +# public-readable +ro.boot.revision u:object_r:exported2_default_prop:s0 exact string + +ro.bootmode u:object_r:exported2_default_prop:s0 exact string + +ro.build.type u:object_r:exported2_default_prop:s0 exact string + +sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string + +# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable +ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool + +# Binder cache properties. These are world-readable +cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0 +cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0 +cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0 +cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0 +cache_key.display_info u:object_r:binder_cache_system_server_prop:s0 +cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0 +cache_key.package_info u:object_r:binder_cache_system_server_prop:s0 + +cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string +cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string +cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string diff --git a/public/property_contexts b/public/property_contexts deleted file mode 100644 index 167b360b6..000000000 --- a/public/property_contexts +++ /dev/null @@ -1,457 +0,0 @@ -# vendor-init-readable -persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int - -# vendor-init-settable -af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int -audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool -audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool -audio.offload.video u:object_r:exported3_default_prop:s0 exact bool -audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int -camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool -camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int -dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string -dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int -dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool -dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int -drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool -keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool -media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool -media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string -media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool -persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string -persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool -persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool -persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool -persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string -persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int -persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int -persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int -persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string -persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string -persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool -persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool -persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int -persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string -persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int -pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string -pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string -pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string -pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool -pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int -pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string -pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string -pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string -pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string -ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int -ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int -ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool -ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool -ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string -ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string -ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string -ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int -ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool -ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool -ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool -ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string -ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int -ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string -ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool -ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string -ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string -ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int -ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool -ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int -ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool -ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string -ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string -ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool -ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string -ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool -ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string -ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool -ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int -ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool -ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool -ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int -ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool -ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int -ro.lmk.low u:object_r:exported3_default_prop:s0 exact int -ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int -ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int -ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int -ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int -ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int -ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int -ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool -ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int -ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string -ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int -ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string -ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int -ro.opengles.version u:object_r:exported3_default_prop:s0 exact int -ro.radio.noril u:object_r:exported3_default_prop:s0 exact string -ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string -ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string -ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool -ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool -ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int -ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool -ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool -ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int -ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string -ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string -ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string -ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int -ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int -ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int -ro.zygote u:object_r:exported3_default_prop:s0 exact string -sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string -sys.usb.controller u:object_r:exported2_system_prop:s0 exact string -sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int -sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int -sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool -sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int -sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool -sys.usb.state u:object_r:exported2_system_prop:s0 exact string -telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int -tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int -vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int -vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool -wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded -zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool - -# vendor-init-readable -apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready -dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool -persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string -persist.sys.theme u:object_r:theme_prop:s0 exact string -persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string -sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool -sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int -sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool -sys.vdso u:object_r:exported3_system_prop:s0 exact string - -# vendor-init-settable -persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool -sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string -sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int - -# public-readable -aac_drc_boost u:object_r:exported2_default_prop:s0 exact int -aac_drc_cut u:object_r:exported2_default_prop:s0 exact int -aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int -aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int -aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int -build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int -ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int -drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool -dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool -dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool -hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool -init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string -init.svc.console u:object_r:exported2_default_prop:s0 exact string -init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string -init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string -init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string -init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string -init.svc.zygote u:object_r:exported2_default_prop:s0 exact string -libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string -libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string -libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string -net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool -persist.sys.locale u:object_r:exported_system_prop:s0 exact string -persist.sys.timezone u:object_r:exported_system_prop:s0 exact string -persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool -ro.adb.secure u:object_r:exported_secure_prop:s0 exact int -ro.arch u:object_r:exported2_default_prop:s0 exact string -ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool -ro.baseband u:object_r:exported2_default_prop:s0 exact string -ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string -ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string -ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string -ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string -ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string -ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string -ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string -ro.boot.console u:object_r:exported2_default_prop:s0 exact string -ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string -ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string -ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string -ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string -ro.boot.mode u:object_r:exported2_default_prop:s0 exact string -ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string -ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string -ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string -ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string -ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string -ro.bootloader u:object_r:exported2_default_prop:s0 exact string -ro.build.date u:object_r:exported2_default_prop:s0 exact string -ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int -ro.build.description u:object_r:exported2_default_prop:s0 exact string -ro.build.display.id u:object_r:exported2_default_prop:s0 exact string -ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string -ro.build.host u:object_r:exported2_default_prop:s0 exact string -ro.build.id u:object_r:exported2_default_prop:s0 exact string -ro.build.product u:object_r:exported2_default_prop:s0 exact string -ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool -ro.build.tags u:object_r:exported2_default_prop:s0 exact string -ro.build.user u:object_r:exported2_default_prop:s0 exact string -ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string -ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string -ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string -ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int -ro.build.version.release u:object_r:exported2_default_prop:s0 exact string -ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string -ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int -ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string -ro.crypto.state u:object_r:exported_vold_prop:s0 exact string -ro.crypto.type u:object_r:exported_vold_prop:s0 exact string -ro.debuggable u:object_r:exported2_default_prop:s0 exact int -ro.hardware u:object_r:exported2_default_prop:s0 exact string -ro.product.brand u:object_r:exported2_default_prop:s0 exact string -ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string -ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string -ro.product.device u:object_r:exported2_default_prop:s0 exact string -ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string -ro.product.model u:object_r:exported2_default_prop:s0 exact string -ro.product.name u:object_r:exported2_default_prop:s0 exact string -ro.property_service.version u:object_r:exported2_default_prop:s0 exact int -ro.revision u:object_r:exported2_default_prop:s0 exact string -ro.secure u:object_r:exported_secure_prop:s0 exact int -ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool -service.bootanim.exit u:object_r:exported_system_prop:s0 exact int -sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int -sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool -sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool -vold.decrypt u:object_r:exported_vold_prop:s0 exact string - -# vendor-init-settable|public-readable -aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int -aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int -aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int -aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int -aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int -aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int -config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool -gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string -media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool -persist.rcs.supported u:object_r:exported_default_prop:s0 exact int -rcs.publish.status u:object_r:exported_radio_prop:s0 exact string -ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string -ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string -ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string -ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string -ro.board.platform u:object_r:exported_default_prop:s0 exact string -ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int -ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string -ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string -ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string -ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string -ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string -ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int -ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string -ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool -ro.build.ab_update u:object_r:exported_default_prop:s0 exact string -ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string -ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string -ro.carrier u:object_r:exported_default_prop:s0 exact string -ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool -ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int -ro.frp.pst u:object_r:exported_default_prop:s0 exact string -ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string -ro.hardware.audio u:object_r:exported_default_prop:s0 exact string -ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string -ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string -ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string -ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string -ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string -ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string -ro.hardware.camera u:object_r:exported_default_prop:s0 exact string -ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string -ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string -ro.hardware.egl u:object_r:exported_default_prop:s0 exact string -ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string -ro.hardware.flp u:object_r:exported_default_prop:s0 exact string -ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string -ro.hardware.gps u:object_r:exported_default_prop:s0 exact string -ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string -ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string -ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string -ro.hardware.input u:object_r:exported_default_prop:s0 exact string -ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string -ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string -ro.hardware.lights u:object_r:exported_default_prop:s0 exact string -ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string -ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string -ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string -ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string -ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string -ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string -ro.hardware.power u:object_r:exported_default_prop:s0 exact string -ro.hardware.radio u:object_r:exported_default_prop:s0 exact string -ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string -ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string -ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string -ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string -ro.hardware.type u:object_r:exported_default_prop:s0 exact string -ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string -ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string -ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string -ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string -ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool -ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool -ro.kernel.qemu. u:object_r:exported_default_prop:s0 -ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int -ro.odm.build.date u:object_r:exported_default_prop:s0 exact string -ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int -ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string -ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string -ro.oem.key1 u:object_r:exported_default_prop:s0 exact string -ro.product.board u:object_r:exported_default_prop:s0 exact string -ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string -ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string -ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int -ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string -ro.product.odm.device u:object_r:exported_default_prop:s0 exact string -ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string -ro.product.odm.model u:object_r:exported_default_prop:s0 exact string -ro.product.odm.name u:object_r:exported_default_prop:s0 exact string -ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string -ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string -ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string -ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string -ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string -ro.product.vndk.version u:object_r:vndk_prop:s0 exact string -ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted -ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string -ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int -ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string -ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string -ro.vndk.lite u:object_r:vndk_prop:s0 exact bool -ro.vndk.version u:object_r:vndk_prop:s0 exact string -ro.vts.coverage u:object_r:exported_default_prop:s0 exact int -wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string -wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string -wifi.direct.interface u:object_r:exported_default_prop:s0 exact string -wifi.interface u:object_r:exported_default_prop:s0 exact string -ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool -ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool - -# public-readable -ro.boot.revision u:object_r:exported2_default_prop:s0 exact string -ro.bootmode u:object_r:exported2_default_prop:s0 exact string -ro.build.type u:object_r:exported2_default_prop:s0 exact string -sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string - -# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable -ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact string -ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 exact string -ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 exact string -ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 exact string -ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 exact string -ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool -ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool - -# Binder cache properties. These are world-readable -cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0 -cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0 -cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0 -cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0 -cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0 -cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0 -cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0 -cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0 -cache_key.display_info u:object_r:binder_cache_system_server_prop:s0 -cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0 -cache_key.package_info u:object_r:binder_cache_system_server_prop:s0 - -cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string -cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string -cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string From 59b996c2774d51625eabcb409f79934c6da1d2cd Mon Sep 17 00:00:00 2001 From: Ryan Savitski Date: Wed, 11 Mar 2020 21:49:43 +0000 Subject: [PATCH 041/163] perfetto: fix missing fd:use for producer-supplied shared memory The previous attempt (aosp/1225417) had a missing piece: while we allowed traced to use the shared memory, we haven't allowed it to use the file descriptors in the producers' domains. Since the shared memory is being transferred as an fd (obtained from memfd_create), the service ends up hitting a denial (see below for an example). We ended up missing the general case as we only tested with the shell domain at the time, and traced is already allowed to use shell's fds for other reasons. To reiterate, the tracing service treats producers as inherently untrusted/adversarial, so its implementation should never attempt to use a file descriptor that isn't otherwise validated (such as checking seals for the memfds). Example denial from a chromium apk that is exercising this path: traced : type=1400 audit(0.0:80): avc: denied { use } for path=2F6D656D66643A706572666574746F5F73686D656D202864656C6574656429 dev="tmpfs" ino=151536 scontext=u:r:traced:s0 tcontext=u:r:untrusted_app_29:s0:c136,c256,c512,c768 tclass=fd permissive=0 (deobfuscated path in the denial: /memfd:perfetto_shmem (deleted)) Tested: experimental chromium apk no longer crashes when trying to hand over shared memory to traced Bug: 148841422 Merged-In: I7390fb174e2083ba7693c3160da44b4cfa7b1c8b Change-Id: I7390fb174e2083ba7693c3160da44b4cfa7b1c8b (cherry picked from commit 3baeb1ea805293d6c2a76379474a7958b8757dad) --- public/te_macros | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/public/te_macros b/public/te_macros index a9dea9222..5afb791d3 100644 --- a/public/te_macros +++ b/public/te_macros @@ -767,6 +767,11 @@ define(`perfetto_producer', ` allow $1 traced:fd use; allow $1 traced_tmpfs:file { read write getattr map }; unix_socket_connect($1, traced_producer, traced) + + # Also allow the service to use the producer file descriptors. This is + # necessary when the producer is creating the shared memory, as it will be + # passed to the service as a file descriptor (obtained from memfd_create). + allow traced $1:fd use; ') ########################################### From 158e176c5aca6dd0969586f62a86f00827fe96b0 Mon Sep 17 00:00:00 2001 From: "A. Cody Schuffelen" Date: Tue, 18 Feb 2020 15:26:44 -0800 Subject: [PATCH 042/163] Add sepolicy for the securityfs mount type. See discussion in aosp/1233645. There was a concern about this filesystem automounting when enabled, so this change adds sepolicy to preemptively lock it down. I'm not confident it actually automounts. If it does, it'll land in /sys/kernel/security, which is also protected with the sysfs policy. Test: Builds Bug: 148102533 Change-Id: I78a246a5c18953f2471f84367ab383afb2742908 Merged-In: I78a246a5c18953f2471f84367ab383afb2742908 --- private/compat/29.0/29.0.ignore.cil | 1 + private/genfs_contexts | 2 ++ public/file.te | 1 + 3 files changed, 4 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 9d5684fec..7a9c0d09e 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -80,6 +80,7 @@ prereboot_data_file art_apex_dir rebootescrow_hal_prop + securityfs service_manager_service service_manager_vndservice simpleperf diff --git a/private/genfs_contexts b/private/genfs_contexts index ccf678452..828929f4c 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -291,6 +291,8 @@ genfscon debugfs /tracing/events/ftrace/print/ genfscon debugfs /kcov u:object_r:debugfs_kcov:s0 +genfscon securityfs / u:object_r:securityfs:s0 + genfscon binder /binder u:object_r:binder_device:s0 genfscon binder /hwbinder u:object_r:hwbinder_device:s0 genfscon binder /vndbinder u:object_r:vndbinder_device:s0 diff --git a/public/file.te b/public/file.te index 58386c148..462e71d21 100644 --- a/public/file.te +++ b/public/file.te @@ -137,6 +137,7 @@ type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject; type debugfs_tracing_instances, fs_type, debugfs_type; type debugfs_wakeup_sources, fs_type, debugfs_type; type debugfs_wifi_tracing, fs_type, debugfs_type; +type securityfs, fs_type; type pstorefs, fs_type; type functionfs, fs_type, mlstrustedobject; From 3bd53a9ceecc37c79090c59776408b3d4733b036 Mon Sep 17 00:00:00 2001 From: Nikita Ioffe Date: Thu, 12 Mar 2020 14:45:00 +0000 Subject: [PATCH 043/163] Add userspace_reboot_test_prop This property type represents properties used in CTS tests of userspace reboot. For example, test.userspace_reboot.requested property which is used to check that userspace reboot was successful and didn't result in full reboot, e.g.: * before test setprop test.userspace_reboot.requested 1 * adb reboot userspace * wait for boot to complete * verify that value of test.userspace_reboot.requested is still 1 Test: adb shell setprop test.userspace_reboot.requested 1 Bug: 150901232 Change-Id: I45d187f386149cec08318ea8545ab864b5810ca8 --- private/compat/29.0/29.0.ignore.cil | 1 + private/domain.te | 1 + private/property_contexts | 1 + private/shell.te | 4 ++++ public/property.te | 9 +++++++++ 5 files changed, 16 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 9d5684fec..3091e466c 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -103,6 +103,7 @@ userspace_reboot_config_prop userspace_reboot_exported_prop userspace_reboot_log_prop + userspace_reboot_test_prop vehicle_hal_prop tv_tuner_resource_mgr_service vendor_apex_file diff --git a/private/domain.te b/private/domain.te index 32b40c179..3f5bbaad5 100644 --- a/private/domain.te +++ b/private/domain.te @@ -101,6 +101,7 @@ compatible_property_only(` get_prop({coredomain appdomain shell}, userspace_reboot_config_prop) get_prop({coredomain shell}, userspace_reboot_exported_prop) get_prop({coredomain shell}, userspace_reboot_log_prop) + get_prop({coredomain shell}, userspace_reboot_test_prop) get_prop({domain -coredomain -appdomain}, vendor_default_prop) ') diff --git a/private/property_contexts b/private/property_contexts index 9175d10fe..1eb2d70c9 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -91,6 +91,7 @@ sys.boot.reason u:object_r:system_boot_reason_prop:s0 sys.boot.reason.last u:object_r:last_boot_reason_prop:s0 pm. u:object_r:pm_prop:s0 test.sys.boot.reason u:object_r:test_boot_reason_prop:s0 +test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0 sys.lmk. u:object_r:system_lmk_prop:s0 sys.trace. u:object_r:system_trace_prop:s0 diff --git a/private/shell.te b/private/shell.te index 2c69f95ee..76ff0734d 100644 --- a/private/shell.te +++ b/private/shell.te @@ -73,6 +73,10 @@ allow shell rs_exec:file rx_file_perms; set_prop(shell, lpdumpd_prop); binder_call(shell, lpdumpd) +# Allow shell to set and read value of properties used for CTS tests of +# userspace reboot +set_prop(shell, userspace_reboot_test_prop) + # Allow shell to get encryption policy of /data/local/tmp/, for CTS allowxperm shell shell_data_file:dir ioctl { FS_IOC_GET_ENCRYPTION_POLICY diff --git a/public/property.te b/public/property.te index 65281ea45..7c1d5fa1a 100644 --- a/public/property.te +++ b/public/property.te @@ -21,6 +21,7 @@ system_internal_prop(last_boot_reason_prop) system_internal_prop(netd_stable_secret_prop) system_internal_prop(pm_prop) system_internal_prop(userspace_reboot_log_prop) +system_internal_prop(userspace_reboot_test_prop) system_internal_prop(system_adbd_prop) system_internal_prop(adbd_prop) system_internal_prop(traced_perf_enabled_prop) @@ -587,3 +588,11 @@ neverallow { } { adbd_prop }:property_service set; + +neverallow { + # Only allow init and shell to set userspace_reboot_test_prop + -init + -shell +} { + userspace_reboot_test_prop +}:property_service set; From 4c671592be8c8162768d873ba161c64124df8cd8 Mon Sep 17 00:00:00 2001 From: Nicolas Geoffray Date: Wed, 11 Mar 2020 15:26:27 +0000 Subject: [PATCH 044/163] Revert "Sepolicy: Allow system_server_startup to load dalvikcache artifacts" Bug: 128688902 Bug: 150032912 Test: boots This reverts commit e0743120774eb46a53c417eb21483d2b7302cd53. (cherry-picked from commit 86111c9cd58015dceee0b8687fff1456442a976a) Merged-In: Ib3871142a200ac64268eb02db98d3260758a4677 Change-Id: Ia625dbef3dd18cd06d827149d2b18c55fd076eaf --- private/system_server_startup.te | 7 ------- 1 file changed, 7 deletions(-) diff --git a/private/system_server_startup.te b/private/system_server_startup.te index f1427a9e2..902941ed4 100644 --- a/private/system_server_startup.te +++ b/private/system_server_startup.te @@ -7,13 +7,6 @@ tmpfs_domain(system_server_startup) allow system_server_startup self:process execmem; allow system_server_startup system_server_startup_tmpfs:file { execute read write open map }; -# Allow to pick up integrity-checked artifacts from the dalvik cache. -allow system_server_startup dalvikcache_data_file:dir r_dir_perms; -allow system_server_startup dalvikcache_data_file:file { r_file_perms execute }; - -# While doing the above, will touch the apex mount dir. -allow system_server_startup mnt_expand_file:dir getattr; - # Allow system_server_startup to run setcon() and enter the # system_server domain allow system_server_startup self:process setcurrent; From a72384503c816a3d5b01ce11b9e1987de1834d3a Mon Sep 17 00:00:00 2001 From: Brian Lindahl Date: Mon, 9 Mar 2020 11:57:26 +0100 Subject: [PATCH 045/163] Add system property to allow GPU composition to occur at a lower resolution am: 43bf7eaa48 am: bff19526a3 am: aa7a5cac26 am: daf2732db2 am: 0f25e156ef Bug: 144574809 Test: Tested with sysprop disabled, and tested backport in Android Q with sysprop enabled. Merged-In: Ife63c21a6e959d16e796d57956dd7dda2f5d383e Change-Id: Iba0c100a623aae2f57ee927a4e893dce7fc9ef73 (cherry picked from commit 19a768430214fc765a3b9d887e95b676c455f1c6) --- public/property_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/public/property_contexts b/public/property_contexts index 70e57d4ea..8f1cf2dac 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -413,6 +413,8 @@ ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_defau ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.max_graphics_height u:object_r:exported3_default_prop:s0 exact int +ro.surface_flinger.max_graphics_width u:object_r:exported3_default_prop:s0 exact int ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact string ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int From 4ba30457406824d6c9350b77e1b6dee60cfd6a60 Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Tue, 17 Mar 2020 18:30:34 -0700 Subject: [PATCH 046/163] [selinux] permissions on new ioctls for filling blocks Denial messages: 03-17 20:30:54.274 1445 1445 I PackageInstalle: type=1400 audit(0.0:6): avc: denied { ioctl } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F313134353234353836342F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 ioctlcmd=0x6721 scontext=u:r:system_server:s0 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1 03-17 20:30:54.274 1445 1445 I PackageInstalle: type=1400 audit(0.0:7): avc: denied { ioctl } for path="/data/incremental/MT_data_incremental_tmp_1145245864/mount/.index/2b300000000000000000000000000000" dev="incremental-fs" ino=6794 ioctlcmd=0x6720 scontext=u:r:system_server:s0 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 03-17 20:49:11.797 16182 16182 I Binder:16182_6: type=1400 audit(0.0:13): avc: denied { ioctl } for path=2F646174612F696E6372656D656E74616C2F4D545F646174615F696E6372656D656E74616C5F746D705F3537383539353635322F6D6F756E742F2E70656E64696E675F7265616473202864656C6574656429 dev="incremental-fs" ino=2 ioctlcmd=0x6721 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:incremental_control_file:s0 tclass=file permissive=1 app=com.android.vending 03-17 20:49:11.797 16182 16182 I Binder:16182_6: type=1400 audit(0.0:14): avc: denied { ioctl } for path="/data/incremental/MT_data_incremental_tmp_578595652/mount/.index/626173652e61706b0000000000000000" dev="incremental-fs" ino=5810 ioctlcmd=0x6720 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:apk_data_file:s0 tclass=file permissive=1 app=com.android.vending Test: manual BUG: 150809360 Change-Id: If43fa9edad0848a59c0712b124adfcdbbd0c99a4 --- private/priv_app.te | 10 +++++++--- private/system_server.te | 8 ++++---- public/ioctl_defines | 2 ++ 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/private/priv_app.te b/private/priv_app.te index dd4d5c744..db28bec95 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -147,11 +147,15 @@ allow priv_app system_server:udp_socket { connect getattr read recvfrom sendto write getopt setopt }; # allow apps like Phonesky to check the file signature of an apk installed on -# the Incremental File System -allowxperm priv_app apk_data_file:file ioctl INCFS_IOCTL_READ_SIGNATURE; +# the Incremental File System, and fill missing blocks in the apk +allowxperm priv_app apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS }; # allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System -allow priv_app incremental_control_file:file { read getattr }; +allow priv_app incremental_control_file:file { read getattr ioctl }; + +# allow apps like Phonesky to request permission to fill blocks of an apk file +# on the Incremental File System. +allowxperm priv_app incremental_control_file:file ioctl INCFS_IOCTL_PERMIT_FILL; ### ### neverallow rules diff --git a/private/system_server.te b/private/system_server.te index 3b72518c3..5533d4275 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -24,12 +24,12 @@ allow system_server appdomain_tmpfs:file { getattr map read write }; # For Incremental Service to check if incfs is available allow system_server proc_filesystems:file r_file_perms; -# To create files on Incremental File System +# To create files and get permission to fill blocks on Incremental File System allow system_server incremental_control_file:file { ioctl r_file_perms }; -allowxperm system_server incremental_control_file:file ioctl INCFS_IOCTL_CREATE_FILE; +allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL }; -# To get signature of an APK installed on Incremental File System -allowxperm system_server apk_data_file:file ioctl INCFS_IOCTL_READ_SIGNATURE; +# To get signature of an APK installed on Incremental File System and fill in data blocks +allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS }; # For art. allow system_server dalvikcache_data_file:dir r_dir_perms; diff --git a/public/ioctl_defines b/public/ioctl_defines index 4eeeb4e37..4cc3bba51 100644 --- a/public/ioctl_defines +++ b/public/ioctl_defines @@ -1057,6 +1057,8 @@ define(`IMHOLD_L1', `0x80044948') define(`IMSETDEVNAME', `0x80184947') define(`INCFS_IOCTL_CREATE_FILE', `0x0000671e') define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f') +define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720') +define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721') define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501') define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502') define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500') From 42c7d8966cc5f76c84c001c5af787cbfade736c8 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Wed, 4 Mar 2020 17:20:35 +0900 Subject: [PATCH 047/163] Move system property rules to private public/property split is landed to selectively export public types to vendors. So rules happening within system should be in private. This introduces private/property.te and moves all allow and neverallow rules from any coredomains to system defiend properties. Bug: 150331497 Test: system/sepolicy/tools/build_policies.sh Change-Id: I0d929024ae9f4ae3830d4bf3d59e999febb22cbe --- private/adbd.te | 3 + private/apexd.te | 4 + private/asan_extract.te | 7 +- private/bootanim.te | 3 + private/bootstat.te | 30 ++++ private/charger.te | 9 + private/dhcp.te | 3 + private/domain.te | 7 + private/dumpstate.te | 11 ++ private/fastbootd.te | 24 +++ private/flags_health_check.te | 24 +++ private/gatekeeperd.te | 3 + private/healthd.te | 7 + private/hwservicemanager.te | 1 + private/lmkd.te | 3 + private/logd.te | 3 + private/mediaextractor.te | 2 + private/mediaserver.te | 2 + private/mediaswcodec.te | 1 + private/netd.te | 13 ++ private/property.te | 321 +++++++++++++++++++++++++++++++++ private/radio.te | 10 ++ private/recovery.te | 23 +++ private/shell.te | 50 ++++++ private/traceur_app.te | 5 + private/ueventd.te | 4 + private/uncrypt.te | 3 + private/update_engine.te | 6 + private/update_verifier.te | 6 + private/usbd.te | 3 + private/vold.te | 11 ++ private/wificond.te | 6 + public/adbd.te | 3 - public/apexd.te | 4 - public/asan_extract.te | 3 - public/bootanim.te | 4 - public/bootstat.te | 31 ---- public/charger.te | 9 - public/dhcp.te | 3 - public/domain.te | 7 - public/dumpstate.te | 10 -- public/fastbootd.te | 16 -- public/flags_health_check.te | 24 --- public/gatekeeperd.te | 3 - public/healthd.te | 7 - public/hwservicemanager.te | 2 - public/lmkd.te | 3 - public/logd.te | 3 - public/mediaextractor.te | 2 - public/mediaserver.te | 2 - public/mediaswcodec.te | 2 - public/netd.te | 13 -- public/property.te | 326 +--------------------------------- public/radio.te | 10 -- public/recovery.te | 18 -- public/shell.te | 48 ----- public/traceur_app.te | 5 - public/ueventd.te | 4 - public/uncrypt.te | 3 - public/update_engine.te | 6 - public/update_verifier.te | 6 - public/usbd.te | 3 - public/vold.te | 11 -- public/wificond.te | 5 - 64 files changed, 610 insertions(+), 594 deletions(-) create mode 100644 private/property.te diff --git a/private/adbd.te b/private/adbd.te index 89fa1f9e2..f7504df07 100644 --- a/private/adbd.te +++ b/private/adbd.te @@ -90,6 +90,9 @@ set_prop(adbd, exported_ffs_prop) # Set service.adb.tls.port, persist.adb.wifi. properties set_prop(adbd, adbd_prop) +# Allow adbd start/stop mdnsd via ctl.start +set_prop(adbd, ctl_mdnsd_prop) + # Access device logging gating property get_prop(adbd, device_logging_prop) diff --git a/private/apexd.te b/private/apexd.te index 9e702dd91..c03790cd2 100644 --- a/private/apexd.te +++ b/private/apexd.te @@ -155,3 +155,7 @@ neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:f neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms; neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms; + +# only apexd can set apexd sysprop +set_prop(apexd, apexd_prop) +neverallow { domain -apexd -init } apexd_prop:property_service set; diff --git a/private/asan_extract.te b/private/asan_extract.te index 1c20d78ec..69bcd5010 100644 --- a/private/asan_extract.te +++ b/private/asan_extract.te @@ -3,6 +3,9 @@ # Technically not a daemon but we do want the transition from init domain to # asan_extract to occur. with_asan(` -typeattribute asan_extract coredomain; -init_daemon_domain(asan_extract) + typeattribute asan_extract coredomain; + init_daemon_domain(asan_extract) + + # We need to signal a reboot when done. + set_prop(asan_extract, powerctl_prop) ') diff --git a/private/bootanim.te b/private/bootanim.te index 20ff1934b..fd95e4173 100644 --- a/private/bootanim.te +++ b/private/bootanim.te @@ -4,3 +4,6 @@ init_daemon_domain(bootanim) # b/68864350 dontaudit bootanim unlabeled:dir search; + +# Read ro.boot.bootreason b/30654343 +get_prop(bootanim, bootloader_boot_reason_prop) diff --git a/private/bootstat.te b/private/bootstat.te index 806144cf6..da3179b1e 100644 --- a/private/bootstat.te +++ b/private/bootstat.te @@ -1,3 +1,33 @@ typeattribute bootstat coredomain; init_daemon_domain(bootstat) + +# Collect metrics on boot time created by init +get_prop(bootstat, boottime_prop) + +# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) +set_prop(bootstat, bootloader_boot_reason_prop) +set_prop(bootstat, system_boot_reason_prop) +set_prop(bootstat, last_boot_reason_prop) + +neverallow { + domain + -bootanim + -bootstat + -dumpstate + -init + -recovery + -shell + -system_server +} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; +# ... and refine, as these components should not set the last boot reason +neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; + +neverallow { + domain + -bootstat + -init + -system_server +} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; +# ... and refine ... for a ro propertly no less ... keep this _tight_ +neverallow system_server bootloader_boot_reason_prop:property_service set; diff --git a/private/charger.te b/private/charger.te index 65109deff..13d1b14f9 100644 --- a/private/charger.te +++ b/private/charger.te @@ -1 +1,10 @@ typeattribute charger coredomain; + +# charger needs to tell init to continue the boot +# process when running in charger mode. +set_prop(charger, system_prop) +set_prop(charger, exported_system_prop) +set_prop(charger, exported2_system_prop) +set_prop(charger, exported3_system_prop) + +get_prop(charger, charger_prop) diff --git a/private/dhcp.te b/private/dhcp.te index b2f8ac7c7..8ec9111d6 100644 --- a/private/dhcp.te +++ b/private/dhcp.te @@ -2,3 +2,6 @@ typeattribute dhcp coredomain; init_daemon_domain(dhcp) type_transition dhcp system_data_file:{ dir file } dhcp_data_file; + +set_prop(dhcp, dhcp_prop) +set_prop(dhcp, pan_result_prop) diff --git a/private/domain.te b/private/domain.te index 3f5bbaad5..adb0218b3 100644 --- a/private/domain.te +++ b/private/domain.te @@ -369,3 +369,10 @@ neverallow { # This property is being removed. Remove remaining access. neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set; neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read; + +# Only core domains are allowed to access package_manager properties +neverallow { domain -init -system_server } pm_prop:property_service set; +neverallow { domain -coredomain } pm_prop:file no_rw_file_perms; + +# Do not allow reading the last boot timestamp from system properties +neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms; diff --git a/private/dumpstate.te b/private/dumpstate.te index 72e508e86..0eff540e4 100644 --- a/private/dumpstate.te +++ b/private/dumpstate.te @@ -50,6 +50,17 @@ allow dumpstate proc_net_tcp_udp:file r_file_perms; # For comminucating with the system process to do confirmation ui. binder_call(dumpstate, incidentcompanion_service) +# Set properties. +# dumpstate_prop is used to share state with the Shell app. +set_prop(dumpstate, dumpstate_prop) +set_prop(dumpstate, exported_dumpstate_prop) + +# dumpstate_options_prop is used to pass extra command-line args. +set_prop(dumpstate, dumpstate_options_prop) + +# Allow dumpstate to kill vendor dumpstate service by init +set_prop(dumpstate, ctl_dumpstate_prop) + # For dumping dynamic partition information. set_prop(dumpstate, lpdumpd_prop) binder_call(dumpstate, lpdumpd) diff --git a/private/fastbootd.te b/private/fastbootd.te index 29a9157e6..49994b76b 100644 --- a/private/fastbootd.te +++ b/private/fastbootd.te @@ -1 +1,25 @@ typeattribute fastbootd coredomain; + +# The allow rules are only included in the recovery policy. +# Otherwise fastbootd is only allowed the domain rules. +recovery_only(` + # Reboot the device + set_prop(fastbootd, powerctl_prop) + + # Read serial number of the device from system properties + get_prop(fastbootd, serialno_prop) + + # Set sys.usb.ffs.ready. + set_prop(fastbootd, ffs_prop) + set_prop(fastbootd, exported_ffs_prop) + + userdebug_or_eng(` + get_prop(fastbootd, persistent_properties_ready_prop) + ') + + set_prop(fastbootd, gsid_prop) + + # Determine allocation scheme (whether B partitions needs to be + # at the second half of super. + get_prop(fastbootd, virtual_ab_prop) +') diff --git a/private/flags_health_check.te b/private/flags_health_check.te index fb41aff79..18dde091b 100644 --- a/private/flags_health_check.te +++ b/private/flags_health_check.te @@ -1,3 +1,27 @@ typeattribute flags_health_check coredomain; init_daemon_domain(flags_health_check) + +set_prop(flags_health_check, device_config_boot_count_prop) +set_prop(flags_health_check, device_config_reset_performed_prop) +set_prop(flags_health_check, device_config_runtime_native_boot_prop) +set_prop(flags_health_check, device_config_runtime_native_prop) +set_prop(flags_health_check, device_config_input_native_boot_prop) +set_prop(flags_health_check, device_config_netd_native_prop) +set_prop(flags_health_check, device_config_activity_manager_native_boot_prop) +set_prop(flags_health_check, device_config_media_native_prop) +set_prop(flags_health_check, device_config_storage_native_boot_prop) +set_prop(flags_health_check, device_config_sys_traced_prop) +set_prop(flags_health_check, device_config_window_manager_native_boot_prop) +set_prop(flags_health_check, device_config_configuration_prop) + +# system property device_config_boot_count_prop is used for deciding when to perform server +# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a +# wrong timing, trigger server configurable flag related disaster recovery, which will override +# server configured values of all flags with default values. +neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set; + +# system property device_config_reset_performed_prop is used for indicating whether server +# configurable flags have been reset during booting. Mistakenly modified by unrelated components can +# cause bad server configurable flags synced back to device. +neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set; diff --git a/private/gatekeeperd.te b/private/gatekeeperd.te index 5e4d0a2e9..2fb88a3bb 100644 --- a/private/gatekeeperd.te +++ b/private/gatekeeperd.te @@ -1,3 +1,6 @@ typeattribute gatekeeperd coredomain; init_daemon_domain(gatekeeperd) + +# For checking whether GSI is running +get_prop(gatekeeperd, gsid_prop) diff --git a/private/healthd.te b/private/healthd.te index 20d079173..921d33ff9 100644 --- a/private/healthd.te +++ b/private/healthd.te @@ -4,3 +4,10 @@ init_daemon_domain(healthd) # Allow healthd to serve health HAL hal_server_domain(healthd, hal_health) + +# Healthd needs to tell init to continue the boot +# process when running in charger mode. +set_prop(healthd, system_prop) +set_prop(healthd, exported_system_prop) +set_prop(healthd, exported2_system_prop) +set_prop(healthd, exported3_system_prop) diff --git a/private/hwservicemanager.te b/private/hwservicemanager.te index 0705cc711..e1fde43f2 100644 --- a/private/hwservicemanager.te +++ b/private/hwservicemanager.te @@ -6,3 +6,4 @@ add_hwservice(hwservicemanager, hidl_manager_hwservice) add_hwservice(hwservicemanager, hidl_token_hwservice) set_prop(hwservicemanager, ctl_interface_start_prop) +set_prop(hwservicemanager, hwservicemanager_prop) diff --git a/private/lmkd.te b/private/lmkd.te index a07ce879c..724605138 100644 --- a/private/lmkd.te +++ b/private/lmkd.te @@ -1,3 +1,6 @@ typeattribute lmkd coredomain; init_daemon_domain(lmkd) + +# Set sys.lmk.* properties. +set_prop(lmkd, system_lmk_prop) diff --git a/private/logd.te b/private/logd.te index ca92e2061..7112c4f83 100644 --- a/private/logd.te +++ b/private/logd.te @@ -2,6 +2,9 @@ typeattribute logd coredomain; init_daemon_domain(logd) +# Access device logging gating property +get_prop(logd, device_logging_prop) + # logd is not allowed to write anywhere other than /data/misc/logd, and then # only on userdebug or eng builds neverallow logd { diff --git a/private/mediaextractor.te b/private/mediaextractor.te index 2e654d689..7f626c440 100644 --- a/private/mediaextractor.te +++ b/private/mediaextractor.te @@ -5,3 +5,5 @@ tmpfs_domain(mediaextractor) allow mediaextractor appdomain_tmpfs:file { getattr map read write }; allow mediaextractor mediaserver_tmpfs:file { getattr map read write }; allow mediaextractor system_server_tmpfs:file { getattr map read write }; + +get_prop(mediaextractor, device_config_media_native_prop) diff --git a/private/mediaserver.te b/private/mediaserver.te index c55e54a94..32dfc0052 100644 --- a/private/mediaserver.te +++ b/private/mediaserver.te @@ -12,3 +12,5 @@ hal_client_domain(mediaserver, hal_omx) hal_client_domain(mediaserver, hal_codec2) allow mediaserver mediatranscoding_service:service_manager find; + +set_prop(mediaserver, audio_prop) diff --git a/private/mediaswcodec.te b/private/mediaswcodec.te index 50f569875..cef802d3d 100644 --- a/private/mediaswcodec.te +++ b/private/mediaswcodec.te @@ -2,3 +2,4 @@ typeattribute mediaswcodec coredomain; init_daemon_domain(mediaswcodec) +get_prop(mediaswcodec, device_config_media_native_prop) diff --git a/private/netd.te b/private/netd.te index 41473b73d..27663d3a3 100644 --- a/private/netd.te +++ b/private/netd.te @@ -17,7 +17,12 @@ allow netd bpfloader:bpf { prog_run map_read map_write }; # TODO: Remove this permission when 4.9 kernel is deprecated. allow netd self:key_socket create; +set_prop(netd, ctl_mdnsd_prop) +set_prop(netd, netd_stable_secret_prop) + get_prop(netd, bpf_progs_loaded_prop) +get_prop(netd, hwservicemanager_prop) +get_prop(netd, device_config_netd_native_prop) # Allow netd to write to statsd. unix_socket_send(netd, statsdw, statsd) @@ -28,3 +33,11 @@ binder_call(netd, network_stack) # Allow netd to send dump info to dumpstate allow netd dumpstate:fd use; allow netd dumpstate:fifo_file { getattr write }; + +# persist.netd.stable_secret contains RFC 7217 secret key which should never be +# leaked to other processes. Make sure it never leaks. +neverallow { domain -netd -init -dumpstate } netd_stable_secret_prop:file r_file_perms; + +# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret, +# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy. +neverallow { domain -netd -init } netd_stable_secret_prop:property_service set; diff --git a/private/property.te b/private/property.te new file mode 100644 index 000000000..be865f1c4 --- /dev/null +++ b/private/property.te @@ -0,0 +1,321 @@ +### +### Neverallow rules +### + +treble_sysprop_neverallow(` + +# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties +# neverallow domain { +# property_type +# -system_property_type +# -product_property_type +# -vendor_property_type +# }:file no_rw_file_perms; + +neverallow { domain -coredomain } { + system_property_type + system_internal_property_type + -system_restricted_property_type + -system_public_property_type +}:file no_rw_file_perms; + +neverallow { domain -coredomain } { + system_property_type + -system_public_property_type +}:property_service set; + +# init is in coredomain, but should be able to read/write all props. +# dumpstate is also in coredomain, but should be able to read all props. +neverallow { coredomain -init -dumpstate } { + vendor_property_type + vendor_internal_property_type + -vendor_restricted_property_type + -vendor_public_property_type +}:file no_rw_file_perms; + +neverallow { coredomain -init } { + vendor_property_type + -vendor_public_property_type +}:property_service set; + +') + +# There is no need to perform ioctl or advisory locking operations on +# property files. If this neverallow is being triggered, it is +# likely that the policy is using r_file_perms directly instead of +# the get_prop() macro. +neverallow domain property_type:file { ioctl lock }; + +neverallow * { + core_property_type + -audio_prop + -config_prop + -cppreopt_prop + -dalvik_prop + -debuggerd_prop + -debug_prop + -default_prop + -dhcp_prop + -dumpstate_prop + -ffs_prop + -fingerprint_prop + -logd_prop + -net_radio_prop + -nfc_prop + -ota_prop + -pan_result_prop + -persist_debug_prop + -powerctl_prop + -radio_prop + -restorecon_prop + -shell_prop + -system_prop + -system_radio_prop + -vold_prop +}:file no_rw_file_perms; + +# sigstop property is only used for debugging; should only be set by su which is permissive +# for userdebug/eng +neverallow { + domain + -init + -vendor_init +} ctl_sigstop_prop:property_service set; + +# Don't audit legacy ctl. property handling. We only want the newer permission check to appear +# in the audit log +dontaudit domain { + ctl_bootanim_prop + ctl_bugreport_prop + ctl_console_prop + ctl_default_prop + ctl_dumpstate_prop + ctl_fuse_prop + ctl_mdnsd_prop + ctl_rildaemon_prop +}:property_service set; + +neverallow { + domain + -init +} init_svc_debug_prop:property_service set; + +neverallow { + domain + -init + -dumpstate + userdebug_or_eng(`-su') +} init_svc_debug_prop:file no_rw_file_perms; + +compatible_property_only(` +# Prevent properties from being set + neverallow { + domain + -coredomain + -appdomain + -vendor_init + } { + core_property_type + extended_core_property_type + exported_config_prop + exported_dalvik_prop + exported_default_prop + exported_dumpstate_prop + exported_ffs_prop + exported_fingerprint_prop + exported_system_prop + exported_system_radio_prop + exported_vold_prop + exported2_config_prop + exported2_default_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_system_prop + -nfc_prop + -powerctl_prop + -radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_nfc_server + } { + nfc_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + -vendor_init + } { + exported_radio_prop + exported3_radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + } { + exported2_radio_prop + radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + } { + bluetooth_prop + }:property_service set; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + -vendor_init + } { + exported_bluetooth_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_camera_server + -cameraserver + -vendor_init + } { + exported_camera_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + } { + wifi_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + -vendor_init + } { + exported_wifi_prop + }:property_service set; + +# Prevent properties from being read + neverallow { + domain + -coredomain + -appdomain + -vendor_init + } { + core_property_type + extended_core_property_type + exported_dalvik_prop + exported_ffs_prop + exported_system_radio_prop + exported2_config_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_system_prop + -debug_prop + -logd_prop + -nfc_prop + -powerctl_prop + -radio_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -appdomain + -hal_nfc_server + } { + nfc_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + } { + radio_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + } { + bluetooth_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + } { + wifi_prop + }:file no_rw_file_perms; +') + +compatible_property_only(` + # Neverallow coredomain to set vendor properties + neverallow { + coredomain + -init + -system_writes_vendor_properties_violators + } { + property_type + -system_property_type + -extended_core_property_type + }:property_service set; +') + +neverallow { + -init + -system_server +} { + userspace_reboot_log_prop +}:property_service set; + +neverallow { + # Only allow init and system_server to set system_adbd_prop + -init + -system_server +} { + system_adbd_prop +}:property_service set; + +neverallow { + # Only allow init and adbd to set adbd_prop + -init + -adbd +} { + adbd_prop +}:property_service set; + +neverallow { + # Only allow init and shell to set userspace_reboot_test_prop + -init + -shell +} { + userspace_reboot_test_prop +}:property_service set; diff --git a/private/radio.te b/private/radio.te index 17a4fdd7b..9b2e9dbdd 100644 --- a/private/radio.te +++ b/private/radio.te @@ -4,6 +4,16 @@ app_domain(radio) read_runtime_log_tags(radio) +# Property service +set_prop(radio, radio_prop) +set_prop(radio, exported_radio_prop) +set_prop(radio, exported2_radio_prop) +set_prop(radio, exported3_radio_prop) +set_prop(radio, net_radio_prop) + +# ctl interface +set_prop(radio, ctl_rildaemon_prop) + # Telephony code contains time / time zone detection logic so it reads the associated properties. get_prop(radio, time_prop) diff --git a/private/recovery.te b/private/recovery.te index 2a7fdc7e1..eee1698e2 100644 --- a/private/recovery.te +++ b/private/recovery.te @@ -1 +1,24 @@ typeattribute recovery coredomain; + +# The allow rules are only included in the recovery policy. +# Otherwise recovery is only allowed the domain rules. +recovery_only(` + # Reboot the device + set_prop(recovery, powerctl_prop) + + # Read serial number of the device from system properties + get_prop(recovery, serialno_prop) + + # Set sys.usb.ffs.ready when starting minadbd for sideload. + set_prop(recovery, ffs_prop) + set_prop(recovery, exported_ffs_prop) + + # Set sys.usb.config when switching into fastboot. + set_prop(recovery, system_radio_prop) + set_prop(recovery, exported_system_radio_prop) + + # Read ro.boot.bootreason + get_prop(recovery, bootloader_boot_reason_prop) + + set_prop(recovery, gsid_prop) +') diff --git a/private/shell.te b/private/shell.te index 76ff0734d..63757ebba 100644 --- a/private/shell.te +++ b/private/shell.te @@ -1,3 +1,4 @@ + typeattribute shell coredomain; # allow shell input injection @@ -90,3 +91,52 @@ allow shell simpleperf_exec:file rx_file_perms; # not the whole system. allow shell self:perf_event { open read write kernel }; neverallow shell self:perf_event ~{ open read write kernel }; + +# Set properties. +set_prop(shell, shell_prop) +set_prop(shell, ctl_bugreport_prop) +set_prop(shell, ctl_dumpstate_prop) +set_prop(shell, dumpstate_prop) +set_prop(shell, exported_dumpstate_prop) +set_prop(shell, debug_prop) +set_prop(shell, powerctl_prop) +set_prop(shell, log_tag_prop) +set_prop(shell, wifi_log_prop) +# Allow shell to start/stop traced via the persist.traced.enable +# property (which also takes care of /data/misc initialization). +set_prop(shell, traced_enabled_prop) +# adjust is_loggable properties +userdebug_or_eng(`set_prop(shell, log_prop)') +# logpersist script +userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)') +# Allow shell to start/stop heapprofd via the persist.heapprofd.enable +# property. +set_prop(shell, heapprofd_enabled_prop) +# Allow shell to start/stop traced_perf via the persist.traced_perf.enable +# property. +set_prop(shell, traced_perf_enabled_prop) +# Allow shell to start/stop gsid via ctl.start|stop|restart gsid. +set_prop(shell, ctl_gsid_prop) +# Allow shell to enable Dynamic System Update +set_prop(shell, dynamic_system_prop) +# Allow shell to mock an OTA using persist.pm.mock-upgrade +set_prop(shell, mock_ota_prop) + +# Read device's serial number from system properties +get_prop(shell, serialno_prop) + +# Allow shell to read the vendor security patch level for CTS +get_prop(shell, vendor_security_patch_level_prop) + +# Read state of logging-related properties +get_prop(shell, device_logging_prop) + +# Read state of boot reason properties +get_prop(shell, bootloader_boot_reason_prop) +get_prop(shell, last_boot_reason_prop) +get_prop(shell, system_boot_reason_prop) + +# Allow reading the outcome of perf_event_open LSM support test for CTS. +get_prop(shell, init_perf_lsm_hooks_prop) + +userdebug_or_eng(`set_prop(shell, persist_debug_prop)') diff --git a/private/traceur_app.te b/private/traceur_app.te index 94841df10..b7e58ba40 100644 --- a/private/traceur_app.te +++ b/private/traceur_app.te @@ -20,3 +20,8 @@ allow traceur_app perfetto_exec:file rx_file_perms; unix_socket_connect(traceur_app, traced_consumer, traced) dontaudit traceur_app debugfs_tracing_debug:file audit_access; + +# Allow Traceur to enable traced if necessary. +set_prop(traceur_app, traced_enabled_prop) + +set_prop(traceur_app, debug_prop) diff --git a/private/ueventd.te b/private/ueventd.te index 1bd67735e..8bcdbf95a 100644 --- a/private/ueventd.te +++ b/private/ueventd.te @@ -1,3 +1,7 @@ typeattribute ueventd coredomain; tmpfs_domain(ueventd) + +# ueventd can set properties, particularly it sets ro.cold_boot_done to signal +# to init that cold boot has completed. +set_prop(ueventd, cold_boot_done_prop) diff --git a/private/uncrypt.te b/private/uncrypt.te index e4e9224d9..1a94cd1e5 100644 --- a/private/uncrypt.te +++ b/private/uncrypt.te @@ -1,3 +1,6 @@ typeattribute uncrypt coredomain; init_daemon_domain(uncrypt) + +# Set a property to reboot the device. +set_prop(uncrypt, powerctl_prop) diff --git a/private/update_engine.te b/private/update_engine.te index e4e700919..a76ab49e1 100644 --- a/private/update_engine.te +++ b/private/update_engine.te @@ -5,3 +5,9 @@ init_daemon_domain(update_engine); # Allow to talk to gsid. allow update_engine gsi_service:service_manager find; binder_call(update_engine, gsid) + +# Allow to start gsid service. +set_prop(update_engine, ctl_gsid_prop) + +# Allow to set the OTA related properties, e.g. ota.warm_reset. +set_prop(update_engine, ota_prop) diff --git a/private/update_verifier.te b/private/update_verifier.te index 1b934d980..5e1b27bf8 100644 --- a/private/update_verifier.te +++ b/private/update_verifier.te @@ -1,3 +1,9 @@ typeattribute update_verifier coredomain; init_daemon_domain(update_verifier) + +# Allow update_verifier to reboot the device. +set_prop(update_verifier, powerctl_prop) + +# Allow to set the OTA related properties e.g. ota.warm_reset. +set_prop(update_verifier, ota_prop) diff --git a/private/usbd.te b/private/usbd.te index 13a0ad7a6..42f23244e 100644 --- a/private/usbd.te +++ b/private/usbd.te @@ -10,3 +10,6 @@ get_prop(usbd, system_prop) # start adbd during boot if adb is enabled set_prop(usbd, ctl_default_prop) + +# Start/stop adbd via ctl.start adbd +set_prop(usbd, ctl_adbd_prop) diff --git a/private/vold.te b/private/vold.te index dea24a576..ecaf3d66b 100644 --- a/private/vold.te +++ b/private/vold.te @@ -17,3 +17,14 @@ domain_trans(vold, fsck_exec, fsck_untrusted); # from accidentally writing when the mount point isn't present. type_transition vold storage_file:dir storage_stub_file; type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; + +# Property Service +set_prop(vold, vold_prop) +set_prop(vold, exported_vold_prop) +set_prop(vold, exported2_vold_prop) +set_prop(vold, powerctl_prop) +set_prop(vold, ctl_fuse_prop) +set_prop(vold, restorecon_prop) +set_prop(vold, ota_prop) +set_prop(vold, boottime_prop) +set_prop(vold, boottime_public_prop) diff --git a/private/wificond.te b/private/wificond.te index 5476e3385..1912256ff 100644 --- a/private/wificond.te +++ b/private/wificond.te @@ -1,3 +1,9 @@ typeattribute wificond coredomain; +set_prop(wificond, exported_wifi_prop) +set_prop(wificond, wifi_prop) +set_prop(wificond, ctl_default_prop) + +get_prop(wificond, hwservicemanager_prop) + init_daemon_domain(wificond) diff --git a/public/adbd.te b/public/adbd.te index 4a1f63388..68a176ca6 100644 --- a/public/adbd.te +++ b/public/adbd.te @@ -6,6 +6,3 @@ type adbd_exec, exec_type, file_type, system_file_type; # Only init is allowed to enter the adbd domain via exec() neverallow { domain -init } adbd:process transition; neverallow * adbd:process dyntransition; - -# Allow adbd start/stop mdnsd via ctl.start -set_prop(adbd, ctl_mdnsd_prop) diff --git a/public/apexd.te b/public/apexd.te index 93c257f5f..429791f57 100644 --- a/public/apexd.te +++ b/public/apexd.te @@ -4,12 +4,8 @@ type apexd_exec, exec_type, file_type, system_file_type; binder_use(apexd) add_service(apexd, apex_service) -set_prop(apexd, apexd_prop) neverallow { domain -init -apexd -system_server } apex_service:service_manager find; neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call; neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace; - -# only apexd can set apexd sysprop -neverallow { domain -apexd -init } apexd_prop:property_service set; diff --git a/public/asan_extract.te b/public/asan_extract.te index 15c5a09fd..22da8c152 100644 --- a/public/asan_extract.te +++ b/public/asan_extract.te @@ -30,7 +30,4 @@ with_asan(` # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser). allow asan_extract system_data_file:file execute; - - # We need to signal a reboot when done. - set_prop(asan_extract, powerctl_prop) ') diff --git a/public/bootanim.te b/public/bootanim.te index e8cb98bbc..eb3eba59f 100644 --- a/public/bootanim.te +++ b/public/bootanim.te @@ -36,7 +36,3 @@ allow bootanim proc_meminfo:file r_file_perms; # System file accesses. allow bootanim system_file:dir r_dir_perms; - -# Read ro.boot.bootreason b/30654343 -get_prop(bootanim, bootloader_boot_reason_prop) - diff --git a/public/bootstat.te b/public/bootstat.te index 6143a7d2b..5079c28f1 100644 --- a/public/bootstat.te +++ b/public/bootstat.te @@ -8,13 +8,6 @@ read_runtime_log_tags(bootstat) allow bootstat bootstat_data_file:dir rw_dir_perms; allow bootstat bootstat_data_file:file create_file_perms; -# Collect metrics on boot time created by init -get_prop(bootstat, boottime_prop) - -# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) -set_prop(bootstat, bootloader_boot_reason_prop) -set_prop(bootstat, system_boot_reason_prop) -set_prop(bootstat, last_boot_reason_prop) allow bootstat metadata_file:dir search; allow bootstat metadata_bootstat_file:dir rw_dir_perms; allow bootstat metadata_bootstat_file:file create_file_perms; @@ -32,30 +25,6 @@ read_logd(bootstat) # Allow bootstat write to statsd. unix_socket_send(bootstat, statsdw, statsd) -# ToDo: end - -neverallow { - domain - -bootanim - -bootstat - -dumpstate - -init - -recovery - -shell - -system_server -} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; -# ... and refine, as these components should not set the last boot reason -neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; - -neverallow { - domain - -bootstat - -init - -system_server -} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; -# ... and refine ... for a ro propertly no less ... keep this _tight_ -neverallow system_server bootloader_boot_reason_prop:property_service set; - neverallow { domain -bootstat diff --git a/public/charger.te b/public/charger.te index 4b341ead3..f57853a90 100644 --- a/public/charger.te +++ b/public/charger.te @@ -36,13 +36,4 @@ allow charger input_device:chr_file r_file_perms; allow charger tty_device:chr_file rw_file_perms; allow charger proc_sysrq:file rw_file_perms; -# charger needs to tell init to continue the boot -# process when running in charger mode. -set_prop(charger, system_prop) -set_prop(charger, exported_system_prop) -set_prop(charger, exported2_system_prop) -set_prop(charger, exported3_system_prop) - -get_prop(charger, charger_prop) - hal_client_domain(charger, hal_health) diff --git a/public/dhcp.te b/public/dhcp.te index 4f2369d2d..67fd0389e 100644 --- a/public/dhcp.te +++ b/public/dhcp.te @@ -17,9 +17,6 @@ allow dhcp toolbox_exec:file rx_file_perms; # For /proc/sys/net/ipv4/conf/*/promote_secondaries allow dhcp proc_net_type:file write; -set_prop(dhcp, dhcp_prop) -set_prop(dhcp, pan_result_prop) - allow dhcp dhcp_data_file:dir create_dir_perms; allow dhcp dhcp_data_file:file create_file_perms; diff --git a/public/domain.te b/public/domain.te index 4bab79458..7bee8ec9f 100644 --- a/public/domain.te +++ b/public/domain.te @@ -533,10 +533,6 @@ compatible_property_only(` neverallow { domain -init -vendor_init } vendor_default_prop:property_service set; ') -# Only core domains are allowed to access package_manager properties -neverallow { domain -init -system_server } pm_prop:property_service set; -neverallow { domain -coredomain } pm_prop:file no_rw_file_perms; - compatible_property_only(` neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set; neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms; @@ -562,9 +558,6 @@ neverallow { -vendor_init } serialno_prop:file r_file_perms; -# Do not allow reading the last boot timestamp from system properties -neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms; - neverallow { domain -init diff --git a/public/dumpstate.te b/public/dumpstate.te index 1e895e440..5f27d32f8 100644 --- a/public/dumpstate.te +++ b/public/dumpstate.te @@ -258,13 +258,6 @@ allow dumpstate hwservicemanager:hwservice_manager list; allow dumpstate devpts:chr_file rw_file_perms; -# Set properties. -# dumpstate_prop is used to share state with the Shell app. -set_prop(dumpstate, dumpstate_prop) -set_prop(dumpstate, exported_dumpstate_prop) -# dumpstate_options_prop is used to pass extra command-line args. -set_prop(dumpstate, dumpstate_options_prop) - # Read any system properties get_prop(dumpstate, property_type) @@ -329,9 +322,6 @@ binder_call(dumpstate, hal_rebootescrow_server) allow hal_rebootescrow_server dumpstate:fifo_file write; allow hal_rebootescrow_server dumpstate:fd use; -# Allow dumpstate to kill vendor dumpstate service by init -set_prop(dumpstate, ctl_dumpstate_prop) - #Access /data/misc/snapshotctl_log allow dumpstate snapshotctl_log_data_file:dir r_dir_perms; allow dumpstate snapshotctl_log_data_file:file r_file_perms; diff --git a/public/fastbootd.te b/public/fastbootd.te index a0152d40a..bb18637fc 100644 --- a/public/fastbootd.te +++ b/public/fastbootd.te @@ -23,22 +23,12 @@ recovery_only(` allow fastbootd device:dir r_dir_perms; - # Reboot the device - set_prop(fastbootd, powerctl_prop) - - # Read serial number of the device from system properties - get_prop(fastbootd, serialno_prop) - # For dev/block/by-name dir allow fastbootd block_device:dir r_dir_perms; # Needed for DM_DEV_CREATE ioctl call allow fastbootd self:capability sys_admin; - # Set sys.usb.ffs.ready. - set_prop(fastbootd, ffs_prop) - set_prop(fastbootd, exported_ffs_prop) - unix_socket_connect(fastbootd, recovery, recovery) # Required for flashing @@ -106,18 +96,12 @@ recovery_only(` }:{ file lnk_file } unlink; allow fastbootd tmpfs:dir rw_dir_perms; allow fastbootd labeledfs:filesystem { mount unmount }; - get_prop(fastbootd, persistent_properties_ready_prop) ') # Allow using libfiemap/gsid directly (no binder in recovery). - set_prop(fastbootd, gsid_prop) allow fastbootd gsi_metadata_file:dir search; allow fastbootd ota_metadata_file:dir rw_dir_perms; allow fastbootd ota_metadata_file:file create_file_perms; - - # Determine allocation scheme (whether B partitions needs to be - # at the second half of super. - get_prop(fastbootd, virtual_ab_prop) ') ### diff --git a/public/flags_health_check.te b/public/flags_health_check.te index 6315d44e4..25a776813 100644 --- a/public/flags_health_check.te +++ b/public/flags_health_check.te @@ -2,33 +2,9 @@ type flags_health_check, domain, coredomain; type flags_health_check_exec, system_file_type, exec_type, file_type; -set_prop(flags_health_check, device_config_boot_count_prop) -set_prop(flags_health_check, device_config_reset_performed_prop) -set_prop(flags_health_check, device_config_runtime_native_boot_prop) -set_prop(flags_health_check, device_config_runtime_native_prop) -set_prop(flags_health_check, device_config_input_native_boot_prop) -set_prop(flags_health_check, device_config_netd_native_prop) -set_prop(flags_health_check, device_config_activity_manager_native_boot_prop) -set_prop(flags_health_check, device_config_media_native_prop) -set_prop(flags_health_check, device_config_storage_native_boot_prop) -set_prop(flags_health_check, device_config_sys_traced_prop) -set_prop(flags_health_check, device_config_window_manager_native_boot_prop) -set_prop(flags_health_check, device_config_configuration_prop) - allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms; allow flags_health_check server_configurable_flags_data_file:file create_file_perms; -# system property device_config_boot_count_prop is used for deciding when to perform server -# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a -# wrong timing, trigger server configurable flag related disaster recovery, which will override -# server configured values of all flags with default values. -neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set; - -# system property device_config_reset_performed_prop is used for indicating whether server -# configurable flags have been reset during booting. Mistakenly modified by unrelated components can -# cause bad server configurable flags synced back to device. -neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set; - # server_configurable_flags_data_file is used for storing whether server configurable flags which # have been reset during current booting. Mistakenly modified by unrelated components can # cause bad server configurable flags synced back to device. diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te index dc46d0789..e1739c273 100644 --- a/public/gatekeeperd.te +++ b/public/gatekeeperd.te @@ -35,7 +35,4 @@ allow gatekeeperd gatekeeper_data_file:file create_file_perms; # For hardware properties retrieval allow gatekeeperd hardware_properties_service:service_manager find; -# For checking whether GSI is running -get_prop(gatekeeperd, gsid_prop) - r_dir_file(gatekeeperd, cgroup) diff --git a/public/healthd.te b/public/healthd.te index 7ea23e1c3..867384640 100644 --- a/public/healthd.te +++ b/public/healthd.te @@ -47,10 +47,3 @@ allow healthd input_device:chr_file r_file_perms; allow healthd tty_device:chr_file rw_file_perms; allow healthd ashmem_device:chr_file execute; allow healthd proc_sysrq:file rw_file_perms; - -# Healthd needs to tell init to continue the boot -# process when running in charger mode. -set_prop(healthd, system_prop) -set_prop(healthd, exported_system_prop) -set_prop(healthd, exported2_system_prop) -set_prop(healthd, exported3_system_prop) diff --git a/public/hwservicemanager.te b/public/hwservicemanager.te index 7f0381564..7ec187233 100644 --- a/public/hwservicemanager.te +++ b/public/hwservicemanager.te @@ -10,8 +10,6 @@ type hwservicemanager_exec, system_file_type, exec_type, file_type; # to do this is granted in the hwbinder_use macro. allow hwservicemanager self:binder set_context_mgr; -set_prop(hwservicemanager, hwservicemanager_prop) - # Scan through /system/lib64/hw looking for installed HALs allow hwservicemanager system_file:dir r_dir_perms; diff --git a/public/lmkd.te b/public/lmkd.te index b852f4418..7c1e7411e 100644 --- a/public/lmkd.te +++ b/public/lmkd.te @@ -36,9 +36,6 @@ allow lmkd self:global_capability_class_set sys_nice; allow lmkd proc_zoneinfo:file r_file_perms; allow lmkd proc_vmstat:file r_file_perms; -# Set sys.lmk.* properties. -set_prop(lmkd, system_lmk_prop) - # live lock watchdog process allowed to look through /proc/ allow lmkd domain:dir { search open read }; allow lmkd domain:file { open read }; diff --git a/public/logd.te b/public/logd.te index 57e29d940..f8dd1640d 100644 --- a/public/logd.te +++ b/public/logd.te @@ -23,9 +23,6 @@ userdebug_or_eng(` ') allow logd runtime_event_log_tags_file:file rw_file_perms; -# Access device logging gating property -get_prop(logd, device_logging_prop) - r_dir_file(logd, domain) allow logd kernel:system syslog_mod; diff --git a/public/mediaextractor.te b/public/mediaextractor.te index 4bedb0f06..4bee4f824 100644 --- a/public/mediaextractor.te +++ b/public/mediaextractor.te @@ -37,8 +37,6 @@ allow mediaextractor ringtone_file:file { read getattr }; # scan extractor library directory to dynamically load extractors allow mediaextractor system_file:dir { read open }; -get_prop(mediaextractor, device_config_media_native_prop) - ### ### neverallow rules ### diff --git a/public/mediaserver.te b/public/mediaserver.te index 02a0eb072..832eaa3ac 100644 --- a/public/mediaserver.te +++ b/public/mediaserver.te @@ -34,8 +34,6 @@ allow mediaserver gpu_device:chr_file rw_file_perms; allow mediaserver video_device:dir r_dir_perms; allow mediaserver video_device:chr_file rw_file_perms; -set_prop(mediaserver, audio_prop) - # Read resources from open apk files passed over Binder. allow mediaserver apk_data_file:file { read getattr }; allow mediaserver asec_apk_file:file { read getattr }; diff --git a/public/mediaswcodec.te b/public/mediaswcodec.te index 2acdeeadd..992baabae 100644 --- a/public/mediaswcodec.te +++ b/public/mediaswcodec.te @@ -11,8 +11,6 @@ hal_client_domain(mediaswcodec, hal_omx) hal_client_domain(mediaswcodec, hal_allocator) hal_client_domain(mediaswcodec, hal_graphics_allocator) -get_prop(mediaswcodec, device_config_media_native_prop) - crash_dump_fallback(mediaswcodec) # mediaswcodec_server should never execute any executable without a diff --git a/public/netd.te b/public/netd.te index 8005406d6..a020a573f 100644 --- a/public/netd.te +++ b/public/netd.te @@ -81,9 +81,6 @@ allow netd system_file:file lock; # Allow netd to spawn dnsmasq in it's own domain allow netd dnsmasq:process signal; -set_prop(netd, ctl_mdnsd_prop) -set_prop(netd, netd_stable_secret_prop) - # Allow netd to publish a binder service and make binder calls. binder_use(netd) add_service(netd, netd_service) @@ -113,8 +110,6 @@ allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write n # Allow netd to register as hal server. add_hwservice(netd, system_net_netd_hwservice) hwbinder_use(netd) -get_prop(netd, hwservicemanager_prop) -get_prop(netd, device_config_netd_native_prop) ### ### Neverallow rules @@ -157,14 +152,6 @@ neverallow { neverallow { appdomain -network_stack } netd:binder call; neverallow netd { appdomain -network_stack userdebug_or_eng(`-su') }:binder call; -# persist.netd.stable_secret contains RFC 7217 secret key which should never be -# leaked to other processes. Make sure it never leaks. -neverallow { domain -netd -init -dumpstate } netd_stable_secret_prop:file r_file_perms; - -# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret, -# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy. -neverallow { domain -netd -init } netd_stable_secret_prop:property_service set; - # If an already existing file is opened with O_CREATE, the kernel might generate # a false report of a create denial. Silence these denials and make sure that # inappropriate permissions are not granted. diff --git a/public/property.te b/public/property.te index d78ec5836..e88c65e1a 100644 --- a/public/property.te +++ b/public/property.te @@ -1,4 +1,8 @@ # Properties used only in /system +# +# DO NOT ADD system_internal_prop here. +# Instead, add to private/property.te. +# TODO(b/150331497): move these to private/property.te system_internal_prop(apexd_prop) system_internal_prop(bootloader_boot_reason_prop) system_internal_prop(device_config_activity_manager_native_boot_prop) @@ -244,54 +248,6 @@ typeattribute wifi_log_prop log_property_type; allow property_type tmpfs:filesystem associate; -### -### Neverallow rules -### - -treble_sysprop_neverallow(` - -# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties -# neverallow domain { -# property_type -# -system_property_type -# -product_property_type -# -vendor_property_type -# }:file no_rw_file_perms; - -neverallow { domain -coredomain } { - system_property_type - system_internal_property_type - -system_restricted_property_type - -system_public_property_type -}:file no_rw_file_perms; - -neverallow { domain -coredomain } { - system_property_type - -system_public_property_type -}:property_service set; - -# init is in coredomain, but should be able to read/write all props. -# dumpstate is also in coredomain, but should be able to read all props. -neverallow { coredomain -init -dumpstate } { - vendor_property_type - vendor_internal_property_type - -vendor_restricted_property_type - -vendor_public_property_type -}:file no_rw_file_perms; - -neverallow { coredomain -init } { - vendor_property_type - -vendor_public_property_type -}:property_service set; - -') - -# There is no need to perform ioctl or advisory locking operations on -# property files. If this neverallow is being triggered, it is -# likely that the policy is using r_file_perms directly instead of -# the get_prop() macro. -neverallow domain property_type:file { ioctl lock }; - # core_property_type should not be used for new properties or # device specific properties. Properties with this attribute # are readable to everyone, which is overly broad and should @@ -323,277 +279,3 @@ typeattribute shell_prop core_property_type; typeattribute system_prop core_property_type; typeattribute system_radio_prop core_property_type; typeattribute vold_prop core_property_type; - -neverallow * { - core_property_type - -audio_prop - -config_prop - -cppreopt_prop - -dalvik_prop - -debuggerd_prop - -debug_prop - -default_prop - -dhcp_prop - -dumpstate_prop - -ffs_prop - -fingerprint_prop - -logd_prop - -net_radio_prop - -nfc_prop - -ota_prop - -pan_result_prop - -persist_debug_prop - -powerctl_prop - -radio_prop - -restorecon_prop - -shell_prop - -system_prop - -system_radio_prop - -vold_prop -}:file no_rw_file_perms; - -# sigstop property is only used for debugging; should only be set by su which is permissive -# for userdebug/eng -neverallow { - domain - -init - -vendor_init -} ctl_sigstop_prop:property_service set; - -# Don't audit legacy ctl. property handling. We only want the newer permission check to appear -# in the audit log -dontaudit domain { - ctl_bootanim_prop - ctl_bugreport_prop - ctl_console_prop - ctl_default_prop - ctl_dumpstate_prop - ctl_fuse_prop - ctl_mdnsd_prop - ctl_rildaemon_prop -}:property_service set; - -neverallow { - domain - -init -} init_svc_debug_prop:property_service set; - -neverallow { - domain - -init - -dumpstate - userdebug_or_eng(`-su') -} init_svc_debug_prop:file no_rw_file_perms; - -compatible_property_only(` -# Prevent properties from being set - neverallow { - domain - -coredomain - -appdomain - -vendor_init - } { - core_property_type - extended_core_property_type - exported_config_prop - exported_dalvik_prop - exported_default_prop - exported_dumpstate_prop - exported_ffs_prop - exported_fingerprint_prop - exported_system_prop - exported_system_radio_prop - exported_vold_prop - exported2_config_prop - exported2_default_prop - exported2_system_prop - exported2_vold_prop - exported3_default_prop - exported3_system_prop - -nfc_prop - -powerctl_prop - -radio_prop - }:property_service set; - - neverallow { - domain - -coredomain - -appdomain - -hal_nfc_server - } { - nfc_prop - }:property_service set; - - neverallow { - domain - -coredomain - -appdomain - -hal_telephony_server - -vendor_init - } { - exported_radio_prop - exported3_radio_prop - }:property_service set; - - neverallow { - domain - -coredomain - -appdomain - -hal_telephony_server - } { - exported2_radio_prop - radio_prop - }:property_service set; - - neverallow { - domain - -coredomain - -bluetooth - -hal_bluetooth_server - } { - bluetooth_prop - }:property_service set; - - neverallow { - domain - -coredomain - -bluetooth - -hal_bluetooth_server - -vendor_init - } { - exported_bluetooth_prop - }:property_service set; - - neverallow { - domain - -coredomain - -hal_camera_server - -cameraserver - -vendor_init - } { - exported_camera_prop - }:property_service set; - - neverallow { - domain - -coredomain - -hal_wifi_server - -wificond - } { - wifi_prop - }:property_service set; - - neverallow { - domain - -coredomain - -hal_wifi_server - -wificond - -vendor_init - } { - exported_wifi_prop - }:property_service set; - -# Prevent properties from being read - neverallow { - domain - -coredomain - -appdomain - -vendor_init - } { - core_property_type - extended_core_property_type - exported_dalvik_prop - exported_ffs_prop - exported_system_radio_prop - exported2_config_prop - exported2_system_prop - exported2_vold_prop - exported3_default_prop - exported3_system_prop - -debug_prop - -logd_prop - -nfc_prop - -powerctl_prop - -radio_prop - }:file no_rw_file_perms; - - neverallow { - domain - -coredomain - -appdomain - -hal_nfc_server - } { - nfc_prop - }:file no_rw_file_perms; - - neverallow { - domain - -coredomain - -appdomain - -hal_telephony_server - } { - radio_prop - }:file no_rw_file_perms; - - neverallow { - domain - -coredomain - -bluetooth - -hal_bluetooth_server - } { - bluetooth_prop - }:file no_rw_file_perms; - - neverallow { - domain - -coredomain - -hal_wifi_server - -wificond - } { - wifi_prop - }:file no_rw_file_perms; -') - -compatible_property_only(` - # Neverallow coredomain to set vendor properties - neverallow { - coredomain - -init - -system_writes_vendor_properties_violators - } { - property_type - -system_property_type - -extended_core_property_type - }:property_service set; -') - -neverallow { - -init - -system_server -} { - userspace_reboot_log_prop -}:property_service set; - -neverallow { - # Only allow init and system_server to set system_adbd_prop - -init - -system_server -} { - system_adbd_prop -}:property_service set; - -neverallow { - # Only allow init and adbd to set adbd_prop - -init - -adbd -} { - adbd_prop -}:property_service set; - -neverallow { - # Only allow init and shell to set userspace_reboot_test_prop - -init - -shell -} { - userspace_reboot_test_prop -}:property_service set; diff --git a/public/radio.te b/public/radio.te index 34eaf83d0..6ec008610 100644 --- a/public/radio.te +++ b/public/radio.te @@ -16,16 +16,6 @@ allow radio radio_data_file:notdevfile_class_set create_file_perms; allow radio net_data_file:dir search; allow radio net_data_file:file r_file_perms; -# Property service -set_prop(radio, radio_prop) -set_prop(radio, exported_radio_prop) -set_prop(radio, exported2_radio_prop) -set_prop(radio, exported3_radio_prop) -set_prop(radio, net_radio_prop) - -# ctl interface -set_prop(radio, ctl_rildaemon_prop) - add_service(radio, radio_service) allow radio audioserver_service:service_manager find; allow radio cameraserver_service:service_manager find; diff --git a/public/recovery.te b/public/recovery.te index 3bac03dd6..aceba01c4 100644 --- a/public/recovery.te +++ b/public/recovery.te @@ -108,23 +108,6 @@ recovery_only(` # Read files on /oem. r_dir_file(recovery, oemfs); - # Reboot the device - set_prop(recovery, powerctl_prop) - - # Read serial number of the device from system properties - get_prop(recovery, serialno_prop) - - # Set sys.usb.ffs.ready when starting minadbd for sideload. - set_prop(recovery, ffs_prop) - set_prop(recovery, exported_ffs_prop) - - # Set sys.usb.config when switching into fastboot. - set_prop(recovery, system_radio_prop) - set_prop(recovery, exported_system_radio_prop) - - # Read ro.boot.bootreason - get_prop(recovery, bootloader_boot_reason_prop) - # Use setfscreatecon() to label files for OTA updates. allow recovery self:process setfscreate; @@ -144,7 +127,6 @@ recovery_only(` allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; # Allow using libfiemap/gsid directly (no binder in recovery). - set_prop(recovery, gsid_prop) allow recovery gsi_metadata_file:dir search; allow recovery ota_metadata_file:dir rw_dir_perms; allow recovery ota_metadata_file:file create_file_perms; diff --git a/public/shell.te b/public/shell.te index 79d5c89b3..712307f10 100644 --- a/public/shell.te +++ b/public/shell.te @@ -58,60 +58,12 @@ allow shell zygote_exec:file rx_file_perms; r_dir_file(shell, apk_data_file) -# Set properties. -set_prop(shell, shell_prop) -set_prop(shell, ctl_bugreport_prop) -set_prop(shell, ctl_dumpstate_prop) -set_prop(shell, dumpstate_prop) -set_prop(shell, exported_dumpstate_prop) -set_prop(shell, debug_prop) -set_prop(shell, powerctl_prop) -set_prop(shell, log_tag_prop) -set_prop(shell, wifi_log_prop) -# Allow shell to start/stop traced via the persist.traced.enable -# property (which also takes care of /data/misc initialization). -set_prop(shell, traced_enabled_prop) -# adjust is_loggable properties -userdebug_or_eng(`set_prop(shell, log_prop)') -# logpersist script -userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)') -# Allow shell to start/stop heapprofd via the persist.heapprofd.enable -# property. -set_prop(shell, heapprofd_enabled_prop) -# Allow shell to start/stop traced_perf via the persist.traced_perf.enable -# property. -set_prop(shell, traced_perf_enabled_prop) -# Allow shell to start/stop gsid via ctl.start|stop|restart gsid. -set_prop(shell, ctl_gsid_prop) -# Allow shell to enable Dynamic System Update -set_prop(shell, dynamic_system_prop) -# Allow shell to mock an OTA using persist.pm.mock-upgrade -set_prop(shell, mock_ota_prop) - userdebug_or_eng(` # "systrace --boot" support - allow boottrace service to run allow shell boottrace_data_file:dir rw_dir_perms; allow shell boottrace_data_file:file create_file_perms; - set_prop(shell, persist_debug_prop) ') -# Read device's serial number from system properties -get_prop(shell, serialno_prop) - -# Allow shell to read the vendor security patch level for CTS -get_prop(shell, vendor_security_patch_level_prop) - -# Read state of logging-related properties -get_prop(shell, device_logging_prop) - -# Read state of boot reason properties -get_prop(shell, bootloader_boot_reason_prop) -get_prop(shell, last_boot_reason_prop) -get_prop(shell, system_boot_reason_prop) - -# Allow reading the outcome of perf_event_open LSM support test for CTS. -get_prop(shell, init_perf_lsm_hooks_prop) - # allow shell access to services allow shell servicemanager:service_manager list; # don't allow shell to access GateKeeper service diff --git a/public/traceur_app.te b/public/traceur_app.te index 7e2cc84a0..ce9b844d5 100644 --- a/public/traceur_app.te +++ b/public/traceur_app.te @@ -3,11 +3,6 @@ type traceur_app, domain; allow traceur_app servicemanager:service_manager list; allow traceur_app hwservicemanager:hwservice_manager list; -# Allow Traceur to enable traced if necessary. -set_prop(traceur_app, traced_enabled_prop) - -set_prop(traceur_app, debug_prop) - allow traceur_app { service_manager_type -apex_service diff --git a/public/ueventd.te b/public/ueventd.te index fc503b890..1d750804c 100644 --- a/public/ueventd.te +++ b/public/ueventd.te @@ -59,10 +59,6 @@ allow ueventd kernel:key search; allow ueventd system_bootstrap_lib_file:dir r_dir_perms; allow ueventd system_bootstrap_lib_file:file { execute read open getattr map }; -# ueventd can set properties, particularly it sets ro.cold_boot_done to signal -# to init that cold boot has completed. -set_prop(ueventd, cold_boot_done_prop) - # Allow ueventd to run shell scripts from vendor allow ueventd vendor_shell_exec:file execute; diff --git a/public/uncrypt.te b/public/uncrypt.te index 28dc3f209..75765f33e 100644 --- a/public/uncrypt.te +++ b/public/uncrypt.te @@ -22,9 +22,6 @@ allow uncrypt ota_package_file:file r_file_perms; # Write to /dev/socket/uncrypt unix_socket_connect(uncrypt, uncrypt, uncrypt) -# Set a property to reboot the device. -set_prop(uncrypt, powerctl_prop) - # Raw writes to block device allow uncrypt self:global_capability_class_set sys_rawio; allow uncrypt misc_block_device:blk_file w_file_perms; diff --git a/public/update_engine.te b/public/update_engine.te index 078e494d9..ba2f3cf04 100644 --- a/public/update_engine.te +++ b/public/update_engine.te @@ -63,12 +63,6 @@ allow update_engine proc_misc:file r_file_perms; # read directories on /system and /vendor allow update_engine system_file:dir r_dir_perms; -# Allow to start gsid service. -set_prop(update_engine, ctl_gsid_prop) - -# Allow to set the OTA related properties, e.g. ota.warm_reset. -set_prop(update_engine, ota_prop) - # update_engine tries to determine the parent path for all devices (e.g. # /dev/block/by-name) by reading the default fstab and looking for the misc # device. ReadDefaultFstab() checks whether a GSI is running by checking diff --git a/public/update_verifier.te b/public/update_verifier.te index f881aeb6b..68b43f089 100644 --- a/public/update_verifier.te +++ b/public/update_verifier.te @@ -24,12 +24,6 @@ allow update_verifier dm_device:blk_file r_file_perms; # Write to kernel message. allow update_verifier kmsg_device:chr_file { getattr w_file_perms }; -# Allow update_verifier to reboot the device. -set_prop(update_verifier, powerctl_prop) - -# Allow to set the OTA related properties e.g. ota.warm_reset. -set_prop(update_verifier, ota_prop) - # Use Boot Control HAL hal_client_domain(update_verifier, hal_bootctl) diff --git a/public/usbd.te b/public/usbd.te index 991e7be5f..6f349541b 100644 --- a/public/usbd.te +++ b/public/usbd.te @@ -1,5 +1,2 @@ type usbd, domain; type usbd_exec, system_file_type, exec_type, file_type; - -# Start/stop adbd via ctl.start adbd -set_prop(usbd, ctl_adbd_prop) diff --git a/public/vold.te b/public/vold.te index 9391649b4..400e32a7b 100644 --- a/public/vold.te +++ b/public/vold.te @@ -191,17 +191,6 @@ allow vold system_data_file:file read; # Set scheduling policy of kernel processes allow vold kernel:process setsched; -# Property Service -set_prop(vold, vold_prop) -set_prop(vold, exported_vold_prop) -set_prop(vold, exported2_vold_prop) -set_prop(vold, powerctl_prop) -set_prop(vold, ctl_fuse_prop) -set_prop(vold, restorecon_prop) -set_prop(vold, ota_prop) -set_prop(vold, boottime_prop) -set_prop(vold, boottime_public_prop) - # ASEC allow vold asec_image_file:file create_file_perms; allow vold asec_image_file:dir rw_dir_perms; diff --git a/public/wificond.te b/public/wificond.te index b429884c5..6a1932b55 100644 --- a/public/wificond.te +++ b/public/wificond.te @@ -8,10 +8,6 @@ binder_call(wificond, keystore) add_service(wificond, wifinl80211_service) -set_prop(wificond, exported_wifi_prop) -set_prop(wificond, wifi_prop) -set_prop(wificond, ctl_default_prop) - # create sockets to set interfaces up and down allow wificond self:udp_socket create_socket_perms; # setting interface state up/down is a privileged ioctl @@ -33,7 +29,6 @@ allow wificond dumpstate:fifo_file write; #### Offer the Wifi Keystore HwBinder service ### hwbinder_use(wificond) -get_prop(wificond, hwservicemanager_prop) typeattribute wificond wifi_keystore_service_server; add_hwservice(wificond, system_wifi_keystore_hwservice) From 8b135f0997878b788a3c70974f1191e4fe742fe1 Mon Sep 17 00:00:00 2001 From: Peter Collingbourne Date: Tue, 17 Mar 2020 16:05:30 -0700 Subject: [PATCH 048/163] Update sepolicy to account for crash_dump move. Bug: 135772972 Change-Id: I740954a20656f69b00d75f804fd898179b6df878 Merged-In: I740954a20656f69b00d75f804fd898179b6df878 --- apex/com.android.runtime-file_contexts | 1 + private/file_contexts | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/apex/com.android.runtime-file_contexts b/apex/com.android.runtime-file_contexts index 7878b20ac..eed098156 100644 --- a/apex/com.android.runtime-file_contexts +++ b/apex/com.android.runtime-file_contexts @@ -2,5 +2,6 @@ # System files # (/.*)? u:object_r:system_file:s0 +/bin/crash_dump(32|64) u:object_r:crash_dump_exec:s0 /bin/linker(64)? u:object_r:system_linker_exec:s0 /lib(64)?(/.*)? u:object_r:system_lib_file:s0 diff --git a/private/file_contexts b/private/file_contexts index f8561b8b2..029158b85 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -257,8 +257,6 @@ /system/bin/keystore u:object_r:keystore_exec:s0 /system/bin/fingerprintd u:object_r:fingerprintd_exec:s0 /system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0 -/system/bin/crash_dump32 u:object_r:crash_dump_exec:s0 -/system/bin/crash_dump64 u:object_r:crash_dump_exec:s0 /system/bin/tombstoned u:object_r:tombstoned_exec:s0 /system/bin/recovery-persist u:object_r:recovery_persist_exec:s0 /system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0 From 4bec1e37a203de0bd35a7cca613afa8772d3dd59 Mon Sep 17 00:00:00 2001 From: Pawin Vongmasa Date: Sat, 7 Mar 2020 04:15:38 -0800 Subject: [PATCH 049/163] Allow XML file paths to be customized with sysprop Three properties are declared as vendor-init-settable: ro.media.xml_variant.codecs ro.media.xml_variant.codecs_performance ro.media.xml_variant.profiles media_codecs.xml can now be named media_codecs${ro.media.xml_variant.codecs}.xml media_codecs_performance.xml can now be named media_codecs_performance${ro.media.xml_variant.codecs_performance}.xml media_profiles_V1_0 can now be named media_profiles${ro.media.xml_variant.profiles}.xml Test: Rename "media_codecs.xml" to "media_codecs_test.xml", set ro.media.xml_variant.codecs to "_test", then call "stagefright -i". Test: Rename "media_codecs_performance.xml" to "media_codecs_performance_test.xml", set ro.media.xml_variant.codecs_performance to "_test", then run android.media.cts.VideoDecoderPerfTest. Test: Rename "media_profiles_V1_0.xml" to "media_profiles_test.xml", set ro.media.xml_variant.profiles to "_test", then run vts_mediaProfiles_validate_test. Bug: 142102953 Change-Id: I407a0a327fcc8e799bb4079b11048a497565be48 Merged-In: I407a0a327fcc8e799bb4079b11048a497565be48 --- private/compat/29.0/29.0.ignore.cil | 1 + private/zygote.te | 3 +++ public/hal_codec2.te | 3 +++ public/hal_omx.te | 3 +++ public/property.te | 1 + public/property_contexts | 3 +++ 6 files changed, 14 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index e47ca0fe6..47330421f 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -71,6 +71,7 @@ mirror_data_file light_service linkerconfig_file + media_variant_prop metadata_bootstat_file mnt_pass_through_file mock_ota_prop diff --git a/private/zygote.te b/private/zygote.te index f9e5476b7..f27005ec7 100644 --- a/private/zygote.te +++ b/private/zygote.te @@ -193,6 +193,9 @@ allow zygote system_server:fd use; # Send unsolicited message to system_server unix_socket_send(zygote, system_unsolzygote, system_server) +# Allow zygote to access media_variant_prop for static initialization +get_prop(zygote, media_variant_prop) + ### ### neverallow rules ### diff --git a/public/hal_codec2.te b/public/hal_codec2.te index 60cd3b0c4..8c7816a88 100644 --- a/public/hal_codec2.te +++ b/public/hal_codec2.te @@ -1,3 +1,6 @@ +get_prop(hal_codec2_client, media_variant_prop) +get_prop(hal_codec2_server, media_variant_prop) + binder_call(hal_codec2_client, hal_codec2_server) binder_call(hal_codec2_server, hal_codec2_client) diff --git a/public/hal_omx.te b/public/hal_omx.te index 707cae8c7..8e74383d3 100644 --- a/public/hal_omx.te +++ b/public/hal_omx.te @@ -22,6 +22,9 @@ hal_attribute_hwservice(hal_omx, hal_omx_hwservice) allow hal_omx_client hidl_token_hwservice:hwservice_manager find; +get_prop(hal_omx_client, media_variant_prop) +get_prop(hal_omx_server, media_variant_prop) + binder_call(hal_omx_client, hal_omx_server) binder_call(hal_omx_server, hal_omx_client) diff --git a/public/property.te b/public/property.te index 7c1d5fa1a..d403d822c 100644 --- a/public/property.te +++ b/public/property.te @@ -117,6 +117,7 @@ system_vendor_config_prop(exported_camera_prop) system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(userspace_reboot_config_prop) system_vendor_config_prop(vehicle_hal_prop) system_vendor_config_prop(vendor_security_patch_level_prop) diff --git a/public/property_contexts b/public/property_contexts index 8f1cf2dac..b48bb624d 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -164,6 +164,9 @@ ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string +ro.media.xml_variant.codecs u:object_r:media_variant_prop:s0 exact string +ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string +ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int From 534befb29da0de9ed2680ca397cb89e0970c4bae Mon Sep 17 00:00:00 2001 From: Jeffrey Huang Date: Wed, 4 Mar 2020 15:09:54 -0800 Subject: [PATCH 050/163] Allow statsd to access a new metadata directory Test: m -j Bug: 149838525 Merged-In: I8633d21feb827c67288eb2894bafae166b103f92 Change-Id: I4da09a7345609c9e35385a413c8bb6413a842aab --- private/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/private/file_contexts b/private/file_contexts index 44f28f2ac..9bed5fd43 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -552,6 +552,7 @@ /data/misc/stats-active-metric(/.*)? u:object_r:stats_data_file:s0 /data/misc/stats-data(/.*)? u:object_r:stats_data_file:s0 /data/misc/stats-service(/.*)? u:object_r:stats_data_file:s0 +/data/misc/stats-metadata(/.*)? u:object_r:stats_data_file:s0 /data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0 /data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0 /data/misc/train-info(/.*)? u:object_r:stats_data_file:s0 From 3f6abeb24f17a175e3f248c32c16aedb4e3f201d Mon Sep 17 00:00:00 2001 From: Chi Zhang Date: Fri, 31 Jan 2020 10:02:36 -0800 Subject: [PATCH 051/163] Allow radio to send pulled atoms to statsd. Test: build and statsd_testdrive Bug: 146066107 Bug: 141631489 Bug: 122371089 Bug: 149880090 Bug: 127666858 Bug: 142026991 Change-Id: I68c0bd2748080e71672169544222cce17e0156cb Merged-In: I011417db8415f5f0edabb98e9d60970bac991809 Merged-In: Ia8d3f264713698b623b386dd790967cecb71479f Merged-In: I5587467acf80740058daa9ae09aa7831c34f4e3a Merged-In: I3834264c59a4e807089889ecc2598d86b851b3d1 --- private/radio.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/private/radio.te b/private/radio.te index 4d48c9346..fd5ecd594 100644 --- a/private/radio.te +++ b/private/radio.te @@ -15,3 +15,7 @@ allow radio uce_service:service_manager find; # Manage /data/misc/emergencynumberdb allow radio emergency_data_file:dir r_dir_perms; allow radio emergency_data_file:file r_file_perms; + +# allow sending pulled atoms to statsd +binder_call(radio, statsd) + From 6191f719b2acb22eb07b73eb0eaff434bebe2e1c Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Thu, 19 Mar 2020 16:12:56 -0700 Subject: [PATCH 052/163] [incremental] remove legacy service name from sepolicy We now only have one system service, called "incremental". Test: builds BUG: 150406132 Change-Id: I47643bac5711dcd4291bf4bf1cdcb853a0f51fb4 --- private/service_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/private/service_contexts b/private/service_contexts index 079f0a1be..f8dbcaea7 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -107,7 +107,6 @@ iphonesubinfo u:object_r:radio_service:s0 ims u:object_r:radio_service:s0 imms u:object_r:imms_service:s0 incremental u:object_r:incremental_service:s0 -incremental_service u:object_r:incremental_service:s0 ipsec u:object_r:ipsec_service:s0 ircsmessage u:object_r:radio_service:s0 iris u:object_r:iris_service:s0 From d49650c23e0a0852c9054597699e6feb048dba0c Mon Sep 17 00:00:00 2001 From: Yifan Hong Date: Mon, 16 Mar 2020 16:33:54 -0700 Subject: [PATCH 053/163] Allow recovery mount metadata Test: sideload Bug: 151640692 Change-Id: Iedd65f3fa492081750a97ec4f841d56b4a9ccaff Merged-In: Iedd65f3fa492081750a97ec4f841d56b4a9ccaff --- public/recovery.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/public/recovery.te b/public/recovery.te index 3bac03dd6..55568d489 100644 --- a/public/recovery.te +++ b/public/recovery.te @@ -148,6 +148,9 @@ recovery_only(` allow recovery gsi_metadata_file:dir search; allow recovery ota_metadata_file:dir rw_dir_perms; allow recovery ota_metadata_file:file create_file_perms; + + # Allow mounting /metadata for writing update states + allow recovery metadata_file:dir { getattr mounton }; ') ### From 509955f4e65df9d1a1c35c85c02c7ac1d6bf27fc Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Thu, 19 Mar 2020 17:49:08 +0900 Subject: [PATCH 054/163] Move some system internal props to private This completely hides system internal properties (which are meant to be used only in system) when compiling sepolicy of vendor, product, etc. Exempt-From-Owner-Approval: cherry-pick Bug: 150331497 Test: system/sepolicy/tools/build_policies.sh Change-Id: I4fc060f5973b7483c7f8502c40ef0a61f75ff088 Merged-In: I4fc060f5973b7483c7f8502c40ef0a61f75ff088 (cherry picked from commit c492c06e14faf4d3bc8fd113c9d3e114f7f36d34) --- private/property.te | 17 +++++++++++++++++ public/property.te | 15 --------------- 2 files changed, 17 insertions(+), 15 deletions(-) diff --git a/private/property.te b/private/property.te index be865f1c4..8a5dd26b7 100644 --- a/private/property.te +++ b/private/property.te @@ -1,3 +1,20 @@ +# Properties used only in /system +system_internal_prop(adbd_prop) +system_internal_prop(device_config_storage_native_boot_prop) +system_internal_prop(device_config_sys_traced_prop) +system_internal_prop(device_config_window_manager_native_boot_prop) +system_internal_prop(device_config_configuration_prop) +system_internal_prop(gsid_prop) +system_internal_prop(init_perf_lsm_hooks_prop) +system_internal_prop(init_svc_debug_prop) +system_internal_prop(last_boot_reason_prop) +system_internal_prop(netd_stable_secret_prop) +system_internal_prop(pm_prop) +system_internal_prop(system_adbd_prop) +system_internal_prop(traced_perf_enabled_prop) +system_internal_prop(userspace_reboot_log_prop) +system_internal_prop(userspace_reboot_test_prop) + ### ### Neverallow rules ### diff --git a/public/property.te b/public/property.te index e14fc8f32..d68f01676 100644 --- a/public/property.te +++ b/public/property.te @@ -13,22 +13,7 @@ system_internal_prop(device_config_netd_native_prop) system_internal_prop(device_config_reset_performed_prop) system_internal_prop(device_config_runtime_native_boot_prop) system_internal_prop(device_config_runtime_native_prop) -system_internal_prop(device_config_storage_native_boot_prop) -system_internal_prop(device_config_sys_traced_prop) -system_internal_prop(device_config_window_manager_native_boot_prop) -system_internal_prop(device_config_configuration_prop) system_internal_prop(firstboot_prop) -system_internal_prop(gsid_prop) -system_internal_prop(init_perf_lsm_hooks_prop) -system_internal_prop(init_svc_debug_prop) -system_internal_prop(last_boot_reason_prop) -system_internal_prop(netd_stable_secret_prop) -system_internal_prop(pm_prop) -system_internal_prop(userspace_reboot_log_prop) -system_internal_prop(userspace_reboot_test_prop) -system_internal_prop(system_adbd_prop) -system_internal_prop(adbd_prop) -system_internal_prop(traced_perf_enabled_prop) compatible_property_only(` # DO NOT ADD ANY PROPERTIES HERE From 81f26c441e4c523f60b267d2a9c8d3cf3b8abbae Mon Sep 17 00:00:00 2001 From: Xusong Wang Date: Fri, 21 Feb 2020 10:53:09 -0800 Subject: [PATCH 055/163] Configure sepolicy to allow NN HAL services to use gralloc buffers. All NNAPI drivers are expected to be able to read BLOB mode AHWBs allocated by the client. Bug: 147677855 Bug: 149870344 Test: m Test: NNT_static Change-Id: I3e4f32d039e1f229a477eb9bca613c554cc35b93 Merged-In: I3e4f32d039e1f229a477eb9bca613c554cc35b93 (cherry picked from commit 83db40bdc71a9c2f5d8ff36cdb3fab193fed51af) --- public/hal_neuralnetworks.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te index 1ef6cadff..f8d6ff5a7 100644 --- a/public/hal_neuralnetworks.te +++ b/public/hal_neuralnetworks.te @@ -5,6 +5,8 @@ binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client) hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice) allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find; allow hal_neuralnetworks hal_allocator:fd use; +allow hal_neuralnetworks hal_graphics_mapper_hwservice:hwservice_manager find; +allow hal_neuralnetworks hal_graphics_allocator:fd use; # Allow NN HAL service to use a client-provided fd residing in /data/data/. allow hal_neuralnetworks_server app_data_file:file { read write getattr map }; @@ -13,6 +15,9 @@ allow hal_neuralnetworks_server privapp_data_file:file { read write getattr map # Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/. allow hal_neuralnetworks_server shell_data_file:file { read write getattr map }; +# Allow NN HAL service to read a client-provided ION memory fd. +allow hal_neuralnetworks_server ion_device:chr_file r_file_perms; + # Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product # property to determine whether to deny NNAPI extensions use for apps # on product partition (apps in GSI are not allowed to use NNAPI extensions). From 561286ad4473e9f2595a8824a154bebeec7afc83 Mon Sep 17 00:00:00 2001 From: Sasha Kuznetsov Date: Fri, 20 Mar 2020 17:55:49 -0700 Subject: [PATCH 056/163] Update core sepolicy with gnss hal Test: n/a Bug: 152028150 Change-Id: I41989392b3b03a2036fc8c1dbfc87207f9af73ad Merged-In: I41989392b3b03a2036fc8c1dbfc87207f9af73ad --- private/system_server.te | 1 + 1 file changed, 1 insertion(+) diff --git a/private/system_server.te b/private/system_server.te index 5533d4275..c4a85cd53 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -301,6 +301,7 @@ allow system_server { hal_codec2_server hal_face_server hal_fingerprint_server + hal_gnss_server hal_graphics_allocator_server hal_graphics_composer_server hal_health_server From 34b66831d195c7054690638ca7cada6e3c9c47f6 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Mon, 23 Mar 2020 13:28:33 +0900 Subject: [PATCH 057/163] Fix mismatched types with sysprop_library Bug: 151879375 Test: m Change-Id: If962b5c4494117deb2a40acec5ae454a39eb2a92 Merged-In: If962b5c4494117deb2a40acec5ae454a39eb2a92 (cherry picked from commit 27f7af81c3f8a6a724dcbfb354b8312125bca153) --- public/property_contexts | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/public/property_contexts b/public/property_contexts index b48bb624d..d4b839523 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -1,5 +1,5 @@ # vendor-init-readable -persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact int +persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool # vendor-init-settable af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int @@ -228,7 +228,7 @@ net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool persist.sys.locale u:object_r:exported_system_prop:s0 exact string persist.sys.timezone u:object_r:exported_system_prop:s0 exact string persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool -ro.adb.secure u:object_r:exported_secure_prop:s0 exact int +ro.adb.secure u:object_r:exported_secure_prop:s0 exact bool ro.arch u:object_r:exported2_default_prop:s0 exact string ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool ro.baseband u:object_r:exported2_default_prop:s0 exact string @@ -270,8 +270,8 @@ ro.build.version.release u:object_r:exported2_default_prop:s0 exact string ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string -ro.crypto.state u:object_r:exported_vold_prop:s0 exact string -ro.crypto.type u:object_r:exported_vold_prop:s0 exact string +ro.crypto.state u:object_r:exported_vold_prop:s0 exact enum encrypted unencrypted unsupported +ro.crypto.type u:object_r:exported_vold_prop:s0 exact enum block file none ro.debuggable u:object_r:exported2_default_prop:s0 exact int ro.hardware u:object_r:exported2_default_prop:s0 exact string ro.product.brand u:object_r:exported2_default_prop:s0 exact string @@ -419,7 +419,7 @@ ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default ro.surface_flinger.max_graphics_height u:object_r:exported3_default_prop:s0 exact int ro.surface_flinger.max_graphics_width u:object_r:exported3_default_prop:s0 exact int ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int -ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact enum ORIENTATION_0 ORIENTATION_180 ORIENTATION_270 ORIENTATION_90 ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool From 351d3dd63ba75f82e58a968f7701bf62319dd589 Mon Sep 17 00:00:00 2001 From: Ricky Wai Date: Mon, 23 Mar 2020 16:46:42 +0000 Subject: [PATCH 058/163] Ignore errors that zygote tries to setattr media_rw_data_file dir Bug: 152043945 Test: No selinux error in boot Change-Id: Id01377e6b8c7be9103bd1dec3283cf720e6f6af9 Merged-In: Id01377e6b8c7be9103bd1dec3283cf720e6f6af9 (cherry picked from commit 037e11b86ef271a8c8f7e07b168e6b86fc673430) --- private/zygote.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/private/zygote.te b/private/zygote.te index f9e5476b7..c876d7183 100644 --- a/private/zygote.te +++ b/private/zygote.te @@ -187,6 +187,10 @@ get_prop(zygote, device_config_window_manager_native_boot_prop) # ingore spurious denials dontaudit zygote self:global_capability_class_set sys_resource; +# Ignore spurious denials calling access() on fuse +# TODO(b/151316657): avoid the denials +dontaudit zygote media_rw_data_file:dir setattr; + # Allow zygote to use ashmem fds from system_server. allow zygote system_server:fd use; From eff46106e3ed19510248c9bdd33e91b0683325d2 Mon Sep 17 00:00:00 2001 From: Roman Kiryanov Date: Mon, 23 Mar 2020 11:24:38 -0700 Subject: [PATCH 059/163] Add android.hardware.dumpstate@1.1-service.example to file_contexts Bug: 152067221 Test: VtsHalDumpstateV1_1TargetTest Signed-off-by: Roman Kiryanov Merged-In: I448e1e4bd94c16f0f8cbd07a7d8390c0201056fa Change-Id: I93f3d6cae005ade1e6edb69b81d2ea1a96b402d4 --- vendor/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index 4e988a9f9..cfa135541 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -25,7 +25,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service-lazy u:object_r:hal_drm_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[0-2]-service u:object_r:hal_cas_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[0-2]-service-lazy u:object_r:hal_cas_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.0-service\.example u:object_r:hal_dumpstate_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.[0-1]-service\.example u:object_r:hal_dumpstate_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service u:object_r:hal_gatekeeper_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service u:object_r:hal_gnss_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service u:object_r:hal_graphics_allocator_default_exec:s0 From 244953b54c2decda0211ce4beaf431e8cc5e345d Mon Sep 17 00:00:00 2001 From: Ilya Matyukhin Date: Tue, 24 Mar 2020 02:43:16 -0700 Subject: [PATCH 060/163] Add sepolicy for biometrics.face@1.[0-9] Bug: 151331855 Bug: 145027036 Test: build and run on cuttlefish Test: atest vts_treble_vintf_vendor_test Merged-In: Iae0f157d3a670b506d6cc82686318544db41d559 Change-Id: Ia396005e0f569856e7d9873d48293bb9e05095b6 --- vendor/file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index 4e988a9f9..73e62b3eb 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -10,7 +10,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.1-service\.example u:object_r:hal_face_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0 From 9448d4d130c1f5f4c624980670a1c28a1c6047ed Mon Sep 17 00:00:00 2001 From: Nikita Ioffe Date: Wed, 25 Mar 2020 00:13:13 +0000 Subject: [PATCH 061/163] Use properties for various userspace reboot timeouts Test: adb reboot userspace Bug: 146560409 Change-Id: I62408f0e59622c2dab1245897c3057d02c5716a9 Merged-In: I62408f0e59622c2dab1245897c3057d02c5716a9 (cherry picked from commit 9e6588dc95d9a9efd11a9d423e4551671eb8e65e) --- private/property_contexts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/private/property_contexts b/private/property_contexts index 1eb2d70c9..cf4414445 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -247,3 +247,10 @@ persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 # by devices with video decoding pipelines long enough to overflow the default # history size. ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 + +# Properties to configure userspace reboot. +init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool +init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int From c10979afd98b5d76f7632efc30b416bf392d2d09 Mon Sep 17 00:00:00 2001 From: Hayden Gomes Date: Wed, 25 Mar 2020 11:01:13 -0700 Subject: [PATCH 062/163] Add android.hardware.automotive.audiocontrol@2.0-service to file_contexts Bug: 148098383 Test: built and ran with new version Change-Id: I06f8f2cd73dce73111559664871bdd3c9b814d7c Merged-In: I06f8f2cd73dce73111559664871bdd3c9b814d7c (cherry picked from commit a010cef7ad76406cdbf1921c02a27a68932af340) --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 4e988a9f9..b0c0b98ce 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -4,6 +4,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.atrace@1\.0-service u:object_r:hal_atrace_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.audio(@2\.0-|\.)service u:object_r:hal_audio_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service u:object_r:hal_audiocontrol_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@2\.0-service u:object_r:hal_audiocontrol_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs@1\.[0-9]-service u:object_r:hal_evs_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0 From 302f4b20edead2156a371fed12c1c36b1c6f87b4 Mon Sep 17 00:00:00 2001 From: Ram Muthiah Date: Thu, 26 Mar 2020 12:55:30 -0700 Subject: [PATCH 063/163] Update core sepolicy with neuralnetwork hal Bug: 152338071 Bug: 145388549 Test: Forrest Change-Id: I8224c04806db829ef20156d656755f7fc5874e3e Merged-In: I8224c04806db829ef20156d656755f7fc5874e3e --- private/system_server.te | 1 + 1 file changed, 1 insertion(+) diff --git a/private/system_server.te b/private/system_server.te index 5533d4275..2e17e5062 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -304,6 +304,7 @@ allow system_server { hal_graphics_allocator_server hal_graphics_composer_server hal_health_server + hal_neuralnetworks_server hal_omx_server hal_power_stats_server hal_sensors_server From 8a2b099e7acdd2b39d5f9708b9fe3bfdb681c153 Mon Sep 17 00:00:00 2001 From: Roman Kiryanov Date: Thu, 26 Mar 2020 14:30:51 -0700 Subject: [PATCH 064/163] Label android.hardware.lights-service.example as hal_light_default_exec Bug: 152544844 Test: ls -Z /vendor/bin/hw/android.hardware.lights-service.example Signed-off-by: Roman Kiryanov Merged-In: I32a6a443c57986b37fdcca788bfe01bf0cdd3e07 Change-Id: Iabba4e35522b8393c5c4188870225fb1c6bbd835 --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 3d6fa9f74..1b2bc2357 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -45,6 +45,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.1-service u:object_r:hal_keymaster_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service u:object_r:hal_light_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service-lazy u:object_r:hal_light_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.lights-service\.example u:object_r:hal_light_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.lowpan@1\.0-service u:object_r:hal_lowpan_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack@1\.0-service u:object_r:hal_memtrack_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.0-service u:object_r:hal_nfc_default_exec:s0 From c86905b31f59a5b8db7238feebd70bc535e659f1 Mon Sep 17 00:00:00 2001 From: Ytai Ben-Tsvi Date: Thu, 26 Mar 2020 16:00:51 -0700 Subject: [PATCH 065/163] Allow audio HAL to access application shared memory Bug: 151190218 Change-Id: I430ebe60e192803a3cc699477db83d1a33f8c62e Merged-In: I430ebe60e192803a3cc699477db83d1a33f8c62e --- public/hal_audio.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/public/hal_audio.te b/public/hal_audio.te index bb9eec42c..d54b2b250 100644 --- a/public/hal_audio.te +++ b/public/hal_audio.te @@ -17,6 +17,9 @@ allow hal_audio shell:fifo_file write; allow hal_audio dumpstate:fd use; allow hal_audio dumpstate:fifo_file write; +# Needed to allow sound trigger hal to access shared memory from apps. +allow hal_audio_server appdomain:fd use; + # allow hal audio to use vnbinder vndbinder_use(hal_audio) From cb8a889b64a6105660d7286411de0595968d2b27 Mon Sep 17 00:00:00 2001 From: Igor Murashkin Date: Fri, 27 Mar 2020 11:40:38 -0700 Subject: [PATCH 066/163] iorapd: Allow dumpstate (bugreport) to dump iorapd Bug: 152616197 Test: adb bugreport Change-Id: I36e3b6d847341ddd84792ccc3f2c2c620e1c3f7b --- public/dumpstate.te | 5 +++-- public/iorapd.te | 7 +++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/public/dumpstate.te b/public/dumpstate.te index 9823f4af6..55705a9b3 100644 --- a/public/dumpstate.te +++ b/public/dumpstate.te @@ -231,7 +231,6 @@ allow dumpstate { -apex_service -dumpstate_service -gatekeeper_service - -iorapd_service -virtual_touchpad_service -vold_service -vr_hwc_service @@ -242,7 +241,6 @@ dontaudit dumpstate { apex_service dumpstate_service gatekeeper_service - iorapd_service virtual_touchpad_service vold_service vr_hwc_service @@ -289,6 +287,9 @@ allow dumpstate proc_pressure_io:file r_file_perms; # Allow dumpstate to talk to installd over binder binder_call(dumpstate, installd); +# Allow dumpstate to talk to iorapd over binder. +binder_call(dumpstate, iorapd) + # Allow dumpstate to run ip xfrm policy allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read }; diff --git a/public/iorapd.te b/public/iorapd.te index 4c08c7200..426eccae6 100644 --- a/public/iorapd.te +++ b/public/iorapd.te @@ -23,6 +23,9 @@ allow iorapd permission_service:service_manager find; allow iorapd user_service:service_manager find; # IPackageManagerNative allow iorapd package_native_service:service_manager find; +# Allow dumpstate (bugreport) to call into iorapd. +allow iorapd dumpstate:fd use; +allow iorapd dumpstate:fifo_file write; # talk to batteryservice binder_call(iorapd, healthd) @@ -68,8 +71,8 @@ neverallow { -iorapd } { iorapd_data_file }:notdevfile_class_set *; -# Only system_server can interact with iorapd over binder -neverallow { domain -system_server -iorapd } iorapd_service:service_manager find; +# Only system_server and shell (for dumpsys) can interact with iorapd over binder +neverallow { domain -dumpstate -system_server -iorapd } iorapd_service:service_manager find; neverallow iorapd { domain -healthd From 73f0159390098cbb9fec33e57c65cb3349541a50 Mon Sep 17 00:00:00 2001 From: Amy Zhang Date: Wed, 18 Mar 2020 20:45:50 -0700 Subject: [PATCH 067/163] Add sepolicy to access ion dev from Tuner service Tuner default implementation is testing with Ion buffer on Cuttlefish to make sure the secure handle merchanism would work with media data pass between the Tuner Hal and the Tuner Java. Ion access would be needed for all the Tuner Hal implementation Test: atest Bug: 150952766 Change-Id: I39117f96bdc84ce24afcb3ef528b6d942ded505e --- vendor/hal_tv_tuner_default.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/hal_tv_tuner_default.te b/vendor/hal_tv_tuner_default.te index d5b8f572b..abe1e7725 100644 --- a/vendor/hal_tv_tuner_default.te +++ b/vendor/hal_tv_tuner_default.te @@ -3,3 +3,5 @@ hal_server_domain(hal_tv_tuner_default, hal_tv_tuner) type hal_tv_tuner_default_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(hal_tv_tuner_default) + +allow hal_tv_tuner_default ion_device:chr_file r_file_perms; From 68ba302bbd787b8127f69651d1e30c2bb9ade19e Mon Sep 17 00:00:00 2001 From: Bowgo Tsai Date: Mon, 30 Mar 2020 21:45:52 +0800 Subject: [PATCH 068/163] Ignore the denial when system_other is erased This CL addresses the following denial, when the system_other partition is erased. This happens when 1) the device gets an OTA update and 2) factory reset to wipe userdata partition. Note that the system_other partition will be mounted under /postinstall only in the first boot after factory reset. Also, system_other.img is only included in the factory ROM and is absent in the OTA package. When it is absent and userdata is wiped, the mount will fail and triggers the following denials when both cppreopts.sh and preloads_copy.sh access /postinstall dir. SELinux denials to address: avc: denied { search } for comm="find" name="postinstall" dev="dm-5" ino=44 scontext=u:r:preloads_copy:s0 tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0 avc: denied { search } for comm="cppreopts.sh" name="postinstall" dev="dm-5" ino=44 scontext=u:r:cppreopts:s0 tcontext=u:object_r:postinstall_mnt_dir:s0 tclass=dir permissive=0 Bug: 152453231 Test: fastboot erase system_other (e.g., system_b) and fastboot -w Change-Id: Ie67f02467d5da51b0caba6e8fda56bc2c6bbc944 Merged-In: Ie67f02467d5da51b0caba6e8fda56bc2c6bbc944 (cherry picked from commit 35c2f102f29a0f9d73e526f1fa6fdb163f75b48c) --- private/cppreopts.te | 4 ++++ private/preloads_copy.te | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/private/cppreopts.te b/private/cppreopts.te index 1a8fa0bf3..1192ba676 100644 --- a/private/cppreopts.te +++ b/private/cppreopts.te @@ -25,3 +25,7 @@ allow cppreopts system_file:dir { open read }; # Allow running the cp command using cppreopts permissions. Needed so we can # write into dalvik-cache allow cppreopts toolbox_exec:file rx_file_perms; + +# Silence the denial when /postinstall cannot be mounted, e.g., system_other +# is wiped, but cppreopts.sh still runs. +dontaudit cppreopts postinstall_mnt_dir:dir search; diff --git a/private/preloads_copy.te b/private/preloads_copy.te index 7177839fd..ba54b70ac 100644 --- a/private/preloads_copy.te +++ b/private/preloads_copy.te @@ -12,3 +12,7 @@ allow preloads_copy preloads_media_file:file create_file_perms; # Allow to copy from /postinstall allow preloads_copy system_file:dir r_dir_perms; + +# Silence the denial when /postinstall cannot be mounted, e.g., system_other +# is wiped, but preloads_copy.sh still runs. +dontaudit preloads_copy postinstall_mnt_dir:dir search; From e449594ee1450d49d39402d1863a03c6035770f7 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Mon, 23 Mar 2020 23:46:35 -0700 Subject: [PATCH 069/163] fastbootd: Allow flashing the cache partition. This fixes the following denial: avc: denied { write } for pid=332 comm="fastbootd" name="mmcblk0p35" dev="tmpfs" ino=11234 scontext=u:r:fastbootd:s0 tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0 avc: denied { ioctl } for pid=294 comm="fastbootd" path="/dev/block/mmcblk0p35" dev="tmpfs" ino=6953 ioctlcmd=0x1277 scontext=u:r:fastbootd:s0 tcontext=u:object_r:cache_block_device:s0 tclass=blk_file permissive=0 Bug: 150112538 Test: fastboot flash cache on non-A/B device Test: fastboot erase cache on non-A/B device Change-Id: Ib2288b42f2bb47e83b1476319669d6c2719db2ec Merged-In: Ib2288b42f2bb47e83b1476319669d6c2719db2ec --- public/fastbootd.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/public/fastbootd.te b/public/fastbootd.te index a0152d40a..f10e6492d 100644 --- a/public/fastbootd.te +++ b/public/fastbootd.te @@ -45,6 +45,7 @@ recovery_only(` allow fastbootd dm_device:chr_file rw_file_perms; allow fastbootd dm_device:blk_file rw_file_perms; + allow fastbootd cache_block_device:blk_file rw_file_perms; allow fastbootd super_block_device_type:blk_file rw_file_perms; allow fastbootd { boot_block_device @@ -67,6 +68,7 @@ recovery_only(` metadata_block_device userdata_block_device dm_device + cache_block_device }:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; allow fastbootd misc_block_device:blk_file rw_file_perms; From 8200faed612331f91e28a12cb93fdafd28e185aa Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Thu, 2 Apr 2020 13:36:17 +0200 Subject: [PATCH 070/163] Reduce graphics logspam There is no change in behavior. These denials were already being blocked. Bug: 79617173 Test: build Change-Id: Iffd1e5ba42854615eeea9490fe9150678ac98796 Merged-In: Iffd1e5ba42854615eeea9490fe9150678ac98796 (cherry picked from commit 67896eef072e9e232a19475c594986d7dc9b913d) --- private/app.te | 2 ++ private/bootanim.te | 3 +++ private/surfaceflinger.te | 3 +++ 3 files changed, 8 insertions(+) diff --git a/private/app.te b/private/app.te index 5590ca57b..a03bcb094 100644 --- a/private/app.te +++ b/private/app.te @@ -19,6 +19,8 @@ dontaudit appdomain storage_stub_file:dir getattr; # Attempting to do so will be blocked by both selinux and unix # permissions. dontaudit appdomain system_data_file:dir write; +# Apps should not be reading vendor-defined properties. +dontaudit appdomain vendor_default_prop:file read; neverallow appdomain system_server:udp_socket { accept append bind create ioctl listen lock name_bind diff --git a/private/bootanim.te b/private/bootanim.te index 20ff1934b..47405601d 100644 --- a/private/bootanim.te +++ b/private/bootanim.te @@ -4,3 +4,6 @@ init_daemon_domain(bootanim) # b/68864350 dontaudit bootanim unlabeled:dir search; + +# Bootanim should not be reading default vendor-defined properties. +dontaudit bootanim vendor_default_prop:file read; diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te index 97203ba05..cf709df31 100644 --- a/private/surfaceflinger.te +++ b/private/surfaceflinger.te @@ -126,6 +126,9 @@ userdebug_or_eng(` unix_socket_send(surfaceflinger, statsdw, statsd) ') +# Surfaceflinger should not be reading default vendor-defined properties. +dontaudit surfaceflinger vendor_default_prop:file read; + ### ### Neverallow rules ### From c7000de5ad4f9dff733a4db6d7d2477bee45f2f1 Mon Sep 17 00:00:00 2001 From: Florian Mayer Date: Thu, 26 Mar 2020 17:19:21 +0100 Subject: [PATCH 071/163] Allow incidentd to attach perfetto traces on user. This is a cherry-pick 487bf1c5ff85985da7356db76a4112bebe36680a. Bug: 151140716 Change-Id: I821d1a504e6ffcea3a52e2c76bf2290e7b382a48 Merged-In: I821d1a504e6ffcea3a52e2c76bf2290e7b382a48 --- private/incidentd.te | 10 +++------- private/perfetto.te | 7 ++----- 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/private/incidentd.te b/private/incidentd.te index 8924d83fc..c379fa237 100644 --- a/private/incidentd.te +++ b/private/incidentd.te @@ -50,11 +50,8 @@ allow incidentd stats_service:service_manager find; binder_call(incidentd, statsd) # section id 3026, allow reading /data/misc/perfetto-traces. -# TODO(b/134706389): remove when no longer used. -userdebug_or_eng(` - allow incidentd perfetto_traces_data_file:dir r_dir_perms; - allow incidentd perfetto_traces_data_file:file r_file_perms; -'); +allow incidentd perfetto_traces_data_file:dir r_dir_perms; +allow incidentd perfetto_traces_data_file:file r_file_perms; # Create and write into /data/misc/incidents allow incidentd incident_data_file:dir rw_dir_perms; @@ -176,13 +173,12 @@ userdebug_or_eng(` ### # only specific domains can find the incident service -# TODO(b/134706389): remove "perfetto" when no longer used. neverallow { domain -dumpstate -incident -incidentd - userdebug_or_eng(`-perfetto') + -perfetto -permissioncontroller_app -priv_app -statsd diff --git a/private/perfetto.te b/private/perfetto.te index 2183b6dba..06e4ed116 100644 --- a/private/perfetto.te +++ b/private/perfetto.te @@ -44,11 +44,8 @@ unix_socket_send(perfetto, statsdw, statsd) allow perfetto devpts:chr_file rw_file_perms; # Allow perfetto to ask incidentd to start a report. -# TODO(b/134706389): remove when no longer used. -userdebug_or_eng(` - allow perfetto incident_service:service_manager find; - binder_call(perfetto, incidentd) -'); +allow perfetto incident_service:service_manager find; +binder_call(perfetto, incidentd) ### ### Neverallow rules From a006484f22b18e905a6ff641b4e6a65327395776 Mon Sep 17 00:00:00 2001 From: Robin Lee Date: Mon, 30 Mar 2020 12:23:58 +0000 Subject: [PATCH 072/163] Allow blank_screen to make binder calls to the servicemanager blank_screen can not find and use the lights HAL if it cannot use the servicemanager. This broke turning off the display during shutdown. Test: adb root; adb shell setenforce 0; adb shell setprop ctl.start blank_screen Test: adb logcat -b all | grep 'denied' Fix: 151363454 Merged-In: I6aff1cb71f805637abc79493ba2574143c5cf7cf Change-Id: I6aff1cb71f805637abc79493ba2574143c5cf7cf --- private/blank_screen.te | 2 -- public/hal_light.te | 7 +++++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/private/blank_screen.te b/private/blank_screen.te index 69dd7e6a0..51310d180 100644 --- a/private/blank_screen.te +++ b/private/blank_screen.te @@ -4,5 +4,3 @@ type blank_screen_exec, exec_type, file_type, system_file_type; init_daemon_domain(blank_screen) hal_client_domain(blank_screen, hal_light) - -allow blank_screen hal_light_service:service_manager find; diff --git a/public/hal_light.te b/public/hal_light.te index 1e70b74d5..7054d7b32 100644 --- a/public/hal_light.te +++ b/public/hal_light.te @@ -4,11 +4,14 @@ binder_call(hal_light_server, hal_light_client) hal_attribute_hwservice(hal_light, hal_light_hwservice) +# client finds and uses server via service_manager +allow hal_light_client hal_light_service:service_manager find; +binder_use(hal_light_client) + +# server adds itself via service_manager add_service(hal_light_server, hal_light_service) binder_call(hal_light_server, servicemanager) -allow hal_light_client hal_light_service:service_manager find; - allow hal_light_server dumpstate:fifo_file write; allow hal_light sysfs_leds:lnk_file read; From 856391e9ebda1ef60c43f52b9bf33ce201d52fe0 Mon Sep 17 00:00:00 2001 From: Florian Mayer Date: Mon, 23 Mar 2020 20:10:59 +0100 Subject: [PATCH 073/163] Refactor sepolicy to support central mode on user. Functionally this is a no-op change. This is a cherry-pick of 356b98d552e8b6f1936c045cb1a681dfbcd485ee. Bug: 152976928 Change-Id: If4c0c6c74e60cc84f4adedfd430b385795cd15eb Merged-In: If4c0c6c74e60cc84f4adedfd430b385795cd15eb --- private/domain.te | 2 +- public/te_macros | 72 +++++++++++++++++++++++------------------------ 2 files changed, 36 insertions(+), 38 deletions(-) diff --git a/private/domain.te b/private/domain.te index 3f5bbaad5..5304ff070 100644 --- a/private/domain.te +++ b/private/domain.te @@ -11,7 +11,7 @@ allow domain crash_dump:process sigchld; # necessary SELinux permissions. get_prop(domain, heapprofd_prop); # Allow heap profiling on debug builds. -userdebug_or_eng(`can_profile_heap_userdebug_or_eng({ +userdebug_or_eng(`can_profile_heap_central({ domain -bpfloader -init diff --git a/public/te_macros b/public/te_macros index 5afb791d3..56f977522 100644 --- a/public/te_macros +++ b/public/te_macros @@ -663,11 +663,12 @@ define(`hal_attribute_hwservice', ` # Allow processes within the domain to have their heap profiled by heapprofd. # # Note that profiling is performed differently between debug and user builds. -# This macro covers both user and debug builds, but see -# can_profile_heap_userdebug_or_eng for a variant that can be used when -# allowing profiling for a domain only on debug builds, without granting -# the exec permission. The exec permission is necessary for user builds, but -# only a nice-to-have for development and testing purposes on debug builds. +# There are two modes for profiling: +# * forked +# * central. +# On user builds, the default is to allow only forked mode. If it is desired +# to allow central mode as well for a domain, use can_profile_heap_central. +# On userdebug, this macro allows both forked and central. define(`can_profile_heap', ` # Allow central daemon to send signal for client initialization. allow heapprofd $1:process signal; @@ -683,42 +684,39 @@ define(`can_profile_heap', ` allow heapprofd $1:dir r_dir_perms; # Profilability on user implies profilability on userdebug and eng. - can_profile_heap_userdebug_or_eng($1) + userdebug_or_eng(` + can_profile_heap_central($1) + ') ') ################################### -# can_profile_heap_userdebug_or_eng(domain) -# Allow processes within the domain to have their heap profiled by heapprofd on -# debug builds only. -# -# Only necessary when can_profile_heap cannot be applied, see its description -# for rationale. -define(`can_profile_heap_userdebug_or_eng', ` - userdebug_or_eng(` - # Allow central daemon to send signal for client initialization. - allow heapprofd $1:process signal; - # Allow connecting to the daemon. - unix_socket_connect($1, heapprofd, heapprofd) - # Allow daemon to use the passed fds. - allow heapprofd $1:fd use; - # Allow to read and write to heapprofd shmem. - # The client needs to read the read and write pointers in order to write. - allow $1 heapprofd_tmpfs:file { read write getattr map }; - # Use shared memory received over the unix socket. - allow $1 heapprofd:fd use; +# can_profile_heap_central(domain) +# Allow processes within the domain to have their heap profiled by central +# heapprofd. +define(`can_profile_heap_central', ` + # Allow central daemon to send signal for client initialization. + allow heapprofd $1:process signal; + # Allow connecting to the daemon. + unix_socket_connect($1, heapprofd, heapprofd) + # Allow daemon to use the passed fds. + allow heapprofd $1:fd use; + # Allow to read and write to heapprofd shmem. + # The client needs to read the read and write pointers in order to write. + allow $1 heapprofd_tmpfs:file { read write getattr map }; + # Use shared memory received over the unix socket. + allow $1 heapprofd:fd use; - # To read and write from the received file descriptors. - # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the - # process they relate to. - # We need to write to /proc/$PID/page_idle to find idle allocations. - # The client only opens /proc/self/page_idle with RDWR, everything else - # with RDONLY. - # heapprofd cannot open /proc/$PID/mem itself, as it does not have - # sys_ptrace. - allow heapprofd $1:file rw_file_perms; - # Allow searching the /proc/[pid] directory for cmdline. - allow heapprofd $1:dir r_dir_perms; - ') + # To read and write from the received file descriptors. + # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the + # process they relate to. + # We need to write to /proc/$PID/page_idle to find idle allocations. + # The client only opens /proc/self/page_idle with RDWR, everything else + # with RDONLY. + # heapprofd cannot open /proc/$PID/mem itself, as it does not have + # sys_ptrace. + allow heapprofd $1:file rw_file_perms; + # Allow searching the /proc/[pid] directory for cmdline. + allow heapprofd $1:dir r_dir_perms; ') ################################### From 34058dc5b4acd110e0c8d576eb502c88b2e4dc76 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Sun, 5 Apr 2020 19:34:31 -0700 Subject: [PATCH 074/163] Vendors may choose dm-default-key options format Bug: 150761030 Test: setting to 1 in device/google/cuttlefish/shared/device.mk causes "default-key: Not enough arguments" as expected. Cherry-Picked-From: c115da5968a2bbd380c4282d777f2ba56021a4b1 Merged-In: I73262efff0be15f0295d23168049ed9e3721a7f7 Change-Id: I73262efff0be15f0295d23168049ed9e3721a7f7 --- public/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/public/property_contexts b/public/property_contexts index d4b839523..39a4f250e 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -117,6 +117,7 @@ ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool +ro.crypto.dm_default_key.options_format.version u:object_r:exported2_vold_prop:s0 exact int ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string From c6c9229cfa7a4fb7558b9b2302ff21e2868c0875 Mon Sep 17 00:00:00 2001 From: Collin Fijalkovich Date: Wed, 1 Apr 2020 18:15:48 +0000 Subject: [PATCH 075/163] Allow Traceur record the mm_event trace event. Bug: 150130660 Test: Took a trace with Traceur and verified mm_event records were included when the memory category was enabled. Merged-In: I5e783fbbe91dbe330b49fb11cd7d32ac820e7a5c Change-Id: I5e783fbbe91dbe330b49fb11cd7d32ac820e7a5c (cherry picked from commit 45be3aa6492d6594e18522e2a9f1910c46df5dc2) --- prebuilts/api/29.0/private/genfs_contexts | 2 ++ private/genfs_contexts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts index d2819b194..b737f604c 100644 --- a/prebuilts/api/29.0/private/genfs_contexts +++ b/prebuilts/api/29.0/private/genfs_contexts @@ -234,6 +234,7 @@ genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:objec genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0 @@ -277,6 +278,7 @@ genfscon debugfs /tracing/events/filemap/mm_filemap_delete_from_page_cache/ genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0 diff --git a/private/genfs_contexts b/private/genfs_contexts index 828929f4c..d4d7fff87 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -241,6 +241,7 @@ genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:objec genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0 @@ -284,6 +285,7 @@ genfscon debugfs /tracing/events/filemap/mm_filemap_delete_from_page_cache/ genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0 From 25d07d9934114aa4d02c2de23b1ff5db07e104f3 Mon Sep 17 00:00:00 2001 From: Ytai Ben-Tsvi Date: Fri, 10 Apr 2020 13:06:15 -0700 Subject: [PATCH 076/163] Allow system_server to set audio properties Defined a new signal intended to allow the system to reboot the audio/soundtrigger HAL process. Fixes: 153461865 Test: See main change in topic Change-Id: I1e4a770670bb1274fa6a23cd0641f2554d4679f7 Merged-In: I1e4a770670bb1274fa6a23cd0641f2554d4679f7 --- private/property_contexts | 1 + private/system_server.te | 1 + 2 files changed, 2 insertions(+) diff --git a/private/property_contexts b/private/property_contexts index cf4414445..051dd8cf7 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -22,6 +22,7 @@ ro.runtime.firstboot u:object_r:firstboot_prop:s0 hw. u:object_r:system_prop:s0 ro.hw. u:object_r:system_prop:s0 sys. u:object_r:system_prop:s0 +sys.audio. u:object_r:audio_prop:s0 sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0 sys.cppreopt u:object_r:cppreopt_prop:s0 sys.lpdumpd u:object_r:lpdumpd_prop:s0 diff --git a/private/system_server.te b/private/system_server.te index 344055e26..bfac1a6ec 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -618,6 +618,7 @@ set_prop(system_server, exported_overlay_prop) set_prop(system_server, pm_prop) set_prop(system_server, exported_pm_prop) set_prop(system_server, socket_hook_prop) +set_prop(system_server, audio_prop) userdebug_or_eng(`set_prop(system_server, wifi_log_prop)') # ctl interface From 67bbb715501c313d9689463acc328c4cbe54019e Mon Sep 17 00:00:00 2001 From: Robert Shih Date: Fri, 10 Apr 2020 16:50:11 -0700 Subject: [PATCH 077/163] Allow drm hals to access allocator hal Bug: 150468341 Test: atest VtsHalDrmV1_3TargetTest Change-Id: Iea8934567cda343dedf17f75cb0807a68742764d Merged-In: Iea8934567cda343dedf17f75cb0807a68742764d --- public/hal_drm.te | 3 +++ vendor/hal_drm_default.te | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/public/hal_drm.te b/public/hal_drm.te index d86edaf98..598749134 100644 --- a/public/hal_drm.te +++ b/public/hal_drm.te @@ -24,6 +24,9 @@ allow hal_drm cgroup:file w_file_perms; allow hal_drm ion_device:chr_file rw_file_perms; allow hal_drm hal_graphics_allocator:fd use; +# Allow access to hidl_memory allocation service +allow hal_drm hal_allocator_server:fd use; + # Allow access to fds allocated by mediaserver allow hal_drm mediaserver:fd use; diff --git a/vendor/hal_drm_default.te b/vendor/hal_drm_default.te index cf8d894ee..e534762a8 100644 --- a/vendor/hal_drm_default.te +++ b/vendor/hal_drm_default.te @@ -6,5 +6,3 @@ init_daemon_domain(hal_drm_default) allow hal_drm_default hal_codec2_server:fd use; allow hal_drm_default hal_omx_server:fd use; - -allow hal_drm_default hal_allocator_server:fd use; From 90ad5fc78d9ef36ff7c8051cd75707da49a6c267 Mon Sep 17 00:00:00 2001 From: Nikita Ioffe Date: Sat, 11 Apr 2020 02:00:01 +0100 Subject: [PATCH 078/163] Add init.userspace_reboot.started.timeoutmillis property This property controls how much userspace reboot watchdog will wait for userspace reboot to start before falling back to hard reboot. Test: builds Bug: 152803929 Change-Id: I6955e8c94708e7e4161e4f334b03c052d42c0f9f Merged-In: I6955e8c94708e7e4161e4f334b03c052d42c0f9f (cherry picked from commit 7947d580e3bfc4b129b955bfd2a0975ebfcea6db) --- private/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/private/property_contexts b/private/property_contexts index 051dd8cf7..10f029f81 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -253,5 +253,6 @@ ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int From 51b1d918ca681dd781ed3e0390446aa59c211834 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Fri, 10 Apr 2020 14:00:30 +0200 Subject: [PATCH 079/163] Add external_storage properties. Since these need to be set from a vendor context. Bug: 152170470 Bug: 153525566 Test: N/A Change-Id: I2e90ad08fa0a5bd2b4759d92f95d35cec2b316df Merged-In: I2e90ad08fa0a5bd2b4759d92f95d35cec2b316df --- private/compat/29.0/29.0.ignore.cil | 1 + public/app.te | 4 ++++ public/domain.te | 1 + public/property.te | 1 + public/property_contexts | 2 ++ public/recovery.te | 3 +++ public/vendor_init.te | 1 + public/vold.te | 1 + 8 files changed, 14 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 47330421f..8b23ea5ff 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -88,6 +88,7 @@ snapshotctl_log_data_file socket_hook_prop soundtrigger_middleware_service + storage_config_prop sysfs_dm_verity system_adbd_prop system_config_service diff --git a/public/app.te b/public/app.te index e5b9fd670..9c635aa82 100644 --- a/public/app.te +++ b/public/app.te @@ -566,6 +566,10 @@ neverallow { -system_app } { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms; + +# Don't allow apps access to storage configuration properties. +neverallow appdomain storage_config_prop:file no_rw_file_perms; + # Apps cannot access proc_uid_time_in_state neverallow appdomain proc_uid_time_in_state:file *; diff --git a/public/domain.te b/public/domain.te index c7f851d5c..c9ee4d92c 100644 --- a/public/domain.te +++ b/public/domain.te @@ -530,6 +530,7 @@ compatible_property_only(` neverallow { domain -init } exported2_default_prop:property_service set; neverallow { domain -init -vendor_init } exported3_default_prop:property_service set; neverallow { domain -init -vendor_init } vendor_default_prop:property_service set; + neverallow { domain -init -vendor_init } storage_config_prop:property_service set; ') # Only core domains are allowed to access package_manager properties diff --git a/public/property.te b/public/property.te index d403d822c..f69f2e768 100644 --- a/public/property.te +++ b/public/property.te @@ -118,6 +118,7 @@ system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) system_vendor_config_prop(media_variant_prop) +system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) system_vendor_config_prop(vehicle_hal_prop) system_vendor_config_prop(vendor_security_patch_level_prop) diff --git a/public/property_contexts b/public/property_contexts index 39a4f250e..a45714e88 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -70,6 +70,8 @@ dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool +external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool +external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string diff --git a/public/recovery.te b/public/recovery.te index 55568d489..16b670f96 100644 --- a/public/recovery.te +++ b/public/recovery.te @@ -125,6 +125,9 @@ recovery_only(` # Read ro.boot.bootreason get_prop(recovery, bootloader_boot_reason_prop) + # Read storage properties (for correctly formatting filesystems) + get_prop(recovery, storage_config_prop) + # Use setfscreatecon() to label files for OTA updates. allow recovery self:process setfscreate; diff --git a/public/vendor_init.te b/public/vendor_init.te index 935c3144a..c070dff6a 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -233,6 +233,7 @@ set_prop(vendor_init, log_tag_prop) set_prop(vendor_init, log_prop) set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, serialno_prop) +set_prop(vendor_init, storage_config_prop) set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vendor_default_prop) diff --git a/public/vold.te b/public/vold.te index 9391649b4..e2985677b 100644 --- a/public/vold.te +++ b/public/vold.te @@ -201,6 +201,7 @@ set_prop(vold, restorecon_prop) set_prop(vold, ota_prop) set_prop(vold, boottime_prop) set_prop(vold, boottime_public_prop) +get_prop(vold, storage_config_prop) # ASEC allow vold asec_image_file:file create_file_perms; From 02c36b38efa648a103a53bf068d5c5be986dcfe4 Mon Sep 17 00:00:00 2001 From: Roshan Pius Date: Tue, 14 Apr 2020 22:00:07 -0700 Subject: [PATCH 080/163] sepolicy: Add a new property for aware iface Bug: 153852667 Test: Compiles Change-Id: I696cd9334ecf5e947e0459910de258bf904eb520 Merged-In: I696cd9334ecf5e947e0459910de258bf904eb520 --- public/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/public/property_contexts b/public/property_contexts index 39a4f250e..6e097b0aa 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -398,6 +398,7 @@ ro.vndk.lite u:object_r:vndk_prop:s0 exact bool ro.vndk.version u:object_r:vndk_prop:s0 exact string ro.vts.coverage u:object_r:exported_default_prop:s0 exact int wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string +wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string wifi.direct.interface u:object_r:exported_default_prop:s0 exact string wifi.interface u:object_r:exported_default_prop:s0 exact string From 99e6840d9813505182e62d9a0425fc232f7fb787 Mon Sep 17 00:00:00 2001 From: Automerger Merge Worker Date: Tue, 25 Feb 2020 12:00:13 +0000 Subject: [PATCH 081/163] Merge "Allow dumpstate to dump NNAPI HAL log on userbuild" am: fb9ff8d5b6 am: 3b590980df am: 6035f1a68a am: a9437ed48e This helps in the investigation of driver-related issues. Bug: 145388549 Bug: 154169913 Test: Manually, log collected on user build Change-Id: Ibad9b68736ccbdc3ed796606fd1d78ca04f98ad0 Merged-In: Ibad9b68736ccbdc3ed796606fd1d78ca04f98ad0 --- public/dumpstate.te | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/public/dumpstate.te b/public/dumpstate.te index 55705a9b3..c3051756b 100644 --- a/public/dumpstate.te +++ b/public/dumpstate.te @@ -85,6 +85,7 @@ allow dumpstate { hal_graphics_allocator_server hal_graphics_composer_server hal_health_server + hal_neuralnetworks_server hal_omx_server hal_power_server hal_power_stats_server @@ -135,9 +136,10 @@ r_dir_file(dumpstate, cgroup) binder_call(dumpstate, binderservicedomain) binder_call(dumpstate, { appdomain netd wificond }) -hal_client_domain(dumpstate, hal_dumpstate) -hal_client_domain(dumpstate, hal_wifi) -hal_client_domain(dumpstate, hal_graphics_allocator) +dump_hal(hal_dumpstate) +dump_hal(hal_wifi) +dump_hal(hal_graphics_allocator) +dump_hal(hal_neuralnetworks) # Vibrate the device after we are done collecting the bugreport hal_client_domain(dumpstate, hal_vibrator) From e6925b7de4753ff2a9982cb14e3213634a4395b1 Mon Sep 17 00:00:00 2001 From: Howard Chen Date: Thu, 19 Mar 2020 18:58:11 +0800 Subject: [PATCH 082/163] Allow developer settings to query gsid status When the device is running DSU, the DSULoader button should be disabled. Bug: 151792130 Test: open developer settings and check the DSULoader Merged-In: Iae2d3dcc9d2b6de1fa5f6a0931465b355fe74ddf Change-Id: Iae2d3dcc9d2b6de1fa5f6a0931465b355fe74ddf (cherry picked from commit 7833aa475192b634d8e526ff231c9de2ee623a0a) --- private/system_app.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/private/system_app.te b/private/system_app.te index e59e7ad96..0b77bb372 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -62,6 +62,9 @@ set_prop(system_app, dynamic_system_prop) set_prop(system_app, ctl_default_prop) set_prop(system_app, ctl_bugreport_prop) +# Allow developer settings to query gsid status +get_prop(system_app, gsid_prop) + # Create /data/anr/traces.txt. allow system_app anr_data_file:dir ra_dir_perms; allow system_app anr_data_file:file create_file_perms; From 2b44fdfccbfc64fc7240dca6da3260d0edfe4171 Mon Sep 17 00:00:00 2001 From: Primiano Tucci Date: Wed, 8 Apr 2020 20:31:21 +0100 Subject: [PATCH 083/163] Allow traced to create files within /data/misc/perfetto-traces Together with aosp/1282157 this change allows the service to create trace files in the /data/misc/perfetto-traces folder. Before this change they needed to be created by the perfetto cmdline client and pass the FD. This doesn't work for host tools like Android GPU Inspector (https://gpuinspector.dev/) which talk to the UNIX socket over adb forward and cannot pass a FD from the host. Bug: 153519149 Test: manual: adb shell perfetto --txt -c - buffers { size_kb: 65536 } data_sources { config { name: "linux.ftrace" ftrace_config { ftrace_events: "sched_switch" } } } duration_ms: 5000 write_into_file: true output_path: "/data/misc/perfetto-traces/ttt" Change-Id: I184329805741654983843e6a29c1fac19a836f59 (cherry picked from commit 386d95b15fee1ad0fb07394a40e89f39de694ee8) --- private/traced.te | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/private/traced.te b/private/traced.te index 7ecfb7f22..2410d7e30 100644 --- a/private/traced.te +++ b/private/traced.te @@ -24,7 +24,10 @@ allow traced self:global_capability_class_set { sys_nice }; allow traced perfetto:fd use; allow traced shell:fd use; allow traced shell:fifo_file { read write }; -allow traced perfetto_traces_data_file:file { read write }; + +# Allow the service to create new files within /data/misc/perfetto-traces. +allow traced perfetto_traces_data_file:file create_file_perms; +allow traced perfetto_traces_data_file:dir rw_dir_perms; # Allow traceur to pass open file descriptors to traced, so traced can directly # write into the output file without doing roundtrips over IPC. @@ -78,6 +81,7 @@ neverallow traced domain:process ptrace; # passed through the socket. neverallow traced { data_file_type + -perfetto_traces_data_file -system_data_file -system_data_root_file # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a From d52c69f2e6458a0af84d412a3fb243648068f7ee Mon Sep 17 00:00:00 2001 From: Rambo Wang Date: Wed, 8 Apr 2020 10:59:45 -0700 Subject: [PATCH 084/163] Add policy to allow EmergencyAffordanceService to dump state Bug: 130187110 Test: adb shell dumpsys emergency_affordance Merged-In: I4dcc227ba949a02a0393999c8065f8bd8b981959 Change-Id: I4dcc227ba949a02a0393999c8065f8bd8b981959 (cherry picked from commit 25e527634ad797a691a0f7d0afa1b60c416b5a0b) --- private/compat/29.0/29.0.ignore.cil | 1 + private/service_contexts | 1 + public/service.te | 1 + 3 files changed, 3 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 8b23ea5ff..dce7880af 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -40,6 +40,7 @@ device_config_sys_traced_prop device_config_window_manager_native_boot_prop device_config_configuration_prop + emergency_affordance_service exported_camera_prop file_integrity_service fwk_automotive_display_hwservice diff --git a/private/service_contexts b/private/service_contexts index f8dbcaea7..e01dcc1af 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -77,6 +77,7 @@ dropbox u:object_r:dropbox_service:s0 dumpstate u:object_r:dumpstate_service:s0 dynamic_system u:object_r:dynamic_system_service:s0 econtroller u:object_r:radio_service:s0 +emergency_affordance u:object_r:emergency_affordance_service:s0 euicc_card_controller u:object_r:radio_service:s0 external_vibrator_service u:object_r:external_vibrator_service:s0 lowpan u:object_r:lowpan_service:s0 diff --git a/public/service.te b/public/service.te index 91eb6ae5a..968e523cf 100644 --- a/public/service.te +++ b/public/service.te @@ -203,6 +203,7 @@ type window_service, system_api_service, system_server_service, service_manager_ type inputflinger_service, system_api_service, system_server_service, service_manager_type; type wpantund_service, system_api_service, service_manager_type; type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type emergency_affordance_service, system_server_service, service_manager_type; ### ### HAL Services From f7c70427b4d6b0d9576a8b0fb9eb922bce8212d6 Mon Sep 17 00:00:00 2001 From: Ashwini Oruganti Date: Tue, 21 Apr 2020 09:22:12 -0700 Subject: [PATCH 085/163] Route com.google.android.gsf to gmscore_app com.google.android.gms and com.google.android.gsf have a sharedUserId but were being routed to two different domains: com.google.android.gms 10145 0 /data/user/0/com.google.android.gms google:privapp:targetSdkVersion=10000 com.google.android.gsf 10145 0 /data/user/0/com.google.android.gsf google:privapp:targetSdkVersion=10000 This change routes them to the same domain: gmscore_app Bug: 154597032 Test: TH Change-Id: I0a309a687eb8608604cabf65b58763a1a3262153 Merged-In: I0a309a687eb8608604cabf65b58763a1a3262153 --- private/seapp_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/private/seapp_contexts b/private/seapp_contexts index 6c3b60744..87e8b839e 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -165,6 +165,7 @@ user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.gfs domain=gmscore_app type=privapp_data_file levelFrom=user user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all From 89d43a51bae00bd805db222508e42021b432c414 Mon Sep 17 00:00:00 2001 From: Nikita Ioffe Date: Wed, 22 Apr 2020 00:04:04 +0100 Subject: [PATCH 086/163] Allow priv_app to search apex_data_file and read staging_data_file This changes are necessary to make files under /data/apex/active be readable by Phonesky. Test: builds Bug: 154635217 Change-Id: I14116f02f3d3f0a8390f1d968a3971f15bd4b3f2 --- private/domain.te | 2 +- private/priv_app.te | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/private/domain.te b/private/domain.te index 5304ff070..1a8ce5053 100644 --- a/private/domain.te +++ b/private/domain.te @@ -209,7 +209,7 @@ neverallow { # do not change between system_server staging the files and apexd processing # the files. neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename } staging_data_file:dir *; -neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename } staging_data_file:file *; +neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename -priv_app } staging_data_file:file *; neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms; # apexd needs the link and unlink permissions, so list every `no_w_file_perms` # except for `link` and `unlink`. diff --git a/private/priv_app.te b/private/priv_app.te index db28bec95..44c81ee80 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -157,6 +157,10 @@ allow priv_app incremental_control_file:file { read getattr ioctl }; # on the Incremental File System. allowxperm priv_app incremental_control_file:file ioctl INCFS_IOCTL_PERMIT_FILL; +# Required for Phonesky to be able to read APEX files under /data/apex/active/. +allow priv_app apex_data_file:dir search; +allow priv_app staging_data_file:file r_file_perms; + ### ### neverallow rules ### From c8fcff6bfecc31de23362e42ef169aee94b59781 Mon Sep 17 00:00:00 2001 From: Oli Lan Date: Thu, 6 Feb 2020 11:57:08 +0000 Subject: [PATCH 087/163] Add new apexd.status value of "activated". - Cherry-pick of aosp/1228660 As of aosp/1224611, there is a new step in the preparation of APEXes where init calls back into apexd after DE user data is unencrypted to allow DE apex data to be snapshotted or restored. This adds a new enum value for the apexd.status property to allow this status to be described. Bug: 148672144 Test: build & flash, check boot completes and check in logs that the correct status values are set. Merged-In: I7effcf16280eabcd5b9a0d70d33bd34d79121312 Change-Id: Ibe023ac0155419f2dfa8b1d5ce4c1e2a6ca87277 --- public/property_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/public/property_contexts b/public/property_contexts index fdac30394..a205100c7 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -190,7 +190,7 @@ wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool # vendor-init-readable -apexd.status u:object_r:apexd_prop:s0 exact enum starting ready +apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string persist.sys.theme u:object_r:theme_prop:s0 exact string From 1c4625908161c5ded13c398803e3c749609ed2b9 Mon Sep 17 00:00:00 2001 From: Ashwini Oruganti Date: Wed, 22 Apr 2020 10:22:45 -0700 Subject: [PATCH 088/163] Fix typo: s/com.google.android.gfs/com.google.android.gsf Bug: 154597032 Test: TH Change-Id: Ia8de313a9573649c456568abb3a8190dc2960bc3 Merged-In: Ia8de313a9573649c456568abb3a8190dc2960bc3 --- private/seapp_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/private/seapp_contexts b/private/seapp_contexts index 87e8b839e..1bad9c11b 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -165,7 +165,7 @@ user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user -user=_app isPrivApp=true name=com.google.android.gfs domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all From eee53bc24b0c6b2785eeaa714284e6a57ecc850a Mon Sep 17 00:00:00 2001 From: Wenjie Zhou Date: Thu, 9 Apr 2020 14:43:00 -0700 Subject: [PATCH 089/163] Enable incidentd access to ro.boot.bootreason incident report contains similar data as in a bugreport, but in proto format. This is a cherry-pick from aosp/1283764 with conflicts resolved. Test: adb shell incident -p LOCAL 1000 Bug: 152173578 Change-Id: Iee53a3b8a6c95629a1d5c15b4d17f3d680b14178 Merged-In: Iee53a3b8a6c95629a1d5c15b4d17f3d680b14178 --- private/incidentd.te | 8 ++++++++ public/bootstat.te | 1 + 2 files changed, 9 insertions(+) diff --git a/private/incidentd.te b/private/incidentd.te index c379fa237..405684ae6 100644 --- a/private/incidentd.te +++ b/private/incidentd.te @@ -168,6 +168,14 @@ userdebug_or_eng(` get_prop(incidentd, serialno_prop) ') +# Read ro.boot.bootreason, persist.sys.boot.bootreason +# This is used to track reports from lab testing devices +userdebug_or_eng(` + get_prop(incidentd, bootloader_boot_reason_prop); + get_prop(incidentd, system_boot_reason_prop); + get_prop(incidentd, last_boot_reason_prop); +') + ### ### neverallow rules ### diff --git a/public/bootstat.te b/public/bootstat.te index 6143a7d2b..e91f2a5e5 100644 --- a/public/bootstat.te +++ b/public/bootstat.te @@ -39,6 +39,7 @@ neverallow { -bootanim -bootstat -dumpstate + userdebug_or_eng(`-incidentd') -init -recovery -shell From a07eaa4eecb0f6cad6f56eef2f4ee83ae410328f Mon Sep 17 00:00:00 2001 From: Treehugger Robot Date: Thu, 23 Apr 2020 03:55:32 +0000 Subject: [PATCH 090/163] Adding file group for vts_treble_sys_prop_test. Bug: 147720376 Test: m vts_treble_sys_prop_test Change-Id: I81a0e21a989dd89f8c37adf5a5c739ca0bdfbac0 Merged-In: I81a0e21a989dd89f8c37adf5a5c739ca0bdfbac0 --- Android.bp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Android.bp b/Android.bp index 4973c13af..a2f202f67 100644 --- a/Android.bp +++ b/Android.bp @@ -375,3 +375,12 @@ service_contexts { reqd_mask: true, soc_specific: true, } + +// For vts_treble_sys_prop_test +filegroup { + name: "private_property_contexts", + srcs: ["private/property_contexts"], + visibility: [ + "//test/vts-testcase/security/system_property", + ], +} From 4dd363d5116783998e586130fafae8f90926042b Mon Sep 17 00:00:00 2001 From: Automerger Merge Worker Date: Tue, 25 Feb 2020 01:33:33 +0000 Subject: [PATCH 091/163] Use prefixes for binder cache SELinux properties. Adds a context for telephony related cache properties and changes the bluetooth and system_server properties to match off of prefix instead of exact string matches. Bug: 151953109 Test: Flashed phone with PowerManager caches enabled and verified that the phone boots. Merged-In: I9110192a12bb6222e49a8fb6b266d6067ef2ea92 Change-Id: I3128596a2f893954a54499cf295e5c88a94d4965 (cherry picked from commit bae0bd20168453c7539e72c6e4ff478ef027bff1) --- private/compat/29.0/29.0.ignore.cil | 1 + private/radio.te | 4 ++++ public/domain.te | 1 + public/property.te | 1 + public/property_contexts | 8 ++++---- 5 files changed, 11 insertions(+), 4 deletions(-) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 8b23ea5ff..ae1de12f1 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -22,6 +22,7 @@ blob_store_service binder_cache_bluetooth_server_prop binder_cache_system_server_prop + binder_cache_telephony_server_prop binderfs binderfs_logs binderfs_logs_proc diff --git a/private/radio.te b/private/radio.te index fd5ecd594..00a5cda36 100644 --- a/private/radio.te +++ b/private/radio.te @@ -19,3 +19,7 @@ allow radio emergency_data_file:file r_file_perms; # allow sending pulled atoms to statsd binder_call(radio, statsd) +# allow telephony to access related cache properties +set_prop(radio, binder_cache_telephony_server_prop); +neverallow { domain -radio -init } + binder_cache_telephony_server_prop:property_service set; diff --git a/public/domain.te b/public/domain.te index c9ee4d92c..265489647 100644 --- a/public/domain.te +++ b/public/domain.te @@ -112,6 +112,7 @@ get_prop(domain, vndk_prop) # Binder cache properties are world-readable get_prop(domain, binder_cache_bluetooth_server_prop) get_prop(domain, binder_cache_system_server_prop) +get_prop(domain, binder_cache_telephony_server_prop) # Let everyone read log properties, so that liblog can avoid sending unloggable # messages to logd. diff --git a/public/property.te b/public/property.te index f69f2e768..a435b4dc9 100644 --- a/public/property.te +++ b/public/property.te @@ -69,6 +69,7 @@ compatible_property_only(` # Properties used by binder caches system_restricted_prop(binder_cache_bluetooth_server_prop) system_restricted_prop(binder_cache_system_server_prop) +system_restricted_prop(binder_cache_telephony_server_prop) system_restricted_prop(boottime_public_prop) system_restricted_prop(bq_config_prop) system_restricted_prop(module_sdkextensions_prop) diff --git a/public/property_contexts b/public/property_contexts index fdac30394..1a0dcc99d 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -451,10 +451,6 @@ ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 ex # Binder cache properties. These are world-readable cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0 cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0 -cache_key.bluetooth.get_bond_state u:object_r:binder_cache_bluetooth_server_prop:s0 -cache_key.bluetooth.get_profile_connection_state u:object_r:binder_cache_bluetooth_server_prop:s0 -cache_key.bluetooth.get_state u:object_r:binder_cache_bluetooth_server_prop:s0 -cache_key.bluetooth.is_offloaded_filtering_supported u:object_r:binder_cache_bluetooth_server_prop:s0 cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0 cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0 cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0 @@ -464,3 +460,7 @@ cache_key.volume_list u:object_r:binder_cache_system_server_p cache_key.display_info u:object_r:binder_cache_system_server_prop:s0 cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0 cache_key.package_info u:object_r:binder_cache_system_server_prop:s0 + +cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string +cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string +cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string From 0e19ccc49fcbe185fe31f57058e9c1e573c39654 Mon Sep 17 00:00:00 2001 From: Petri Gynther Date: Wed, 22 Apr 2020 20:05:42 -0700 Subject: [PATCH 092/163] Allow adb shell user to collect vmstat Bug: 154839500 Test: adb shell vmstat 2 5 Merged-In: I6e93c4b5b29f38549f49f7f1ed0bd505613d648f Change-Id: I6e93c4b5b29f38549f49f7f1ed0bd505613d648f --- public/shell.te | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/public/shell.te b/public/shell.te index 79d5c89b3..c0412ebfd 100644 --- a/public/shell.te +++ b/public/shell.te @@ -139,7 +139,7 @@ allow shell dumpstate:binder call; hwbinder_use(shell) allow shell hwservicemanager:hwservice_manager list; -# allow shell to look through /proc/ for lsmod, ps, top, netstat. +# allow shell to look through /proc/ for lsmod, ps, top, netstat, vmstat. r_dir_file(shell, proc_net_type) allow shell { @@ -155,6 +155,7 @@ allow shell { proc_timer proc_uptime proc_version + proc_vmstat proc_zoneinfo }:file r_file_perms; From cfe6717d052fe7b51f275d4407b7f6822afb84eb Mon Sep 17 00:00:00 2001 From: David Sehr Date: Wed, 15 Apr 2020 22:11:24 -0700 Subject: [PATCH 093/163] Control use of dex2oat64 by device property Gate use of dex2oat64 by a device property. Bug: 153380900 Test: atest -c installd_dexopt_test (cherry picked from commit 80a1403c624bf6f39763c8ad002512cbc651f76e) Merged-In: I640085b5cd744cdc4563f565f8a914f9b1adc3ab Change-Id: Ic81916085112d6556ade78476dbc61bb3f318ce9 --- apex/com.android.art.debug-file_contexts | 2 +- apex/com.android.art.release-file_contexts | 2 +- public/property_contexts | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts index e90cea413..20e5a25fc 100644 --- a/apex/com.android.art.debug-file_contexts +++ b/apex/com.android.art.debug-file_contexts @@ -2,7 +2,7 @@ # System files # (/.*)? u:object_r:system_file:s0 -/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0 +/bin/dex2oat(32|64)?(d)? u:object_r:dex2oat_exec:s0 /bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0 /bin/profman(d)? u:object_r:profman_exec:s0 /lib(64)?(/.*)? u:object_r:system_lib_file:s0 diff --git a/apex/com.android.art.release-file_contexts b/apex/com.android.art.release-file_contexts index 08688fbc6..1598afd38 100644 --- a/apex/com.android.art.release-file_contexts +++ b/apex/com.android.art.release-file_contexts @@ -2,7 +2,7 @@ # System files # (/.*)? u:object_r:system_file:s0 -/bin/dex2oat u:object_r:dex2oat_exec:s0 +/bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0 /bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0 /bin/profman u:object_r:profman_exec:s0 /lib(64)?(/.*)? u:object_r:system_lib_file:s0 diff --git a/public/property_contexts b/public/property_contexts index a205100c7..e1660975b 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -21,6 +21,7 @@ dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.dex2oat64.enabled u:object_r:exported_dalvik_prop:s0 exact bool dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string From 8962257c9f1a5f516a30d9dfc02b1665223880f4 Mon Sep 17 00:00:00 2001 From: Felix Date: Wed, 22 Apr 2020 21:18:29 +0200 Subject: [PATCH 094/163] property_contexts: Add ro.kernel.ebpf.supported MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This prop allows vendors to specify whether their devices have basic eBPF compatibility (ie. Linux kernel 4.9 with P VINTF). Make it exported_default_prop because the shared library libbpf_android is used in a lot of places. See: https://r.android.com/1261922 Test: builds Bug: 151753987 Signed-off-by: Felix Signed-off-by: Maciej Żenczykowski Change-Id: Ifd9af558d84ea1619a6af7fce81b700fdfb22b9f Merged-In: Ifd9af558d84ea1619a6af7fce81b700fdfb22b9f --- public/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/public/property_contexts b/public/property_contexts index e1660975b..b7461f2e8 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -372,6 +372,7 @@ ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool ro.kernel.qemu. u:object_r:exported_default_prop:s0 ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int +ro.kernel.ebpf.supported u:object_r:exported_default_prop:s0 exact bool ro.odm.build.date u:object_r:exported_default_prop:s0 exact string ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string From eeaef8ace2e9267509ad2669aaed14ffc0c33f46 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Tue, 24 Mar 2020 15:35:17 -0700 Subject: [PATCH 095/163] Add rules for hidl_lazy_test* eng/userdebug rules added for integration testing of hidl_lazy_test, similar to aidl_lazy_test. This is required in sepolicy since the test requires defining a service in an init.rc file, and so there needs to be sepolicy for init to start this service. Bug: 148114689 Test: hidl_lazy_test Change-Id: Id6549cbb89b62d3f6de1ae2690ce95c3e8656f66 (cherry picked from commit e4f0ccf29cd1d5e3d929b05a01c3953ffeb07fdb) Merged-In: Id6549cbb89b62d3f6de1ae2690ce95c3e8656f66 --- private/attributes | 1 + private/file_contexts | 1 + private/hal_lazy_test.te | 3 +++ private/hidl_lazy_test_server.te | 8 ++++++++ private/hwservice.te | 1 + private/hwservice_contexts | 1 + 6 files changed, 15 insertions(+) create mode 100644 private/attributes create mode 100644 private/hal_lazy_test.te create mode 100644 private/hidl_lazy_test_server.te create mode 100644 private/hwservice.te diff --git a/private/attributes b/private/attributes new file mode 100644 index 000000000..e01b2126a --- /dev/null +++ b/private/attributes @@ -0,0 +1 @@ +hal_attribute(lazy_test); diff --git a/private/file_contexts b/private/file_contexts index 9bed5fd43..4f86f710f 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -449,6 +449,7 @@ /(system_ext|system/system_ext)/etc/selinux/system_ext_mac_permissions\.xml u:object_r:mac_perms_file:s0 /(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0 +/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0 ############################# # Vendor files from /(product|system/product)/vendor_overlay diff --git a/private/hal_lazy_test.te b/private/hal_lazy_test.te new file mode 100644 index 000000000..93cf2350b --- /dev/null +++ b/private/hal_lazy_test.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` + hal_attribute_hwservice(hal_lazy_test, hal_lazy_test_hwservice) +') diff --git a/private/hidl_lazy_test_server.te b/private/hidl_lazy_test_server.te new file mode 100644 index 000000000..04e8c9fbe --- /dev/null +++ b/private/hidl_lazy_test_server.te @@ -0,0 +1,8 @@ +type hidl_lazy_test_server, domain; +type hidl_lazy_test_server_exec, exec_type, file_type, system_file_type; + +userdebug_or_eng(` + typeattribute hidl_lazy_test_server coredomain; + init_daemon_domain(hidl_lazy_test_server) + hal_server_domain(hidl_lazy_test_server, hal_lazy_test) +') diff --git a/private/hwservice.te b/private/hwservice.te new file mode 100644 index 000000000..b7ba4d7bf --- /dev/null +++ b/private/hwservice.te @@ -0,0 +1 @@ +type hal_lazy_test_hwservice, hwservice_manager_type, protected_hwservice; diff --git a/private/hwservice_contexts b/private/hwservice_contexts index 6f92556f7..c45b0efdb 100644 --- a/private/hwservice_contexts +++ b/private/hwservice_contexts @@ -40,6 +40,7 @@ android.hardware.health.storage::IStorage u:object_r:hal_h android.hardware.input.classifier::IInputClassifier u:object_r:hal_input_classifier_hwservice:s0 android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0 android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0 +android.hardware.tests.lazy::ILazy u:object_r:hal_lazy_test_hwservice:s0 android.hardware.light::ILight u:object_r:hal_light_hwservice:s0 android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0 android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0 From 2973c9605555c119243ef85119576b2d01a12060 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Fri, 24 Apr 2020 15:03:01 +0900 Subject: [PATCH 096/163] Add boot_status_prop for boot completed props Assigning a new context boot_status_prop for following two properties: - sys.boot_completed - dev.bootcomplete Bug: 154885206 Test: boot cf_x86 and crosshatch, see no denials Change-Id: Ieadabf90a9a1b54b52a1283bd648c11c95d558dd --- private/compat/26.0/26.0.ignore.cil | 1 + private/compat/27.0/27.0.ignore.cil | 1 + private/compat/29.0/29.0.cil | 2 +- private/domain.te | 2 ++ private/property_contexts | 4 ++-- private/system_server.te | 3 +++ public/property.te | 3 +-- public/vendor_init.te | 1 + 8 files changed, 12 insertions(+), 5 deletions(-) diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index 8557aea5b..b7d6b66cf 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -21,6 +21,7 @@ atrace binder_calls_stats_service biometric_service + boot_status_prop bootloader_boot_reason_prop blank_screen blank_screen_exec diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index e41ee7472..3fdb0b45b 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -23,6 +23,7 @@ blank_screen blank_screen_exec blank_screen_tmpfs + boot_status_prop bootloader_boot_reason_prop bluetooth_a2dp_offload_prop bpfloader diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil index d13f38654..6df084996 100644 --- a/private/compat/29.0/29.0.cil +++ b/private/compat/29.0/29.0.cil @@ -1206,7 +1206,7 @@ (typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop vold_config_prop)) (typeattributeset exported3_default_prop_29_0 (exported3_default_prop)) (typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop)) -(typeattributeset exported3_system_prop_29_0 (exported3_system_prop)) +(typeattributeset exported3_system_prop_29_0 (exported3_system_prop boot_status_prop)) (typeattributeset exported_audio_prop_29_0 (exported_audio_prop)) (typeattributeset exported_bluetooth_prop_29_0 (exported_bluetooth_prop)) (typeattributeset exported_config_prop_29_0 (exported_config_prop)) diff --git a/private/domain.te b/private/domain.te index 0b50cfbb4..933fd4eec 100644 --- a/private/domain.te +++ b/private/domain.te @@ -72,6 +72,7 @@ get_prop(domain, bq_config_prop); # For now, everyone can access core property files # Device specific properties are not granted by default not_compatible_property(` + get_prop(domain, boot_status_prop) get_prop(domain, core_property_type) get_prop(domain, dalvik_config_prop) get_prop(domain, exported_ffs_prop) @@ -86,6 +87,7 @@ not_compatible_property(` get_prop(domain, vold_config_prop) ') compatible_property_only(` + get_prop({coredomain appdomain shell}, boot_status_prop) get_prop({coredomain appdomain shell}, core_property_type) get_prop({coredomain appdomain shell}, dalvik_config_prop) get_prop({coredomain appdomain shell}, exported_ffs_prop) diff --git a/private/property_contexts b/private/property_contexts index eee4a48b3..281fc7ec2 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -499,13 +499,13 @@ zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool # vendor-init-readable apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready -dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool +dev.bootcomplete u:object_r:boot_status_prop:s0 exact bool +sys.boot_completed u:object_r:boot_status_prop:s0 exact bool persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string persist.sys.theme u:object_r:theme_prop:s0 exact string persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string -sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool sys.vdso u:object_r:exported3_system_prop:s0 exact string diff --git a/private/system_server.te b/private/system_server.te index bfac1a6ec..3e733fbc6 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -619,6 +619,7 @@ set_prop(system_server, pm_prop) set_prop(system_server, exported_pm_prop) set_prop(system_server, socket_hook_prop) set_prop(system_server, audio_prop) +set_prop(system_server, boot_status_prop) userdebug_or_eng(`set_prop(system_server, wifi_log_prop)') # ctl interface @@ -1162,3 +1163,5 @@ neverallow system_server self:perf_event ~{ open write cpu kernel }; # Do not allow any domain other than init or system server to set the property neverallow { domain -init -system_server } socket_hook_prop:property_service set; + +neverallow { domain -init -system_server } boot_status_prop:property_service set; diff --git a/public/property.te b/public/property.te index 29cd36e7c..e25a21808 100644 --- a/public/property.te +++ b/public/property.te @@ -54,11 +54,10 @@ compatible_property_only(` ') # Properties which can't be written outside system - -# Properties used by binder caches system_restricted_prop(binder_cache_bluetooth_server_prop) system_restricted_prop(binder_cache_system_server_prop) system_restricted_prop(binder_cache_telephony_server_prop) +system_restricted_prop(boot_status_prop) system_restricted_prop(boottime_public_prop) system_restricted_prop(bq_config_prop) system_restricted_prop(module_sdkextensions_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index dd7400576..d661d815c 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -238,6 +238,7 @@ set_prop(vendor_init, vndk_prop) set_prop(vendor_init, virtual_ab_prop) set_prop(vendor_init, wifi_log_prop) +get_prop(vendor_init, boot_status_prop) get_prop(vendor_init, exported2_radio_prop) get_prop(vendor_init, exported3_system_prop) get_prop(vendor_init, theme_prop) From 4279857b769a444701e0f57cc67cd77871060dbb Mon Sep 17 00:00:00 2001 From: yangbill Date: Tue, 28 Apr 2020 11:59:56 +0800 Subject: [PATCH 097/163] Change property_contexts from private to public. For R, it is using public/property_contexts. Bug: 154793693 Test: m vts_treble_sys_prop_test Change-Id: I3056a010d063acbfbd4394e880b6dfb3cc317e00 Merged-In: I81a0e21a989dd89f8c37adf5a5c739ca0bdfbac0 Merged-In: I3e3c6e1dacfc0461a26e44df7e824db4d73c718f --- Android.bp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Android.bp b/Android.bp index a2f202f67..8705622a0 100644 --- a/Android.bp +++ b/Android.bp @@ -378,8 +378,8 @@ service_contexts { // For vts_treble_sys_prop_test filegroup { - name: "private_property_contexts", - srcs: ["private/property_contexts"], + name: "public_property_contexts", + srcs: ["public/property_contexts"], visibility: [ "//test/vts-testcase/security/system_property", ], From d723f38fe959c7350051d16823783506cb5db92d Mon Sep 17 00:00:00 2001 From: Ioannis Ilkos Date: Fri, 24 Apr 2020 10:10:35 +0100 Subject: [PATCH 098/163] Enable tracing of the ion/ion_stat events These events supersede the ion_heap_grow / ion_heap_shrink events on 4.19+ kernels. Bug: 154302786 Test: build, run on cuttlefish with new kernel, ls -lZ /sys/kernel/tracing/events/ion/ion_stat/enable Merged-In: I262d8c3269d4261701361ad4b1bdc322f1f03969 Change-Id: I262d8c3269d4261701361ad4b1bdc322f1f03969 --- prebuilts/api/29.0/private/genfs_contexts | 2 ++ private/genfs_contexts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/prebuilts/api/29.0/private/genfs_contexts b/prebuilts/api/29.0/private/genfs_contexts index b737f604c..380d4a050 100644 --- a/prebuilts/api/29.0/private/genfs_contexts +++ b/prebuilts/api/29.0/private/genfs_contexts @@ -234,6 +234,7 @@ genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:objec genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0 @@ -278,6 +279,7 @@ genfscon debugfs /tracing/events/filemap/mm_filemap_delete_from_page_cache/ genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0 diff --git a/private/genfs_contexts b/private/genfs_contexts index d4d7fff87..b423e64f3 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -241,6 +241,7 @@ genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:objec genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0 @@ -285,6 +286,7 @@ genfscon debugfs /tracing/events/filemap/mm_filemap_delete_from_page_cache/ genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0 From 916163cf1ba1419eee6be4d21b4285ff0ffe1f6f Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Tue, 28 Apr 2020 13:24:54 -0700 Subject: [PATCH 099/163] Define vendor-specific property ro.incremental.enable [Will cherry-pick to AOSP] Make ro.incremental.enable a vendor-specific property. Allow system_server and vold to read this property. Test: manual BUG: 155212902 Change-Id: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b --- private/compat/29.0/29.0.ignore.cil | 1 + private/property_contexts | 3 +++ private/system_server.te | 3 +++ public/property.te | 1 + public/vendor_init.te | 1 + public/vold.te | 1 + 6 files changed, 10 insertions(+) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index dce7880af..a1780f07b 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -54,6 +54,7 @@ hal_tv_tuner_hwservice hal_vibrator_service incremental_control_file + incremental_prop incremental_service init_perf_lsm_hooks_prop init_svc_debug_prop diff --git a/private/property_contexts b/private/property_contexts index 10f029f81..b29ef3c4f 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -249,6 +249,9 @@ persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 # history size. ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 +# Property to enable incremental feature +ro.incremental.enable u:object_r:incremental_prop:s0 + # Properties to configure userspace reboot. init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int diff --git a/private/system_server.te b/private/system_server.te index bfac1a6ec..84f881077 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -678,6 +678,9 @@ get_prop(system_server, apk_verity_prop) # Read wifi.interface get_prop(system_server, wifi_prop) +# Read the vendor property that indicates if Incremental features is enabled +get_prop(system_server, incremental_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/public/property.te b/public/property.te index f69f2e768..e63bd0179 100644 --- a/public/property.te +++ b/public/property.te @@ -117,6 +117,7 @@ system_vendor_config_prop(exported_camera_prop) system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(incremental_prop) system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index c070dff6a..9db846b21 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -228,6 +228,7 @@ set_prop(vendor_init, exported2_system_prop) set_prop(vendor_init, exported2_vold_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) +set_prop(vendor_init, incremental_prop) set_prop(vendor_init, logd_prop) set_prop(vendor_init, log_tag_prop) set_prop(vendor_init, log_prop) diff --git a/public/vold.te b/public/vold.te index e2985677b..5d3eccf76 100644 --- a/public/vold.te +++ b/public/vold.te @@ -202,6 +202,7 @@ set_prop(vold, ota_prop) set_prop(vold, boottime_prop) set_prop(vold, boottime_public_prop) get_prop(vold, storage_config_prop) +get_prop(vold, incremental_prop) # ASEC allow vold asec_image_file:file create_file_perms; From 395b2d431854b7afbc79a95cef9a1f0bf59ca811 Mon Sep 17 00:00:00 2001 From: Svet Ganov Date: Wed, 29 Apr 2020 17:36:45 -0700 Subject: [PATCH 100/163] Updading selinux policy for R * Update se policy prebuilts Test: build + boot bug:150281259 Change-Id: I0a0e94bc230f7726e7a9dd84b17c3a90e5601120 Merged-In: I0a0e94bc230f7726e7a9dd84b17c3a90e5601120 --- prebuilts/api/30.0/private/access_vectors | 741 +++++ prebuilts/api/30.0/private/adbd.te | 200 ++ .../api/30.0/private/aidl_lazy_test_server.te | 5 + .../30.0/private/apex_test_prepostinstall.te | 20 + prebuilts/api/30.0/private/apexd.te | 157 + prebuilts/api/30.0/private/app.te | 37 + prebuilts/api/30.0/private/app_neverallows.te | 259 ++ prebuilts/api/30.0/private/app_zygote.te | 167 + .../30.0/private/art_apex_boot_integrity.te | 28 + .../api/30.0/private/art_apex_postinstall.te | 31 + .../api/30.0/private/art_apex_preinstall.te | 33 + prebuilts/api/30.0/private/asan_extract.te | 8 + prebuilts/api/30.0/private/atrace.te | 80 + prebuilts/api/30.0/private/attributes | 1 + prebuilts/api/30.0/private/audioserver.te | 100 + prebuilts/api/30.0/private/auditctl.te | 18 + .../private/automotive_display_service.te | 33 + .../private/binder_in_vendor_violators.te | 1 + .../api/30.0/private/binderservicedomain.te | 22 + prebuilts/api/30.0/private/blank_screen.te | 6 + prebuilts/api/30.0/private/blkid.te | 22 + prebuilts/api/30.0/private/blkid_untrusted.te | 37 + prebuilts/api/30.0/private/bluetooth.te | 86 + prebuilts/api/30.0/private/bluetoothdomain.te | 2 + prebuilts/api/30.0/private/bootanim.te | 9 + prebuilts/api/30.0/private/bootstat.te | 3 + .../api/30.0/private/boringssl_self_test.te | 74 + prebuilts/api/30.0/private/bpfloader.te | 40 + prebuilts/api/30.0/private/bufferhubd.te | 3 + prebuilts/api/30.0/private/bug_map | 33 + prebuilts/api/30.0/private/cameraserver.te | 6 + prebuilts/api/30.0/private/charger.te | 1 + prebuilts/api/30.0/private/clatd.te | 36 + .../api/30.0/private/compat/26.0/26.0.cil | 786 +++++ .../30.0/private/compat/26.0/26.0.compat.cil | 5 + .../30.0/private/compat/26.0/26.0.ignore.cil | 229 ++ .../api/30.0/private/compat/27.0/27.0.cil | 1507 +++++++++ .../30.0/private/compat/27.0/27.0.compat.cil | 5 + .../30.0/private/compat/27.0/27.0.ignore.cil | 206 ++ .../api/30.0/private/compat/28.0/28.0.cil | 1744 +++++++++++ .../30.0/private/compat/28.0/28.0.compat.cil | 5 + .../30.0/private/compat/28.0/28.0.ignore.cil | 159 + .../api/30.0/private/compat/29.0/29.0.cil | 1970 ++++++++++++ .../30.0/private/compat/29.0/29.0.compat.cil | 3 + .../30.0/private/compat/29.0/29.0.ignore.cil | 120 + prebuilts/api/30.0/private/coredomain.te | 198 ++ prebuilts/api/30.0/private/cppreopts.te | 31 + prebuilts/api/30.0/private/crash_dump.te | 49 + prebuilts/api/30.0/private/credstore.te | 6 + prebuilts/api/30.0/private/derive_sdk.te | 12 + prebuilts/api/30.0/private/dex2oat.te | 84 + prebuilts/api/30.0/private/dexoptanalyzer.te | 35 + prebuilts/api/30.0/private/dhcp.te | 4 + prebuilts/api/30.0/private/dnsmasq.te | 1 + prebuilts/api/30.0/private/domain.te | 371 +++ prebuilts/api/30.0/private/drmserver.te | 7 + prebuilts/api/30.0/private/dumpstate.te | 62 + prebuilts/api/30.0/private/ephemeral_app.te | 99 + prebuilts/api/30.0/private/fastbootd.te | 1 + prebuilts/api/30.0/private/file.te | 28 + prebuilts/api/30.0/private/file_contexts | 733 +++++ prebuilts/api/30.0/private/file_contexts_asan | 14 + .../api/30.0/private/file_contexts_overlayfs | 9 + prebuilts/api/30.0/private/fingerprintd.te | 3 + .../api/30.0/private/flags_health_check.te | 3 + prebuilts/api/30.0/private/fs_use | 26 + prebuilts/api/30.0/private/fsck.te | 5 + prebuilts/api/30.0/private/fsck_untrusted.te | 1 + prebuilts/api/30.0/private/fsverity_init.te | 26 + prebuilts/api/30.0/private/fwk_bufferhub.te | 8 + prebuilts/api/30.0/private/gatekeeperd.te | 3 + prebuilts/api/30.0/private/genfs_contexts | 319 ++ prebuilts/api/30.0/private/gmscore_app.te | 129 + prebuilts/api/30.0/private/gpuservice.te | 48 + prebuilts/api/30.0/private/gsid.te | 180 ++ .../api/30.0/private/hal_allocator_default.te | 5 + prebuilts/api/30.0/private/hal_lazy_test.te | 3 + prebuilts/api/30.0/private/halclientdomain.te | 13 + prebuilts/api/30.0/private/halserverdomain.te | 12 + prebuilts/api/30.0/private/healthd.te | 6 + prebuilts/api/30.0/private/heapprofd.te | 76 + .../api/30.0/private/hidl_lazy_test_server.te | 8 + prebuilts/api/30.0/private/hwservice.te | 1 + prebuilts/api/30.0/private/hwservice_contexts | 86 + .../api/30.0/private/hwservicemanager.te | 8 + prebuilts/api/30.0/private/idmap.te | 3 + prebuilts/api/30.0/private/incident.te | 37 + prebuilts/api/30.0/private/incident_helper.te | 14 + prebuilts/api/30.0/private/incidentd.te | 214 ++ prebuilts/api/30.0/private/init.te | 60 + .../api/30.0/private/initial_sid_contexts | 27 + prebuilts/api/30.0/private/initial_sids | 35 + prebuilts/api/30.0/private/inputflinger.te | 3 + prebuilts/api/30.0/private/installd.te | 45 + .../api/30.0/private/iorap_inode2filename.te | 9 + .../api/30.0/private/iorap_prefecherd.te | 4 + prebuilts/api/30.0/private/iorapd.te | 10 + prebuilts/api/30.0/private/isolated_app.te | 152 + prebuilts/api/30.0/private/iw.te | 4 + prebuilts/api/30.0/private/kernel.te | 8 + prebuilts/api/30.0/private/keys.conf | 28 + prebuilts/api/30.0/private/keystore.te | 15 + prebuilts/api/30.0/private/linkerconfig.te | 19 + prebuilts/api/30.0/private/llkd.te | 53 + prebuilts/api/30.0/private/lmkd.te | 3 + prebuilts/api/30.0/private/logd.te | 38 + prebuilts/api/30.0/private/logpersist.te | 29 + prebuilts/api/30.0/private/lpdumpd.te | 42 + .../api/30.0/private/mac_permissions.xml | 62 + prebuilts/api/30.0/private/mdnsd.te | 12 + prebuilts/api/30.0/private/mediadrmserver.te | 8 + prebuilts/api/30.0/private/mediaextractor.te | 7 + prebuilts/api/30.0/private/mediametrics.te | 3 + prebuilts/api/30.0/private/mediaprovider.te | 44 + .../api/30.0/private/mediaprovider_app.te | 42 + prebuilts/api/30.0/private/mediaserver.te | 14 + prebuilts/api/30.0/private/mediaswcodec.te | 4 + .../api/30.0/private/mediatranscoding.te | 3 + .../30.0/private/migrate_legacy_obb_data.te | 28 + prebuilts/api/30.0/private/mls | 107 + prebuilts/api/30.0/private/mls_decl | 10 + prebuilts/api/30.0/private/mls_macros | 54 + prebuilts/api/30.0/private/modprobe.te | 1 + prebuilts/api/30.0/private/mtp.te | 3 + prebuilts/api/30.0/private/netd.te | 30 + .../api/30.0/private/netutils_wrapper.te | 44 + prebuilts/api/30.0/private/network_stack.te | 38 + prebuilts/api/30.0/private/nfc.te | 33 + prebuilts/api/30.0/private/notify_traceur.te | 12 + .../api/30.0/private/otapreopt_chroot.te | 74 + prebuilts/api/30.0/private/otapreopt_slot.te | 28 + prebuilts/api/30.0/private/perfetto.te | 85 + prebuilts/api/30.0/private/performanced.te | 3 + .../30.0/private/permissioncontroller_app.te | 38 + prebuilts/api/30.0/private/platform_app.te | 102 + .../api/30.0/private/policy_capabilities | 20 + prebuilts/api/30.0/private/port_contexts | 3 + prebuilts/api/30.0/private/postinstall.te | 3 + .../api/30.0/private/postinstall_dexopt.te | 75 + prebuilts/api/30.0/private/ppp.te | 3 + prebuilts/api/30.0/private/preloads_copy.te | 18 + .../api/30.0/private/preopt2cachename.te | 17 + prebuilts/api/30.0/private/priv_app.te | 222 ++ prebuilts/api/30.0/private/profman.te | 1 + prebuilts/api/30.0/private/property_contexts | 258 ++ prebuilts/api/30.0/private/racoon.te | 3 + prebuilts/api/30.0/private/radio.te | 25 + prebuilts/api/30.0/private/recovery.te | 1 + .../api/30.0/private/recovery_persist.te | 11 + .../api/30.0/private/recovery_refresh.te | 10 + prebuilts/api/30.0/private/roles_decl | 1 + prebuilts/api/30.0/private/rs.te | 39 + prebuilts/api/30.0/private/rss_hwm_reset.te | 14 + prebuilts/api/30.0/private/runas.te | 4 + prebuilts/api/30.0/private/runas_app.te | 32 + prebuilts/api/30.0/private/sdcardd.te | 3 + prebuilts/api/30.0/private/seapp_contexts | 175 ++ prebuilts/api/30.0/private/secure_element.te | 14 + prebuilts/api/30.0/private/security_classes | 160 + prebuilts/api/30.0/private/service.te | 8 + prebuilts/api/30.0/private/service_contexts | 249 ++ prebuilts/api/30.0/private/servicemanager.te | 7 + prebuilts/api/30.0/private/sgdisk.te | 1 + prebuilts/api/30.0/private/shared_relro.te | 5 + prebuilts/api/30.0/private/shell.te | 92 + prebuilts/api/30.0/private/simpleperf.te | 37 + .../api/30.0/private/simpleperf_app_runner.te | 3 + prebuilts/api/30.0/private/slideshow.te | 1 + prebuilts/api/30.0/private/snapshotctl.te | 45 + prebuilts/api/30.0/private/stats.te | 55 + prebuilts/api/30.0/private/statsd.te | 23 + prebuilts/api/30.0/private/storaged.te | 67 + prebuilts/api/30.0/private/su.te | 23 + prebuilts/api/30.0/private/surfaceflinger.te | 142 + prebuilts/api/30.0/private/system_app.te | 171 ++ prebuilts/api/30.0/private/system_server.te | 1164 +++++++ .../api/30.0/private/system_server_startup.te | 16 + prebuilts/api/30.0/private/system_suspend.te | 26 + prebuilts/api/30.0/private/technical_debt.cil | 65 + prebuilts/api/30.0/private/tombstoned.te | 3 + prebuilts/api/30.0/private/toolbox.te | 3 + prebuilts/api/30.0/private/traced.te | 106 + prebuilts/api/30.0/private/traced_perf.te | 58 + prebuilts/api/30.0/private/traced_probes.te | 129 + prebuilts/api/30.0/private/traceur_app.te | 22 + prebuilts/api/30.0/private/tzdatacheck.te | 3 + prebuilts/api/30.0/private/ueventd.te | 3 + prebuilts/api/30.0/private/uncrypt.te | 3 + prebuilts/api/30.0/private/untrusted_app.te | 16 + .../api/30.0/private/untrusted_app_25.te | 53 + .../api/30.0/private/untrusted_app_27.te | 41 + .../api/30.0/private/untrusted_app_29.te | 19 + .../api/30.0/private/untrusted_app_all.te | 175 ++ prebuilts/api/30.0/private/update_engine.te | 7 + .../api/30.0/private/update_engine_common.te | 5 + prebuilts/api/30.0/private/update_verifier.te | 3 + prebuilts/api/30.0/private/usbd.te | 12 + prebuilts/api/30.0/private/users | 1 + prebuilts/api/30.0/private/vdc.te | 3 + prebuilts/api/30.0/private/vendor_init.te | 7 + prebuilts/api/30.0/private/viewcompiler.te | 25 + .../api/30.0/private/virtual_touchpad.te | 3 + prebuilts/api/30.0/private/vold.te | 19 + .../api/30.0/private/vold_prepare_subdirs.te | 45 + prebuilts/api/30.0/private/vr_hwc.te | 6 + .../api/30.0/private/vzwomatrigger_app.te | 6 + .../api/30.0/private/wait_for_keymaster.te | 9 + prebuilts/api/30.0/private/watchdogd.te | 3 + prebuilts/api/30.0/private/webview_zygote.te | 153 + prebuilts/api/30.0/private/wificond.te | 3 + prebuilts/api/30.0/private/wpantund.te | 3 + prebuilts/api/30.0/private/zygote.te | 239 ++ prebuilts/api/30.0/public/adbd.te | 11 + .../api/30.0/public/aidl_lazy_test_server.te | 9 + prebuilts/api/30.0/public/apexd.te | 15 + prebuilts/api/30.0/public/app.te | 598 ++++ prebuilts/api/30.0/public/app_zygote.te | 6 + prebuilts/api/30.0/public/asan_extract.te | 36 + prebuilts/api/30.0/public/attributes | 365 +++ prebuilts/api/30.0/public/audioserver.te | 6 + prebuilts/api/30.0/public/blkid.te | 2 + prebuilts/api/30.0/public/blkid_untrusted.te | 2 + prebuilts/api/30.0/public/bluetooth.te | 2 + prebuilts/api/30.0/public/bootanim.te | 42 + prebuilts/api/30.0/public/bootstat.te | 64 + prebuilts/api/30.0/public/bufferhubd.te | 25 + .../api/30.0/public/camera_service_server.te | 1 + prebuilts/api/30.0/public/cameraserver.te | 74 + prebuilts/api/30.0/public/charger.te | 48 + prebuilts/api/30.0/public/crash_dump.te | 68 + prebuilts/api/30.0/public/credstore.te | 16 + prebuilts/api/30.0/public/device.te | 114 + prebuilts/api/30.0/public/dhcp.te | 30 + .../api/30.0/public/display_service_server.te | 1 + prebuilts/api/30.0/public/dnsmasq.te | 28 + prebuilts/api/30.0/public/domain.te | 1416 +++++++++ prebuilts/api/30.0/public/drmserver.te | 59 + prebuilts/api/30.0/public/dumpstate.te | 357 +++ prebuilts/api/30.0/public/e2fs.te | 26 + prebuilts/api/30.0/public/ephemeral_app.te | 14 + prebuilts/api/30.0/public/fastbootd.te | 133 + prebuilts/api/30.0/public/file.te | 543 ++++ prebuilts/api/30.0/public/fingerprintd.te | 26 + .../api/30.0/public/flags_health_check.te | 35 + prebuilts/api/30.0/public/fsck.te | 68 + prebuilts/api/30.0/public/fsck_untrusted.te | 49 + prebuilts/api/30.0/public/fwk_bufferhub.te | 4 + prebuilts/api/30.0/public/gatekeeperd.te | 41 + prebuilts/api/30.0/public/global_macros | 51 + prebuilts/api/30.0/public/gmscore_app.te | 5 + prebuilts/api/30.0/public/gpuservice.te | 2 + prebuilts/api/30.0/public/hal_allocator.te | 6 + prebuilts/api/30.0/public/hal_atrace.te | 4 + prebuilts/api/30.0/public/hal_audio.te | 41 + prebuilts/api/30.0/public/hal_audiocontrol.te | 5 + prebuilts/api/30.0/public/hal_authsecret.te | 4 + prebuilts/api/30.0/public/hal_bluetooth.te | 32 + prebuilts/api/30.0/public/hal_bootctl.te | 5 + .../api/30.0/public/hal_broadcastradio.te | 4 + prebuilts/api/30.0/public/hal_camera.te | 36 + prebuilts/api/30.0/public/hal_can.te | 9 + prebuilts/api/30.0/public/hal_cas.te | 34 + prebuilts/api/30.0/public/hal_codec2.te | 25 + prebuilts/api/30.0/public/hal_configstore.te | 69 + .../api/30.0/public/hal_confirmationui.te | 4 + prebuilts/api/30.0/public/hal_contexthub.te | 5 + prebuilts/api/30.0/public/hal_drm.te | 52 + prebuilts/api/30.0/public/hal_dumpstate.te | 10 + prebuilts/api/30.0/public/hal_evs.te | 5 + prebuilts/api/30.0/public/hal_face.te | 12 + prebuilts/api/30.0/public/hal_fingerprint.te | 16 + prebuilts/api/30.0/public/hal_gatekeeper.te | 7 + prebuilts/api/30.0/public/hal_gnss.te | 5 + .../api/30.0/public/hal_graphics_allocator.te | 13 + .../api/30.0/public/hal_graphics_composer.te | 31 + prebuilts/api/30.0/public/hal_health.te | 27 + .../api/30.0/public/hal_health_storage.te | 5 + prebuilts/api/30.0/public/hal_identity.te | 7 + .../api/30.0/public/hal_input_classifier.te | 4 + prebuilts/api/30.0/public/hal_ir.te | 5 + prebuilts/api/30.0/public/hal_keymaster.te | 7 + prebuilts/api/30.0/public/hal_light.te | 19 + prebuilts/api/30.0/public/hal_lowpan.te | 20 + prebuilts/api/30.0/public/hal_memtrack.te | 4 + .../api/30.0/public/hal_neuralnetworks.te | 27 + prebuilts/api/30.0/public/hal_neverallows.te | 61 + prebuilts/api/30.0/public/hal_nfc.te | 11 + prebuilts/api/30.0/public/hal_oemlock.te | 4 + prebuilts/api/30.0/public/hal_omx.te | 49 + prebuilts/api/30.0/public/hal_power.te | 10 + prebuilts/api/30.0/public/hal_power_stats.te | 5 + prebuilts/api/30.0/public/hal_rebootescrow.te | 7 + .../api/30.0/public/hal_secure_element.te | 5 + prebuilts/api/30.0/public/hal_sensors.te | 14 + prebuilts/api/30.0/public/hal_telephony.te | 42 + .../api/30.0/public/hal_tetheroffload.te | 8 + prebuilts/api/30.0/public/hal_thermal.te | 5 + prebuilts/api/30.0/public/hal_tv_cec.te | 5 + prebuilts/api/30.0/public/hal_tv_input.te | 5 + prebuilts/api/30.0/public/hal_tv_tuner.te | 4 + prebuilts/api/30.0/public/hal_usb.te | 18 + prebuilts/api/30.0/public/hal_usb_gadget.te | 13 + prebuilts/api/30.0/public/hal_vehicle.te | 6 + prebuilts/api/30.0/public/hal_vibrator.te | 16 + prebuilts/api/30.0/public/hal_vr.te | 5 + prebuilts/api/30.0/public/hal_weaver.te | 4 + prebuilts/api/30.0/public/hal_wifi.te | 31 + prebuilts/api/30.0/public/hal_wifi_hostapd.te | 27 + .../api/30.0/public/hal_wifi_supplicant.te | 28 + prebuilts/api/30.0/public/healthd.te | 56 + prebuilts/api/30.0/public/heapprofd.te | 1 + prebuilts/api/30.0/public/hwservice.te | 102 + prebuilts/api/30.0/public/hwservicemanager.te | 22 + prebuilts/api/30.0/public/idmap.te | 31 + prebuilts/api/30.0/public/incident.te | 8 + prebuilts/api/30.0/public/incident_helper.te | 5 + prebuilts/api/30.0/public/incidentd.te | 3 + prebuilts/api/30.0/public/init.te | 634 ++++ prebuilts/api/30.0/public/inputflinger.te | 15 + prebuilts/api/30.0/public/installd.te | 190 ++ prebuilts/api/30.0/public/ioctl_defines | 2728 +++++++++++++++++ prebuilts/api/30.0/public/ioctl_macros | 68 + .../api/30.0/public/iorap_inode2filename.te | 77 + .../api/30.0/public/iorap_prefetcherd.te | 54 + prebuilts/api/30.0/public/iorapd.te | 85 + prebuilts/api/30.0/public/isolated_app.te | 9 + prebuilts/api/30.0/public/kernel.te | 136 + prebuilts/api/30.0/public/keystore.te | 36 + prebuilts/api/30.0/public/llkd.te | 3 + prebuilts/api/30.0/public/lmkd.te | 70 + prebuilts/api/30.0/public/logd.te | 73 + prebuilts/api/30.0/public/logpersist.te | 30 + prebuilts/api/30.0/public/mdnsd.te | 2 + prebuilts/api/30.0/public/mediadrmserver.te | 33 + prebuilts/api/30.0/public/mediaextractor.te | 70 + prebuilts/api/30.0/public/mediametrics.te | 44 + prebuilts/api/30.0/public/mediaprovider.te | 6 + prebuilts/api/30.0/public/mediaserver.te | 144 + prebuilts/api/30.0/public/mediaswcodec.te | 27 + prebuilts/api/30.0/public/mediatranscoding.te | 26 + prebuilts/api/30.0/public/modprobe.te | 9 + prebuilts/api/30.0/public/mtp.te | 11 + prebuilts/api/30.0/public/net.te | 39 + prebuilts/api/30.0/public/netd.te | 185 ++ prebuilts/api/30.0/public/netutils_wrapper.te | 4 + prebuilts/api/30.0/public/network_stack.te | 2 + prebuilts/api/30.0/public/neverallow_macros | 15 + prebuilts/api/30.0/public/nfc.te | 2 + prebuilts/api/30.0/public/perfetto.te | 1 + prebuilts/api/30.0/public/performanced.te | 30 + prebuilts/api/30.0/public/platform_app.te | 5 + prebuilts/api/30.0/public/postinstall.te | 45 + prebuilts/api/30.0/public/ppp.te | 23 + prebuilts/api/30.0/public/priv_app.te | 5 + prebuilts/api/30.0/public/profman.te | 29 + prebuilts/api/30.0/public/property.te | 601 ++++ prebuilts/api/30.0/public/property_contexts | 468 +++ prebuilts/api/30.0/public/racoon.te | 34 + prebuilts/api/30.0/public/radio.te | 45 + prebuilts/api/30.0/public/recovery.te | 184 ++ prebuilts/api/30.0/public/recovery_persist.te | 32 + prebuilts/api/30.0/public/recovery_refresh.te | 24 + prebuilts/api/30.0/public/roles | 1 + prebuilts/api/30.0/public/rs.te | 2 + prebuilts/api/30.0/public/rss_hwm_reset.te | 2 + prebuilts/api/30.0/public/runas.te | 43 + prebuilts/api/30.0/public/runas_app.te | 1 + .../30.0/public/scheduler_service_server.te | 1 + prebuilts/api/30.0/public/sdcardd.te | 45 + prebuilts/api/30.0/public/secure_element.te | 2 + .../api/30.0/public/sensor_service_server.te | 1 + prebuilts/api/30.0/public/service.te | 225 ++ prebuilts/api/30.0/public/servicemanager.te | 27 + prebuilts/api/30.0/public/sgdisk.te | 34 + prebuilts/api/30.0/public/shared_relro.te | 11 + prebuilts/api/30.0/public/shell.te | 265 ++ prebuilts/api/30.0/public/simpleperf.te | 1 + .../api/30.0/public/simpleperf_app_runner.te | 43 + prebuilts/api/30.0/public/slideshow.te | 14 + .../api/30.0/public/stats_service_server.te | 1 + prebuilts/api/30.0/public/statsd.te | 78 + prebuilts/api/30.0/public/su.te | 106 + prebuilts/api/30.0/public/surfaceflinger.te | 3 + prebuilts/api/30.0/public/system_app.te | 7 + prebuilts/api/30.0/public/system_server.te | 6 + .../api/30.0/public/system_suspend_server.te | 6 + prebuilts/api/30.0/public/te_macros | 923 ++++++ prebuilts/api/30.0/public/tee.te | 11 + prebuilts/api/30.0/public/tombstoned.te | 17 + prebuilts/api/30.0/public/toolbox.te | 38 + prebuilts/api/30.0/public/traced.te | 2 + prebuilts/api/30.0/public/traced_perf.te | 1 + prebuilts/api/30.0/public/traced_probes.te | 1 + prebuilts/api/30.0/public/traceur_app.te | 32 + prebuilts/api/30.0/public/tzdatacheck.te | 18 + prebuilts/api/30.0/public/ueventd.te | 83 + prebuilts/api/30.0/public/uncrypt.te | 42 + prebuilts/api/30.0/public/untrusted_app.te | 30 + prebuilts/api/30.0/public/update_engine.te | 84 + .../api/30.0/public/update_engine_common.te | 86 + prebuilts/api/30.0/public/update_verifier.te | 39 + prebuilts/api/30.0/public/usbd.te | 5 + prebuilts/api/30.0/public/vdc.te | 20 + prebuilts/api/30.0/public/vendor_init.te | 278 ++ .../api/30.0/public/vendor_misc_writer.te | 13 + prebuilts/api/30.0/public/vendor_shell.te | 19 + prebuilts/api/30.0/public/vendor_toolbox.te | 16 + prebuilts/api/30.0/public/virtual_touchpad.te | 16 + prebuilts/api/30.0/public/vndservice.te | 2 + .../api/30.0/public/vndservicemanager.te | 2 + prebuilts/api/30.0/public/vold.te | 368 +++ .../api/30.0/public/vold_prepare_subdirs.te | 6 + prebuilts/api/30.0/public/vr_hwc.te | 33 + prebuilts/api/30.0/public/watchdogd.te | 6 + prebuilts/api/30.0/public/webview_zygote.te | 6 + prebuilts/api/30.0/public/wificond.te | 42 + prebuilts/api/30.0/public/wpantund.te | 29 + prebuilts/api/30.0/public/zygote.te | 4 + 418 files changed, 33102 insertions(+) create mode 100644 prebuilts/api/30.0/private/access_vectors create mode 100644 prebuilts/api/30.0/private/adbd.te create mode 100644 prebuilts/api/30.0/private/aidl_lazy_test_server.te create mode 100644 prebuilts/api/30.0/private/apex_test_prepostinstall.te create mode 100644 prebuilts/api/30.0/private/apexd.te create mode 100644 prebuilts/api/30.0/private/app.te create mode 100644 prebuilts/api/30.0/private/app_neverallows.te create mode 100644 prebuilts/api/30.0/private/app_zygote.te create mode 100644 prebuilts/api/30.0/private/art_apex_boot_integrity.te create mode 100644 prebuilts/api/30.0/private/art_apex_postinstall.te create mode 100644 prebuilts/api/30.0/private/art_apex_preinstall.te create mode 100644 prebuilts/api/30.0/private/asan_extract.te create mode 100644 prebuilts/api/30.0/private/atrace.te create mode 100644 prebuilts/api/30.0/private/attributes create mode 100644 prebuilts/api/30.0/private/audioserver.te create mode 100644 prebuilts/api/30.0/private/auditctl.te create mode 100644 prebuilts/api/30.0/private/automotive_display_service.te create mode 100644 prebuilts/api/30.0/private/binder_in_vendor_violators.te create mode 100644 prebuilts/api/30.0/private/binderservicedomain.te create mode 100644 prebuilts/api/30.0/private/blank_screen.te create mode 100644 prebuilts/api/30.0/private/blkid.te create mode 100644 prebuilts/api/30.0/private/blkid_untrusted.te create mode 100644 prebuilts/api/30.0/private/bluetooth.te create mode 100644 prebuilts/api/30.0/private/bluetoothdomain.te create mode 100644 prebuilts/api/30.0/private/bootanim.te create mode 100644 prebuilts/api/30.0/private/bootstat.te create mode 100644 prebuilts/api/30.0/private/boringssl_self_test.te create mode 100644 prebuilts/api/30.0/private/bpfloader.te create mode 100644 prebuilts/api/30.0/private/bufferhubd.te create mode 100644 prebuilts/api/30.0/private/bug_map create mode 100644 prebuilts/api/30.0/private/cameraserver.te create mode 100644 prebuilts/api/30.0/private/charger.te create mode 100644 prebuilts/api/30.0/private/clatd.te create mode 100644 prebuilts/api/30.0/private/compat/26.0/26.0.cil create mode 100644 prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil create mode 100644 prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil create mode 100644 prebuilts/api/30.0/private/compat/27.0/27.0.cil create mode 100644 prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil create mode 100644 prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil create mode 100644 prebuilts/api/30.0/private/compat/28.0/28.0.cil create mode 100644 prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil create mode 100644 prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil create mode 100644 prebuilts/api/30.0/private/compat/29.0/29.0.cil create mode 100644 prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil create mode 100644 prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil create mode 100644 prebuilts/api/30.0/private/coredomain.te create mode 100644 prebuilts/api/30.0/private/cppreopts.te create mode 100644 prebuilts/api/30.0/private/crash_dump.te create mode 100644 prebuilts/api/30.0/private/credstore.te create mode 100644 prebuilts/api/30.0/private/derive_sdk.te create mode 100644 prebuilts/api/30.0/private/dex2oat.te create mode 100644 prebuilts/api/30.0/private/dexoptanalyzer.te create mode 100644 prebuilts/api/30.0/private/dhcp.te create mode 100644 prebuilts/api/30.0/private/dnsmasq.te create mode 100644 prebuilts/api/30.0/private/domain.te create mode 100644 prebuilts/api/30.0/private/drmserver.te create mode 100644 prebuilts/api/30.0/private/dumpstate.te create mode 100644 prebuilts/api/30.0/private/ephemeral_app.te create mode 100644 prebuilts/api/30.0/private/fastbootd.te create mode 100644 prebuilts/api/30.0/private/file.te create mode 100644 prebuilts/api/30.0/private/file_contexts create mode 100644 prebuilts/api/30.0/private/file_contexts_asan create mode 100644 prebuilts/api/30.0/private/file_contexts_overlayfs create mode 100644 prebuilts/api/30.0/private/fingerprintd.te create mode 100644 prebuilts/api/30.0/private/flags_health_check.te create mode 100644 prebuilts/api/30.0/private/fs_use create mode 100644 prebuilts/api/30.0/private/fsck.te create mode 100644 prebuilts/api/30.0/private/fsck_untrusted.te create mode 100644 prebuilts/api/30.0/private/fsverity_init.te create mode 100644 prebuilts/api/30.0/private/fwk_bufferhub.te create mode 100644 prebuilts/api/30.0/private/gatekeeperd.te create mode 100644 prebuilts/api/30.0/private/genfs_contexts create mode 100644 prebuilts/api/30.0/private/gmscore_app.te create mode 100644 prebuilts/api/30.0/private/gpuservice.te create mode 100644 prebuilts/api/30.0/private/gsid.te create mode 100644 prebuilts/api/30.0/private/hal_allocator_default.te create mode 100644 prebuilts/api/30.0/private/hal_lazy_test.te create mode 100644 prebuilts/api/30.0/private/halclientdomain.te create mode 100644 prebuilts/api/30.0/private/halserverdomain.te create mode 100644 prebuilts/api/30.0/private/healthd.te create mode 100644 prebuilts/api/30.0/private/heapprofd.te create mode 100644 prebuilts/api/30.0/private/hidl_lazy_test_server.te create mode 100644 prebuilts/api/30.0/private/hwservice.te create mode 100644 prebuilts/api/30.0/private/hwservice_contexts create mode 100644 prebuilts/api/30.0/private/hwservicemanager.te create mode 100644 prebuilts/api/30.0/private/idmap.te create mode 100644 prebuilts/api/30.0/private/incident.te create mode 100644 prebuilts/api/30.0/private/incident_helper.te create mode 100644 prebuilts/api/30.0/private/incidentd.te create mode 100644 prebuilts/api/30.0/private/init.te create mode 100644 prebuilts/api/30.0/private/initial_sid_contexts create mode 100644 prebuilts/api/30.0/private/initial_sids create mode 100644 prebuilts/api/30.0/private/inputflinger.te create mode 100644 prebuilts/api/30.0/private/installd.te create mode 100644 prebuilts/api/30.0/private/iorap_inode2filename.te create mode 100644 prebuilts/api/30.0/private/iorap_prefecherd.te create mode 100644 prebuilts/api/30.0/private/iorapd.te create mode 100644 prebuilts/api/30.0/private/isolated_app.te create mode 100644 prebuilts/api/30.0/private/iw.te create mode 100644 prebuilts/api/30.0/private/kernel.te create mode 100644 prebuilts/api/30.0/private/keys.conf create mode 100644 prebuilts/api/30.0/private/keystore.te create mode 100644 prebuilts/api/30.0/private/linkerconfig.te create mode 100644 prebuilts/api/30.0/private/llkd.te create mode 100644 prebuilts/api/30.0/private/lmkd.te create mode 100644 prebuilts/api/30.0/private/logd.te create mode 100644 prebuilts/api/30.0/private/logpersist.te create mode 100644 prebuilts/api/30.0/private/lpdumpd.te create mode 100644 prebuilts/api/30.0/private/mac_permissions.xml create mode 100644 prebuilts/api/30.0/private/mdnsd.te create mode 100644 prebuilts/api/30.0/private/mediadrmserver.te create mode 100644 prebuilts/api/30.0/private/mediaextractor.te create mode 100644 prebuilts/api/30.0/private/mediametrics.te create mode 100644 prebuilts/api/30.0/private/mediaprovider.te create mode 100644 prebuilts/api/30.0/private/mediaprovider_app.te create mode 100644 prebuilts/api/30.0/private/mediaserver.te create mode 100644 prebuilts/api/30.0/private/mediaswcodec.te create mode 100644 prebuilts/api/30.0/private/mediatranscoding.te create mode 100644 prebuilts/api/30.0/private/migrate_legacy_obb_data.te create mode 100644 prebuilts/api/30.0/private/mls create mode 100644 prebuilts/api/30.0/private/mls_decl create mode 100644 prebuilts/api/30.0/private/mls_macros create mode 100644 prebuilts/api/30.0/private/modprobe.te create mode 100644 prebuilts/api/30.0/private/mtp.te create mode 100644 prebuilts/api/30.0/private/netd.te create mode 100644 prebuilts/api/30.0/private/netutils_wrapper.te create mode 100644 prebuilts/api/30.0/private/network_stack.te create mode 100644 prebuilts/api/30.0/private/nfc.te create mode 100644 prebuilts/api/30.0/private/notify_traceur.te create mode 100644 prebuilts/api/30.0/private/otapreopt_chroot.te create mode 100644 prebuilts/api/30.0/private/otapreopt_slot.te create mode 100644 prebuilts/api/30.0/private/perfetto.te create mode 100644 prebuilts/api/30.0/private/performanced.te create mode 100644 prebuilts/api/30.0/private/permissioncontroller_app.te create mode 100644 prebuilts/api/30.0/private/platform_app.te create mode 100644 prebuilts/api/30.0/private/policy_capabilities create mode 100644 prebuilts/api/30.0/private/port_contexts create mode 100644 prebuilts/api/30.0/private/postinstall.te create mode 100644 prebuilts/api/30.0/private/postinstall_dexopt.te create mode 100644 prebuilts/api/30.0/private/ppp.te create mode 100644 prebuilts/api/30.0/private/preloads_copy.te create mode 100644 prebuilts/api/30.0/private/preopt2cachename.te create mode 100644 prebuilts/api/30.0/private/priv_app.te create mode 100644 prebuilts/api/30.0/private/profman.te create mode 100644 prebuilts/api/30.0/private/property_contexts create mode 100644 prebuilts/api/30.0/private/racoon.te create mode 100644 prebuilts/api/30.0/private/radio.te create mode 100644 prebuilts/api/30.0/private/recovery.te create mode 100644 prebuilts/api/30.0/private/recovery_persist.te create mode 100644 prebuilts/api/30.0/private/recovery_refresh.te create mode 100644 prebuilts/api/30.0/private/roles_decl create mode 100644 prebuilts/api/30.0/private/rs.te create mode 100644 prebuilts/api/30.0/private/rss_hwm_reset.te create mode 100644 prebuilts/api/30.0/private/runas.te create mode 100644 prebuilts/api/30.0/private/runas_app.te create mode 100644 prebuilts/api/30.0/private/sdcardd.te create mode 100644 prebuilts/api/30.0/private/seapp_contexts create mode 100644 prebuilts/api/30.0/private/secure_element.te create mode 100644 prebuilts/api/30.0/private/security_classes create mode 100644 prebuilts/api/30.0/private/service.te create mode 100644 prebuilts/api/30.0/private/service_contexts create mode 100644 prebuilts/api/30.0/private/servicemanager.te create mode 100644 prebuilts/api/30.0/private/sgdisk.te create mode 100644 prebuilts/api/30.0/private/shared_relro.te create mode 100644 prebuilts/api/30.0/private/shell.te create mode 100644 prebuilts/api/30.0/private/simpleperf.te create mode 100644 prebuilts/api/30.0/private/simpleperf_app_runner.te create mode 100644 prebuilts/api/30.0/private/slideshow.te create mode 100644 prebuilts/api/30.0/private/snapshotctl.te create mode 100644 prebuilts/api/30.0/private/stats.te create mode 100644 prebuilts/api/30.0/private/statsd.te create mode 100644 prebuilts/api/30.0/private/storaged.te create mode 100644 prebuilts/api/30.0/private/su.te create mode 100644 prebuilts/api/30.0/private/surfaceflinger.te create mode 100644 prebuilts/api/30.0/private/system_app.te create mode 100644 prebuilts/api/30.0/private/system_server.te create mode 100644 prebuilts/api/30.0/private/system_server_startup.te create mode 100644 prebuilts/api/30.0/private/system_suspend.te create mode 100644 prebuilts/api/30.0/private/technical_debt.cil create mode 100644 prebuilts/api/30.0/private/tombstoned.te create mode 100644 prebuilts/api/30.0/private/toolbox.te create mode 100644 prebuilts/api/30.0/private/traced.te create mode 100644 prebuilts/api/30.0/private/traced_perf.te create mode 100644 prebuilts/api/30.0/private/traced_probes.te create mode 100644 prebuilts/api/30.0/private/traceur_app.te create mode 100644 prebuilts/api/30.0/private/tzdatacheck.te create mode 100644 prebuilts/api/30.0/private/ueventd.te create mode 100644 prebuilts/api/30.0/private/uncrypt.te create mode 100644 prebuilts/api/30.0/private/untrusted_app.te create mode 100644 prebuilts/api/30.0/private/untrusted_app_25.te create mode 100644 prebuilts/api/30.0/private/untrusted_app_27.te create mode 100644 prebuilts/api/30.0/private/untrusted_app_29.te create mode 100644 prebuilts/api/30.0/private/untrusted_app_all.te create mode 100644 prebuilts/api/30.0/private/update_engine.te create mode 100644 prebuilts/api/30.0/private/update_engine_common.te create mode 100644 prebuilts/api/30.0/private/update_verifier.te create mode 100644 prebuilts/api/30.0/private/usbd.te create mode 100644 prebuilts/api/30.0/private/users create mode 100644 prebuilts/api/30.0/private/vdc.te create mode 100644 prebuilts/api/30.0/private/vendor_init.te create mode 100644 prebuilts/api/30.0/private/viewcompiler.te create mode 100644 prebuilts/api/30.0/private/virtual_touchpad.te create mode 100644 prebuilts/api/30.0/private/vold.te create mode 100644 prebuilts/api/30.0/private/vold_prepare_subdirs.te create mode 100644 prebuilts/api/30.0/private/vr_hwc.te create mode 100644 prebuilts/api/30.0/private/vzwomatrigger_app.te create mode 100644 prebuilts/api/30.0/private/wait_for_keymaster.te create mode 100644 prebuilts/api/30.0/private/watchdogd.te create mode 100644 prebuilts/api/30.0/private/webview_zygote.te create mode 100644 prebuilts/api/30.0/private/wificond.te create mode 100644 prebuilts/api/30.0/private/wpantund.te create mode 100644 prebuilts/api/30.0/private/zygote.te create mode 100644 prebuilts/api/30.0/public/adbd.te create mode 100644 prebuilts/api/30.0/public/aidl_lazy_test_server.te create mode 100644 prebuilts/api/30.0/public/apexd.te create mode 100644 prebuilts/api/30.0/public/app.te create mode 100644 prebuilts/api/30.0/public/app_zygote.te create mode 100644 prebuilts/api/30.0/public/asan_extract.te create mode 100644 prebuilts/api/30.0/public/attributes create mode 100644 prebuilts/api/30.0/public/audioserver.te create mode 100644 prebuilts/api/30.0/public/blkid.te create mode 100644 prebuilts/api/30.0/public/blkid_untrusted.te create mode 100644 prebuilts/api/30.0/public/bluetooth.te create mode 100644 prebuilts/api/30.0/public/bootanim.te create mode 100644 prebuilts/api/30.0/public/bootstat.te create mode 100644 prebuilts/api/30.0/public/bufferhubd.te create mode 100644 prebuilts/api/30.0/public/camera_service_server.te create mode 100644 prebuilts/api/30.0/public/cameraserver.te create mode 100644 prebuilts/api/30.0/public/charger.te create mode 100644 prebuilts/api/30.0/public/crash_dump.te create mode 100644 prebuilts/api/30.0/public/credstore.te create mode 100644 prebuilts/api/30.0/public/device.te create mode 100644 prebuilts/api/30.0/public/dhcp.te create mode 100644 prebuilts/api/30.0/public/display_service_server.te create mode 100644 prebuilts/api/30.0/public/dnsmasq.te create mode 100644 prebuilts/api/30.0/public/domain.te create mode 100644 prebuilts/api/30.0/public/drmserver.te create mode 100644 prebuilts/api/30.0/public/dumpstate.te create mode 100644 prebuilts/api/30.0/public/e2fs.te create mode 100644 prebuilts/api/30.0/public/ephemeral_app.te create mode 100644 prebuilts/api/30.0/public/fastbootd.te create mode 100644 prebuilts/api/30.0/public/file.te create mode 100644 prebuilts/api/30.0/public/fingerprintd.te create mode 100644 prebuilts/api/30.0/public/flags_health_check.te create mode 100644 prebuilts/api/30.0/public/fsck.te create mode 100644 prebuilts/api/30.0/public/fsck_untrusted.te create mode 100644 prebuilts/api/30.0/public/fwk_bufferhub.te create mode 100644 prebuilts/api/30.0/public/gatekeeperd.te create mode 100644 prebuilts/api/30.0/public/global_macros create mode 100644 prebuilts/api/30.0/public/gmscore_app.te create mode 100644 prebuilts/api/30.0/public/gpuservice.te create mode 100644 prebuilts/api/30.0/public/hal_allocator.te create mode 100644 prebuilts/api/30.0/public/hal_atrace.te create mode 100644 prebuilts/api/30.0/public/hal_audio.te create mode 100644 prebuilts/api/30.0/public/hal_audiocontrol.te create mode 100644 prebuilts/api/30.0/public/hal_authsecret.te create mode 100644 prebuilts/api/30.0/public/hal_bluetooth.te create mode 100644 prebuilts/api/30.0/public/hal_bootctl.te create mode 100644 prebuilts/api/30.0/public/hal_broadcastradio.te create mode 100644 prebuilts/api/30.0/public/hal_camera.te create mode 100644 prebuilts/api/30.0/public/hal_can.te create mode 100644 prebuilts/api/30.0/public/hal_cas.te create mode 100644 prebuilts/api/30.0/public/hal_codec2.te create mode 100644 prebuilts/api/30.0/public/hal_configstore.te create mode 100644 prebuilts/api/30.0/public/hal_confirmationui.te create mode 100644 prebuilts/api/30.0/public/hal_contexthub.te create mode 100644 prebuilts/api/30.0/public/hal_drm.te create mode 100644 prebuilts/api/30.0/public/hal_dumpstate.te create mode 100644 prebuilts/api/30.0/public/hal_evs.te create mode 100644 prebuilts/api/30.0/public/hal_face.te create mode 100644 prebuilts/api/30.0/public/hal_fingerprint.te create mode 100644 prebuilts/api/30.0/public/hal_gatekeeper.te create mode 100644 prebuilts/api/30.0/public/hal_gnss.te create mode 100644 prebuilts/api/30.0/public/hal_graphics_allocator.te create mode 100644 prebuilts/api/30.0/public/hal_graphics_composer.te create mode 100644 prebuilts/api/30.0/public/hal_health.te create mode 100644 prebuilts/api/30.0/public/hal_health_storage.te create mode 100644 prebuilts/api/30.0/public/hal_identity.te create mode 100644 prebuilts/api/30.0/public/hal_input_classifier.te create mode 100644 prebuilts/api/30.0/public/hal_ir.te create mode 100644 prebuilts/api/30.0/public/hal_keymaster.te create mode 100644 prebuilts/api/30.0/public/hal_light.te create mode 100644 prebuilts/api/30.0/public/hal_lowpan.te create mode 100644 prebuilts/api/30.0/public/hal_memtrack.te create mode 100644 prebuilts/api/30.0/public/hal_neuralnetworks.te create mode 100644 prebuilts/api/30.0/public/hal_neverallows.te create mode 100644 prebuilts/api/30.0/public/hal_nfc.te create mode 100644 prebuilts/api/30.0/public/hal_oemlock.te create mode 100644 prebuilts/api/30.0/public/hal_omx.te create mode 100644 prebuilts/api/30.0/public/hal_power.te create mode 100644 prebuilts/api/30.0/public/hal_power_stats.te create mode 100644 prebuilts/api/30.0/public/hal_rebootescrow.te create mode 100644 prebuilts/api/30.0/public/hal_secure_element.te create mode 100644 prebuilts/api/30.0/public/hal_sensors.te create mode 100644 prebuilts/api/30.0/public/hal_telephony.te create mode 100644 prebuilts/api/30.0/public/hal_tetheroffload.te create mode 100644 prebuilts/api/30.0/public/hal_thermal.te create mode 100644 prebuilts/api/30.0/public/hal_tv_cec.te create mode 100644 prebuilts/api/30.0/public/hal_tv_input.te create mode 100644 prebuilts/api/30.0/public/hal_tv_tuner.te create mode 100644 prebuilts/api/30.0/public/hal_usb.te create mode 100644 prebuilts/api/30.0/public/hal_usb_gadget.te create mode 100644 prebuilts/api/30.0/public/hal_vehicle.te create mode 100644 prebuilts/api/30.0/public/hal_vibrator.te create mode 100644 prebuilts/api/30.0/public/hal_vr.te create mode 100644 prebuilts/api/30.0/public/hal_weaver.te create mode 100644 prebuilts/api/30.0/public/hal_wifi.te create mode 100644 prebuilts/api/30.0/public/hal_wifi_hostapd.te create mode 100644 prebuilts/api/30.0/public/hal_wifi_supplicant.te create mode 100644 prebuilts/api/30.0/public/healthd.te create mode 100644 prebuilts/api/30.0/public/heapprofd.te create mode 100644 prebuilts/api/30.0/public/hwservice.te create mode 100644 prebuilts/api/30.0/public/hwservicemanager.te create mode 100644 prebuilts/api/30.0/public/idmap.te create mode 100644 prebuilts/api/30.0/public/incident.te create mode 100644 prebuilts/api/30.0/public/incident_helper.te create mode 100644 prebuilts/api/30.0/public/incidentd.te create mode 100644 prebuilts/api/30.0/public/init.te create mode 100644 prebuilts/api/30.0/public/inputflinger.te create mode 100644 prebuilts/api/30.0/public/installd.te create mode 100644 prebuilts/api/30.0/public/ioctl_defines create mode 100644 prebuilts/api/30.0/public/ioctl_macros create mode 100644 prebuilts/api/30.0/public/iorap_inode2filename.te create mode 100644 prebuilts/api/30.0/public/iorap_prefetcherd.te create mode 100644 prebuilts/api/30.0/public/iorapd.te create mode 100644 prebuilts/api/30.0/public/isolated_app.te create mode 100644 prebuilts/api/30.0/public/kernel.te create mode 100644 prebuilts/api/30.0/public/keystore.te create mode 100644 prebuilts/api/30.0/public/llkd.te create mode 100644 prebuilts/api/30.0/public/lmkd.te create mode 100644 prebuilts/api/30.0/public/logd.te create mode 100644 prebuilts/api/30.0/public/logpersist.te create mode 100644 prebuilts/api/30.0/public/mdnsd.te create mode 100644 prebuilts/api/30.0/public/mediadrmserver.te create mode 100644 prebuilts/api/30.0/public/mediaextractor.te create mode 100644 prebuilts/api/30.0/public/mediametrics.te create mode 100644 prebuilts/api/30.0/public/mediaprovider.te create mode 100644 prebuilts/api/30.0/public/mediaserver.te create mode 100644 prebuilts/api/30.0/public/mediaswcodec.te create mode 100644 prebuilts/api/30.0/public/mediatranscoding.te create mode 100644 prebuilts/api/30.0/public/modprobe.te create mode 100644 prebuilts/api/30.0/public/mtp.te create mode 100644 prebuilts/api/30.0/public/net.te create mode 100644 prebuilts/api/30.0/public/netd.te create mode 100644 prebuilts/api/30.0/public/netutils_wrapper.te create mode 100644 prebuilts/api/30.0/public/network_stack.te create mode 100644 prebuilts/api/30.0/public/neverallow_macros create mode 100644 prebuilts/api/30.0/public/nfc.te create mode 100644 prebuilts/api/30.0/public/perfetto.te create mode 100644 prebuilts/api/30.0/public/performanced.te create mode 100644 prebuilts/api/30.0/public/platform_app.te create mode 100644 prebuilts/api/30.0/public/postinstall.te create mode 100644 prebuilts/api/30.0/public/ppp.te create mode 100644 prebuilts/api/30.0/public/priv_app.te create mode 100644 prebuilts/api/30.0/public/profman.te create mode 100644 prebuilts/api/30.0/public/property.te create mode 100644 prebuilts/api/30.0/public/property_contexts create mode 100644 prebuilts/api/30.0/public/racoon.te create mode 100644 prebuilts/api/30.0/public/radio.te create mode 100644 prebuilts/api/30.0/public/recovery.te create mode 100644 prebuilts/api/30.0/public/recovery_persist.te create mode 100644 prebuilts/api/30.0/public/recovery_refresh.te create mode 100644 prebuilts/api/30.0/public/roles create mode 100644 prebuilts/api/30.0/public/rs.te create mode 100644 prebuilts/api/30.0/public/rss_hwm_reset.te create mode 100644 prebuilts/api/30.0/public/runas.te create mode 100644 prebuilts/api/30.0/public/runas_app.te create mode 100644 prebuilts/api/30.0/public/scheduler_service_server.te create mode 100644 prebuilts/api/30.0/public/sdcardd.te create mode 100644 prebuilts/api/30.0/public/secure_element.te create mode 100644 prebuilts/api/30.0/public/sensor_service_server.te create mode 100644 prebuilts/api/30.0/public/service.te create mode 100644 prebuilts/api/30.0/public/servicemanager.te create mode 100644 prebuilts/api/30.0/public/sgdisk.te create mode 100644 prebuilts/api/30.0/public/shared_relro.te create mode 100644 prebuilts/api/30.0/public/shell.te create mode 100644 prebuilts/api/30.0/public/simpleperf.te create mode 100644 prebuilts/api/30.0/public/simpleperf_app_runner.te create mode 100644 prebuilts/api/30.0/public/slideshow.te create mode 100644 prebuilts/api/30.0/public/stats_service_server.te create mode 100644 prebuilts/api/30.0/public/statsd.te create mode 100644 prebuilts/api/30.0/public/su.te create mode 100644 prebuilts/api/30.0/public/surfaceflinger.te create mode 100644 prebuilts/api/30.0/public/system_app.te create mode 100644 prebuilts/api/30.0/public/system_server.te create mode 100644 prebuilts/api/30.0/public/system_suspend_server.te create mode 100644 prebuilts/api/30.0/public/te_macros create mode 100644 prebuilts/api/30.0/public/tee.te create mode 100644 prebuilts/api/30.0/public/tombstoned.te create mode 100644 prebuilts/api/30.0/public/toolbox.te create mode 100644 prebuilts/api/30.0/public/traced.te create mode 100644 prebuilts/api/30.0/public/traced_perf.te create mode 100644 prebuilts/api/30.0/public/traced_probes.te create mode 100644 prebuilts/api/30.0/public/traceur_app.te create mode 100644 prebuilts/api/30.0/public/tzdatacheck.te create mode 100644 prebuilts/api/30.0/public/ueventd.te create mode 100644 prebuilts/api/30.0/public/uncrypt.te create mode 100644 prebuilts/api/30.0/public/untrusted_app.te create mode 100644 prebuilts/api/30.0/public/update_engine.te create mode 100644 prebuilts/api/30.0/public/update_engine_common.te create mode 100644 prebuilts/api/30.0/public/update_verifier.te create mode 100644 prebuilts/api/30.0/public/usbd.te create mode 100644 prebuilts/api/30.0/public/vdc.te create mode 100644 prebuilts/api/30.0/public/vendor_init.te create mode 100644 prebuilts/api/30.0/public/vendor_misc_writer.te create mode 100644 prebuilts/api/30.0/public/vendor_shell.te create mode 100644 prebuilts/api/30.0/public/vendor_toolbox.te create mode 100644 prebuilts/api/30.0/public/virtual_touchpad.te create mode 100644 prebuilts/api/30.0/public/vndservice.te create mode 100644 prebuilts/api/30.0/public/vndservicemanager.te create mode 100644 prebuilts/api/30.0/public/vold.te create mode 100644 prebuilts/api/30.0/public/vold_prepare_subdirs.te create mode 100644 prebuilts/api/30.0/public/vr_hwc.te create mode 100644 prebuilts/api/30.0/public/watchdogd.te create mode 100644 prebuilts/api/30.0/public/webview_zygote.te create mode 100644 prebuilts/api/30.0/public/wificond.te create mode 100644 prebuilts/api/30.0/public/wpantund.te create mode 100644 prebuilts/api/30.0/public/zygote.te diff --git a/prebuilts/api/30.0/private/access_vectors b/prebuilts/api/30.0/private/access_vectors new file mode 100644 index 000000000..4144be85f --- /dev/null +++ b/prebuilts/api/30.0/private/access_vectors @@ -0,0 +1,741 @@ +# +# Define common prefixes for access vectors +# +# common common_name { permission_name ... } + + +# +# Define a common prefix for file access vectors. +# + +common file +{ + ioctl + read + write + create + getattr + setattr + lock + relabelfrom + relabelto + append + map + unlink + link + rename + execute + quotaon + mounton + audit_access + open + execmod + watch + watch_mount + watch_sb + watch_with_perm + watch_reads +} + + +# +# Define a common prefix for socket access vectors. +# + +common socket +{ +# inherited from file + ioctl + read + write + create + getattr + setattr + lock + relabelfrom + relabelto + append + map +# socket-specific + bind + connect + listen + accept + getopt + setopt + shutdown + recvfrom + sendto + name_bind +} + +# +# Define a common prefix for ipc access vectors. +# + +common ipc +{ + create + destroy + getattr + setattr + read + write + associate + unix_read + unix_write +} + +# +# Define a common for capability access vectors. +# +common cap +{ + # The capabilities are defined in include/linux/capability.h + # Capabilities >= 32 are defined in the cap2 common. + # Care should be taken to ensure that these are consistent with + # those definitions. (Order matters) + + chown + dac_override + dac_read_search + fowner + fsetid + kill + setgid + setuid + setpcap + linux_immutable + net_bind_service + net_broadcast + net_admin + net_raw + ipc_lock + ipc_owner + sys_module + sys_rawio + sys_chroot + sys_ptrace + sys_pacct + sys_admin + sys_boot + sys_nice + sys_resource + sys_time + sys_tty_config + mknod + lease + audit_write + audit_control + setfcap +} + +common cap2 +{ + mac_override # unused by SELinux + mac_admin + syslog + wake_alarm + block_suspend + audit_read +} + +# +# Define the access vectors. +# +# class class_name [ inherits common_name ] { permission_name ... } + + +# +# Define the access vector interpretation for file-related objects. +# + +class filesystem +{ + mount + remount + unmount + getattr + relabelfrom + relabelto + associate + quotamod + quotaget + watch +} + +class dir +inherits file +{ + add_name + remove_name + reparent + search + rmdir +} + +class file +inherits file +{ + execute_no_trans + entrypoint +} + +class lnk_file +inherits file + +class chr_file +inherits file +{ + execute_no_trans + entrypoint +} + +class blk_file +inherits file + +class sock_file +inherits file + +class fifo_file +inherits file + +class fd +{ + use +} + + +# +# Define the access vector interpretation for network-related objects. +# + +class socket +inherits socket + +class tcp_socket +inherits socket +{ + node_bind + name_connect +} + +class udp_socket +inherits socket +{ + node_bind +} + +class rawip_socket +inherits socket +{ + node_bind +} + +class node +{ + recvfrom + sendto +} + +class netif +{ + ingress + egress +} + +class netlink_socket +inherits socket + +class packet_socket +inherits socket + +class key_socket +inherits socket + +class unix_stream_socket +inherits socket +{ + connectto +} + +class unix_dgram_socket +inherits socket + +# +# Define the access vector interpretation for process-related objects +# + +class process +{ + fork + transition + sigchld # commonly granted from child to parent + sigkill # cannot be caught or ignored + sigstop # cannot be caught or ignored + signull # for kill(pid, 0) + signal # all other signals + ptrace + getsched + setsched + getsession + getpgid + setpgid + getcap + setcap + share + getattr + setexec + setfscreate + noatsecure + siginh + setrlimit + rlimitinh + dyntransition + setcurrent + execmem + execstack + execheap + setkeycreate + setsockcreate + getrlimit +} + +class process2 +{ + nnp_transition + nosuid_transition +} + +# +# Define the access vector interpretation for ipc-related objects +# + +class ipc +inherits ipc + +class sem +inherits ipc + +class msgq +inherits ipc +{ + enqueue +} + +class msg +{ + send + receive +} + +class shm +inherits ipc +{ + lock +} + + +# +# Define the access vector interpretation for the security server. +# + +class security +{ + compute_av + compute_create + compute_member + check_context + load_policy + compute_relabel + compute_user + setenforce # was avc_toggle in system class + setbool + setsecparam + setcheckreqprot + read_policy + validate_trans +} + + +# +# Define the access vector interpretation for system operations. +# + +class system +{ + ipc_info + syslog_read + syslog_mod + syslog_console + module_request + module_load +} + +# +# Define the access vector interpretation for controlling capabilities +# + +class capability +inherits cap + +class capability2 +inherits cap2 + +# +# Extended Netlink classes +# +class netlink_route_socket +inherits socket +{ + nlmsg_read + nlmsg_write + nlmsg_readpriv +} + +class netlink_tcpdiag_socket +inherits socket +{ + nlmsg_read + nlmsg_write +} + +class netlink_nflog_socket +inherits socket + +class netlink_xfrm_socket +inherits socket +{ + nlmsg_read + nlmsg_write +} + +class netlink_selinux_socket +inherits socket + +class netlink_audit_socket +inherits socket +{ + nlmsg_read + nlmsg_write + nlmsg_relay + nlmsg_readpriv + nlmsg_tty_audit +} + +class netlink_dnrt_socket +inherits socket + +# Define the access vector interpretation for controlling +# access to IPSec network data by association +# +class association +{ + sendto + recvfrom + setcontext + polmatch +} + +# Updated Netlink class for KOBJECT_UEVENT family. +class netlink_kobject_uevent_socket +inherits socket + +class appletalk_socket +inherits socket + +class packet +{ + send + recv + relabelto + forward_in + forward_out +} + +class key +{ + view + read + write + search + link + setattr + create +} + +class dccp_socket +inherits socket +{ + node_bind + name_connect +} + +class memprotect +{ + mmap_zero +} + +# network peer labels +class peer +{ + recv +} + +class kernel_service +{ + use_as_override + create_files_as +} + +class tun_socket +inherits socket +{ + attach_queue +} + +class binder +{ + impersonate + call + set_context_mgr + transfer +} + +class netlink_iscsi_socket +inherits socket + +class netlink_fib_lookup_socket +inherits socket + +class netlink_connector_socket +inherits socket + +class netlink_netfilter_socket +inherits socket + +class netlink_generic_socket +inherits socket + +class netlink_scsitransport_socket +inherits socket + +class netlink_rdma_socket +inherits socket + +class netlink_crypto_socket +inherits socket + +class infiniband_pkey +{ + access +} + +class infiniband_endport +{ + manage_subnet +} + +# +# Define the access vector interpretation for controlling capabilities +# in user namespaces +# + +class cap_userns +inherits cap + +class cap2_userns +inherits cap2 + + +# +# Define the access vector interpretation for the new socket classes +# enabled by the extended_socket_class policy capability. +# + +# +# The next two classes were previously mapped to rawip_socket and therefore +# have the same definition as rawip_socket (until further permissions +# are defined). +# +class sctp_socket +inherits socket +{ + node_bind + name_connect + association +} + +class icmp_socket +inherits socket +{ + node_bind +} + +# +# The remaining network socket classes were previously +# mapped to the socket class and therefore have the +# same definition as socket. +# + +class ax25_socket +inherits socket + +class ipx_socket +inherits socket + +class netrom_socket +inherits socket + +class atmpvc_socket +inherits socket + +class x25_socket +inherits socket + +class rose_socket +inherits socket + +class decnet_socket +inherits socket + +class atmsvc_socket +inherits socket + +class rds_socket +inherits socket + +class irda_socket +inherits socket + +class pppox_socket +inherits socket + +class llc_socket +inherits socket + +class can_socket +inherits socket + +class tipc_socket +inherits socket + +class bluetooth_socket +inherits socket + +class iucv_socket +inherits socket + +class rxrpc_socket +inherits socket + +class isdn_socket +inherits socket + +class phonet_socket +inherits socket + +class ieee802154_socket +inherits socket + +class caif_socket +inherits socket + +class alg_socket +inherits socket + +class nfc_socket +inherits socket + +class vsock_socket +inherits socket + +class kcm_socket +inherits socket + +class qipcrtr_socket +inherits socket + +class smc_socket +inherits socket + +class bpf +{ + map_create + map_read + map_write + prog_load + prog_run +} + +class property_service +{ + set +} + +class service_manager +{ + add + find + list +} + +class hwservice_manager +{ + add + find + list +} + +class keystore_key +{ + get_state + get + insert + delete + exist + list + reset + password + lock + unlock + is_empty + sign + verify + grant + duplicate + clear_uid + add_auth + user_changed + gen_unique_id +} + +class drmservice { + consumeRights + setPlaybackStatus + openDecryptSession + closeDecryptSession + initializeDecryptUnit + decrypt + finalizeDecryptUnit + pread +} + +class xdp_socket +inherits socket + +class perf_event +{ + open + cpu + kernel + tracepoint + read + write +} + +class lockdown +{ + integrity + confidentiality +} diff --git a/prebuilts/api/30.0/private/adbd.te b/prebuilts/api/30.0/private/adbd.te new file mode 100644 index 000000000..89fa1f9e2 --- /dev/null +++ b/prebuilts/api/30.0/private/adbd.te @@ -0,0 +1,200 @@ +### ADB daemon + +typeattribute adbd coredomain; +typeattribute adbd mlstrustedsubject; + +init_daemon_domain(adbd) + +domain_auto_trans(adbd, shell_exec, shell) + +userdebug_or_eng(` + allow adbd self:process setcurrent; + allow adbd su:process dyntransition; +') + +# When 'adb shell' is executed in recovery mode, adbd explicitly +# switches into shell domain using setcon() because the shell executable +# is not labeled as shell but as rootfs. +recovery_only(` + domain_trans(adbd, rootfs, shell) + allow adbd shell:process dyntransition; + + # Allows reboot fastboot to enter fastboot directly + unix_socket_connect(adbd, recovery, recovery) +') + +# Control Perfetto traced and obtain traces from it. +# Needed to allow port forwarding directly to traced. +unix_socket_connect(adbd, traced_consumer, traced) + +# Do not sanitize the environment or open fds of the shell. Allow signaling +# created processes. +allow adbd shell:process { noatsecure signal }; + +# Set UID and GID to shell. Set supplementary groups. +allow adbd self:global_capability_class_set { setuid setgid }; + +# Drop capabilities from bounding set on user builds. +allow adbd self:global_capability_class_set setpcap; + +# ignore spurious denials for adbd when disk space is low. +dontaudit adbd self:global_capability_class_set sys_resource; + +# adbd probes for vsock support. Do not generate denials when +# this occurs. (b/123569840) +dontaudit adbd self:{ socket vsock_socket } create; + +# Create and use network sockets. +net_domain(adbd) + +# Access /dev/usb-ffs/adb/ep0 +allow adbd functionfs:dir search; +allow adbd functionfs:file rw_file_perms; +allowxperm adbd functionfs:file ioctl { + FUNCTIONFS_ENDPOINT_DESC + FUNCTIONFS_CLEAR_HALT +}; + +# Use a pseudo tty. +allow adbd devpts:chr_file rw_file_perms; + +# adb push/pull /data/local/tmp. +allow adbd shell_data_file:dir create_dir_perms; +allow adbd shell_data_file:file create_file_perms; + +# adb pull /data/local/traces/* +allow adbd trace_data_file:dir r_dir_perms; +allow adbd trace_data_file:file r_file_perms; + +# adb pull /data/misc/profman. +allow adbd profman_dump_data_file:dir r_dir_perms; +allow adbd profman_dump_data_file:file r_file_perms; + +# adb push/pull sdcard. +allow adbd tmpfs:dir search; +allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink +allow adbd tmpfs:lnk_file r_file_perms; # /mnt/sdcard symlink +allow adbd sdcard_type:dir create_dir_perms; +allow adbd sdcard_type:file create_file_perms; + +# adb pull /data/anr/traces.txt +allow adbd anr_data_file:dir r_dir_perms; +allow adbd anr_data_file:file r_file_perms; + +# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties. +set_prop(adbd, shell_prop) +set_prop(adbd, powerctl_prop) +set_prop(adbd, ffs_prop) +set_prop(adbd, exported_ffs_prop) + +# Set service.adb.tls.port, persist.adb.wifi. properties +set_prop(adbd, adbd_prop) + +# Access device logging gating property +get_prop(adbd, device_logging_prop) + +# Read device's serial number from system properties +get_prop(adbd, serialno_prop) + +# Read whether or not Test Harness Mode is enabled +get_prop(adbd, test_harness_prop) + +# Read persist.adb.tls_server.enable property +get_prop(adbd, system_adbd_prop) + +# Read device's overlayfs related properties and files +userdebug_or_eng(` + get_prop(adbd, persistent_properties_ready_prop) + r_dir_file(adbd, sysfs_dt_firmware_android) +') + +# Run /system/bin/bu +allow adbd system_file:file rx_file_perms; + +# Perform binder IPC to surfaceflinger (screencap) +# XXX Run screencap in a separate domain? +binder_use(adbd) +binder_call(adbd, surfaceflinger) +binder_call(adbd, gpuservice) +# b/13188914 +allow adbd gpu_device:chr_file rw_file_perms; +allow adbd ion_device:chr_file rw_file_perms; +r_dir_file(adbd, system_file) + +# Needed for various screenshots +hal_client_domain(adbd, hal_graphics_allocator) + +# Read /data/misc/adb/adb_keys. +allow adbd adb_keys_file:dir search; +allow adbd adb_keys_file:file r_file_perms; + +userdebug_or_eng(` + # Write debugging information to /data/adb + # when persist.adb.trace_mask is set + # https://code.google.com/p/android/issues/detail?id=72895 + allow adbd adb_data_file:dir rw_dir_perms; + allow adbd adb_data_file:file create_file_perms; +') + +# ndk-gdb invokes adb forward to forward the gdbserver socket. +allow adbd app_data_file:dir search; +allow adbd app_data_file:sock_file write; +allow adbd appdomain:unix_stream_socket connectto; + +# ndk-gdb invokes adb pull of app_process, linker, and libc.so. +allow adbd zygote_exec:file r_file_perms; +allow adbd system_file:file r_file_perms; + +# Allow pulling the SELinux policy for CTS purposes +allow adbd selinuxfs:dir r_dir_perms; +allow adbd selinuxfs:file r_file_perms; +allow adbd kernel:security read_policy; +allow adbd service_contexts_file:file r_file_perms; +allow adbd file_contexts_file:file r_file_perms; +allow adbd seapp_contexts_file:file r_file_perms; +allow adbd property_contexts_file:file r_file_perms; +allow adbd sepolicy_file:file r_file_perms; + +# Allow pulling config.gz for CTS purposes +allow adbd config_gz:file r_file_perms; + +allow adbd gpu_service:service_manager find; +allow adbd surfaceflinger_service:service_manager find; +allow adbd bootchart_data_file:dir search; +allow adbd bootchart_data_file:file r_file_perms; + +# Allow access to external storage; we have several visible mount points under /storage +# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary +allow adbd storage_file:dir r_dir_perms; +allow adbd storage_file:lnk_file r_file_perms; +allow adbd mnt_user_file:dir r_dir_perms; +allow adbd mnt_user_file:lnk_file r_file_perms; + +# Access to /data/media. +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow adbd media_rw_data_file:dir create_dir_perms; +allow adbd media_rw_data_file:file create_file_perms; + +r_dir_file(adbd, apk_data_file) + +allow adbd rootfs:dir r_dir_perms; + +# Allow to pull Perfetto traces. +allow adbd perfetto_traces_data_file:file r_file_perms; +allow adbd perfetto_traces_data_file:dir r_dir_perms; + +# Connect to shell and use a socket transferred from it. +# Used for e.g. abb. +allow adbd shell:unix_stream_socket { read write shutdown }; +allow adbd shell:fd use; + +### +### Neverallow rules +### + +# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever +# transitions to the shell domain (except when it crashes). In particular, we +# never want to see a transition from adbd to su (aka "adb root") +neverallow adbd { domain -crash_dump -shell }:process transition; +neverallow adbd { domain userdebug_or_eng(`-su') recovery_only(`-shell') }:process dyntransition; diff --git a/prebuilts/api/30.0/private/aidl_lazy_test_server.te b/prebuilts/api/30.0/private/aidl_lazy_test_server.te new file mode 100644 index 000000000..33efde06b --- /dev/null +++ b/prebuilts/api/30.0/private/aidl_lazy_test_server.te @@ -0,0 +1,5 @@ +userdebug_or_eng(` + typeattribute aidl_lazy_test_server coredomain; + + init_daemon_domain(aidl_lazy_test_server) +') diff --git a/prebuilts/api/30.0/private/apex_test_prepostinstall.te b/prebuilts/api/30.0/private/apex_test_prepostinstall.te new file mode 100644 index 000000000..f1bc2145e --- /dev/null +++ b/prebuilts/api/30.0/private/apex_test_prepostinstall.te @@ -0,0 +1,20 @@ +# APEX pre- & post-install test. +# +# Allow to run pre- and post-install hooks for APEX test modules +# in debuggable builds. + +type apex_test_prepostinstall, domain, coredomain; +type apex_test_prepostinstall_exec, system_file_type, exec_type, file_type; + +userdebug_or_eng(` + # /dev/zero + allow apex_test_prepostinstall apexd:fd use; + # Logwrapper. + create_pty(apex_test_prepostinstall) + # Logwrapper executing sh. + allow apex_test_prepostinstall shell_exec:file rx_file_perms; + # Logwrapper exec. + allow apex_test_prepostinstall system_file:file execute_no_trans; + # Ls. + allow apex_test_prepostinstall toolbox_exec:file rx_file_perms; +') diff --git a/prebuilts/api/30.0/private/apexd.te b/prebuilts/api/30.0/private/apexd.te new file mode 100644 index 000000000..9e702dd91 --- /dev/null +++ b/prebuilts/api/30.0/private/apexd.te @@ -0,0 +1,157 @@ +typeattribute apexd coredomain; + +init_daemon_domain(apexd) + +# Allow creating, reading and writing of APEX files/dirs in the APEX data dir +allow apexd apex_data_file:dir create_dir_perms; +allow apexd apex_data_file:file create_file_perms; + +# Allow creating, reading and writing of APEX files/dirs in the APEX metadata dir +allow apexd metadata_file:dir search; +allow apexd apex_metadata_file:dir create_dir_perms; +allow apexd apex_metadata_file:file create_file_perms; + +# Allow apexd to create files and directories for snapshots of apex data +allow apexd apex_permission_data_file:dir { create_dir_perms relabelto }; +allow apexd apex_permission_data_file:file { create_file_perms relabelto }; +allow apexd apex_module_data_file:dir { create_dir_perms relabelfrom }; +allow apexd apex_module_data_file:file { create_file_perms relabelfrom }; +allow apexd apex_rollback_data_file:dir create_dir_perms; +allow apexd apex_rollback_data_file:file create_file_perms; +allow apexd apex_wifi_data_file:dir { create_dir_perms relabelto }; +allow apexd apex_wifi_data_file:file { create_file_perms relabelto }; + +# Allow apexd to read directories under /data/misc_de in order to snapshot and +# restore apex data for all users. +allow apexd system_data_file:dir r_dir_perms; + +# allow apexd to create loop devices with /dev/loop-control +allow apexd loop_control_device:chr_file rw_file_perms; +# allow apexd to access loop devices +allow apexd loop_device:blk_file rw_file_perms; +allowxperm apexd loop_device:blk_file ioctl { + LOOP_GET_STATUS64 + LOOP_SET_STATUS64 + LOOP_SET_FD + LOOP_SET_BLOCK_SIZE + LOOP_SET_DIRECT_IO + LOOP_CLR_FD + BLKFLSBUF +}; +# allow apexd to access /dev/block +allow apexd block_device:dir r_dir_perms; + +# allow apexd to access /dev/block/dm-* (device-mapper entries) +allow apexd dm_device:chr_file rw_file_perms; +allow apexd dm_device:blk_file rw_file_perms; + +# sys_admin is required to access the device-mapper and mount +# dac_override, chown, and fowner are needed for snapshot and restore +allow apexd self:global_capability_class_set { sys_admin chown dac_override dac_read_search fowner }; + +# Note: fsetid is deliberately not included above. fsetid checks are +# triggered by chmod on a directory or file owned by a group other +# than one of the groups assigned to the current process to see if +# the setgid bit should be cleared, regardless of whether the setgid +# bit was even set. We do not appear to truly need this capability +# for apexd to operate. +dontaudit apexd self:global_capability_class_set fsetid; + +# allow apexd to create a mount point in /apex +allow apexd apex_mnt_dir:dir create_dir_perms; +# allow apexd to mount in /apex +allow apexd apex_mnt_dir:filesystem { mount unmount }; +allow apexd apex_mnt_dir:dir mounton; +# allow apexd to create symlinks in /apex +allow apexd apex_mnt_dir:lnk_file create_file_perms; +# allow apexd to unlink apex files in /data/apex/active +# note that apexd won't be able to unlink files in /data/app-staging/session_XXXX, +# because it doesn't have write permission for staging_data_file object. +allow apexd staging_data_file:file unlink; + +# allow apexd to read files from /data/app-staging and hardlink them to /data/apex. +allow apexd staging_data_file:dir r_dir_perms; +allow apexd staging_data_file:file { r_file_perms link }; + +# allow apexd to read files from /vendor/apex +allow apexd vendor_apex_file:dir r_dir_perms; +allow apexd vendor_apex_file:file r_file_perms; + +# Unmount and mount filesystems +allow apexd labeledfs:filesystem { mount unmount }; + +# /sys directory tree traversal +allow apexd sysfs_type:dir search; +# Configure read-ahead of dm-verity and loop devices +# for dm-X +allow apexd sysfs_dm:dir r_dir_perms; +allow apexd sysfs_dm:file rw_file_perms; +# for loopX +allow apexd sysfs_loop:dir r_dir_perms; +allow apexd sysfs_loop:file rw_file_perms; + +# Allow apexd to log to the kernel. +allow apexd kmsg_device:chr_file w_file_perms; + +# Allow apexd to reboot device. Required for rollbacks of apexes that are +# not covered by rollback manager. +set_prop(apexd, powerctl_prop) + +# Allow apexd to stop itself +set_prop(apexd, ctl_apexd_prop) + +# Find the vold service, and call into vold to manage FS checkpoints +allow apexd vold_service:service_manager find; +binder_call(apexd, vold) + +# Apex pre- & post-install permission. + +# Allow self-execute for the fork mount helper. +allow apexd apexd_exec:file execute_no_trans; + +# Unshare and make / private so that hooks cannot influence the +# running system. +allow apexd rootfs:dir mounton; + +# Allow to execute shell for pre- and postinstall scripts. A transition +# rule is required, thus restricted to execute and not execute_no_trans. +allow apexd shell_exec:file { r_file_perms execute }; + +# apexd is using bootstrap bionic +allow apexd system_bootstrap_lib_file:dir r_dir_perms; +allow apexd system_bootstrap_lib_file:file { execute read open getattr map }; + +# Allow transition to ART APEX preinstall domain. +domain_auto_trans(apexd, art_apex_preinstall_exec, art_apex_preinstall) +# Allow transition to ART APEX postinstall domain. +domain_auto_trans(apexd, art_apex_postinstall_exec, art_apex_postinstall) + +# Allow transition to test APEX preinstall domain. +userdebug_or_eng(` + domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall) +') + +# Allow apexd to be invoked with logwrapper from init during userspace reboot. +allow apexd devpts:chr_file { read write }; + +# Allow apexd to create pts files via logwrap_fork_exec for its own use, to pass to +# other processes +create_pty(apexd) + +# Allow apexd to read file contexts when performing restorecon of snapshots. +allow apexd file_contexts_file:file r_file_perms; + +# Allow apexd to execute toybox for snapshot & restore +allow apexd toolbox_exec:file rx_file_perms; + +neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms; +neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms; +neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms; +neverallow { domain -apexd -init -kernel } apex_metadata_file:file no_w_file_perms; +neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms; + +neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:dir no_w_dir_perms; +neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:file no_w_file_perms; + +neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms; +neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms; diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te new file mode 100644 index 000000000..a03bcb094 --- /dev/null +++ b/prebuilts/api/30.0/private/app.te @@ -0,0 +1,37 @@ +# Allow apps to read the Test Harness Mode property. This property is used in +# the implementation of ActivityManager.isDeviceInTestHarnessMode() +get_prop(appdomain, test_harness_prop) + +userdebug_or_eng(`perfetto_producer({ appdomain })') + +# Prevent apps from causing presubmit failures. +# Apps can cause selinux denials by accessing CE storage +# and/or external storage. In either case, the selinux denial is +# not the cause of the failure, but just a symptom that +# storage isn't ready. Many apps handle the failure appropriately. +# +# Apps cannot access external storage before it becomes available. +dontaudit appdomain storage_stub_file:dir getattr; +# Attempts to write to system_data_file is generally a sign +# that apps are attempting to access encrypted storage before +# the ACTION_USER_UNLOCKED intent is delivered. Apps are not +# allowed to write to CE storage before it's available. +# Attempting to do so will be blocked by both selinux and unix +# permissions. +dontaudit appdomain system_data_file:dir write; +# Apps should not be reading vendor-defined properties. +dontaudit appdomain vendor_default_prop:file read; + +neverallow appdomain system_server:udp_socket { + accept append bind create ioctl listen lock name_bind + relabelfrom relabelto setattr shutdown }; + +# Transition to a non-app domain. +# Exception for the shell and su domains, can transition to runas, etc. +# Exception for crash_dump to allow for app crash reporting. +# Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc) +# to allow renderscript to create privileged executable files. +neverallow { appdomain -shell userdebug_or_eng(`-su') } + { domain -appdomain -crash_dump -rs }:process { transition }; +neverallow { appdomain -shell userdebug_or_eng(`-su') } + { domain -appdomain }:process { dyntransition }; diff --git a/prebuilts/api/30.0/private/app_neverallows.te b/prebuilts/api/30.0/private/app_neverallows.te new file mode 100644 index 000000000..66e9f69d2 --- /dev/null +++ b/prebuilts/api/30.0/private/app_neverallows.te @@ -0,0 +1,259 @@ +### +### neverallow rules for untrusted app domains +### + +define(`all_untrusted_apps',`{ + ephemeral_app + isolated_app + mediaprovider + mediaprovider_app + untrusted_app + untrusted_app_25 + untrusted_app_27 + untrusted_app_29 + untrusted_app_all +}') +# Receive or send uevent messages. +neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *; + +# Receive or send generic netlink messages +neverallow all_untrusted_apps domain:netlink_socket *; + +# Too much leaky information in debugfs. It's a security +# best practice to ensure these files aren't readable. +neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read; +neverallow {all_untrusted_apps userdebug_or_eng(`-domain')} debugfs_type:{ file lnk_file } read; + +# Do not allow untrusted apps to register services. +# Only trusted components of Android should be registering +# services. +neverallow all_untrusted_apps service_manager_type:service_manager add; + +# Do not allow untrusted apps to use VendorBinder +neverallow all_untrusted_apps vndbinder_device:chr_file *; +neverallow all_untrusted_apps vndservice_manager_type:service_manager *; + +# Do not allow untrusted apps to connect to the property service +# or set properties. b/10243159 +neverallow { all_untrusted_apps -mediaprovider } property_socket:sock_file write; +neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto; +neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set; + +# net.dns properties are not a public API. Disallow untrusted apps from reading this property. +neverallow { all_untrusted_apps } net_dns_prop:file read; + +# Shared libraries created by trusted components within an app home +# directory can be dlopen()ed. To maintain the W^X property, these files +# must never be writable to the app. +neverallow all_untrusted_apps app_exec_data_file:file + { append create link relabelfrom relabelto rename setattr write }; + +# Block calling execve() on files in an apps home directory. +# This is a W^X violation (loading executable code from a writable +# home directory). For compatibility, allow for targetApi <= 28. +# b/112357170 +neverallow { + all_untrusted_apps + -untrusted_app_25 + -untrusted_app_27 + -runas_app +} { app_data_file privapp_data_file }:file execute_no_trans; + +# Do not allow untrusted apps to invoke dex2oat. This was historically required +# by ART for compiling secondary dex files but has been removed in Q. +# Exempt legacy apps (targetApi<=28) for compatibility. +neverallow { + all_untrusted_apps + -untrusted_app_25 + -untrusted_app_27 +} dex2oat_exec:file no_x_file_perms; + +# Do not allow untrusted apps to be assigned mlstrustedsubject. +# This would undermine the per-user isolation model being +# enforced via levelFrom=user in seapp_contexts and the mls +# constraints. As there is no direct way to specify a neverallow +# on attribute assignment, this relies on the fact that fork +# permission only makes sense within a domain (hence should +# never be granted to any other domain within mlstrustedsubject) +# and an untrusted app is allowed fork permission to itself. +neverallow all_untrusted_apps mlstrustedsubject:process fork; + +# Do not allow untrusted apps to hard link to any files. +# In particular, if an untrusted app links to other app data +# files, installd will not be able to guarantee the deletion +# of the linked to file. Hard links also contribute to security +# bugs, so we want to ensure untrusted apps never have this +# capability. +neverallow all_untrusted_apps file_type:file link; + +# Do not allow untrusted apps to access network MAC address file +neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms; + +# Do not allow any write access to files in /sys +neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms }; + +# Apps may never access the default sysfs label. +neverallow all_untrusted_apps sysfs:file no_rw_file_perms; + +# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the +# ioctl permission, or 3. disallow the socket class. +neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; +neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl; +neverallow all_untrusted_apps *:{ + socket netlink_socket packet_socket key_socket appletalk_socket + netlink_tcpdiag_socket netlink_nflog_socket + netlink_xfrm_socket netlink_audit_socket + netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket + netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket + netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket + netlink_rdma_socket netlink_crypto_socket sctp_socket + ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket + atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket + bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket + alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket +} *; + +# Disallow sending RTM_GETLINK messages on netlink sockets. +neverallow { + all_untrusted_apps + -untrusted_app_25 + -untrusted_app_27 + -untrusted_app_29 +} domain:netlink_route_socket { bind nlmsg_readpriv }; + +# Do not allow untrusted apps access to /cache +neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms }; +neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr }; + +# Do not allow untrusted apps to create/unlink files outside of its sandbox, +# internal storage or sdcard. +# World accessible data locations allow application to fill the device +# with unaccounted for data. This data will not get removed during +# application un-installation. +neverallow { all_untrusted_apps -mediaprovider } { + fs_type + -sdcard_type + file_type + -app_data_file # The apps sandbox itself + -privapp_data_file + -app_exec_data_file # stored within the app sandbox directory + -media_rw_data_file # Internal storage. Known that apps can + # leave artfacts here after uninstall. + -user_profile_data_file # Access to profile files + userdebug_or_eng(` + -method_trace_data_file # only on ro.debuggable=1 + -coredump_file # userdebug/eng only + ') +}:dir_file_class_set { create unlink }; + +# No untrusted component except mediaprovider_app should be touching /dev/fuse +neverallow { all_untrusted_apps -mediaprovider_app } fuse_device:chr_file *; + +# Do not allow untrusted apps to directly open the tun_device +neverallow all_untrusted_apps tun_device:chr_file open; +# The tun_device ioctls below are not allowed, to prove equivalence +# to the kernel patch at +# https://android.googlesource.com/kernel/common/+/11cee2be0c2062ba88f04eb51196506f870a3b5d%5E%21 +neverallowxperm all_untrusted_apps tun_device:chr_file ioctl { + SIOCGIFHWADDR + SIOCSIFHWADDR + TUNATTACHFILTER + TUNDETACHFILTER + TUNGETFEATURES + TUNGETFILTER + TUNGETSNDBUF + TUNGETVNETHDRSZ + TUNSETDEBUG + TUNSETGROUP + TUNSETIFF + TUNSETLINK + TUNSETNOCSUM + TUNSETOFFLOAD + TUNSETOWNER + TUNSETPERSIST + TUNSETQUEUE + TUNSETSNDBUF + TUNSETTXFILTER + TUNSETVNETHDRSZ +}; + +# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553) +neverallow all_untrusted_apps anr_data_file:file ~{ open append }; +neverallow all_untrusted_apps anr_data_file:dir ~search; + +# Avoid reads from generically labeled /proc files +# Create a more specific label if needed +neverallow all_untrusted_apps { + proc + proc_asound + proc_kmsg + proc_loadavg + proc_mounts + proc_pagetypeinfo + proc_slabinfo + proc_stat + proc_swaps + proc_uptime + proc_version + proc_vmallocinfo + proc_vmstat +}:file { no_rw_file_perms no_x_file_perms }; + +# /proc/filesystems is accessible to mediaprovider_app only since it handles +# external storage +neverallow { all_untrusted_apps - mediaprovider_app } proc_filesystems:file { no_rw_file_perms no_x_file_perms }; + +# Avoid all access to kernel configuration +neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms }; + +# Do not allow untrusted apps access to preloads data files +neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms; + +# Locking of files on /system could lead to denial of service attacks +# against privileged system components +neverallow all_untrusted_apps system_file:file lock; + +# Do not permit untrusted apps to perform actions on HwBinder service_manager +# other than find actions for services listed below +neverallow all_untrusted_apps *:hwservice_manager ~find; + +# Do not permit access from apps which host arbitrary code to the protected HwBinder +# services. +# The two main reasons for this are: +# 1. Protected HwBinder servers do not perform client authentication because HIDL +# currently does not expose caller UID information and, even if it did, those +# HwBinder services either operate at a level below that of apps (e.g., HALs) +# or must not rely on app identity for authorization. Thus, to be safe, the +# default assumption is that every HwBinder service treats all its clients as +# equally authorized to perform operations offered by the service. +# 2. HAL servers (a subset of HwBinder services) contain code with higher +# incidence rate of security issues than system/core components and have +# access to lower layes of the stack (all the way down to hardware) thus +# increasing opportunities for bypassing the Android security model. +neverallow all_untrusted_apps protected_hwservice:hwservice_manager find; + +neverallow all_untrusted_apps { + vendor_service +}:service_manager find; + +# SELinux is not an API for untrusted apps to use +neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms; + +# Access to /proc/tty/drivers, to allow apps to determine if they +# are running in an emulated environment. +# b/33214085 b/33814662 b/33791054 b/33211769 +# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java +# This will go away in a future Android release +neverallow { all_untrusted_apps -untrusted_app_25 } proc_tty_drivers:file r_file_perms; +neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms; + +# Untrusted apps are not allowed to use cgroups. +neverallow all_untrusted_apps cgroup:file *; + +# /mnt/sdcard symlink was supposed to have been removed in Gingerbread. Apps +# must not use it. +neverallow { + all_untrusted_apps + -untrusted_app_25 + -untrusted_app_27 +} mnt_sdcard_file:lnk_file *; diff --git a/prebuilts/api/30.0/private/app_zygote.te b/prebuilts/api/30.0/private/app_zygote.te new file mode 100644 index 000000000..a826f7fc7 --- /dev/null +++ b/prebuilts/api/30.0/private/app_zygote.te @@ -0,0 +1,167 @@ +typeattribute app_zygote coredomain; + +###### +###### Policy below is different from regular zygote-spawned apps +###### + +# The app_zygote needs to be able to transition domains. +typeattribute app_zygote mlstrustedsubject; + +# Allow access to temporary files, which is normally permitted through +# a domain macro. +tmpfs_domain(app_zygote); + +# Set the UID/GID of the process. +# This will be further limited to a range of isolated UIDs with seccomp. +allow app_zygote self:global_capability_class_set { setgid setuid }; +# Drop capabilities from bounding set. +allow app_zygote self:global_capability_class_set setpcap; +# Switch SELinux context to isolated app domain. +allow app_zygote self:process setcurrent; +allow app_zygote isolated_app:process dyntransition; + +# For JIT +allow app_zygote self:process execmem; + +# Allow app_zygote to stat the files that it opens. It must +# be able to inspect them so that it can reopen them on fork +# if necessary: b/30963384. +allow app_zygote debugfs_trace_marker:file getattr; + +# get system_server process group +allow app_zygote system_server:process getpgid; + +# Interaction between the app_zygote and its children. +allow app_zygote isolated_app:process setpgid; + +# TODO (b/63631799) fix this access +dontaudit app_zygote mnt_expand_file:dir getattr; + +# Get seapp_contexts +allow app_zygote seapp_contexts_file:file r_file_perms; +# Check validity of SELinux context before use. +selinux_check_context(app_zygote) +# Check SELinux permissions. +selinux_check_access(app_zygote) + +###### +###### Policy below is shared with regular zygote-spawned apps +###### + +# Child of zygote. +allow app_zygote zygote:fd use; +allow app_zygote zygote:process sigchld; + +# For ART (read /data/dalvik-cache). +r_dir_file(app_zygote, dalvikcache_data_file); +allow app_zygote dalvikcache_data_file:file execute; + +# Allow reading/executing installed binaries to enable preloading +# application data +allow app_zygote apk_data_file:dir r_dir_perms; +allow app_zygote apk_data_file:file { r_file_perms execute }; + +# /oem accesses. +allow app_zygote oemfs:dir search; + +# Allow app_zygote access to /vendor/overlay +r_dir_file(app_zygote, vendor_overlay_file) + +allow app_zygote system_data_file:lnk_file r_file_perms; +allow app_zygote system_data_file:file { getattr read map }; + +# Send unsolicited message to system_server +unix_socket_send(app_zygote, system_unsolzygote, system_server) + +##### +##### Neverallow +##### + +# Only permit transition to isolated_app. +neverallow app_zygote { domain -isolated_app }:process dyntransition; + +# Only setcon() transitions, no exec() based transitions, except for crash_dump. +neverallow app_zygote { domain -crash_dump }:process transition; + +# Must not exec() a program without changing domains. +# Having said that, exec() above is not allowed. +neverallow app_zygote *:file execute_no_trans; + +# The only way to enter this domain is for the zygote to fork a new +# app_zygote child. +neverallow { domain -zygote } app_zygote:process dyntransition; + +# Disallow write access to properties. +neverallow app_zygote property_socket:sock_file write; +neverallow app_zygote property_type:property_service set; + +# Should not have any access to non-app data files. +neverallow app_zygote { + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file +}:file { rwx_file_perms }; + +neverallow app_zygote { + service_manager_type + -activity_service + -webviewupdate_service +}:service_manager find; + +# Isolated apps should not be able to access the driver directly. +neverallow app_zygote gpu_device:chr_file { rwx_file_perms }; + +# Do not allow app_zygote access to /cache. +neverallow app_zygote cache_file:dir ~{ r_dir_perms }; +neverallow app_zygote cache_file:file ~{ read getattr }; + +# Do not allow most socket access. This is socket_class_set, excluding unix_dgram_socket, +# unix_stream_socket, and netlink_selinux_socket. +neverallow app_zygote domain:{ + socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket + appletalk_socket netlink_route_socket netlink_tcpdiag_socket + netlink_nflog_socket netlink_xfrm_socket netlink_audit_socket + netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket + netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket + netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket + sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket + x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket + pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket + rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket + alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket +} *; + +# Only allow app_zygote to talk to the logd socket, and +# su/heapprofd/traced_perf on eng/userdebug. This is because +# cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS. +# Think twice before changing. +neverallow app_zygote { + domain + -app_zygote + -logd + -system_server + userdebug_or_eng(`-su') + userdebug_or_eng(`-heapprofd') + userdebug_or_eng(`-traced_perf') +}:unix_dgram_socket *; + +neverallow app_zygote { + domain + -app_zygote + userdebug_or_eng(`-su') + userdebug_or_eng(`-heapprofd') + userdebug_or_eng(`-traced_perf') +}:unix_stream_socket *; + +# Never allow ptrace +neverallow app_zygote *:process ptrace; + +# Do not allow access to Bluetooth-related system properties. +# neverallow rules for Bluetooth-related data files are listed above. +neverallow app_zygote { + bluetooth_a2dp_offload_prop + bluetooth_audio_hal_prop + bluetooth_prop + exported_bluetooth_prop +}:file create_file_perms; diff --git a/prebuilts/api/30.0/private/art_apex_boot_integrity.te b/prebuilts/api/30.0/private/art_apex_boot_integrity.te new file mode 100644 index 000000000..ba02083c3 --- /dev/null +++ b/prebuilts/api/30.0/private/art_apex_boot_integrity.te @@ -0,0 +1,28 @@ +# This command set checks the integrity of boot classpath ART +# artifacts in /data, potentially removing them. + +type art_apex_boot_integrity, domain, coredomain; +type art_apex_boot_integrity_exec, system_file_type, exec_type, file_type; + +# Technically not a daemon but we do want the transition from init domain to +# art_apex_boot_integrity to occur. +init_daemon_domain(art_apex_boot_integrity) + +# Read dalvik cache directories, remove entries. +allow art_apex_boot_integrity dalvikcache_data_file:dir { r_dir_perms write remove_name }; +# Read and possibly delete dalvik cache files. +allow art_apex_boot_integrity dalvikcache_data_file:file { r_file_perms unlink }; + +# Allow art_apex_boot_integrity to execute itself using #!/system/bin/sh +allow art_apex_boot_integrity shell_exec:file rx_file_perms; + +# Allow running the mv and rm/rmdir commands using art_apex_boot_integrity +# permissions. +allow art_apex_boot_integrity toolbox_exec:file rx_file_perms; + +# Fsverity in the same domain. +allow art_apex_boot_integrity system_file:file execute_no_trans; +# Fsverity work. +allowxperm art_apex_boot_integrity dalvikcache_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; diff --git a/prebuilts/api/30.0/private/art_apex_postinstall.te b/prebuilts/api/30.0/private/art_apex_postinstall.te new file mode 100644 index 000000000..576ed2006 --- /dev/null +++ b/prebuilts/api/30.0/private/art_apex_postinstall.te @@ -0,0 +1,31 @@ +# ART APEX postinstall. +# + +type art_apex_postinstall, domain, coredomain; +type art_apex_postinstall_exec, system_file_type, exec_type, file_type; + +# /system/bin/sh (see b/126787589). +allow art_apex_postinstall apexd:fd use; + +# Read temp dirs and files. Move directories. +allow art_apex_postinstall ota_data_file:dir { r_dir_perms write rename remove_name relabelfrom reparent }; +allow art_apex_postinstall ota_data_file:file { r_file_perms relabelfrom }; +# We're deleting the old /data/dalvik-cache/* and move the new ones +# over. +allow art_apex_postinstall dalvikcache_data_file:dir { create_dir_perms relabelto }; +allow art_apex_postinstall dalvikcache_data_file:file { r_file_perms unlink relabelto }; + +# Required for relabel. +allow art_apex_postinstall file_contexts_file:file r_file_perms; +allow art_apex_postinstall self:global_capability_class_set sys_admin; + +# Script helpers. +allow art_apex_postinstall shell_exec:file rx_file_perms; +allow art_apex_postinstall toolbox_exec:file rx_file_perms; + +# Fsverity in the same domain. +allow art_apex_postinstall system_file:file execute_no_trans; +# Fsverity work. +allowxperm art_apex_postinstall ota_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; diff --git a/prebuilts/api/30.0/private/art_apex_preinstall.te b/prebuilts/api/30.0/private/art_apex_preinstall.te new file mode 100644 index 000000000..12b102041 --- /dev/null +++ b/prebuilts/api/30.0/private/art_apex_preinstall.te @@ -0,0 +1,33 @@ +# ART APEX preinstall. +# + +type art_apex_preinstall, domain, coredomain; +type art_apex_preinstall_exec, system_file_type, exec_type, file_type; + +# /system/bin/sh (see b/126787589). +allow art_apex_preinstall apexd:fd use; + +# Create temp dirs and files under /data/ota. +allow art_apex_preinstall ota_data_file:dir create_dir_perms; +allow art_apex_preinstall ota_data_file:file create_file_perms; +# We mount /data/ota/dalvik-cache over /data/dalvik-cache in our +# mount namespace. +allow art_apex_preinstall dalvikcache_data_file:dir { r_dir_perms mounton }; +allow art_apex_preinstall self:capability sys_admin; + +# Script helpers. +allow art_apex_preinstall shell_exec:file rx_file_perms; +allow art_apex_preinstall toolbox_exec:file rx_file_perms; + +# Execute subscripts in the same domain. +allow art_apex_preinstall art_apex_preinstall_exec:file execute_no_trans; + +# Run dex2oat. +domain_auto_trans(art_apex_preinstall, dex2oat_exec, dex2oat) + +# Fsverity in the same domain. +allow art_apex_preinstall system_file:file execute_no_trans; +# Fsverity work. +allowxperm art_apex_preinstall ota_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; diff --git a/prebuilts/api/30.0/private/asan_extract.te b/prebuilts/api/30.0/private/asan_extract.te new file mode 100644 index 000000000..1c20d78ec --- /dev/null +++ b/prebuilts/api/30.0/private/asan_extract.te @@ -0,0 +1,8 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Technically not a daemon but we do want the transition from init domain to +# asan_extract to occur. +with_asan(` +typeattribute asan_extract coredomain; +init_daemon_domain(asan_extract) +') diff --git a/prebuilts/api/30.0/private/atrace.te b/prebuilts/api/30.0/private/atrace.te new file mode 100644 index 000000000..ad7d177e6 --- /dev/null +++ b/prebuilts/api/30.0/private/atrace.te @@ -0,0 +1,80 @@ +# Domain for atrace process. +# It is spawned either by traced_probes or by init for the boottrace service. + +type atrace, domain, coredomain; +type atrace_exec, exec_type, file_type, system_file_type; + +# boottrace services uses /data/misc/boottrace/categories +allow atrace boottrace_data_file:dir search; +allow atrace boottrace_data_file:file r_file_perms; + +# Allow atrace to access tracefs. +allow atrace debugfs_tracing:dir r_dir_perms; +allow atrace debugfs_tracing:file rw_file_perms; +allow atrace debugfs_trace_marker:file getattr; + +# Allow atrace to write data when a pipe is used for stdout/stderr +# This is used by Perfetto to capture the output on error in atrace. +allow atrace traced_probes:fd use; +allow atrace traced_probes:fifo_file write; + +# atrace sets debug.atrace.* properties +set_prop(atrace, debug_prop) + +# atrace pokes all the binder-enabled processes at startup with a +# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties. + +# Allow discovery of binder services. +allow atrace { + service_manager_type + -apex_service + -incident_service + -iorapd_service + -netd_service + -dnsresolver_service + -stats_service + -dumpstate_service + -installd_service + -vold_service + -lpdump_service + -default_android_service +}:service_manager { find }; +allow atrace servicemanager:service_manager list; + +# Allow notifying the processes hosting specific binder services that +# trace-related system properties have changed. +binder_use(atrace) +allow atrace healthd:binder call; +allow atrace surfaceflinger:binder call; +allow atrace system_server:binder call; +allow atrace cameraserver:binder call; + +# Similarly, on debug builds, allow specific HALs to be notified that +# trace-related system properties have changed. +userdebug_or_eng(` + # List HAL interfaces. + allow atrace hwservicemanager:hwservice_manager list; + # Notify the camera HAL. + hal_client_domain(atrace, hal_camera) + hal_client_domain(atrace, hal_vibrator) +') + +# Remove logspam from notification attempts to non-whitelisted services. +dontaudit atrace hwservice_manager_type:hwservice_manager find; +dontaudit atrace service_manager_type:service_manager find; +dontaudit atrace domain:binder call; + +# atrace can call atrace HAL +hal_client_domain(atrace, hal_atrace) + +get_prop(atrace, hwservicemanager_prop) + +userdebug_or_eng(` + # atrace is generally invoked as a standalone binary from shell or perf + # daemons like Perfetto traced_probes. However, in userdebug builds, there is + # a further option to run atrace as an init daemon for boot tracing. + init_daemon_domain(atrace) + + allow atrace debugfs_tracing_debug:dir r_dir_perms; + allow atrace debugfs_tracing_debug:file rw_file_perms; +') diff --git a/prebuilts/api/30.0/private/attributes b/prebuilts/api/30.0/private/attributes new file mode 100644 index 000000000..e01b2126a --- /dev/null +++ b/prebuilts/api/30.0/private/attributes @@ -0,0 +1 @@ +hal_attribute(lazy_test); diff --git a/prebuilts/api/30.0/private/audioserver.te b/prebuilts/api/30.0/private/audioserver.te new file mode 100644 index 000000000..067152fb7 --- /dev/null +++ b/prebuilts/api/30.0/private/audioserver.te @@ -0,0 +1,100 @@ +# audioserver - audio services daemon + +typeattribute audioserver coredomain; + +type audioserver_exec, exec_type, file_type, system_file_type; +init_daemon_domain(audioserver) +tmpfs_domain(audioserver) + +r_dir_file(audioserver, sdcard_type) + +binder_use(audioserver) +binder_call(audioserver, binderservicedomain) +binder_call(audioserver, appdomain) +binder_service(audioserver) + +hal_client_domain(audioserver, hal_allocator) +# /system/lib64/hw for always-passthrough Allocator HAL ashmem / mapper .so +r_dir_file(audioserver, system_file) + +hal_client_domain(audioserver, hal_audio) + +userdebug_or_eng(` + # used for TEE sink - pcm capture for debug. + allow audioserver media_data_file:dir create_dir_perms; + allow audioserver audioserver_data_file:dir create_dir_perms; + allow audioserver audioserver_data_file:file create_file_perms; + + # ptrace to processes in the same domain for memory leak detection + allow audioserver self:process ptrace; +') + +add_service(audioserver, audioserver_service) +allow audioserver activity_service:service_manager find; +allow audioserver appops_service:service_manager find; +allow audioserver batterystats_service:service_manager find; +allow audioserver external_vibrator_service:service_manager find; +allow audioserver package_native_service:service_manager find; +allow audioserver permission_service:service_manager find; +allow audioserver power_service:service_manager find; +allow audioserver scheduling_policy_service:service_manager find; +allow audioserver mediametrics_service:service_manager find; +allow audioserver sensor_privacy_service:service_manager find; +allow audioserver soundtrigger_middleware_service:service_manager find; + +# Allow read/write access to bluetooth-specific properties +set_prop(audioserver, bluetooth_a2dp_offload_prop) +set_prop(audioserver, bluetooth_audio_hal_prop) +set_prop(audioserver, bluetooth_prop) +set_prop(audioserver, exported_bluetooth_prop) + +# Grant access to audio files to audioserver +allow audioserver audio_data_file:dir ra_dir_perms; +allow audioserver audio_data_file:file create_file_perms; + +# allow access to ALSA MMAP FDs for AAudio API +allow audioserver audio_device:chr_file { read write }; + +not_full_treble(`allow audioserver audio_device:dir r_dir_perms;') +not_full_treble(`allow audioserver audio_device:chr_file rw_file_perms;') + +# For A2DP bridge which is loaded directly into audioserver +unix_socket_connect(audioserver, bluetooth, bluetooth) + +# Allow shell commands from ADB and shell for CTS testing/dumping +allow audioserver adbd:fd use; +allow audioserver adbd:unix_stream_socket { read write }; +allow audioserver shell:fifo_file { read write }; + +# Allow shell commands from ADB for CTS testing/dumping +userdebug_or_eng(` + allow audioserver su:fd use; + allow audioserver su:fifo_file { read write }; + allow audioserver su:unix_stream_socket { read write }; +') + +# Allow write access to log tag property +set_prop(audioserver, log_tag_prop); + +### +### neverallow rules +### + +# audioserver should never execute any executable without a +# domain transition +neverallow audioserver { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *; + +# Allow using wake locks +wakelock_use(audioserver) diff --git a/prebuilts/api/30.0/private/auditctl.te b/prebuilts/api/30.0/private/auditctl.te new file mode 100644 index 000000000..f634d3d1d --- /dev/null +++ b/prebuilts/api/30.0/private/auditctl.te @@ -0,0 +1,18 @@ +# +# /system/bin/auditctl executed for logd +# +# Performs maintenance of the kernel auditing system, including +# setting rate limits on SELinux denials. +# + +type auditctl, domain, coredomain; +type auditctl_exec, file_type, system_file_type, exec_type; + +# Uncomment the line below to put this domain into permissive +# mode. This helps speed SELinux policy development. +# userdebug_or_eng(`permissive auditctl;') + +init_daemon_domain(auditctl) + +allow auditctl self:global_capability_class_set audit_control; +allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; diff --git a/prebuilts/api/30.0/private/automotive_display_service.te b/prebuilts/api/30.0/private/automotive_display_service.te new file mode 100644 index 000000000..fa11ca424 --- /dev/null +++ b/prebuilts/api/30.0/private/automotive_display_service.te @@ -0,0 +1,33 @@ +# Display proxy service for Automotive +type automotive_display_service, domain, coredomain; +type automotive_display_service_exec, system_file_type, exec_type, file_type; + +typeattribute automotive_display_service automotive_display_service_server; + +# Allow to add a display service to the manager +add_hwservice(automotive_display_service, fwk_automotive_display_hwservice); + +# Allow init to launch automotive display service +init_daemon_domain(automotive_display_service) + +# Allow to use Binder IPC for SurfaceFlinger. +binder_use(automotive_display_service) + +# Allow to use HwBinder IPC for HAL implementations. +hwbinder_use(automotive_display_service) +hal_client_domain(automotive_display_service, hal_graphics_composer) + +# Allow to read the target property. +get_prop(automotive_display_service, hwservicemanager_prop) + +# Allow to find SurfaceFlinger. +allow automotive_display_service surfaceflinger_service:service_manager find; + +# Allow client domain to do binder IPC to serverdomain. +binder_call(automotive_display_service, surfaceflinger) + +# Allow to use a graphics mapper +allow automotive_display_service hal_graphics_mapper_hwservice:hwservice_manager find; + +# Allow to use hidl token service +allow automotive_display_service hidl_token_hwservice:hwservice_manager find; diff --git a/prebuilts/api/30.0/private/binder_in_vendor_violators.te b/prebuilts/api/30.0/private/binder_in_vendor_violators.te new file mode 100644 index 000000000..4a1218e1d --- /dev/null +++ b/prebuilts/api/30.0/private/binder_in_vendor_violators.te @@ -0,0 +1 @@ +allow binder_in_vendor_violators binder_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/private/binderservicedomain.te b/prebuilts/api/30.0/private/binderservicedomain.te new file mode 100644 index 000000000..0891ee5b2 --- /dev/null +++ b/prebuilts/api/30.0/private/binderservicedomain.te @@ -0,0 +1,22 @@ +# Rules common to all binder service domains + +# Allow dumpstate and incidentd to collect information from binder services +allow binderservicedomain { dumpstate incidentd }:fd use; +allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr }; +allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write }; +allow binderservicedomain shell_data_file:file { getattr write }; + +# Allow dumpsys to work from adb shell or the serial console +allow binderservicedomain devpts:chr_file rw_file_perms; +allow binderservicedomain console_device:chr_file rw_file_perms; + +# Receive and write to a pipe received over Binder from an app. +allow binderservicedomain appdomain:fd use; +allow binderservicedomain appdomain:fifo_file write; + +# allow all services to run permission checks +allow binderservicedomain permission_service:service_manager find; + +allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify }; + +use_keystore(binderservicedomain) diff --git a/prebuilts/api/30.0/private/blank_screen.te b/prebuilts/api/30.0/private/blank_screen.te new file mode 100644 index 000000000..51310d180 --- /dev/null +++ b/prebuilts/api/30.0/private/blank_screen.te @@ -0,0 +1,6 @@ +type blank_screen, domain, coredomain; +type blank_screen_exec, exec_type, file_type, system_file_type; + +init_daemon_domain(blank_screen) + +hal_client_domain(blank_screen, hal_light) diff --git a/prebuilts/api/30.0/private/blkid.te b/prebuilts/api/30.0/private/blkid.te new file mode 100644 index 000000000..4e972ab95 --- /dev/null +++ b/prebuilts/api/30.0/private/blkid.te @@ -0,0 +1,22 @@ +# blkid called from vold + +typeattribute blkid coredomain; + +type blkid_exec, system_file_type, exec_type, file_type; + +# Allowed read-only access to encrypted devices to extract UUID/label +allow blkid block_device:dir search; +allow blkid userdata_block_device:blk_file r_file_perms; +allow blkid dm_device:blk_file r_file_perms; + +# Allow stdin/out back to vold +allow blkid vold:fd use; +allow blkid vold:fifo_file { read write getattr }; + +# For blkid launched through popen() +allow blkid blkid_exec:file rx_file_perms; + +# Only allow entry from vold +neverallow { domain -vold } blkid:process transition; +neverallow * blkid:process dyntransition; +neverallow blkid { file_type fs_type -blkid_exec -shell_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/private/blkid_untrusted.te b/prebuilts/api/30.0/private/blkid_untrusted.te new file mode 100644 index 000000000..125677157 --- /dev/null +++ b/prebuilts/api/30.0/private/blkid_untrusted.te @@ -0,0 +1,37 @@ +# blkid for untrusted block devices + +typeattribute blkid_untrusted coredomain; + +# Allowed read-only access to vold block devices to extract UUID/label +allow blkid_untrusted block_device:dir search; +allow blkid_untrusted vold_device:blk_file r_file_perms; + +# Allow stdin/out back to vold +allow blkid_untrusted vold:fd use; +allow blkid_untrusted vold:fifo_file { read write getattr }; + +# For blkid launched through popen() +allow blkid_untrusted blkid_exec:file rx_file_perms; + +### +### neverallow rules +### + +# Untrusted blkid should never be run on block devices holding sensitive data +neverallow blkid_untrusted { + boot_block_device + frp_block_device + metadata_block_device + recovery_block_device + root_block_device + swap_block_device + system_block_device + userdata_block_device + cache_block_device + dm_device +}:blk_file no_rw_file_perms; + +# Only allow entry from vold via blkid binary +neverallow { domain -vold } blkid_untrusted:process transition; +neverallow * blkid_untrusted:process dyntransition; +neverallow blkid_untrusted { file_type fs_type -blkid_exec -shell_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/private/bluetooth.te b/prebuilts/api/30.0/private/bluetooth.te new file mode 100644 index 000000000..1680361e5 --- /dev/null +++ b/prebuilts/api/30.0/private/bluetooth.te @@ -0,0 +1,86 @@ +# bluetooth app + +typeattribute bluetooth coredomain; + +app_domain(bluetooth) +net_domain(bluetooth) + +# Socket creation under /data/misc/bluedroid. +type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket; + +# Allow access to net_admin ioctls +allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls; + +wakelock_use(bluetooth); + +# Data file accesses. +allow bluetooth bluetooth_data_file:dir create_dir_perms; +allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms; +allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms; +allow bluetooth bluetooth_logs_data_file:file create_file_perms; + +# Socket creation under /data/misc/bluedroid. +allow bluetooth bluetooth_socket:sock_file create_file_perms; + +allow bluetooth self:global_capability_class_set net_admin; +allow bluetooth self:global_capability2_class_set wake_alarm; + +# tethering +allow bluetooth self:packet_socket create_socket_perms_no_ioctl; +allow bluetooth self:global_capability_class_set { net_admin net_raw net_bind_service }; +allow bluetooth self:tun_socket create_socket_perms_no_ioctl; +allow bluetooth tun_device:chr_file rw_file_perms; +allowxperm bluetooth tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF }; +allow bluetooth efs_file:dir search; + +# allow Bluetooth to access uhid device for HID profile +allow bluetooth uhid_device:chr_file rw_file_perms; + +# proc access. +allow bluetooth proc_bluetooth_writable:file rw_file_perms; + +# Allow write access to bluetooth specific properties +set_prop(bluetooth, binder_cache_bluetooth_server_prop); +neverallow { domain -bluetooth -init } + binder_cache_bluetooth_server_prop:property_service set; +set_prop(bluetooth, bluetooth_a2dp_offload_prop) +set_prop(bluetooth, bluetooth_audio_hal_prop) +set_prop(bluetooth, bluetooth_prop) +set_prop(bluetooth, exported_bluetooth_prop) +set_prop(bluetooth, pan_result_prop) + +allow bluetooth audioserver_service:service_manager find; +allow bluetooth bluetooth_service:service_manager find; +allow bluetooth drmserver_service:service_manager find; +allow bluetooth mediaserver_service:service_manager find; +allow bluetooth radio_service:service_manager find; +allow bluetooth app_api_service:service_manager find; +allow bluetooth system_api_service:service_manager find; +allow bluetooth network_stack_service:service_manager find; + +# already open bugreport file descriptors may be shared with +# the bluetooth process, from a file in +# /data/data/com.android.shell/files/bugreports/bugreport-*. +allow bluetooth shell_data_file:file read; + +# Bluetooth audio needs RT scheduling to meet deadlines, allow sys_nice +allow bluetooth self:global_capability_class_set sys_nice; + +hal_client_domain(bluetooth, hal_bluetooth) +hal_client_domain(bluetooth, hal_telephony) + +# Bluetooth A2DP offload requires binding with audio HAL +hal_client_domain(bluetooth, hal_audio) + +read_runtime_log_tags(bluetooth) + +### +### Neverallow rules +### +### These are things that the bluetooth app should NEVER be able to do +### + +# Superuser capabilities. +# Bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend and sys_nice. +neverallow bluetooth self:global_capability_class_set ~{ net_admin net_raw net_bind_service sys_nice}; +neverallow bluetooth self:global_capability2_class_set ~{ wake_alarm block_suspend }; diff --git a/prebuilts/api/30.0/private/bluetoothdomain.te b/prebuilts/api/30.0/private/bluetoothdomain.te new file mode 100644 index 000000000..fe4f0e663 --- /dev/null +++ b/prebuilts/api/30.0/private/bluetoothdomain.te @@ -0,0 +1,2 @@ +# Allow clients to use a socket provided by the bluetooth app. +allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown }; diff --git a/prebuilts/api/30.0/private/bootanim.te b/prebuilts/api/30.0/private/bootanim.te new file mode 100644 index 000000000..47405601d --- /dev/null +++ b/prebuilts/api/30.0/private/bootanim.te @@ -0,0 +1,9 @@ +typeattribute bootanim coredomain; + +init_daemon_domain(bootanim) + +# b/68864350 +dontaudit bootanim unlabeled:dir search; + +# Bootanim should not be reading default vendor-defined properties. +dontaudit bootanim vendor_default_prop:file read; diff --git a/prebuilts/api/30.0/private/bootstat.te b/prebuilts/api/30.0/private/bootstat.te new file mode 100644 index 000000000..806144cf6 --- /dev/null +++ b/prebuilts/api/30.0/private/bootstat.te @@ -0,0 +1,3 @@ +typeattribute bootstat coredomain; + +init_daemon_domain(bootstat) diff --git a/prebuilts/api/30.0/private/boringssl_self_test.te b/prebuilts/api/30.0/private/boringssl_self_test.te new file mode 100644 index 000000000..50fc1fc1c --- /dev/null +++ b/prebuilts/api/30.0/private/boringssl_self_test.te @@ -0,0 +1,74 @@ +# System and vendor domains for BoringSSL self test binaries. +# +# For FIPS compliance, all processes linked against libcrypto perform a startup +# self test which computes a hash of the BoringSSL Crypto Module (BCM) and, at least once +# per device boot, also run a series of Known Answer Tests (KAT) to verify functionality. +# +# The KATs are expensive, and to ensure they are run as few times as possible, they +# are skipped if a marker file exists in /dev/boringssl/selftest whose name is +# the hash of the BCM that was computed earlier. The files are zero length and their contents +# should never be read or written. To avoid giving arbitrary processes access to /dev/boringssl +# to create these marker files, there are dedicated self test binaries which this policy +# gives access to and which are run during early-init. +# +# Due to build skew, the version of libcrypto in /vendor may have a different hash than +# the system one. To cater for this there are vendor variants of the self test binaries +# which also have permission to write to the same files in /dev/boringssl. In the case where +# vendor and system libcrypto have the same hash, there will be a race to create the file, +# but this is harmless. +# +# If the self tests fail, then the device should reboot into firmware and for this reason +# the system boringssl_self_test domain needs to be in coredomain. As vendor domains +# are not allowed in coredomain, this means that the vendor self tests cannot trigger a +# reboot. However every binary linked against the vendor libcrypto will abort on startup, +# so in practice the device will crash anyway in this unlikely scenario. + +# System boringssl_self_test domain +type boringssl_self_test, domain, coredomain; +type boringssl_self_test_exec, system_file_type, exec_type, file_type; + +# Vendor boringssl_self_test domain +type vendor_boringssl_self_test, domain; +type vendor_boringssl_self_test_exec, vendor_file_type, exec_type, file_type; + +# Switch to boringssl_self_test security domain when running boringssl_self_test_exec +init_daemon_domain(boringssl_self_test) + +# Switch to vendor_boringssl_self_test security domain when running vendor_boringssl_self_test_exec +init_daemon_domain(vendor_boringssl_self_test) + +# Marker files, common to both domains, indicating KAT have been performed on a particular libcrypto +# +# The files are zero length so there is no issue if both vendor and system code +# try to create the same file simultaneously. One will succeed and the other will fail +# silently, i.e. still indicate success. Similar harmless naming collisions will happen in the +# system domain e.g. when system and APEX copies of libcrypto are identical. +type boringssl_self_test_marker, file_type; + +# Allow self test binaries to create/check for the existence of boringssl_self_test_marker files +allow { boringssl_self_test vendor_boringssl_self_test } + boringssl_self_test_marker:file create_file_perms; +allow { boringssl_self_test vendor_boringssl_self_test } + boringssl_self_test_marker:dir ra_dir_perms; + +# Allow self test binaries to write their stdout/stderr messages to kmsg_debug +allow { boringssl_self_test vendor_boringssl_self_test } + kmsg_debug_device:chr_file { w_file_perms getattr ioctl }; + +# No other process should be able to create marker files because their existence causes the +# boringssl KAT to be skipped. +neverallow { + domain + -vendor_boringssl_self_test + -boringssl_self_test + -init + -vendor_init +} boringssl_self_test_marker:file no_rw_file_perms; + +neverallow { + domain + -vendor_boringssl_self_test + -boringssl_self_test + -init + -vendor_init +} boringssl_self_test_marker:dir write; diff --git a/prebuilts/api/30.0/private/bpfloader.te b/prebuilts/api/30.0/private/bpfloader.te new file mode 100644 index 000000000..249f3df72 --- /dev/null +++ b/prebuilts/api/30.0/private/bpfloader.te @@ -0,0 +1,40 @@ +# bpf program loader +type bpfloader, domain; +type bpfloader_exec, system_file_type, exec_type, file_type; +typeattribute bpfloader coredomain; + +# These permissions are required to pin ebpf maps & programs. +allow bpfloader fs_bpf:dir { search write add_name }; +allow bpfloader fs_bpf:file { create setattr }; + +# Allow bpfloader to create bpf maps and programs. +allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run }; + +allow bpfloader self:capability { chown sys_admin }; + +### +### Neverallow rules +### + +# TODO: get rid of init & vendor_init +neverallow { domain -init -vendor_init } fs_bpf:dir setattr; +neverallow { domain -bpfloader } fs_bpf:dir { write add_name }; +neverallow domain fs_bpf:dir { reparent rename rmdir }; + +# TODO: get rid of init & vendor_init +neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr; +neverallow { domain -bpfloader } fs_bpf:file create; +neverallow domain fs_bpf:file { rename unlink }; + +neverallow { domain -bpfloader } *:bpf { map_create prog_load }; +neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run; +neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write }; + +neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans }; + +neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *; + +# No domain should be allowed to ptrace bpfloader +neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace; + +set_prop(bpfloader, bpf_progs_loaded_prop) diff --git a/prebuilts/api/30.0/private/bufferhubd.te b/prebuilts/api/30.0/private/bufferhubd.te new file mode 100644 index 000000000..012eb2027 --- /dev/null +++ b/prebuilts/api/30.0/private/bufferhubd.te @@ -0,0 +1,3 @@ +typeattribute bufferhubd coredomain; + +init_daemon_domain(bufferhubd) diff --git a/prebuilts/api/30.0/private/bug_map b/prebuilts/api/30.0/private/bug_map new file mode 100644 index 000000000..60c2f15b4 --- /dev/null +++ b/prebuilts/api/30.0/private/bug_map @@ -0,0 +1,33 @@ +dnsmasq netd fifo_file b/77868789 +dnsmasq netd unix_stream_socket b/77868789 +gmscore_app system_data_file dir b/146166941 +init app_data_file file b/77873135 +init cache_file blk_file b/77873135 +init logpersist file b/77873135 +init nativetest_data_file dir b/77873135 +init pstorefs dir b/77873135 +init shell_data_file dir b/77873135 +init shell_data_file file b/77873135 +init shell_data_file lnk_file b/77873135 +init shell_data_file sock_file b/77873135 +init system_data_file chr_file b/77873135 +isolated_app privapp_data_file dir b/119596573 +isolated_app app_data_file dir b/120394782 +mediaextractor app_data_file file b/77923736 +mediaextractor radio_data_file file b/77923736 +mediaprovider cache_file blk_file b/77925342 +mediaprovider mnt_media_rw_file dir b/77925342 +mediaprovider shell_data_file dir b/77925342 +mediaswcodec ashmem_device chr_file b/142679232 +netd priv_app unix_stream_socket b/77870037 +netd untrusted_app unix_stream_socket b/77870037 +netd untrusted_app_25 unix_stream_socket b/77870037 +netd untrusted_app_27 unix_stream_socket b/77870037 +platform_app nfc_data_file dir b/74331887 +system_server crash_dump process b/73128755 +system_server overlayfs_file file b/142390309 +system_server sdcardfs file b/77856826 +system_server storage_stub_file dir b/145267097 +system_server zygote process b/77856826 +vold system_data_file file b/124108085 +zygote untrusted_app_25 process b/77925912 diff --git a/prebuilts/api/30.0/private/cameraserver.te b/prebuilts/api/30.0/private/cameraserver.te new file mode 100644 index 000000000..2be3c9ea3 --- /dev/null +++ b/prebuilts/api/30.0/private/cameraserver.te @@ -0,0 +1,6 @@ +typeattribute cameraserver coredomain; + +typeattribute cameraserver camera_service_server; + +init_daemon_domain(cameraserver) +tmpfs_domain(cameraserver) diff --git a/prebuilts/api/30.0/private/charger.te b/prebuilts/api/30.0/private/charger.te new file mode 100644 index 000000000..65109deff --- /dev/null +++ b/prebuilts/api/30.0/private/charger.te @@ -0,0 +1 @@ +typeattribute charger coredomain; diff --git a/prebuilts/api/30.0/private/clatd.te b/prebuilts/api/30.0/private/clatd.te new file mode 100644 index 000000000..0fa774a27 --- /dev/null +++ b/prebuilts/api/30.0/private/clatd.te @@ -0,0 +1,36 @@ +# 464xlat daemon +type clatd, domain, coredomain; +type clatd_exec, system_file_type, exec_type, file_type; + +net_domain(clatd) + +r_dir_file(clatd, proc_net_type) +userdebug_or_eng(` + auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read }; +') + +# Access objects inherited from netd. +allow clatd netd:fd use; +allow clatd netd:fifo_file { read write }; +# TODO: Check whether some or all of these sockets should be close-on-exec. +allow clatd netd:netlink_kobject_uevent_socket { read write }; +allow clatd netd:netlink_nflog_socket { read write }; +allow clatd netd:netlink_route_socket { read write }; +allow clatd netd:udp_socket { read write }; +allow clatd netd:unix_stream_socket { read write }; +allow clatd netd:unix_dgram_socket { read write }; + +allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid }; + +# clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks +# capable(CAP_IPC_LOCK), and then checks to see the requested amount is +# under RLIMIT_MEMLOCK. If the latter check succeeds clatd won't have +# needed CAP_IPC_LOCK. But this is not guaranteed to succeed on all devices +# so we permit any requests we see from clatd asking for this capability. +# See https://android-review.googlesource.com/127940 and +# https://b.corp.google.com/issues/21736319 +allow clatd self:global_capability_class_set ipc_lock; + +allow clatd self:netlink_route_socket nlmsg_write; +allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl; +allow clatd tun_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.cil new file mode 100644 index 000000000..498bca5a7 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/26.0/26.0.cil @@ -0,0 +1,786 @@ +;; attributes removed from current policy +(typeattribute hal_wifi_keystore) +(typeattribute hal_wifi_keystore_client) +(typeattribute hal_wifi_keystore_server) +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) + +;; types removed from current policy +(type untrusted_v2_app) +(type asan_reboot_prop) +(type commontime_management_service) +(type hal_wifi_offload_hwservice) +(type log_device) +(type mediacasserver_service) +(type mediacodec) +(type mediacodec_exec) +(type qtaguid_proc) +(type reboot_data_file) +(type tracing_shell_writable) +(type tracing_shell_writable_debug) +(type vold_socket) +(type webview_zygote_socket) +(type rild) +(type netd_socket) + +(typeattributeset accessibility_service_26_0 (accessibility_service)) +(typeattributeset account_service_26_0 (account_service)) +(typeattributeset activity_service_26_0 (activity_service)) +(typeattributeset adbd_26_0 (adbd)) +(typeattributeset adb_data_file_26_0 (adb_data_file)) +(typeattributeset adbd_socket_26_0 (adbd_socket)) +(typeattributeset adb_keys_file_26_0 (adb_keys_file)) +(typeattributeset alarm_device_26_0 (alarm_device)) +(typeattributeset alarm_service_26_0 (alarm_service)) +(typeattributeset anr_data_file_26_0 (anr_data_file)) +(typeattributeset apk_data_file_26_0 (apk_data_file)) +(typeattributeset apk_private_data_file_26_0 (apk_private_data_file)) +(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file)) +(typeattributeset apk_tmp_file_26_0 (apk_tmp_file)) +(typeattributeset app_data_file_26_0 (app_data_file privapp_data_file)) +(typeattributeset app_fuse_file_26_0 (app_fuse_file)) +(typeattributeset app_fusefs_26_0 (app_fusefs)) +(typeattributeset appops_service_26_0 (appops_service)) +(typeattributeset appwidget_service_26_0 (appwidget_service)) +(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop)) +(typeattributeset asec_apk_file_26_0 (asec_apk_file)) +(typeattributeset asec_image_file_26_0 (asec_image_file)) +(typeattributeset asec_public_file_26_0 (asec_public_file)) +(typeattributeset ashmem_device_26_0 (ashmem_device)) +(typeattributeset assetatlas_service_26_0 (assetatlas_service)) +(typeattributeset audio_data_file_26_0 (audio_data_file)) +(typeattributeset audio_device_26_0 (audio_device)) +(typeattributeset audiohal_data_file_26_0 (audiohal_data_file)) +(typeattributeset audio_prop_26_0 (audio_prop)) +(typeattributeset audio_seq_device_26_0 (audio_seq_device)) +(typeattributeset audioserver_26_0 (audioserver)) +(typeattributeset audioserver_data_file_26_0 (audioserver_data_file)) +(typeattributeset audioserver_service_26_0 (audioserver_service)) +(typeattributeset audio_service_26_0 (audio_service)) +(typeattributeset audio_timer_device_26_0 (audio_timer_device)) +(typeattributeset autofill_service_26_0 (autofill_service)) +(typeattributeset backup_data_file_26_0 (backup_data_file)) +(typeattributeset backup_service_26_0 (backup_service)) +(typeattributeset batteryproperties_service_26_0 (batteryproperties_service)) +(typeattributeset battery_service_26_0 (battery_service)) +(typeattributeset batterystats_service_26_0 (batterystats_service)) +(typeattributeset binder_device_26_0 (binder_device)) +(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs)) +(typeattributeset blkid_26_0 (blkid)) +(typeattributeset blkid_untrusted_26_0 (blkid_untrusted)) +(typeattributeset block_device_26_0 (block_device)) +(typeattributeset bluetooth_26_0 (bluetooth)) +(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file)) +(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file)) +(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file)) +(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service)) +(typeattributeset bluetooth_prop_26_0 (bluetooth_prop)) +(typeattributeset bluetooth_service_26_0 (bluetooth_service)) +(typeattributeset bluetooth_socket_26_0 (bluetooth_socket)) +(typeattributeset bootanim_26_0 (bootanim)) +(typeattributeset bootanim_exec_26_0 (bootanim_exec)) +(typeattributeset boot_block_device_26_0 (boot_block_device)) +(typeattributeset bootchart_data_file_26_0 (bootchart_data_file)) +(typeattributeset bootstat_26_0 (bootstat)) +(typeattributeset bootstat_data_file_26_0 (bootstat_data_file)) +(typeattributeset bootstat_exec_26_0 (bootstat_exec)) +(typeattributeset boottime_prop_26_0 (boottime_prop)) +(typeattributeset boottrace_data_file_26_0 (boottrace_data_file)) +(typeattributeset bufferhubd_26_0 (bufferhubd)) +(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec)) +(typeattributeset cache_backup_file_26_0 (cache_backup_file)) +(typeattributeset cache_block_device_26_0 (cache_block_device)) +(typeattributeset cache_file_26_0 (cache_file)) +(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file)) +(typeattributeset cache_recovery_file_26_0 (cache_recovery_file)) +(typeattributeset camera_data_file_26_0 (camera_data_file)) +(typeattributeset camera_device_26_0 (camera_device)) +(typeattributeset cameraproxy_service_26_0 (cameraproxy_service)) +(typeattributeset cameraserver_26_0 (cameraserver)) +(typeattributeset cameraserver_exec_26_0 (cameraserver_exec)) +(typeattributeset cameraserver_service_26_0 (cameraserver_service)) +(typeattributeset cgroup_26_0 (cgroup)) +(typeattributeset charger_26_0 (charger)) +(typeattributeset clatd_26_0 (clatd)) +(typeattributeset clatd_exec_26_0 (clatd_exec)) +(typeattributeset clipboard_service_26_0 (clipboard_service)) +(typeattributeset commontime_management_service_26_0 (commontime_management_service)) +(typeattributeset companion_device_service_26_0 (companion_device_service)) +(typeattributeset configfs_26_0 (configfs)) +(typeattributeset config_prop_26_0 (config_prop)) +(typeattributeset connectivity_service_26_0 (connectivity_service)) +(typeattributeset connmetrics_service_26_0 (connmetrics_service)) +(typeattributeset console_device_26_0 (console_device)) +(typeattributeset consumer_ir_service_26_0 (consumer_ir_service)) +(typeattributeset content_service_26_0 (content_service)) +(typeattributeset contexthub_service_26_0 (contexthub_service)) +(typeattributeset coredump_file_26_0 (coredump_file)) +(typeattributeset country_detector_service_26_0 (country_detector_service)) +(typeattributeset coverage_service_26_0 (coverage_service)) +(typeattributeset cppreopt_prop_26_0 (cppreopt_prop)) +(typeattributeset cppreopts_26_0 (cppreopts)) +(typeattributeset cppreopts_exec_26_0 (cppreopts_exec)) +(typeattributeset cpuctl_device_26_0 (cpuctl_device)) +(typeattributeset cpuinfo_service_26_0 (cpuinfo_service)) +(typeattributeset crash_dump_26_0 (crash_dump)) +(typeattributeset crash_dump_exec_26_0 (crash_dump_exec)) +(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop)) +(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop)) +(typeattributeset ctl_console_prop_26_0 (ctl_console_prop)) +(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop)) +(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop)) +(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop)) +(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop)) +(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop)) +(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file)) +(typeattributeset dalvik_prop_26_0 (dalvik_prop)) +(typeattributeset dbinfo_service_26_0 (dbinfo_service)) +(typeattributeset debugfs_26_0 + ( debugfs + debugfs_wakeup_sources + )) +(typeattributeset debugfs_mmc_26_0 (debugfs_mmc)) +(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker)) +(typeattributeset debugfs_tracing_26_0 (debugfs_tracing)) +(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances)) +(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing)) +(typeattributeset debuggerd_prop_26_0 (debuggerd_prop)) +(typeattributeset debug_prop_26_0 (debug_prop)) +(typeattributeset default_android_hwservice_26_0 (default_android_hwservice)) +(typeattributeset default_android_service_26_0 (default_android_service)) +(typeattributeset default_android_vndservice_26_0 (default_android_vndservice)) +(typeattributeset default_prop_26_0 + ( default_prop pm_prop)) +(typeattributeset device_26_0 (device)) +(typeattributeset device_identifiers_service_26_0 (device_identifiers_service)) +(typeattributeset deviceidle_service_26_0 (deviceidle_service)) +(typeattributeset device_logging_prop_26_0 (device_logging_prop)) +(typeattributeset device_policy_service_26_0 (device_policy_service)) +(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service)) +(typeattributeset devpts_26_0 (devpts)) +(typeattributeset dex2oat_26_0 (dex2oat)) +(typeattributeset dex2oat_exec_26_0 (dex2oat_exec)) +(typeattributeset dhcp_26_0 (dhcp)) +(typeattributeset dhcp_data_file_26_0 (dhcp_data_file)) +(typeattributeset dhcp_exec_26_0 (dhcp_exec)) +(typeattributeset dhcp_prop_26_0 (dhcp_prop)) +(typeattributeset diskstats_service_26_0 (diskstats_service)) +(typeattributeset display_service_26_0 (display_service)) +(typeattributeset dm_device_26_0 (dm_device)) +(typeattributeset dnsmasq_26_0 (dnsmasq)) +(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec)) +(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket)) +(typeattributeset DockObserver_service_26_0 (DockObserver_service)) +(typeattributeset dreams_service_26_0 (dreams_service)) +(typeattributeset drm_data_file_26_0 (drm_data_file)) +(typeattributeset drmserver_26_0 (drmserver)) +(typeattributeset drmserver_exec_26_0 (drmserver_exec)) +(typeattributeset drmserver_service_26_0 (drmserver_service)) +(typeattributeset drmserver_socket_26_0 (drmserver_socket)) +(typeattributeset dropbox_service_26_0 (dropbox_service)) +(typeattributeset dumpstate_26_0 (dumpstate)) +(typeattributeset dumpstate_exec_26_0 (dumpstate_exec)) +(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop)) +(typeattributeset dumpstate_prop_26_0 (dumpstate_prop)) +(typeattributeset dumpstate_service_26_0 (dumpstate_service)) +(typeattributeset dumpstate_socket_26_0 (dumpstate_socket)) +(typeattributeset efs_file_26_0 (efs_file)) +(typeattributeset ephemeral_app_26_0 (ephemeral_app)) +(typeattributeset ethernet_service_26_0 (ethernet_service)) +(typeattributeset ffs_prop_26_0 (ffs_prop)) +(typeattributeset file_contexts_file_26_0 (file_contexts_file)) +(typeattributeset fingerprintd_26_0 (fingerprintd)) +(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file)) +(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec)) +(typeattributeset fingerprintd_service_26_0 (fingerprintd_service)) +(typeattributeset fingerprint_prop_26_0 (fingerprint_prop)) +(typeattributeset fingerprint_service_26_0 (fingerprint_service)) +(typeattributeset firstboot_prop_26_0 (firstboot_prop)) +(typeattributeset font_service_26_0 (font_service)) +(typeattributeset frp_block_device_26_0 (frp_block_device)) +(typeattributeset fsck_26_0 (fsck)) +(typeattributeset fsck_exec_26_0 (fsck_exec)) +(typeattributeset fscklogs_26_0 (fscklogs)) +(typeattributeset fsck_untrusted_26_0 (fsck_untrusted)) +(typeattributeset full_device_26_0 (full_device)) +(typeattributeset functionfs_26_0 (functionfs)) +(typeattributeset fuse_26_0 (fuse)) +(typeattributeset fuse_device_26_0 (fuse_device)) +(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice)) +(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice)) +(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice)) +(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket)) +(typeattributeset gatekeeperd_26_0 (gatekeeperd)) +(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file)) +(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec)) +(typeattributeset gatekeeper_service_26_0 (gatekeeper_service)) +(typeattributeset gfxinfo_service_26_0 (gfxinfo_service)) +(typeattributeset gps_control_26_0 (gps_control)) +(typeattributeset gpu_device_26_0 (gpu_device)) +(typeattributeset gpu_service_26_0 (gpu_service)) +(typeattributeset graphics_device_26_0 (graphics_device)) +(typeattributeset graphicsstats_service_26_0 (graphicsstats_service)) +(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice)) +(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice)) +(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice)) +(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice)) +(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs)) +(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice)) +(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice)) +(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice)) +(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice)) +(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service)) +(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice)) +(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice)) +(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice)) +(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice)) +(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice)) +(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice)) +(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice)) +(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice)) +(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice)) +(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice)) +(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice)) +(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice)) +(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice)) +(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice)) +(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice)) +(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice)) +(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice)) +(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice)) +(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice)) +(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice)) +(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice)) +(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice)) +(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice)) +(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice)) +(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice)) +(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice)) +(typeattributeset hardware_properties_service_26_0 (hardware_properties_service)) +(typeattributeset hardware_service_26_0 (hardware_service)) +(typeattributeset hci_attach_dev_26_0 (hci_attach_dev)) +(typeattributeset hdmi_control_service_26_0 (hdmi_control_service)) +(typeattributeset healthd_26_0 (healthd)) +(typeattributeset healthd_exec_26_0 (healthd_exec)) +(typeattributeset heapdump_data_file_26_0 (heapdump_data_file)) +(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice)) +(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice)) +(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice)) +(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice)) +(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice)) +(typeattributeset hwbinder_device_26_0 (hwbinder_device)) +(typeattributeset hw_random_device_26_0 (hw_random_device)) +(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file)) +(typeattributeset hwservicemanager_26_0 (hwservicemanager)) +(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec)) +(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop)) +(typeattributeset i2c_device_26_0 (i2c_device)) +(typeattributeset icon_file_26_0 (icon_file)) +(typeattributeset idmap_26_0 (idmap)) +(typeattributeset idmap_exec_26_0 (idmap_exec)) +(typeattributeset iio_device_26_0 (iio_device)) +(typeattributeset imms_service_26_0 (imms_service)) +(typeattributeset incident_26_0 (incident)) +(typeattributeset incidentd_26_0 (incidentd)) +(typeattributeset incident_data_file_26_0 (incident_data_file)) +(typeattributeset incident_service_26_0 (incident_service)) +(typeattributeset init_26_0 (init)) +(typeattributeset init_exec_26_0 (init_exec watchdogd_exec)) +(typeattributeset inotify_26_0 (inotify)) +(typeattributeset input_device_26_0 (input_device)) +(typeattributeset inputflinger_26_0 (inputflinger)) +(typeattributeset inputflinger_exec_26_0 (inputflinger_exec)) +(typeattributeset inputflinger_service_26_0 (inputflinger_service)) +(typeattributeset input_method_service_26_0 (input_method_service)) +(typeattributeset input_service_26_0 (input_service)) +(typeattributeset installd_26_0 (installd)) +(typeattributeset install_data_file_26_0 (install_data_file)) +(typeattributeset installd_exec_26_0 (installd_exec)) +(typeattributeset installd_service_26_0 (installd_service)) +(typeattributeset install_recovery_26_0 (install_recovery)) +(typeattributeset install_recovery_exec_26_0 (install_recovery_exec)) +(typeattributeset ion_device_26_0 (ion_device)) +(typeattributeset IProxyService_service_26_0 (IProxyService_service)) +(typeattributeset ipsec_service_26_0 (ipsec_service)) +(typeattributeset isolated_app_26_0 (isolated_app)) +(typeattributeset jobscheduler_service_26_0 (jobscheduler_service)) +(typeattributeset kernel_26_0 (kernel)) +(typeattributeset keychain_data_file_26_0 (keychain_data_file)) +(typeattributeset keychord_device_26_0 (keychord_device)) +(typeattributeset keystore_26_0 (keystore)) +(typeattributeset keystore_data_file_26_0 (keystore_data_file)) +(typeattributeset keystore_exec_26_0 (keystore_exec)) +(typeattributeset keystore_service_26_0 (keystore_service)) +(typeattributeset kmem_device_26_0 (kmem_device)) +(typeattributeset kmsg_device_26_0 (kmsg_device)) +(typeattributeset labeledfs_26_0 (labeledfs)) +(typeattributeset launcherapps_service_26_0 (launcherapps_service)) +(typeattributeset lmkd_26_0 (lmkd)) +(typeattributeset lmkd_exec_26_0 (lmkd_exec)) +(typeattributeset lmkd_socket_26_0 (lmkd_socket)) +(typeattributeset location_service_26_0 (location_service)) +(typeattributeset lock_settings_service_26_0 (lock_settings_service)) +(typeattributeset logcat_exec_26_0 (logcat_exec)) +(typeattributeset logd_26_0 (logd)) +(typeattributeset log_device_26_0 (log_device)) +(typeattributeset logd_exec_26_0 (logd_exec)) +(typeattributeset logd_prop_26_0 (logd_prop)) +(typeattributeset logdr_socket_26_0 (logdr_socket)) +(typeattributeset logd_socket_26_0 (logd_socket)) +(typeattributeset logdw_socket_26_0 (logdw_socket)) +(typeattributeset logpersist_26_0 (logpersist)) +(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop)) +(typeattributeset log_prop_26_0 (log_prop)) +(typeattributeset log_tag_prop_26_0 (log_tag_prop)) +(typeattributeset loop_control_device_26_0 (loop_control_device)) +(typeattributeset loop_device_26_0 (loop_device)) +(typeattributeset mac_perms_file_26_0 (mac_perms_file)) +(typeattributeset mdnsd_26_0 (mdnsd)) +(typeattributeset mdnsd_socket_26_0 (mdnsd_socket)) +(typeattributeset mdns_socket_26_0 (mdns_socket)) +(typeattributeset mediacasserver_service_26_0 (mediacasserver_service)) +(typeattributeset hal_omx_server (mediacodec_26_0)) +(typeattributeset mediacodec_26_0 (mediacodec)) +(typeattributeset mediacodec_exec_26_0 (mediacodec_exec)) +(typeattributeset mediacodec_service_26_0 (mediacodec_service)) +(typeattributeset media_data_file_26_0 (media_data_file)) +(typeattributeset mediadrmserver_26_0 (mediadrmserver)) +(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec)) +(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service)) +(typeattributeset mediaextractor_26_0 (mediaextractor)) +(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec)) +(typeattributeset mediaextractor_service_26_0 (mediaextractor_service)) +(typeattributeset mediametrics_26_0 (mediametrics)) +(typeattributeset mediametrics_exec_26_0 (mediametrics_exec)) +(typeattributeset mediametrics_service_26_0 (mediametrics_service)) +(typeattributeset media_projection_service_26_0 (media_projection_service)) +(typeattributeset media_router_service_26_0 (media_router_service)) +(typeattributeset media_rw_data_file_26_0 (media_rw_data_file)) +(typeattributeset mediaserver_26_0 (mediaserver)) +(typeattributeset mediaserver_exec_26_0 (mediaserver_exec)) +(typeattributeset mediaserver_service_26_0 (mediaserver_service)) +(typeattributeset media_session_service_26_0 (media_session_service)) +(typeattributeset meminfo_service_26_0 (meminfo_service)) +(typeattributeset metadata_block_device_26_0 (metadata_block_device)) +(typeattributeset method_trace_data_file_26_0 (method_trace_data_file)) +(typeattributeset midi_service_26_0 (midi_service)) +(typeattributeset misc_block_device_26_0 (misc_block_device)) +(typeattributeset misc_logd_file_26_0 (misc_logd_file)) +(typeattributeset misc_user_data_file_26_0 (misc_user_data_file)) +(typeattributeset mmc_prop_26_0 (mmc_prop)) +(typeattributeset mnt_expand_file_26_0 (mnt_expand_file)) +(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file)) +(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file)) +(typeattributeset mnt_user_file_26_0 (mnt_user_file)) +(typeattributeset modprobe_26_0 (modprobe)) +(typeattributeset mount_service_26_0 (mount_service)) +(typeattributeset mqueue_26_0 (mqueue)) +(typeattributeset mtd_device_26_0 (mtd_device)) +(typeattributeset mtp_26_0 (mtp)) +(typeattributeset mtp_device_26_0 (mtp_device)) +(typeattributeset mtpd_socket_26_0 (mtpd_socket)) +(typeattributeset mtp_exec_26_0 (mtp_exec)) +(typeattributeset nativetest_data_file_26_0 (nativetest_data_file)) +(typeattributeset netd_26_0 (netd)) +(typeattributeset net_data_file_26_0 (net_data_file)) +(typeattributeset netd_exec_26_0 (netd_exec)) +(typeattributeset netd_listener_service_26_0 (netd_listener_service)) +(typeattributeset net_dns_prop_26_0 (net_dns_prop)) +(typeattributeset netd_service_26_0 (netd_service)) +(typeattributeset netd_socket_26_0 (netd_socket)) +(typeattributeset netif_26_0 (netif)) +(typeattributeset netpolicy_service_26_0 (netpolicy_service)) +(typeattributeset net_radio_prop_26_0 (net_radio_prop)) +(typeattributeset netstats_service_26_0 (netstats_service)) +(typeattributeset netutils_wrapper_26_0 (netutils_wrapper)) +(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec)) +(typeattributeset network_management_service_26_0 (network_management_service)) +(typeattributeset network_score_service_26_0 (network_score_service)) +(typeattributeset network_time_update_service_26_0 (network_time_update_service)) +(typeattributeset nfc_26_0 (nfc)) +(typeattributeset nfc_data_file_26_0 (nfc_data_file)) +(typeattributeset nfc_device_26_0 (nfc_device)) +(typeattributeset nfc_prop_26_0 (nfc_prop)) +(typeattributeset nfc_service_26_0 (nfc_service)) +(typeattributeset node_26_0 (node)) +(typeattributeset notification_service_26_0 (notification_service)) +(typeattributeset null_device_26_0 (null_device)) +(typeattributeset oemfs_26_0 (oemfs)) +(typeattributeset oem_lock_service_26_0 (oem_lock_service)) +(typeattributeset ota_data_file_26_0 (ota_data_file)) +(typeattributeset otadexopt_service_26_0 (otadexopt_service)) +(typeattributeset ota_package_file_26_0 (ota_package_file)) +(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot)) +(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec)) +(typeattributeset otapreopt_slot_26_0 (otapreopt_slot)) +(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec)) +(typeattributeset overlay_prop_26_0 (overlay_prop)) +(typeattributeset overlay_service_26_0 (overlay_service)) +(typeattributeset owntty_device_26_0 (owntty_device)) +(typeattributeset package_service_26_0 (package_service)) +(typeattributeset pan_result_prop_26_0 (pan_result_prop)) +(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket)) +(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket)) +(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir)) +(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket)) +(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket)) +(typeattributeset pdx_display_dir_26_0 (pdx_display_dir)) +(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket)) +(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket)) +(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket)) +(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket)) +(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket)) +(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket)) +(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket)) +(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket)) +(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir)) +(typeattributeset performanced_26_0 (performanced)) +(typeattributeset performanced_exec_26_0 (performanced_exec)) +(typeattributeset permission_service_26_0 (permission_service)) +(typeattributeset persist_debug_prop_26_0 (persist_debug_prop)) +(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service)) +(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop)) +(typeattributeset pinner_service_26_0 (pinner_service)) +(typeattributeset pipefs_26_0 (pipefs)) +(typeattributeset platform_app_26_0 (platform_app)) +(typeattributeset pmsg_device_26_0 (pmsg_device)) +(typeattributeset port_26_0 (port)) +(typeattributeset port_device_26_0 (port_device)) +(typeattributeset postinstall_26_0 (postinstall)) +(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt)) +(typeattributeset postinstall_file_26_0 (postinstall_file)) +(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir)) +(typeattributeset powerctl_prop_26_0 (powerctl_prop)) +(typeattributeset power_service_26_0 (power_service)) +(typeattributeset ppp_26_0 (ppp)) +(typeattributeset ppp_device_26_0 (ppp_device)) +(typeattributeset ppp_exec_26_0 (ppp_exec)) +(typeattributeset preloads_data_file_26_0 (preloads_data_file)) +(typeattributeset preloads_media_file_26_0 (preloads_media_file)) +(typeattributeset preopt2cachename_26_0 (preopt2cachename)) +(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec)) +(typeattributeset print_service_26_0 (print_service)) +(typeattributeset priv_app_26_0 (mediaprovider priv_app)) +(typeattributeset proc_26_0 + ( proc + proc_abi + proc_asound + proc_buddyinfo + proc_cmdline + proc_dirty + proc_diskstats + proc_extra_free_kbytes + proc_filesystems + proc_hostname + proc_hung_task + proc_kmsg + proc_loadavg + proc_max_map_count + proc_min_free_order_shift + proc_mounts + proc_page_cluster + proc_pagetypeinfo + proc_panic + proc_pid_max + proc_pipe_conf + proc_random + proc_sched + proc_slabinfo + proc_swaps + proc_uid_time_in_state + proc_uid_concurrent_active_time + proc_uid_concurrent_policy_time + proc_uid_cpupower + proc_uptime + proc_version + proc_vmallocinfo + proc_vmstat)) +(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable)) +(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo)) +(typeattributeset proc_drop_caches_26_0 (proc_drop_caches)) +(typeattributeset processinfo_service_26_0 (processinfo_service)) +(typeattributeset proc_interrupts_26_0 (proc_interrupts)) +(typeattributeset proc_iomem_26_0 (proc_iomem)) +(typeattributeset proc_meminfo_26_0 (proc_meminfo)) +(typeattributeset proc_misc_26_0 (proc_misc)) +(typeattributeset proc_modules_26_0 (proc_modules)) +(typeattributeset proc_net_26_0 + ( proc_net + proc_net_tcp_udp + proc_qtaguid_stat)) +(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory)) +(typeattributeset proc_perf_26_0 (proc_perf)) +(typeattributeset proc_security_26_0 (proc_security)) +(typeattributeset proc_stat_26_0 (proc_stat)) +(typeattributeset procstats_service_26_0 (procstats_service)) +(typeattributeset proc_sysrq_26_0 (proc_sysrq)) +(typeattributeset proc_timer_26_0 (proc_timer)) +(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers)) +(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid)) +(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat)) +(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats)) +(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set)) +(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo)) +(typeattributeset profman_26_0 (profman)) +(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file)) +(typeattributeset profman_exec_26_0 (profman_exec)) +(typeattributeset properties_device_26_0 (properties_device)) +(typeattributeset properties_serial_26_0 (properties_serial)) +(typeattributeset property_contexts_file_26_0 (property_contexts_file)) +(typeattributeset property_data_file_26_0 (property_data_file)) +(typeattributeset property_socket_26_0 (property_socket)) +(typeattributeset pstorefs_26_0 (pstorefs)) +(typeattributeset ptmx_device_26_0 (ptmx_device)) +(typeattributeset qtaguid_device_26_0 (qtaguid_device)) +(typeattributeset qtaguid_proc_26_0 + ( qtaguid_proc + proc_qtaguid_ctrl)) +(typeattributeset racoon_26_0 (racoon)) +(typeattributeset racoon_exec_26_0 (racoon_exec)) +(typeattributeset racoon_socket_26_0 (racoon_socket)) +(typeattributeset radio_26_0 (radio)) +(typeattributeset radio_data_file_26_0 (radio_data_file)) +(typeattributeset radio_device_26_0 (radio_device)) +(typeattributeset radio_prop_26_0 (radio_prop)) +(typeattributeset radio_service_26_0 (radio_service)) +(typeattributeset ram_device_26_0 (ram_device)) +(typeattributeset random_device_26_0 (random_device)) +(typeattributeset reboot_data_file_26_0 (reboot_data_file)) +(typeattributeset recovery_26_0 (recovery)) +(typeattributeset recovery_block_device_26_0 (recovery_block_device)) +(typeattributeset recovery_data_file_26_0 (recovery_data_file)) +(typeattributeset recovery_persist_26_0 (recovery_persist)) +(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec)) +(typeattributeset recovery_refresh_26_0 (recovery_refresh)) +(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec)) +(typeattributeset recovery_service_26_0 (recovery_service)) +(typeattributeset registry_service_26_0 (registry_service)) +(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file)) +(typeattributeset restorecon_prop_26_0 (restorecon_prop)) +(typeattributeset restrictions_service_26_0 (restrictions_service)) +(typeattributeset rild_26_0 (rild)) +(typeattributeset rild_debug_socket_26_0 (rild_debug_socket)) +(typeattributeset rild_socket_26_0 (rild_socket)) +(typeattributeset ringtone_file_26_0 (ringtone_file)) +(typeattributeset root_block_device_26_0 (root_block_device)) +(typeattributeset rootfs_26_0 (rootfs)) +(typeattributeset rpmsg_device_26_0 (rpmsg_device)) +(typeattributeset rtc_device_26_0 (rtc_device)) +(typeattributeset rttmanager_service_26_0 (rttmanager_service)) +(typeattributeset runas_26_0 (runas)) +(typeattributeset runas_exec_26_0 (runas_exec)) +(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file)) +(typeattributeset safemode_prop_26_0 (safemode_prop)) +(typeattributeset same_process_hal_file_26_0 + ( same_process_hal_file + vendor_public_lib_file)) +(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service)) +(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service)) +(typeattributeset sdcardd_26_0 (sdcardd)) +(typeattributeset sdcardd_exec_26_0 (sdcardd_exec)) +(typeattributeset sdcardfs_26_0 (sdcardfs)) +(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file)) +(typeattributeset search_service_26_0 (search_service)) +(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service)) +(typeattributeset selinuxfs_26_0 (selinuxfs)) +(typeattributeset sensors_device_26_0 (sensors_device)) +(typeattributeset sensorservice_service_26_0 (sensorservice_service)) +(typeattributeset sepolicy_file_26_0 (sepolicy_file)) +(typeattributeset serial_device_26_0 (serial_device)) +(typeattributeset serialno_prop_26_0 (serialno_prop)) +(typeattributeset serial_service_26_0 (serial_service)) +(typeattributeset service_contexts_file_26_0 (service_contexts_file nonplat_service_contexts_file)) +(typeattributeset servicediscovery_service_26_0 (servicediscovery_service)) +(typeattributeset servicemanager_26_0 (servicemanager)) +(typeattributeset servicemanager_exec_26_0 (servicemanager_exec)) +(typeattributeset settings_service_26_0 (settings_service)) +(typeattributeset sgdisk_26_0 (sgdisk)) +(typeattributeset sgdisk_exec_26_0 (sgdisk_exec)) +(typeattributeset shared_relro_26_0 (shared_relro)) +(typeattributeset shared_relro_file_26_0 (shared_relro_file)) +(typeattributeset shell_26_0 (shell)) +(typeattributeset shell_data_file_26_0 (shell_data_file)) +(typeattributeset shell_exec_26_0 (shell_exec)) +(typeattributeset shell_prop_26_0 (shell_prop)) +(typeattributeset shm_26_0 (shm)) +(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons)) +(typeattributeset shortcut_service_26_0 (shortcut_service)) +(typeattributeset slideshow_26_0 (slideshow)) +(typeattributeset socket_device_26_0 (socket_device)) +(typeattributeset sockfs_26_0 (sockfs)) +(typeattributeset statusbar_service_26_0 (statusbar_service)) +(typeattributeset storaged_service_26_0 (storaged_service)) +(typeattributeset storage_file_26_0 (storage_file)) +(typeattributeset storagestats_service_26_0 (storagestats_service)) +(typeattributeset storage_stub_file_26_0 (storage_stub_file)) +(typeattributeset su_26_0 (su)) +(typeattributeset su_exec_26_0 (su_exec)) +(typeattributeset surfaceflinger_26_0 (surfaceflinger)) +(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service)) +(typeattributeset swap_block_device_26_0 (swap_block_device)) +(typeattributeset sysfs_26_0 + ( sysfs + sysfs_android_usb + sysfs_dm + sysfs_dt_firmware_android + sysfs_ipv4 + sysfs_kernel_notes + sysfs_loop + sysfs_net + sysfs_power + sysfs_rtc + sysfs_switch + sysfs_wakeup_reasons)) +(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo)) +(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable)) +(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu)) +(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom)) +(typeattributeset sysfs_leds_26_0 (sysfs_leds)) +(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller)) +(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address)) +(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable)) +(typeattributeset sysfs_thermal_26_0 (sysfs_thermal)) +(typeattributeset sysfs_uio_26_0 (sysfs_uio)) +(typeattributeset sysfs_usb_26_0 (sysfs_usb)) +(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator)) +(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock)) +(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath)) +(typeattributeset sysfs_zram_26_0 (sysfs_zram)) +(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent)) +(typeattributeset system_app_26_0 (system_app)) +(typeattributeset system_app_data_file_26_0 (system_app_data_file)) +(typeattributeset system_app_service_26_0 (system_app_service)) +(typeattributeset system_block_device_26_0 (system_block_device)) +(typeattributeset system_data_file_26_0 + ( system_data_file + dropbox_data_file + vendor_data_file)) +(typeattributeset system_file_26_0 + ( system_file + system_lib_file + system_linker_config_file + system_linker_exec + system_seccomp_policy_file + system_security_cacerts_file + system_zoneinfo_file +)) +(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file)) +(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket)) +(typeattributeset system_prop_26_0 (system_prop)) +(typeattributeset system_radio_prop_26_0 (system_radio_prop)) +(typeattributeset system_server_26_0 (system_server)) +(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice)) +(typeattributeset system_wpa_socket_26_0 (system_wpa_socket)) +(typeattributeset task_service_26_0 (task_service)) +(typeattributeset tee_26_0 (tee)) +(typeattributeset tee_data_file_26_0 (tee_data_file)) +(typeattributeset tee_device_26_0 (tee_device)) +(typeattributeset telecom_service_26_0 (telecom_service)) +(typeattributeset textclassification_service_26_0 (textclassification_service)) +(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file)) +(typeattributeset textservices_service_26_0 (textservices_service)) +(typeattributeset tmpfs_26_0 (tmpfs)) +(typeattributeset tombstoned_26_0 (tombstoned)) +(typeattributeset tombstone_data_file_26_0 (tombstone_data_file)) +(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket)) +(typeattributeset tombstoned_exec_26_0 (tombstoned_exec)) +(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket)) +(typeattributeset toolbox_26_0 (toolbox)) +(typeattributeset toolbox_exec_26_0 (toolbox_exec)) +(typeattributeset tracing_shell_writable_26_0 (debugfs_tracing tracing_shell_writable)) +(typeattributeset tracing_shell_writable_debug_26_0 (debugfs_tracing_debug tracing_shell_writable_debug)) +(typeattributeset trust_service_26_0 (trust_service)) +(typeattributeset tty_device_26_0 (tty_device)) +(typeattributeset tun_device_26_0 (tun_device)) +(typeattributeset tv_input_service_26_0 (tv_input_service)) +(typeattributeset tzdatacheck_26_0 (tzdatacheck)) +(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec)) +(typeattributeset ueventd_26_0 (ueventd)) +(typeattributeset uhid_device_26_0 (uhid_device)) +(typeattributeset uimode_service_26_0 (uimode_service)) +(typeattributeset uio_device_26_0 (uio_device)) +(typeattributeset uncrypt_26_0 (uncrypt)) +(typeattributeset uncrypt_exec_26_0 (uncrypt_exec)) +(typeattributeset uncrypt_socket_26_0 (uncrypt_socket)) +(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file)) +(typeattributeset unlabeled_26_0 (unlabeled)) +(typeattributeset untrusted_app_25_26_0 (untrusted_app_25)) +(typeattributeset untrusted_app_26_0 + ( untrusted_app + untrusted_app_27)) +(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app)) +(typeattributeset update_engine_26_0 (update_engine)) +(typeattributeset update_engine_data_file_26_0 (update_engine_data_file)) +(typeattributeset update_engine_exec_26_0 (update_engine_exec)) +(typeattributeset update_engine_service_26_0 (update_engine_service)) +(typeattributeset updatelock_service_26_0 (updatelock_service)) +(typeattributeset update_verifier_26_0 (update_verifier)) +(typeattributeset update_verifier_exec_26_0 (update_verifier_exec)) +(typeattributeset usagestats_service_26_0 (usagestats_service)) +(typeattributeset usbaccessory_device_26_0 (usbaccessory_device)) +(typeattributeset usb_device_26_0 (usb_device)) +(typeattributeset usbfs_26_0 (usbfs)) +(typeattributeset usb_service_26_0 (usb_service)) +(typeattributeset userdata_block_device_26_0 (userdata_block_device)) +(typeattributeset usermodehelper_26_0 (sysfs_usermodehelper usermodehelper)) +(typeattributeset user_profile_data_file_26_0 (user_profile_data_file)) +(typeattributeset user_service_26_0 (user_service)) +(typeattributeset vcs_device_26_0 (vcs_device)) +(typeattributeset vdc_26_0 (vdc)) +(typeattributeset vdc_exec_26_0 (vdc_exec)) +(typeattributeset vendor_app_file_26_0 (vendor_app_file)) +(typeattributeset vendor_configs_file_26_0 (vendor_configs_file)) +(typeattributeset vendor_file_26_0 (vendor_file)) +(typeattributeset vendor_framework_file_26_0 (vendor_framework_file)) +(typeattributeset vendor_hal_file_26_0 (vendor_hal_file)) +(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file)) +(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec)) +(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec)) +(typeattributeset vfat_26_0 (vfat)) +(typeattributeset vibrator_service_26_0 (vibrator_service)) +(typeattributeset video_device_26_0 (video_device)) +(typeattributeset virtual_touchpad_26_0 (virtual_touchpad)) +(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec)) +(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service)) +(typeattributeset vndbinder_device_26_0 (vndbinder_device)) +(typeattributeset vndk_sp_file_26_0 (vndk_sp_file)) +(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file)) +(typeattributeset vndservicemanager_26_0 (vndservicemanager)) +(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service)) +(typeattributeset vold_26_0 (vold)) +(typeattributeset vold_data_file_26_0 (vold_data_file)) +(typeattributeset vold_device_26_0 (vold_device)) +(typeattributeset vold_exec_26_0 (vold_exec)) +(typeattributeset vold_prop_26_0 (vold_prop)) +(typeattributeset vold_socket_26_0 (vold_socket)) +(typeattributeset vpn_data_file_26_0 (vpn_data_file)) +(typeattributeset vr_hwc_26_0 (vr_hwc)) +(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec)) +(typeattributeset vr_hwc_service_26_0 (vr_hwc_service)) +(typeattributeset vr_manager_service_26_0 (vr_manager_service)) +(typeattributeset wallpaper_file_26_0 (wallpaper_file)) +(typeattributeset wallpaper_service_26_0 (wallpaper_service)) +(typeattributeset watchdogd_26_0 (watchdogd)) +(typeattributeset watchdog_device_26_0 (watchdog_device)) +(typeattributeset webviewupdate_service_26_0 (webviewupdate_service)) +(typeattributeset webview_zygote_26_0 (webview_zygote)) +(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec)) +(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket)) +(typeattributeset wifiaware_service_26_0 (wifiaware_service)) +(typeattributeset wificond_26_0 (wificond)) +(typeattributeset wificond_exec_26_0 (wificond_exec)) +(typeattributeset wificond_service_26_0 (wificond_service)) +(typeattributeset wifi_data_file_26_0 (wifi_data_file)) +(typeattributeset wifi_log_prop_26_0 (wifi_log_prop)) +(typeattributeset wifip2p_service_26_0 (wifip2p_service)) +(typeattributeset wifi_prop_26_0 (wifi_prop)) +(typeattributeset wifiscanner_service_26_0 (wifiscanner_service)) +(typeattributeset wifi_service_26_0 (wifi_service)) +(typeattributeset window_service_26_0 (window_service)) +(typeattributeset wpa_socket_26_0 (wpa_socket)) +(typeattributeset zero_device_26_0 (zero_device)) +(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file)) +(typeattributeset zygote_26_0 (zygote)) +(typeattributeset zygote_exec_26_0 (zygote_exec)) +(typeattributeset zygote_socket_26_0 (zygote_socket)) diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil new file mode 100644 index 000000000..30af58c42 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil @@ -0,0 +1,5 @@ +(typeattribute vendordomain) +(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) +(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff)))) +(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff)))) +(allow vendordomain self (netlink_route_socket (nlmsg_readpriv))) diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil new file mode 100644 index 000000000..b395855af --- /dev/null +++ b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil @@ -0,0 +1,229 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + activity_task_service + adb_service + adbd_exec + app_binding_service + apex_data_file + apex_metadata_file + apex_mnt_dir + apex_service + apexd + apexd_exec + apexd_prop + apexd_tmpfs + app_zygote + atrace + binder_calls_stats_service + biometric_service + bootloader_boot_reason_prop + blank_screen + blank_screen_exec + blank_screen_tmpfs + bluetooth_a2dp_offload_prop + bpfloader + bpfloader_exec + broadcastradio_service + cgroup_bpf + charger_exec + color_display_service + content_capture_service + crossprofileapps_service + ctl_apexd_prop + ctl_interface_restart_prop + ctl_interface_start_prop + ctl_interface_stop_prop + ctl_sigstop_prop + device_config_boot_count_prop + device_config_reset_performed_prop + device_config_netd_native_prop + dnsresolver_service + e2fs + e2fs_exec + exfat + exported_audio_prop + exported_bluetooth_prop + exported_config_prop + exported_dalvik_prop + exported_default_prop + exported_dumpstate_prop + exported_ffs_prop + exported_fingerprint_prop + exported_overlay_prop + exported_pm_prop + exported_radio_prop + exported_secure_prop + exported_system_prop + exported_system_radio_prop + exported_vold_prop + exported_wifi_prop + exported2_config_prop + exported2_default_prop + exported2_radio_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_radio_prop + exported3_system_prop + fastbootd + fingerprint_vendor_data_file + flags_health_check + flags_health_check_exec + fs_bpf + fwk_stats_hwservice + hal_atrace_hwservice + hal_audiocontrol_hwservice + hal_authsecret_hwservice + hal_broadcastradio_hwservice + hal_cas_hwservice + hal_codec2_hwservice + hal_confirmationui_hwservice + hal_evs_hwservice + hal_health_storage_hwservice + hal_lowpan_hwservice + hal_neuralnetworks_hwservice + hal_secure_element_hwservice + hal_tetheroffload_hwservice + hal_wifi_hostapd_hwservice + hal_usb_gadget_hwservice + hal_vehicle_hwservice + hal_wifi_offload_hwservice + heapprofd + heapprofd_exec + heapprofd_socket + incident_helper + incident_helper_exec + iorapd + iorapd_data_file + iorapd_exec + iorapd_service + iorapd_tmpfs + kmsg_debug_device + last_boot_reason_prop + llkd + llkd_exec + llkd_prop + llkd_tmpfs + looper_stats_service + lowpan_device + lowpan_prop + lowpan_service + mediaswcodec + mediaswcodec_exec + mediaswcodec_tmpfs + mediaextractor_update_service + mediaprovider_tmpfs + metadata_bootstat_file + metadata_file + mnt_product_file + mnt_vendor_file + netd_stable_secret_prop + network_stack + network_stack_service + network_watchlist_data_file + network_watchlist_service + overlayfs_file + package_native_service + perfetto + perfetto_exec + perfetto_tmpfs + perfetto_traces_data_file + property_info + recovery_socket + role_service + runas_app + art_apex_dir + runtime_service + secure_element + secure_element_device + secure_element_tmpfs + secure_element_service + server_configurable_flags_data_file + simpleperf_app_runner + simpleperf_app_runner_exec + slice_service + socket_hook_prop + staging_data_file + stats + stats_data_file + stats_exec + stats_service + statsd + statsd_exec + statsd_tmpfs + statsdw + statsdw_socket + statscompanion_service + storaged_data_file + super_block_device + sysfs_fs_ext4_features + system_boot_reason_prop + system_bootstrap_lib_file + system_lmk_prop + system_net_netd_hwservice + system_update_service + test_boot_reason_prop + thermal_service + thermalcallback_hwservice + thermalserviced + thermalserviced_exec + thermalserviced_tmpfs + time_prop + timedetector_service + timezone_service + tombstoned_java_trace_socket + tombstone_wifi_data_file + trace_data_file + traceur_app + traceur_app_tmpfs + traced + traced_consumer_socket + traced_enabled_prop + traced_exec + traced_probes + traced_probes_exec + traced_probes_tmpfs + traced_producer_socket + traced_tmpfs + untrusted_app_all_devpts + update_engine_log_data_file + vendor_default_prop + vendor_security_patch_level_prop + uri_grants_service + usbd + usbd_exec + usbd_tmpfs + vendor_apex_file + vendor_init + vendor_shell + vendor_socket_hook_prop + vndk_prop + vold_metadata_file + vold_prepare_subdirs + vold_prepare_subdirs_exec + vold_service + vrflinger_vsync_service + wait_for_keymaster + wait_for_keymaster_exec + wait_for_keymaster_tmpfs + watchdogd_tmpfs + wpantund + wpantund_exec + wpantund_service + wpantund_tmpfs + wm_trace_data_file)) + +;; private_objects - a collection of types that were labeled differently in +;; older policy, but that should not remain accessible to vendor policy. +;; Thus, these types are also not mapped, but recorded for checkapi tests +(type priv_objects) +(typeattribute priv_objects) +(typeattributeset priv_objects + ( priv_objects + adbd_tmpfs + untrusted_app_27_tmpfs)) diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.cil new file mode 100644 index 000000000..0d883c0c7 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/27.0/27.0.cil @@ -0,0 +1,1507 @@ +;; attributes removed from current policy +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) + +;; types removed from current policy +(type commontime_management_service) +(type hal_wifi_offload_hwservice) +(type mediacodec) +(type mediacodec_exec) +(type netd_socket) +(type qtaguid_proc) +(type reboot_data_file) +(type rild) +(type untrusted_v2_app) +(type webview_zygote_socket) +(type vold_socket) + +(expandtypeattribute (accessibility_service_27_0) true) +(expandtypeattribute (account_service_27_0) true) +(expandtypeattribute (activity_service_27_0) true) +(expandtypeattribute (adbd_27_0) true) +(expandtypeattribute (adb_data_file_27_0) true) +(expandtypeattribute (adbd_exec_27_0) true) +(expandtypeattribute (adbd_socket_27_0) true) +(expandtypeattribute (adb_keys_file_27_0) true) +(expandtypeattribute (alarm_device_27_0) true) +(expandtypeattribute (alarm_service_27_0) true) +(expandtypeattribute (anr_data_file_27_0) true) +(expandtypeattribute (apk_data_file_27_0) true) +(expandtypeattribute (apk_private_data_file_27_0) true) +(expandtypeattribute (apk_private_tmp_file_27_0) true) +(expandtypeattribute (apk_tmp_file_27_0) true) +(expandtypeattribute (app_data_file_27_0) true) +(expandtypeattribute (app_fuse_file_27_0) true) +(expandtypeattribute (app_fusefs_27_0) true) +(expandtypeattribute (appops_service_27_0) true) +(expandtypeattribute (appwidget_service_27_0) true) +(expandtypeattribute (asec_apk_file_27_0) true) +(expandtypeattribute (asec_image_file_27_0) true) +(expandtypeattribute (asec_public_file_27_0) true) +(expandtypeattribute (ashmem_device_27_0) true) +(expandtypeattribute (assetatlas_service_27_0) true) +(expandtypeattribute (audio_data_file_27_0) true) +(expandtypeattribute (audio_device_27_0) true) +(expandtypeattribute (audiohal_data_file_27_0) true) +(expandtypeattribute (audio_prop_27_0) true) +(expandtypeattribute (audio_seq_device_27_0) true) +(expandtypeattribute (audioserver_27_0) true) +(expandtypeattribute (audioserver_data_file_27_0) true) +(expandtypeattribute (audioserver_service_27_0) true) +(expandtypeattribute (audio_service_27_0) true) +(expandtypeattribute (audio_timer_device_27_0) true) +(expandtypeattribute (autofill_service_27_0) true) +(expandtypeattribute (backup_data_file_27_0) true) +(expandtypeattribute (backup_service_27_0) true) +(expandtypeattribute (batteryproperties_service_27_0) true) +(expandtypeattribute (battery_service_27_0) true) +(expandtypeattribute (batterystats_service_27_0) true) +(expandtypeattribute (binder_device_27_0) true) +(expandtypeattribute (binfmt_miscfs_27_0) true) +(expandtypeattribute (blkid_27_0) true) +(expandtypeattribute (blkid_untrusted_27_0) true) +(expandtypeattribute (block_device_27_0) true) +(expandtypeattribute (bluetooth_27_0) true) +(expandtypeattribute (bluetooth_data_file_27_0) true) +(expandtypeattribute (bluetooth_efs_file_27_0) true) +(expandtypeattribute (bluetooth_logs_data_file_27_0) true) +(expandtypeattribute (bluetooth_manager_service_27_0) true) +(expandtypeattribute (bluetooth_prop_27_0) true) +(expandtypeattribute (bluetooth_service_27_0) true) +(expandtypeattribute (bluetooth_socket_27_0) true) +(expandtypeattribute (bootanim_27_0) true) +(expandtypeattribute (bootanim_exec_27_0) true) +(expandtypeattribute (boot_block_device_27_0) true) +(expandtypeattribute (bootchart_data_file_27_0) true) +(expandtypeattribute (bootstat_27_0) true) +(expandtypeattribute (bootstat_data_file_27_0) true) +(expandtypeattribute (bootstat_exec_27_0) true) +(expandtypeattribute (boottime_prop_27_0) true) +(expandtypeattribute (boottrace_data_file_27_0) true) +(expandtypeattribute (broadcastradio_service_27_0) true) +(expandtypeattribute (bufferhubd_27_0) true) +(expandtypeattribute (bufferhubd_exec_27_0) true) +(expandtypeattribute (cache_backup_file_27_0) true) +(expandtypeattribute (cache_block_device_27_0) true) +(expandtypeattribute (cache_file_27_0) true) +(expandtypeattribute (cache_private_backup_file_27_0) true) +(expandtypeattribute (cache_recovery_file_27_0) true) +(expandtypeattribute (camera_data_file_27_0) true) +(expandtypeattribute (camera_device_27_0) true) +(expandtypeattribute (cameraproxy_service_27_0) true) +(expandtypeattribute (cameraserver_27_0) true) +(expandtypeattribute (cameraserver_exec_27_0) true) +(expandtypeattribute (cameraserver_service_27_0) true) +(expandtypeattribute (cgroup_27_0) true) +(expandtypeattribute (charger_27_0) true) +(expandtypeattribute (clatd_27_0) true) +(expandtypeattribute (clatd_exec_27_0) true) +(expandtypeattribute (clipboard_service_27_0) true) +(expandtypeattribute (commontime_management_service_27_0) true) +(expandtypeattribute (companion_device_service_27_0) true) +(expandtypeattribute (configfs_27_0) true) +(expandtypeattribute (config_prop_27_0) true) +(expandtypeattribute (connectivity_service_27_0) true) +(expandtypeattribute (connmetrics_service_27_0) true) +(expandtypeattribute (console_device_27_0) true) +(expandtypeattribute (consumer_ir_service_27_0) true) +(expandtypeattribute (content_service_27_0) true) +(expandtypeattribute (contexthub_service_27_0) true) +(expandtypeattribute (coredump_file_27_0) true) +(expandtypeattribute (country_detector_service_27_0) true) +(expandtypeattribute (coverage_service_27_0) true) +(expandtypeattribute (cppreopt_prop_27_0) true) +(expandtypeattribute (cppreopts_27_0) true) +(expandtypeattribute (cppreopts_exec_27_0) true) +(expandtypeattribute (cpuctl_device_27_0) true) +(expandtypeattribute (cpuinfo_service_27_0) true) +(expandtypeattribute (crash_dump_27_0) true) +(expandtypeattribute (crash_dump_exec_27_0) true) +(expandtypeattribute (ctl_bootanim_prop_27_0) true) +(expandtypeattribute (ctl_bugreport_prop_27_0) true) +(expandtypeattribute (ctl_console_prop_27_0) true) +(expandtypeattribute (ctl_default_prop_27_0) true) +(expandtypeattribute (ctl_dumpstate_prop_27_0) true) +(expandtypeattribute (ctl_fuse_prop_27_0) true) +(expandtypeattribute (ctl_mdnsd_prop_27_0) true) +(expandtypeattribute (ctl_rildaemon_prop_27_0) true) +(expandtypeattribute (dalvikcache_data_file_27_0) true) +(expandtypeattribute (dalvik_prop_27_0) true) +(expandtypeattribute (dbinfo_service_27_0) true) +(expandtypeattribute (debugfs_27_0) true) +(expandtypeattribute (debugfs_mmc_27_0) true) +(expandtypeattribute (debugfs_trace_marker_27_0) true) +(expandtypeattribute (debugfs_tracing_27_0) true) +(expandtypeattribute (debugfs_tracing_debug_27_0) true) +(expandtypeattribute (debugfs_tracing_instances_27_0) true) +(expandtypeattribute (debugfs_wifi_tracing_27_0) true) +(expandtypeattribute (debuggerd_prop_27_0) true) +(expandtypeattribute (debug_prop_27_0) true) +(expandtypeattribute (default_android_hwservice_27_0) true) +(expandtypeattribute (default_android_service_27_0) true) +(expandtypeattribute (default_android_vndservice_27_0) true) +(expandtypeattribute (default_prop_27_0) true) +(expandtypeattribute (device_27_0) true) +(expandtypeattribute (device_identifiers_service_27_0) true) +(expandtypeattribute (deviceidle_service_27_0) true) +(expandtypeattribute (device_logging_prop_27_0) true) +(expandtypeattribute (device_policy_service_27_0) true) +(expandtypeattribute (devicestoragemonitor_service_27_0) true) +(expandtypeattribute (devpts_27_0) true) +(expandtypeattribute (dex2oat_27_0) true) +(expandtypeattribute (dex2oat_exec_27_0) true) +(expandtypeattribute (dhcp_27_0) true) +(expandtypeattribute (dhcp_data_file_27_0) true) +(expandtypeattribute (dhcp_exec_27_0) true) +(expandtypeattribute (dhcp_prop_27_0) true) +(expandtypeattribute (diskstats_service_27_0) true) +(expandtypeattribute (display_service_27_0) true) +(expandtypeattribute (dm_device_27_0) true) +(expandtypeattribute (dnsmasq_27_0) true) +(expandtypeattribute (dnsmasq_exec_27_0) true) +(expandtypeattribute (dnsproxyd_socket_27_0) true) +(expandtypeattribute (DockObserver_service_27_0) true) +(expandtypeattribute (dreams_service_27_0) true) +(expandtypeattribute (drm_data_file_27_0) true) +(expandtypeattribute (drmserver_27_0) true) +(expandtypeattribute (drmserver_exec_27_0) true) +(expandtypeattribute (drmserver_service_27_0) true) +(expandtypeattribute (drmserver_socket_27_0) true) +(expandtypeattribute (dropbox_service_27_0) true) +(expandtypeattribute (dumpstate_27_0) true) +(expandtypeattribute (dumpstate_exec_27_0) true) +(expandtypeattribute (dumpstate_options_prop_27_0) true) +(expandtypeattribute (dumpstate_prop_27_0) true) +(expandtypeattribute (dumpstate_service_27_0) true) +(expandtypeattribute (dumpstate_socket_27_0) true) +(expandtypeattribute (e2fs_27_0) true) +(expandtypeattribute (e2fs_exec_27_0) true) +(expandtypeattribute (efs_file_27_0) true) +(expandtypeattribute (ephemeral_app_27_0) true) +(expandtypeattribute (ethernet_service_27_0) true) +(expandtypeattribute (ffs_prop_27_0) true) +(expandtypeattribute (file_contexts_file_27_0) true) +(expandtypeattribute (fingerprintd_27_0) true) +(expandtypeattribute (fingerprintd_data_file_27_0) true) +(expandtypeattribute (fingerprintd_exec_27_0) true) +(expandtypeattribute (fingerprintd_service_27_0) true) +(expandtypeattribute (fingerprint_prop_27_0) true) +(expandtypeattribute (fingerprint_service_27_0) true) +(expandtypeattribute (firstboot_prop_27_0) true) +(expandtypeattribute (font_service_27_0) true) +(expandtypeattribute (frp_block_device_27_0) true) +(expandtypeattribute (fsck_27_0) true) +(expandtypeattribute (fsck_exec_27_0) true) +(expandtypeattribute (fscklogs_27_0) true) +(expandtypeattribute (fsck_untrusted_27_0) true) +(expandtypeattribute (full_device_27_0) true) +(expandtypeattribute (functionfs_27_0) true) +(expandtypeattribute (fuse_27_0) true) +(expandtypeattribute (fuse_device_27_0) true) +(expandtypeattribute (fwk_display_hwservice_27_0) true) +(expandtypeattribute (fwk_scheduler_hwservice_27_0) true) +(expandtypeattribute (fwk_sensor_hwservice_27_0) true) +(expandtypeattribute (fwmarkd_socket_27_0) true) +(expandtypeattribute (gatekeeperd_27_0) true) +(expandtypeattribute (gatekeeper_data_file_27_0) true) +(expandtypeattribute (gatekeeperd_exec_27_0) true) +(expandtypeattribute (gatekeeper_service_27_0) true) +(expandtypeattribute (gfxinfo_service_27_0) true) +(expandtypeattribute (gps_control_27_0) true) +(expandtypeattribute (gpu_device_27_0) true) +(expandtypeattribute (gpu_service_27_0) true) +(expandtypeattribute (graphics_device_27_0) true) +(expandtypeattribute (graphicsstats_service_27_0) true) +(expandtypeattribute (hal_audio_hwservice_27_0) true) +(expandtypeattribute (hal_bluetooth_hwservice_27_0) true) +(expandtypeattribute (hal_bootctl_hwservice_27_0) true) +(expandtypeattribute (hal_broadcastradio_hwservice_27_0) true) +(expandtypeattribute (hal_camera_hwservice_27_0) true) +(expandtypeattribute (hal_cas_hwservice_27_0) true) +(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_27_0) true) +(expandtypeattribute (hal_contexthub_hwservice_27_0) true) +(expandtypeattribute (hal_drm_hwservice_27_0) true) +(expandtypeattribute (hal_dumpstate_hwservice_27_0) true) +(expandtypeattribute (hal_fingerprint_hwservice_27_0) true) +(expandtypeattribute (hal_fingerprint_service_27_0) true) +(expandtypeattribute (hal_gatekeeper_hwservice_27_0) true) +(expandtypeattribute (hal_gnss_hwservice_27_0) true) +(expandtypeattribute (hal_graphics_allocator_hwservice_27_0) true) +(expandtypeattribute (hal_graphics_composer_hwservice_27_0) true) +(expandtypeattribute (hal_graphics_mapper_hwservice_27_0) true) +(expandtypeattribute (hal_health_hwservice_27_0) true) +(expandtypeattribute (hal_ir_hwservice_27_0) true) +(expandtypeattribute (hal_keymaster_hwservice_27_0) true) +(expandtypeattribute (hal_light_hwservice_27_0) true) +(expandtypeattribute (hal_memtrack_hwservice_27_0) true) +(expandtypeattribute (hal_neuralnetworks_hwservice_27_0) true) +(expandtypeattribute (hal_nfc_hwservice_27_0) true) +(expandtypeattribute (hal_oemlock_hwservice_27_0) true) +(expandtypeattribute (hal_omx_hwservice_27_0) true) +(expandtypeattribute (hal_power_hwservice_27_0) true) +(expandtypeattribute (hal_renderscript_hwservice_27_0) true) +(expandtypeattribute (hal_sensors_hwservice_27_0) true) +(expandtypeattribute (hal_telephony_hwservice_27_0) true) +(expandtypeattribute (hal_tetheroffload_hwservice_27_0) true) +(expandtypeattribute (hal_thermal_hwservice_27_0) true) +(expandtypeattribute (hal_tv_cec_hwservice_27_0) true) +(expandtypeattribute (hal_tv_input_hwservice_27_0) true) +(expandtypeattribute (hal_usb_hwservice_27_0) true) +(expandtypeattribute (hal_vibrator_hwservice_27_0) true) +(expandtypeattribute (hal_vr_hwservice_27_0) true) +(expandtypeattribute (hal_weaver_hwservice_27_0) true) +(expandtypeattribute (hal_wifi_hwservice_27_0) true) +(expandtypeattribute (hal_wifi_offload_hwservice_27_0) true) +(expandtypeattribute (hal_wifi_supplicant_hwservice_27_0) true) +(expandtypeattribute (hardware_properties_service_27_0) true) +(expandtypeattribute (hardware_service_27_0) true) +(expandtypeattribute (hci_attach_dev_27_0) true) +(expandtypeattribute (hdmi_control_service_27_0) true) +(expandtypeattribute (healthd_27_0) true) +(expandtypeattribute (healthd_exec_27_0) true) +(expandtypeattribute (heapdump_data_file_27_0) true) +(expandtypeattribute (hidl_allocator_hwservice_27_0) true) +(expandtypeattribute (hidl_base_hwservice_27_0) true) +(expandtypeattribute (hidl_manager_hwservice_27_0) true) +(expandtypeattribute (hidl_memory_hwservice_27_0) true) +(expandtypeattribute (hidl_token_hwservice_27_0) true) +(expandtypeattribute (hwbinder_device_27_0) true) +(expandtypeattribute (hw_random_device_27_0) true) +(expandtypeattribute (hwservice_contexts_file_27_0) true) +(expandtypeattribute (hwservicemanager_27_0) true) +(expandtypeattribute (hwservicemanager_exec_27_0) true) +(expandtypeattribute (hwservicemanager_prop_27_0) true) +(expandtypeattribute (i2c_device_27_0) true) +(expandtypeattribute (icon_file_27_0) true) +(expandtypeattribute (idmap_27_0) true) +(expandtypeattribute (idmap_exec_27_0) true) +(expandtypeattribute (iio_device_27_0) true) +(expandtypeattribute (imms_service_27_0) true) +(expandtypeattribute (incident_27_0) true) +(expandtypeattribute (incidentd_27_0) true) +(expandtypeattribute (incident_data_file_27_0) true) +(expandtypeattribute (incident_service_27_0) true) +(expandtypeattribute (init_27_0) true) +(expandtypeattribute (init_exec_27_0) true) +(expandtypeattribute (inotify_27_0) true) +(expandtypeattribute (input_device_27_0) true) +(expandtypeattribute (inputflinger_27_0) true) +(expandtypeattribute (inputflinger_exec_27_0) true) +(expandtypeattribute (inputflinger_service_27_0) true) +(expandtypeattribute (input_method_service_27_0) true) +(expandtypeattribute (input_service_27_0) true) +(expandtypeattribute (installd_27_0) true) +(expandtypeattribute (install_data_file_27_0) true) +(expandtypeattribute (installd_exec_27_0) true) +(expandtypeattribute (installd_service_27_0) true) +(expandtypeattribute (install_recovery_27_0) true) +(expandtypeattribute (install_recovery_exec_27_0) true) +(expandtypeattribute (ion_device_27_0) true) +(expandtypeattribute (IProxyService_service_27_0) true) +(expandtypeattribute (ipsec_service_27_0) true) +(expandtypeattribute (isolated_app_27_0) true) +(expandtypeattribute (jobscheduler_service_27_0) true) +(expandtypeattribute (kernel_27_0) true) +(expandtypeattribute (keychain_data_file_27_0) true) +(expandtypeattribute (keychord_device_27_0) true) +(expandtypeattribute (keystore_27_0) true) +(expandtypeattribute (keystore_data_file_27_0) true) +(expandtypeattribute (keystore_exec_27_0) true) +(expandtypeattribute (keystore_service_27_0) true) +(expandtypeattribute (kmem_device_27_0) true) +(expandtypeattribute (kmsg_debug_device_27_0) true) +(expandtypeattribute (kmsg_device_27_0) true) +(expandtypeattribute (labeledfs_27_0) true) +(expandtypeattribute (launcherapps_service_27_0) true) +(expandtypeattribute (lmkd_27_0) true) +(expandtypeattribute (lmkd_exec_27_0) true) +(expandtypeattribute (lmkd_socket_27_0) true) +(expandtypeattribute (location_service_27_0) true) +(expandtypeattribute (lock_settings_service_27_0) true) +(expandtypeattribute (logcat_exec_27_0) true) +(expandtypeattribute (logd_27_0) true) +(expandtypeattribute (logd_exec_27_0) true) +(expandtypeattribute (logd_prop_27_0) true) +(expandtypeattribute (logdr_socket_27_0) true) +(expandtypeattribute (logd_socket_27_0) true) +(expandtypeattribute (logdw_socket_27_0) true) +(expandtypeattribute (logpersist_27_0) true) +(expandtypeattribute (logpersistd_logging_prop_27_0) true) +(expandtypeattribute (log_prop_27_0) true) +(expandtypeattribute (log_tag_prop_27_0) true) +(expandtypeattribute (loop_control_device_27_0) true) +(expandtypeattribute (loop_device_27_0) true) +(expandtypeattribute (mac_perms_file_27_0) true) +(expandtypeattribute (mdnsd_27_0) true) +(expandtypeattribute (mdnsd_socket_27_0) true) +(expandtypeattribute (mdns_socket_27_0) true) +(expandtypeattribute (mediacodec_27_0) true) +(expandtypeattribute (mediacodec_exec_27_0) true) +(expandtypeattribute (mediacodec_service_27_0) true) +(expandtypeattribute (media_data_file_27_0) true) +(expandtypeattribute (mediadrmserver_27_0) true) +(expandtypeattribute (mediadrmserver_exec_27_0) true) +(expandtypeattribute (mediadrmserver_service_27_0) true) +(expandtypeattribute (mediaextractor_27_0) true) +(expandtypeattribute (mediaextractor_exec_27_0) true) +(expandtypeattribute (mediaextractor_service_27_0) true) +(expandtypeattribute (mediametrics_27_0) true) +(expandtypeattribute (mediametrics_exec_27_0) true) +(expandtypeattribute (mediametrics_service_27_0) true) +(expandtypeattribute (media_projection_service_27_0) true) +(expandtypeattribute (mediaprovider_27_0) true) +(expandtypeattribute (media_router_service_27_0) true) +(expandtypeattribute (media_rw_data_file_27_0) true) +(expandtypeattribute (mediaserver_27_0) true) +(expandtypeattribute (mediaserver_exec_27_0) true) +(expandtypeattribute (mediaserver_service_27_0) true) +(expandtypeattribute (media_session_service_27_0) true) +(expandtypeattribute (meminfo_service_27_0) true) +(expandtypeattribute (metadata_block_device_27_0) true) +(expandtypeattribute (method_trace_data_file_27_0) true) +(expandtypeattribute (midi_service_27_0) true) +(expandtypeattribute (misc_block_device_27_0) true) +(expandtypeattribute (misc_logd_file_27_0) true) +(expandtypeattribute (misc_user_data_file_27_0) true) +(expandtypeattribute (mmc_prop_27_0) true) +(expandtypeattribute (mnt_expand_file_27_0) true) +(expandtypeattribute (mnt_media_rw_file_27_0) true) +(expandtypeattribute (mnt_media_rw_stub_file_27_0) true) +(expandtypeattribute (mnt_user_file_27_0) true) +(expandtypeattribute (modprobe_27_0) true) +(expandtypeattribute (mount_service_27_0) true) +(expandtypeattribute (mqueue_27_0) true) +(expandtypeattribute (mtd_device_27_0) true) +(expandtypeattribute (mtp_27_0) true) +(expandtypeattribute (mtp_device_27_0) true) +(expandtypeattribute (mtpd_socket_27_0) true) +(expandtypeattribute (mtp_exec_27_0) true) +(expandtypeattribute (nativetest_data_file_27_0) true) +(expandtypeattribute (netd_27_0) true) +(expandtypeattribute (net_data_file_27_0) true) +(expandtypeattribute (netd_exec_27_0) true) +(expandtypeattribute (netd_listener_service_27_0) true) +(expandtypeattribute (net_dns_prop_27_0) true) +(expandtypeattribute (netd_service_27_0) true) +(expandtypeattribute (netd_socket_27_0) true) +(expandtypeattribute (netd_stable_secret_prop_27_0) true) +(expandtypeattribute (netif_27_0) true) +(expandtypeattribute (netpolicy_service_27_0) true) +(expandtypeattribute (net_radio_prop_27_0) true) +(expandtypeattribute (netstats_service_27_0) true) +(expandtypeattribute (netutils_wrapper_27_0) true) +(expandtypeattribute (netutils_wrapper_exec_27_0) true) +(expandtypeattribute (network_management_service_27_0) true) +(expandtypeattribute (network_score_service_27_0) true) +(expandtypeattribute (network_time_update_service_27_0) true) +(expandtypeattribute (nfc_27_0) true) +(expandtypeattribute (nfc_data_file_27_0) true) +(expandtypeattribute (nfc_device_27_0) true) +(expandtypeattribute (nfc_prop_27_0) true) +(expandtypeattribute (nfc_service_27_0) true) +(expandtypeattribute (node_27_0) true) +(expandtypeattribute (nonplat_service_contexts_file_27_0) true) +(expandtypeattribute (notification_service_27_0) true) +(expandtypeattribute (null_device_27_0) true) +(expandtypeattribute (oemfs_27_0) true) +(expandtypeattribute (oem_lock_service_27_0) true) +(expandtypeattribute (ota_data_file_27_0) true) +(expandtypeattribute (otadexopt_service_27_0) true) +(expandtypeattribute (ota_package_file_27_0) true) +(expandtypeattribute (otapreopt_chroot_27_0) true) +(expandtypeattribute (otapreopt_chroot_exec_27_0) true) +(expandtypeattribute (otapreopt_slot_27_0) true) +(expandtypeattribute (otapreopt_slot_exec_27_0) true) +(expandtypeattribute (overlay_prop_27_0) true) +(expandtypeattribute (overlay_service_27_0) true) +(expandtypeattribute (owntty_device_27_0) true) +(expandtypeattribute (package_native_service_27_0) true) +(expandtypeattribute (package_service_27_0) true) +(expandtypeattribute (pan_result_prop_27_0) true) +(expandtypeattribute (pdx_bufferhub_client_channel_socket_27_0) true) +(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_bufferhub_dir_27_0) true) +(expandtypeattribute (pdx_display_client_channel_socket_27_0) true) +(expandtypeattribute (pdx_display_client_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_display_dir_27_0) true) +(expandtypeattribute (pdx_display_manager_channel_socket_27_0) true) +(expandtypeattribute (pdx_display_manager_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_display_screenshot_channel_socket_27_0) true) +(expandtypeattribute (pdx_display_screenshot_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_display_vsync_channel_socket_27_0) true) +(expandtypeattribute (pdx_display_vsync_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_performance_client_channel_socket_27_0) true) +(expandtypeattribute (pdx_performance_client_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_performance_dir_27_0) true) +(expandtypeattribute (performanced_27_0) true) +(expandtypeattribute (performanced_exec_27_0) true) +(expandtypeattribute (permission_service_27_0) true) +(expandtypeattribute (persist_debug_prop_27_0) true) +(expandtypeattribute (persistent_data_block_service_27_0) true) +(expandtypeattribute (persistent_properties_ready_prop_27_0) true) +(expandtypeattribute (pinner_service_27_0) true) +(expandtypeattribute (pipefs_27_0) true) +(expandtypeattribute (platform_app_27_0) true) +(expandtypeattribute (pmsg_device_27_0) true) +(expandtypeattribute (port_27_0) true) +(expandtypeattribute (port_device_27_0) true) +(expandtypeattribute (postinstall_27_0) true) +(expandtypeattribute (postinstall_dexopt_27_0) true) +(expandtypeattribute (postinstall_file_27_0) true) +(expandtypeattribute (postinstall_mnt_dir_27_0) true) +(expandtypeattribute (powerctl_prop_27_0) true) +(expandtypeattribute (power_service_27_0) true) +(expandtypeattribute (ppp_27_0) true) +(expandtypeattribute (ppp_device_27_0) true) +(expandtypeattribute (ppp_exec_27_0) true) +(expandtypeattribute (preloads_data_file_27_0) true) +(expandtypeattribute (preloads_media_file_27_0) true) +(expandtypeattribute (preopt2cachename_27_0) true) +(expandtypeattribute (preopt2cachename_exec_27_0) true) +(expandtypeattribute (print_service_27_0) true) +(expandtypeattribute (priv_app_27_0) true) +(expandtypeattribute (proc_27_0) true) +(expandtypeattribute (proc_bluetooth_writable_27_0) true) +(expandtypeattribute (proc_cpuinfo_27_0) true) +(expandtypeattribute (proc_drop_caches_27_0) true) +(expandtypeattribute (processinfo_service_27_0) true) +(expandtypeattribute (proc_interrupts_27_0) true) +(expandtypeattribute (proc_iomem_27_0) true) +(expandtypeattribute (proc_meminfo_27_0) true) +(expandtypeattribute (proc_misc_27_0) true) +(expandtypeattribute (proc_modules_27_0) true) +(expandtypeattribute (proc_net_27_0) true) +(expandtypeattribute (proc_overcommit_memory_27_0) true) +(expandtypeattribute (proc_perf_27_0) true) +(expandtypeattribute (proc_security_27_0) true) +(expandtypeattribute (proc_stat_27_0) true) +(expandtypeattribute (procstats_service_27_0) true) +(expandtypeattribute (proc_sysrq_27_0) true) +(expandtypeattribute (proc_timer_27_0) true) +(expandtypeattribute (proc_tty_drivers_27_0) true) +(expandtypeattribute (proc_uid_cputime_removeuid_27_0) true) +(expandtypeattribute (proc_uid_cputime_showstat_27_0) true) +(expandtypeattribute (proc_uid_io_stats_27_0) true) +(expandtypeattribute (proc_uid_procstat_set_27_0) true) +(expandtypeattribute (proc_uid_time_in_state_27_0) true) +(expandtypeattribute (proc_zoneinfo_27_0) true) +(expandtypeattribute (profman_27_0) true) +(expandtypeattribute (profman_dump_data_file_27_0) true) +(expandtypeattribute (profman_exec_27_0) true) +(expandtypeattribute (properties_device_27_0) true) +(expandtypeattribute (properties_serial_27_0) true) +(expandtypeattribute (property_contexts_file_27_0) true) +(expandtypeattribute (property_data_file_27_0) true) +(expandtypeattribute (property_socket_27_0) true) +(expandtypeattribute (pstorefs_27_0) true) +(expandtypeattribute (ptmx_device_27_0) true) +(expandtypeattribute (qtaguid_device_27_0) true) +(expandtypeattribute (qtaguid_proc_27_0) true) +(expandtypeattribute (racoon_27_0) true) +(expandtypeattribute (racoon_exec_27_0) true) +(expandtypeattribute (racoon_socket_27_0) true) +(expandtypeattribute (radio_27_0) true) +(expandtypeattribute (radio_data_file_27_0) true) +(expandtypeattribute (radio_device_27_0) true) +(expandtypeattribute (radio_prop_27_0) true) +(expandtypeattribute (radio_service_27_0) true) +(expandtypeattribute (ram_device_27_0) true) +(expandtypeattribute (random_device_27_0) true) +(expandtypeattribute (reboot_data_file_27_0) true) +(expandtypeattribute (recovery_27_0) true) +(expandtypeattribute (recovery_block_device_27_0) true) +(expandtypeattribute (recovery_data_file_27_0) true) +(expandtypeattribute (recovery_persist_27_0) true) +(expandtypeattribute (recovery_persist_exec_27_0) true) +(expandtypeattribute (recovery_refresh_27_0) true) +(expandtypeattribute (recovery_refresh_exec_27_0) true) +(expandtypeattribute (recovery_service_27_0) true) +(expandtypeattribute (registry_service_27_0) true) +(expandtypeattribute (resourcecache_data_file_27_0) true) +(expandtypeattribute (restorecon_prop_27_0) true) +(expandtypeattribute (restrictions_service_27_0) true) +(expandtypeattribute (rild_27_0) true) +(expandtypeattribute (rild_debug_socket_27_0) true) +(expandtypeattribute (rild_socket_27_0) true) +(expandtypeattribute (ringtone_file_27_0) true) +(expandtypeattribute (root_block_device_27_0) true) +(expandtypeattribute (rootfs_27_0) true) +(expandtypeattribute (rpmsg_device_27_0) true) +(expandtypeattribute (rtc_device_27_0) true) +(expandtypeattribute (rttmanager_service_27_0) true) +(expandtypeattribute (runas_27_0) true) +(expandtypeattribute (runas_exec_27_0) true) +(expandtypeattribute (runtime_event_log_tags_file_27_0) true) +(expandtypeattribute (safemode_prop_27_0) true) +(expandtypeattribute (same_process_hal_file_27_0) true) +(expandtypeattribute (samplingprofiler_service_27_0) true) +(expandtypeattribute (scheduling_policy_service_27_0) true) +(expandtypeattribute (sdcardd_27_0) true) +(expandtypeattribute (sdcardd_exec_27_0) true) +(expandtypeattribute (sdcardfs_27_0) true) +(expandtypeattribute (seapp_contexts_file_27_0) true) +(expandtypeattribute (search_service_27_0) true) +(expandtypeattribute (sec_key_att_app_id_provider_service_27_0) true) +(expandtypeattribute (selinuxfs_27_0) true) +(expandtypeattribute (sensors_device_27_0) true) +(expandtypeattribute (sensorservice_service_27_0) true) +(expandtypeattribute (sepolicy_file_27_0) true) +(expandtypeattribute (serial_device_27_0) true) +(expandtypeattribute (serialno_prop_27_0) true) +(expandtypeattribute (serial_service_27_0) true) +(expandtypeattribute (service_contexts_file_27_0) true) +(expandtypeattribute (servicediscovery_service_27_0) true) +(expandtypeattribute (servicemanager_27_0) true) +(expandtypeattribute (servicemanager_exec_27_0) true) +(expandtypeattribute (settings_service_27_0) true) +(expandtypeattribute (sgdisk_27_0) true) +(expandtypeattribute (sgdisk_exec_27_0) true) +(expandtypeattribute (shared_relro_27_0) true) +(expandtypeattribute (shared_relro_file_27_0) true) +(expandtypeattribute (shell_27_0) true) +(expandtypeattribute (shell_data_file_27_0) true) +(expandtypeattribute (shell_exec_27_0) true) +(expandtypeattribute (shell_prop_27_0) true) +(expandtypeattribute (shm_27_0) true) +(expandtypeattribute (shortcut_manager_icons_27_0) true) +(expandtypeattribute (shortcut_service_27_0) true) +(expandtypeattribute (slideshow_27_0) true) +(expandtypeattribute (socket_device_27_0) true) +(expandtypeattribute (sockfs_27_0) true) +(expandtypeattribute (statusbar_service_27_0) true) +(expandtypeattribute (storaged_service_27_0) true) +(expandtypeattribute (storage_file_27_0) true) +(expandtypeattribute (storagestats_service_27_0) true) +(expandtypeattribute (storage_stub_file_27_0) true) +(expandtypeattribute (su_27_0) true) +(expandtypeattribute (su_exec_27_0) true) +(expandtypeattribute (surfaceflinger_27_0) true) +(expandtypeattribute (surfaceflinger_service_27_0) true) +(expandtypeattribute (swap_block_device_27_0) true) +(expandtypeattribute (sysfs_27_0) true) +(expandtypeattribute (sysfs_batteryinfo_27_0) true) +(expandtypeattribute (sysfs_bluetooth_writable_27_0) true) +(expandtypeattribute (sysfs_devices_system_cpu_27_0) true) +(expandtypeattribute (sysfs_fs_ext4_features_27_0) true) +(expandtypeattribute (sysfs_hwrandom_27_0) true) +(expandtypeattribute (sysfs_leds_27_0) true) +(expandtypeattribute (sysfs_lowmemorykiller_27_0) true) +(expandtypeattribute (sysfs_mac_address_27_0) true) +(expandtypeattribute (sysfs_nfc_power_writable_27_0) true) +(expandtypeattribute (sysfs_thermal_27_0) true) +(expandtypeattribute (sysfs_uio_27_0) true) +(expandtypeattribute (sysfs_usb_27_0) true) +(expandtypeattribute (sysfs_usermodehelper_27_0) true) +(expandtypeattribute (sysfs_vibrator_27_0) true) +(expandtypeattribute (sysfs_wake_lock_27_0) true) +(expandtypeattribute (sysfs_wlan_fwpath_27_0) true) +(expandtypeattribute (sysfs_zram_27_0) true) +(expandtypeattribute (sysfs_zram_uevent_27_0) true) +(expandtypeattribute (system_app_27_0) true) +(expandtypeattribute (system_app_data_file_27_0) true) +(expandtypeattribute (system_app_service_27_0) true) +(expandtypeattribute (system_block_device_27_0) true) +(expandtypeattribute (system_data_file_27_0) true) +(expandtypeattribute (system_file_27_0) true) +(expandtypeattribute (systemkeys_data_file_27_0) true) +(expandtypeattribute (system_ndebug_socket_27_0) true) +(expandtypeattribute (system_net_netd_hwservice_27_0) true) +(expandtypeattribute (system_prop_27_0) true) +(expandtypeattribute (system_radio_prop_27_0) true) +(expandtypeattribute (system_server_27_0) true) +(expandtypeattribute (system_wifi_keystore_hwservice_27_0) true) +(expandtypeattribute (system_wpa_socket_27_0) true) +(expandtypeattribute (task_service_27_0) true) +(expandtypeattribute (tee_27_0) true) +(expandtypeattribute (tee_data_file_27_0) true) +(expandtypeattribute (tee_device_27_0) true) +(expandtypeattribute (telecom_service_27_0) true) +(expandtypeattribute (textclassification_service_27_0) true) +(expandtypeattribute (textclassifier_data_file_27_0) true) +(expandtypeattribute (textservices_service_27_0) true) +(expandtypeattribute (thermalcallback_hwservice_27_0) true) +(expandtypeattribute (thermal_service_27_0) true) +(expandtypeattribute (thermalserviced_27_0) true) +(expandtypeattribute (thermalserviced_exec_27_0) true) +(expandtypeattribute (timezone_service_27_0) true) +(expandtypeattribute (tmpfs_27_0) true) +(expandtypeattribute (tombstoned_27_0) true) +(expandtypeattribute (tombstone_data_file_27_0) true) +(expandtypeattribute (tombstoned_crash_socket_27_0) true) +(expandtypeattribute (tombstoned_exec_27_0) true) +(expandtypeattribute (tombstoned_intercept_socket_27_0) true) +(expandtypeattribute (tombstoned_java_trace_socket_27_0) true) +(expandtypeattribute (toolbox_27_0) true) +(expandtypeattribute (toolbox_exec_27_0) true) +(expandtypeattribute (trust_service_27_0) true) +(expandtypeattribute (tty_device_27_0) true) +(expandtypeattribute (tun_device_27_0) true) +(expandtypeattribute (tv_input_service_27_0) true) +(expandtypeattribute (tzdatacheck_27_0) true) +(expandtypeattribute (tzdatacheck_exec_27_0) true) +(expandtypeattribute (ueventd_27_0) true) +(expandtypeattribute (uhid_device_27_0) true) +(expandtypeattribute (uimode_service_27_0) true) +(expandtypeattribute (uio_device_27_0) true) +(expandtypeattribute (uncrypt_27_0) true) +(expandtypeattribute (uncrypt_exec_27_0) true) +(expandtypeattribute (uncrypt_socket_27_0) true) +(expandtypeattribute (unencrypted_data_file_27_0) true) +(expandtypeattribute (unlabeled_27_0) true) +(expandtypeattribute (untrusted_app_25_27_0) true) +(expandtypeattribute (untrusted_app_27_0) true) +(expandtypeattribute (untrusted_v2_app_27_0) true) +(expandtypeattribute (update_engine_27_0) true) +(expandtypeattribute (update_engine_data_file_27_0) true) +(expandtypeattribute (update_engine_exec_27_0) true) +(expandtypeattribute (update_engine_service_27_0) true) +(expandtypeattribute (updatelock_service_27_0) true) +(expandtypeattribute (update_verifier_27_0) true) +(expandtypeattribute (update_verifier_exec_27_0) true) +(expandtypeattribute (usagestats_service_27_0) true) +(expandtypeattribute (usbaccessory_device_27_0) true) +(expandtypeattribute (usb_device_27_0) true) +(expandtypeattribute (usbfs_27_0) true) +(expandtypeattribute (usb_service_27_0) true) +(expandtypeattribute (userdata_block_device_27_0) true) +(expandtypeattribute (usermodehelper_27_0) true) +(expandtypeattribute (user_profile_data_file_27_0) true) +(expandtypeattribute (user_service_27_0) true) +(expandtypeattribute (vcs_device_27_0) true) +(expandtypeattribute (vdc_27_0) true) +(expandtypeattribute (vdc_exec_27_0) true) +(expandtypeattribute (vendor_app_file_27_0) true) +(expandtypeattribute (vendor_configs_file_27_0) true) +(expandtypeattribute (vendor_file_27_0) true) +(expandtypeattribute (vendor_framework_file_27_0) true) +(expandtypeattribute (vendor_hal_file_27_0) true) +(expandtypeattribute (vendor_overlay_file_27_0) true) +(expandtypeattribute (vendor_shell_exec_27_0) true) +(expandtypeattribute (vendor_toolbox_exec_27_0) true) +(expandtypeattribute (vfat_27_0) true) +(expandtypeattribute (vibrator_service_27_0) true) +(expandtypeattribute (video_device_27_0) true) +(expandtypeattribute (virtual_touchpad_27_0) true) +(expandtypeattribute (virtual_touchpad_exec_27_0) true) +(expandtypeattribute (virtual_touchpad_service_27_0) true) +(expandtypeattribute (vndbinder_device_27_0) true) +(expandtypeattribute (vndk_sp_file_27_0) true) +(expandtypeattribute (vndservice_contexts_file_27_0) true) +(expandtypeattribute (vndservicemanager_27_0) true) +(expandtypeattribute (voiceinteraction_service_27_0) true) +(expandtypeattribute (vold_27_0) true) +(expandtypeattribute (vold_data_file_27_0) true) +(expandtypeattribute (vold_device_27_0) true) +(expandtypeattribute (vold_exec_27_0) true) +(expandtypeattribute (vold_prop_27_0) true) +(expandtypeattribute (vold_socket_27_0) true) +(expandtypeattribute (vpn_data_file_27_0) true) +(expandtypeattribute (vr_hwc_27_0) true) +(expandtypeattribute (vr_hwc_exec_27_0) true) +(expandtypeattribute (vr_hwc_service_27_0) true) +(expandtypeattribute (vr_manager_service_27_0) true) +(expandtypeattribute (wallpaper_file_27_0) true) +(expandtypeattribute (wallpaper_service_27_0) true) +(expandtypeattribute (watchdogd_27_0) true) +(expandtypeattribute (watchdog_device_27_0) true) +(expandtypeattribute (webviewupdate_service_27_0) true) +(expandtypeattribute (webview_zygote_27_0) true) +(expandtypeattribute (webview_zygote_exec_27_0) true) +(expandtypeattribute (webview_zygote_socket_27_0) true) +(expandtypeattribute (wifiaware_service_27_0) true) +(expandtypeattribute (wificond_27_0) true) +(expandtypeattribute (wificond_exec_27_0) true) +(expandtypeattribute (wificond_service_27_0) true) +(expandtypeattribute (wifi_data_file_27_0) true) +(expandtypeattribute (wifi_log_prop_27_0) true) +(expandtypeattribute (wifip2p_service_27_0) true) +(expandtypeattribute (wifi_prop_27_0) true) +(expandtypeattribute (wifiscanner_service_27_0) true) +(expandtypeattribute (wifi_service_27_0) true) +(expandtypeattribute (window_service_27_0) true) +(expandtypeattribute (wpa_socket_27_0) true) +(expandtypeattribute (zero_device_27_0) true) +(expandtypeattribute (zoneinfo_data_file_27_0) true) +(expandtypeattribute (zygote_27_0) true) +(expandtypeattribute (zygote_exec_27_0) true) +(expandtypeattribute (zygote_socket_27_0) true) +(typeattributeset accessibility_service_27_0 (accessibility_service)) +(typeattributeset account_service_27_0 (account_service)) +(typeattributeset activity_service_27_0 (activity_service)) +(typeattributeset adbd_27_0 (adbd)) +(typeattributeset adb_data_file_27_0 (adb_data_file)) +(typeattributeset adbd_exec_27_0 (adbd_exec)) +(typeattributeset adbd_socket_27_0 (adbd_socket)) +(typeattributeset adb_keys_file_27_0 (adb_keys_file)) +(typeattributeset alarm_device_27_0 (alarm_device)) +(typeattributeset alarm_service_27_0 (alarm_service)) +(typeattributeset anr_data_file_27_0 (anr_data_file)) +(typeattributeset apk_data_file_27_0 (apk_data_file)) +(typeattributeset apk_private_data_file_27_0 (apk_private_data_file)) +(typeattributeset apk_private_tmp_file_27_0 (apk_private_tmp_file)) +(typeattributeset apk_tmp_file_27_0 (apk_tmp_file)) +(typeattributeset app_data_file_27_0 (app_data_file privapp_data_file)) +(typeattributeset app_fuse_file_27_0 (app_fuse_file)) +(typeattributeset app_fusefs_27_0 (app_fusefs)) +(typeattributeset appops_service_27_0 (appops_service)) +(typeattributeset appwidget_service_27_0 (appwidget_service)) +(typeattributeset asec_apk_file_27_0 (asec_apk_file)) +(typeattributeset asec_image_file_27_0 (asec_image_file)) +(typeattributeset asec_public_file_27_0 (asec_public_file)) +(typeattributeset ashmem_device_27_0 (ashmem_device)) +(typeattributeset assetatlas_service_27_0 (assetatlas_service)) +(typeattributeset audio_data_file_27_0 (audio_data_file)) +(typeattributeset audio_device_27_0 (audio_device)) +(typeattributeset audiohal_data_file_27_0 (audiohal_data_file)) +(typeattributeset audio_prop_27_0 (audio_prop)) +(typeattributeset audio_seq_device_27_0 (audio_seq_device)) +(typeattributeset audioserver_27_0 (audioserver)) +(typeattributeset audioserver_data_file_27_0 (audioserver_data_file)) +(typeattributeset audioserver_service_27_0 (audioserver_service)) +(typeattributeset audio_service_27_0 (audio_service)) +(typeattributeset audio_timer_device_27_0 (audio_timer_device)) +(typeattributeset autofill_service_27_0 (autofill_service)) +(typeattributeset backup_data_file_27_0 (backup_data_file)) +(typeattributeset backup_service_27_0 (backup_service)) +(typeattributeset batteryproperties_service_27_0 (batteryproperties_service)) +(typeattributeset battery_service_27_0 (battery_service)) +(typeattributeset batterystats_service_27_0 (batterystats_service)) +(typeattributeset binder_device_27_0 (binder_device)) +(typeattributeset binfmt_miscfs_27_0 (binfmt_miscfs)) +(typeattributeset blkid_27_0 (blkid)) +(typeattributeset blkid_untrusted_27_0 (blkid_untrusted)) +(typeattributeset block_device_27_0 (block_device)) +(typeattributeset bluetooth_27_0 (bluetooth)) +(typeattributeset bluetooth_data_file_27_0 (bluetooth_data_file)) +(typeattributeset bluetooth_efs_file_27_0 (bluetooth_efs_file)) +(typeattributeset bluetooth_logs_data_file_27_0 (bluetooth_logs_data_file)) +(typeattributeset bluetooth_manager_service_27_0 (bluetooth_manager_service)) +(typeattributeset bluetooth_prop_27_0 (bluetooth_prop)) +(typeattributeset bluetooth_service_27_0 (bluetooth_service)) +(typeattributeset bluetooth_socket_27_0 (bluetooth_socket)) +(typeattributeset bootanim_27_0 (bootanim)) +(typeattributeset bootanim_exec_27_0 (bootanim_exec)) +(typeattributeset boot_block_device_27_0 (boot_block_device)) +(typeattributeset bootchart_data_file_27_0 (bootchart_data_file)) +(typeattributeset bootstat_27_0 (bootstat)) +(typeattributeset bootstat_data_file_27_0 (bootstat_data_file)) +(typeattributeset bootstat_exec_27_0 (bootstat_exec)) +(typeattributeset boottime_prop_27_0 (boottime_prop)) +(typeattributeset boottrace_data_file_27_0 (boottrace_data_file)) +(typeattributeset broadcastradio_service_27_0 (broadcastradio_service)) +(typeattributeset bufferhubd_27_0 (bufferhubd)) +(typeattributeset bufferhubd_exec_27_0 (bufferhubd_exec)) +(typeattributeset cache_backup_file_27_0 (cache_backup_file)) +(typeattributeset cache_block_device_27_0 (cache_block_device)) +(typeattributeset cache_file_27_0 (cache_file)) +(typeattributeset cache_private_backup_file_27_0 (cache_private_backup_file)) +(typeattributeset cache_recovery_file_27_0 (cache_recovery_file)) +(typeattributeset camera_data_file_27_0 (camera_data_file)) +(typeattributeset camera_device_27_0 (camera_device)) +(typeattributeset cameraproxy_service_27_0 (cameraproxy_service)) +(typeattributeset cameraserver_27_0 (cameraserver)) +(typeattributeset cameraserver_exec_27_0 (cameraserver_exec)) +(typeattributeset cameraserver_service_27_0 (cameraserver_service)) +(typeattributeset cgroup_27_0 (cgroup)) +(typeattributeset charger_27_0 (charger)) +(typeattributeset clatd_27_0 (clatd)) +(typeattributeset clatd_exec_27_0 (clatd_exec)) +(typeattributeset clipboard_service_27_0 (clipboard_service)) +(typeattributeset commontime_management_service_27_0 (commontime_management_service)) +(typeattributeset companion_device_service_27_0 (companion_device_service)) +(typeattributeset configfs_27_0 (configfs)) +(typeattributeset config_prop_27_0 (config_prop)) +(typeattributeset connectivity_service_27_0 (connectivity_service)) +(typeattributeset connmetrics_service_27_0 (connmetrics_service)) +(typeattributeset console_device_27_0 (console_device)) +(typeattributeset consumer_ir_service_27_0 (consumer_ir_service)) +(typeattributeset content_service_27_0 (content_service)) +(typeattributeset contexthub_service_27_0 (contexthub_service)) +(typeattributeset coredump_file_27_0 (coredump_file)) +(typeattributeset country_detector_service_27_0 (country_detector_service)) +(typeattributeset coverage_service_27_0 (coverage_service)) +(typeattributeset cppreopt_prop_27_0 (cppreopt_prop)) +(typeattributeset cppreopts_27_0 (cppreopts)) +(typeattributeset cppreopts_exec_27_0 (cppreopts_exec)) +(typeattributeset cpuctl_device_27_0 (cpuctl_device)) +(typeattributeset cpuinfo_service_27_0 (cpuinfo_service)) +(typeattributeset crash_dump_27_0 (crash_dump)) +(typeattributeset crash_dump_exec_27_0 (crash_dump_exec)) +(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop)) +(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop)) +(typeattributeset ctl_console_prop_27_0 (ctl_console_prop)) +(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop)) +(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop)) +(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop)) +(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop)) +(typeattributeset ctl_rildaemon_prop_27_0 (ctl_rildaemon_prop)) +(typeattributeset dalvikcache_data_file_27_0 (dalvikcache_data_file)) +(typeattributeset dalvik_prop_27_0 (dalvik_prop)) +(typeattributeset dbinfo_service_27_0 (dbinfo_service)) +(typeattributeset debugfs_27_0 + ( debugfs + debugfs_wakeup_sources)) +(typeattributeset debugfs_mmc_27_0 (debugfs_mmc)) +(typeattributeset debugfs_trace_marker_27_0 (debugfs_trace_marker)) +(typeattributeset debugfs_tracing_27_0 (debugfs_tracing)) +(typeattributeset debugfs_tracing_debug_27_0 (debugfs_tracing_debug)) +(typeattributeset debugfs_tracing_instances_27_0 (debugfs_tracing_instances)) +(typeattributeset debugfs_wifi_tracing_27_0 (debugfs_wifi_tracing)) +(typeattributeset debuggerd_prop_27_0 (debuggerd_prop)) +(typeattributeset debug_prop_27_0 (debug_prop)) +(typeattributeset default_android_hwservice_27_0 (default_android_hwservice)) +(typeattributeset default_android_service_27_0 (default_android_service)) +(typeattributeset default_android_vndservice_27_0 (default_android_vndservice)) +(typeattributeset default_prop_27_0 + ( default_prop + pm_prop)) +(typeattributeset device_27_0 (device)) +(typeattributeset device_identifiers_service_27_0 (device_identifiers_service)) +(typeattributeset deviceidle_service_27_0 (deviceidle_service)) +(typeattributeset device_logging_prop_27_0 (device_logging_prop)) +(typeattributeset device_policy_service_27_0 (device_policy_service)) +(typeattributeset devicestoragemonitor_service_27_0 (devicestoragemonitor_service)) +(typeattributeset devpts_27_0 (devpts)) +(typeattributeset dex2oat_27_0 (dex2oat)) +(typeattributeset dex2oat_exec_27_0 (dex2oat_exec)) +(typeattributeset dhcp_27_0 (dhcp)) +(typeattributeset dhcp_data_file_27_0 (dhcp_data_file)) +(typeattributeset dhcp_exec_27_0 (dhcp_exec)) +(typeattributeset dhcp_prop_27_0 (dhcp_prop)) +(typeattributeset diskstats_service_27_0 (diskstats_service)) +(typeattributeset display_service_27_0 (display_service)) +(typeattributeset dm_device_27_0 (dm_device)) +(typeattributeset dnsmasq_27_0 (dnsmasq)) +(typeattributeset dnsmasq_exec_27_0 (dnsmasq_exec)) +(typeattributeset dnsproxyd_socket_27_0 (dnsproxyd_socket)) +(typeattributeset DockObserver_service_27_0 (DockObserver_service)) +(typeattributeset dreams_service_27_0 (dreams_service)) +(typeattributeset drm_data_file_27_0 (drm_data_file)) +(typeattributeset drmserver_27_0 (drmserver)) +(typeattributeset drmserver_exec_27_0 (drmserver_exec)) +(typeattributeset drmserver_service_27_0 (drmserver_service)) +(typeattributeset drmserver_socket_27_0 (drmserver_socket)) +(typeattributeset dropbox_service_27_0 (dropbox_service)) +(typeattributeset dumpstate_27_0 (dumpstate)) +(typeattributeset dumpstate_exec_27_0 (dumpstate_exec)) +(typeattributeset dumpstate_options_prop_27_0 (dumpstate_options_prop)) +(typeattributeset dumpstate_prop_27_0 (dumpstate_prop)) +(typeattributeset dumpstate_service_27_0 (dumpstate_service)) +(typeattributeset dumpstate_socket_27_0 (dumpstate_socket)) +(typeattributeset e2fs_27_0 (e2fs)) +(typeattributeset e2fs_exec_27_0 (e2fs_exec)) +(typeattributeset efs_file_27_0 (efs_file)) +(typeattributeset ephemeral_app_27_0 (ephemeral_app)) +(typeattributeset ethernet_service_27_0 (ethernet_service)) +(typeattributeset ffs_prop_27_0 (ffs_prop)) +(typeattributeset file_contexts_file_27_0 (file_contexts_file)) +(typeattributeset fingerprintd_27_0 (fingerprintd)) +(typeattributeset fingerprintd_data_file_27_0 (fingerprintd_data_file)) +(typeattributeset fingerprintd_exec_27_0 (fingerprintd_exec)) +(typeattributeset fingerprintd_service_27_0 (fingerprintd_service)) +(typeattributeset fingerprint_prop_27_0 (fingerprint_prop)) +(typeattributeset fingerprint_service_27_0 (fingerprint_service)) +(typeattributeset firstboot_prop_27_0 (firstboot_prop)) +(typeattributeset font_service_27_0 (font_service)) +(typeattributeset frp_block_device_27_0 (frp_block_device)) +(typeattributeset fsck_27_0 (fsck)) +(typeattributeset fsck_exec_27_0 (fsck_exec)) +(typeattributeset fscklogs_27_0 (fscklogs)) +(typeattributeset fsck_untrusted_27_0 (fsck_untrusted)) +(typeattributeset full_device_27_0 (full_device)) +(typeattributeset functionfs_27_0 (functionfs)) +(typeattributeset fuse_27_0 (fuse)) +(typeattributeset fuse_device_27_0 (fuse_device)) +(typeattributeset fwk_display_hwservice_27_0 (fwk_display_hwservice)) +(typeattributeset fwk_scheduler_hwservice_27_0 (fwk_scheduler_hwservice)) +(typeattributeset fwk_sensor_hwservice_27_0 (fwk_sensor_hwservice)) +(typeattributeset fwmarkd_socket_27_0 (fwmarkd_socket)) +(typeattributeset gatekeeperd_27_0 (gatekeeperd)) +(typeattributeset gatekeeper_data_file_27_0 (gatekeeper_data_file)) +(typeattributeset gatekeeperd_exec_27_0 (gatekeeperd_exec)) +(typeattributeset gatekeeper_service_27_0 (gatekeeper_service)) +(typeattributeset gfxinfo_service_27_0 (gfxinfo_service)) +(typeattributeset gps_control_27_0 (gps_control)) +(typeattributeset gpu_device_27_0 (gpu_device)) +(typeattributeset gpu_service_27_0 (gpu_service)) +(typeattributeset graphics_device_27_0 (graphics_device)) +(typeattributeset graphicsstats_service_27_0 (graphicsstats_service)) +(typeattributeset hal_audio_hwservice_27_0 (hal_audio_hwservice)) +(typeattributeset hal_bluetooth_hwservice_27_0 (hal_bluetooth_hwservice)) +(typeattributeset hal_bootctl_hwservice_27_0 (hal_bootctl_hwservice)) +(typeattributeset hal_broadcastradio_hwservice_27_0 (hal_broadcastradio_hwservice)) +(typeattributeset hal_camera_hwservice_27_0 (hal_camera_hwservice)) +(typeattributeset hal_cas_hwservice_27_0 (hal_cas_hwservice)) +(typeattributeset hal_configstore_ISurfaceFlingerConfigs_27_0 (hal_configstore_ISurfaceFlingerConfigs)) +(typeattributeset hal_contexthub_hwservice_27_0 (hal_contexthub_hwservice)) +(typeattributeset hal_drm_hwservice_27_0 (hal_drm_hwservice)) +(typeattributeset hal_dumpstate_hwservice_27_0 (hal_dumpstate_hwservice)) +(typeattributeset hal_fingerprint_hwservice_27_0 (hal_fingerprint_hwservice)) +(typeattributeset hal_fingerprint_service_27_0 (hal_fingerprint_service)) +(typeattributeset hal_gatekeeper_hwservice_27_0 (hal_gatekeeper_hwservice)) +(typeattributeset hal_gnss_hwservice_27_0 (hal_gnss_hwservice)) +(typeattributeset hal_graphics_allocator_hwservice_27_0 (hal_graphics_allocator_hwservice)) +(typeattributeset hal_graphics_composer_hwservice_27_0 (hal_graphics_composer_hwservice)) +(typeattributeset hal_graphics_mapper_hwservice_27_0 (hal_graphics_mapper_hwservice)) +(typeattributeset hal_health_hwservice_27_0 (hal_health_hwservice)) +(typeattributeset hal_ir_hwservice_27_0 (hal_ir_hwservice)) +(typeattributeset hal_keymaster_hwservice_27_0 (hal_keymaster_hwservice)) +(typeattributeset hal_light_hwservice_27_0 (hal_light_hwservice)) +(typeattributeset hal_memtrack_hwservice_27_0 (hal_memtrack_hwservice)) +(typeattributeset hal_neuralnetworks_hwservice_27_0 (hal_neuralnetworks_hwservice)) +(typeattributeset hal_nfc_hwservice_27_0 (hal_nfc_hwservice)) +(typeattributeset hal_oemlock_hwservice_27_0 (hal_oemlock_hwservice)) +(typeattributeset hal_omx_hwservice_27_0 (hal_omx_hwservice)) +(typeattributeset hal_power_hwservice_27_0 (hal_power_hwservice)) +(typeattributeset hal_renderscript_hwservice_27_0 (hal_renderscript_hwservice)) +(typeattributeset hal_sensors_hwservice_27_0 (hal_sensors_hwservice)) +(typeattributeset hal_telephony_hwservice_27_0 (hal_telephony_hwservice)) +(typeattributeset hal_tetheroffload_hwservice_27_0 (hal_tetheroffload_hwservice)) +(typeattributeset hal_thermal_hwservice_27_0 (hal_thermal_hwservice)) +(typeattributeset hal_tv_cec_hwservice_27_0 (hal_tv_cec_hwservice)) +(typeattributeset hal_tv_input_hwservice_27_0 (hal_tv_input_hwservice)) +(typeattributeset hal_usb_hwservice_27_0 (hal_usb_hwservice)) +(typeattributeset hal_vibrator_hwservice_27_0 (hal_vibrator_hwservice)) +(typeattributeset hal_vr_hwservice_27_0 (hal_vr_hwservice)) +(typeattributeset hal_weaver_hwservice_27_0 (hal_weaver_hwservice)) +(typeattributeset hal_wifi_hwservice_27_0 (hal_wifi_hwservice)) +(typeattributeset hal_wifi_offload_hwservice_27_0 (hal_wifi_offload_hwservice)) +(typeattributeset hal_wifi_supplicant_hwservice_27_0 (hal_wifi_supplicant_hwservice)) +(typeattributeset hardware_properties_service_27_0 (hardware_properties_service)) +(typeattributeset hardware_service_27_0 (hardware_service)) +(typeattributeset hci_attach_dev_27_0 (hci_attach_dev)) +(typeattributeset hdmi_control_service_27_0 (hdmi_control_service)) +(typeattributeset healthd_27_0 (healthd)) +(typeattributeset healthd_exec_27_0 (healthd_exec)) +(typeattributeset heapdump_data_file_27_0 (heapdump_data_file)) +(typeattributeset hidl_allocator_hwservice_27_0 (hidl_allocator_hwservice)) +(typeattributeset hidl_base_hwservice_27_0 (hidl_base_hwservice)) +(typeattributeset hidl_manager_hwservice_27_0 (hidl_manager_hwservice)) +(typeattributeset hidl_memory_hwservice_27_0 (hidl_memory_hwservice)) +(typeattributeset hidl_token_hwservice_27_0 (hidl_token_hwservice)) +(typeattributeset hwbinder_device_27_0 (hwbinder_device)) +(typeattributeset hw_random_device_27_0 (hw_random_device)) +(typeattributeset hwservice_contexts_file_27_0 (hwservice_contexts_file)) +(typeattributeset hwservicemanager_27_0 (hwservicemanager)) +(typeattributeset hwservicemanager_exec_27_0 (hwservicemanager_exec)) +(typeattributeset hwservicemanager_prop_27_0 (hwservicemanager_prop)) +(typeattributeset i2c_device_27_0 (i2c_device)) +(typeattributeset icon_file_27_0 (icon_file)) +(typeattributeset idmap_27_0 (idmap)) +(typeattributeset idmap_exec_27_0 (idmap_exec)) +(typeattributeset iio_device_27_0 (iio_device)) +(typeattributeset imms_service_27_0 (imms_service)) +(typeattributeset incident_27_0 (incident)) +(typeattributeset incidentd_27_0 (incidentd)) +(typeattributeset incident_data_file_27_0 (incident_data_file)) +(typeattributeset incident_service_27_0 (incident_service)) +(typeattributeset init_27_0 (init)) +(typeattributeset init_exec_27_0 (init_exec watchdogd_exec)) +(typeattributeset inotify_27_0 (inotify)) +(typeattributeset input_device_27_0 (input_device)) +(typeattributeset inputflinger_27_0 (inputflinger)) +(typeattributeset inputflinger_exec_27_0 (inputflinger_exec)) +(typeattributeset inputflinger_service_27_0 (inputflinger_service)) +(typeattributeset input_method_service_27_0 (input_method_service)) +(typeattributeset input_service_27_0 (input_service)) +(typeattributeset installd_27_0 (installd)) +(typeattributeset install_data_file_27_0 (install_data_file)) +(typeattributeset installd_exec_27_0 (installd_exec)) +(typeattributeset installd_service_27_0 (installd_service)) +(typeattributeset install_recovery_27_0 (install_recovery)) +(typeattributeset install_recovery_exec_27_0 (install_recovery_exec)) +(typeattributeset ion_device_27_0 (ion_device)) +(typeattributeset IProxyService_service_27_0 (IProxyService_service)) +(typeattributeset ipsec_service_27_0 (ipsec_service)) +(typeattributeset isolated_app_27_0 (isolated_app)) +(typeattributeset jobscheduler_service_27_0 (jobscheduler_service)) +(typeattributeset kernel_27_0 (kernel)) +(typeattributeset keychain_data_file_27_0 (keychain_data_file)) +(typeattributeset keychord_device_27_0 (keychord_device)) +(typeattributeset keystore_27_0 (keystore)) +(typeattributeset keystore_data_file_27_0 (keystore_data_file)) +(typeattributeset keystore_exec_27_0 (keystore_exec)) +(typeattributeset keystore_service_27_0 (keystore_service)) +(typeattributeset kmem_device_27_0 (kmem_device)) +(typeattributeset kmsg_debug_device_27_0 (kmsg_debug_device)) +(typeattributeset kmsg_device_27_0 (kmsg_device)) +(typeattributeset labeledfs_27_0 (labeledfs)) +(typeattributeset launcherapps_service_27_0 (launcherapps_service)) +(typeattributeset lmkd_27_0 (lmkd)) +(typeattributeset lmkd_exec_27_0 (lmkd_exec)) +(typeattributeset lmkd_socket_27_0 (lmkd_socket)) +(typeattributeset location_service_27_0 (location_service)) +(typeattributeset lock_settings_service_27_0 (lock_settings_service)) +(typeattributeset logcat_exec_27_0 (logcat_exec)) +(typeattributeset logd_27_0 (logd)) +(typeattributeset logd_exec_27_0 (logd_exec)) +(typeattributeset logd_prop_27_0 (logd_prop)) +(typeattributeset logdr_socket_27_0 (logdr_socket)) +(typeattributeset logd_socket_27_0 (logd_socket)) +(typeattributeset logdw_socket_27_0 (logdw_socket)) +(typeattributeset logpersist_27_0 (logpersist)) +(typeattributeset logpersistd_logging_prop_27_0 (logpersistd_logging_prop)) +(typeattributeset log_prop_27_0 (log_prop)) +(typeattributeset log_tag_prop_27_0 (log_tag_prop)) +(typeattributeset loop_control_device_27_0 (loop_control_device)) +(typeattributeset loop_device_27_0 (loop_device)) +(typeattributeset mac_perms_file_27_0 (mac_perms_file)) +(typeattributeset mdnsd_27_0 (mdnsd)) +(typeattributeset mdnsd_socket_27_0 (mdnsd_socket)) +(typeattributeset mdns_socket_27_0 (mdns_socket)) +(typeattributeset hal_omx_server (mediacodec_27_0)) +(typeattributeset mediacodec_27_0 (mediacodec)) +(typeattributeset mediacodec_exec_27_0 (mediacodec_exec)) +(typeattributeset mediacodec_service_27_0 (mediacodec_service)) +(typeattributeset media_data_file_27_0 (media_data_file)) +(typeattributeset mediadrmserver_27_0 (mediadrmserver)) +(typeattributeset mediadrmserver_exec_27_0 (mediadrmserver_exec)) +(typeattributeset mediadrmserver_service_27_0 (mediadrmserver_service)) +(typeattributeset mediaextractor_27_0 (mediaextractor)) +(typeattributeset mediaextractor_exec_27_0 (mediaextractor_exec)) +(typeattributeset mediaextractor_service_27_0 (mediaextractor_service)) +(typeattributeset mediametrics_27_0 (mediametrics)) +(typeattributeset mediametrics_exec_27_0 (mediametrics_exec)) +(typeattributeset mediametrics_service_27_0 (mediametrics_service)) +(typeattributeset media_projection_service_27_0 (media_projection_service)) +(typeattributeset mediaprovider_27_0 (mediaprovider)) +(typeattributeset media_router_service_27_0 (media_router_service)) +(typeattributeset media_rw_data_file_27_0 (media_rw_data_file)) +(typeattributeset mediaserver_27_0 (mediaserver)) +(typeattributeset mediaserver_exec_27_0 (mediaserver_exec)) +(typeattributeset mediaserver_service_27_0 (mediaserver_service)) +(typeattributeset media_session_service_27_0 (media_session_service)) +(typeattributeset meminfo_service_27_0 (meminfo_service)) +(typeattributeset metadata_block_device_27_0 (metadata_block_device)) +(typeattributeset method_trace_data_file_27_0 (method_trace_data_file)) +(typeattributeset midi_service_27_0 (midi_service)) +(typeattributeset misc_block_device_27_0 (misc_block_device)) +(typeattributeset misc_logd_file_27_0 (misc_logd_file)) +(typeattributeset misc_user_data_file_27_0 (misc_user_data_file)) +(typeattributeset mmc_prop_27_0 (mmc_prop)) +(typeattributeset mnt_expand_file_27_0 (mnt_expand_file)) +(typeattributeset mnt_media_rw_file_27_0 (mnt_media_rw_file)) +(typeattributeset mnt_media_rw_stub_file_27_0 (mnt_media_rw_stub_file)) +(typeattributeset mnt_user_file_27_0 (mnt_user_file)) +(typeattributeset modprobe_27_0 (modprobe)) +(typeattributeset mount_service_27_0 (mount_service)) +(typeattributeset mqueue_27_0 (mqueue)) +(typeattributeset mtd_device_27_0 (mtd_device)) +(typeattributeset mtp_27_0 (mtp)) +(typeattributeset mtp_device_27_0 (mtp_device)) +(typeattributeset mtpd_socket_27_0 (mtpd_socket)) +(typeattributeset mtp_exec_27_0 (mtp_exec)) +(typeattributeset nativetest_data_file_27_0 (nativetest_data_file)) +(typeattributeset netd_27_0 (netd)) +(typeattributeset net_data_file_27_0 (net_data_file)) +(typeattributeset netd_exec_27_0 (netd_exec)) +(typeattributeset netd_listener_service_27_0 (netd_listener_service)) +(typeattributeset net_dns_prop_27_0 (net_dns_prop)) +(typeattributeset netd_service_27_0 (netd_service)) +(typeattributeset netd_socket_27_0 (netd_socket)) +(typeattributeset netd_stable_secret_prop_27_0 (netd_stable_secret_prop)) +(typeattributeset netif_27_0 (netif)) +(typeattributeset netpolicy_service_27_0 (netpolicy_service)) +(typeattributeset net_radio_prop_27_0 (net_radio_prop)) +(typeattributeset netstats_service_27_0 (netstats_service)) +(typeattributeset netutils_wrapper_27_0 (netutils_wrapper)) +(typeattributeset netutils_wrapper_exec_27_0 (netutils_wrapper_exec)) +(typeattributeset network_management_service_27_0 (network_management_service)) +(typeattributeset network_score_service_27_0 (network_score_service)) +(typeattributeset network_time_update_service_27_0 (network_time_update_service)) +(typeattributeset nfc_27_0 (nfc)) +(typeattributeset nfc_data_file_27_0 (nfc_data_file)) +(typeattributeset nfc_device_27_0 (nfc_device)) +(typeattributeset nfc_prop_27_0 (nfc_prop)) +(typeattributeset nfc_service_27_0 (nfc_service)) +(typeattributeset node_27_0 (node)) +(typeattributeset nonplat_service_contexts_file_27_0 (nonplat_service_contexts_file)) +(typeattributeset notification_service_27_0 (notification_service)) +(typeattributeset null_device_27_0 (null_device)) +(typeattributeset oemfs_27_0 (oemfs)) +(typeattributeset oem_lock_service_27_0 (oem_lock_service)) +(typeattributeset ota_data_file_27_0 (ota_data_file)) +(typeattributeset otadexopt_service_27_0 (otadexopt_service)) +(typeattributeset ota_package_file_27_0 (ota_package_file)) +(typeattributeset otapreopt_chroot_27_0 (otapreopt_chroot)) +(typeattributeset otapreopt_chroot_exec_27_0 (otapreopt_chroot_exec)) +(typeattributeset otapreopt_slot_27_0 (otapreopt_slot)) +(typeattributeset otapreopt_slot_exec_27_0 (otapreopt_slot_exec)) +(typeattributeset overlay_prop_27_0 (overlay_prop)) +(typeattributeset overlay_service_27_0 (overlay_service)) +(typeattributeset owntty_device_27_0 (owntty_device)) +(typeattributeset package_native_service_27_0 (package_native_service)) +(typeattributeset package_service_27_0 (package_service)) +(typeattributeset pan_result_prop_27_0 (pan_result_prop)) +(typeattributeset pdx_bufferhub_client_channel_socket_27_0 (pdx_bufferhub_client_channel_socket)) +(typeattributeset pdx_bufferhub_client_endpoint_socket_27_0 (pdx_bufferhub_client_endpoint_socket)) +(typeattributeset pdx_bufferhub_dir_27_0 (pdx_bufferhub_dir)) +(typeattributeset pdx_display_client_channel_socket_27_0 (pdx_display_client_channel_socket)) +(typeattributeset pdx_display_client_endpoint_socket_27_0 (pdx_display_client_endpoint_socket)) +(typeattributeset pdx_display_dir_27_0 (pdx_display_dir)) +(typeattributeset pdx_display_manager_channel_socket_27_0 (pdx_display_manager_channel_socket)) +(typeattributeset pdx_display_manager_endpoint_socket_27_0 (pdx_display_manager_endpoint_socket)) +(typeattributeset pdx_display_screenshot_channel_socket_27_0 (pdx_display_screenshot_channel_socket)) +(typeattributeset pdx_display_screenshot_endpoint_socket_27_0 (pdx_display_screenshot_endpoint_socket)) +(typeattributeset pdx_display_vsync_channel_socket_27_0 (pdx_display_vsync_channel_socket)) +(typeattributeset pdx_display_vsync_endpoint_socket_27_0 (pdx_display_vsync_endpoint_socket)) +(typeattributeset pdx_performance_client_channel_socket_27_0 (pdx_performance_client_channel_socket)) +(typeattributeset pdx_performance_client_endpoint_socket_27_0 (pdx_performance_client_endpoint_socket)) +(typeattributeset pdx_performance_dir_27_0 (pdx_performance_dir)) +(typeattributeset performanced_27_0 (performanced)) +(typeattributeset performanced_exec_27_0 (performanced_exec)) +(typeattributeset permission_service_27_0 (permission_service)) +(typeattributeset persist_debug_prop_27_0 (persist_debug_prop)) +(typeattributeset persistent_data_block_service_27_0 (persistent_data_block_service)) +(typeattributeset persistent_properties_ready_prop_27_0 (persistent_properties_ready_prop)) +(typeattributeset pinner_service_27_0 (pinner_service)) +(typeattributeset pipefs_27_0 (pipefs)) +(typeattributeset platform_app_27_0 (platform_app)) +(typeattributeset pmsg_device_27_0 (pmsg_device)) +(typeattributeset port_27_0 (port)) +(typeattributeset port_device_27_0 (port_device)) +(typeattributeset postinstall_27_0 (postinstall)) +(typeattributeset postinstall_dexopt_27_0 (postinstall_dexopt)) +(typeattributeset postinstall_file_27_0 (postinstall_file)) +(typeattributeset postinstall_mnt_dir_27_0 (postinstall_mnt_dir)) +(typeattributeset powerctl_prop_27_0 (powerctl_prop)) +(typeattributeset power_service_27_0 (power_service)) +(typeattributeset ppp_27_0 (ppp)) +(typeattributeset ppp_device_27_0 (ppp_device)) +(typeattributeset ppp_exec_27_0 (ppp_exec)) +(typeattributeset preloads_data_file_27_0 (preloads_data_file)) +(typeattributeset preloads_media_file_27_0 (preloads_media_file)) +(typeattributeset preopt2cachename_27_0 (preopt2cachename)) +(typeattributeset preopt2cachename_exec_27_0 (preopt2cachename_exec)) +(typeattributeset print_service_27_0 (print_service)) +(typeattributeset priv_app_27_0 (priv_app)) +(typeattributeset proc_27_0 + ( proc + proc_abi + proc_asound + proc_buddyinfo + proc_cmdline + proc_dirty + proc_diskstats + proc_extra_free_kbytes + proc_filesystems + proc_hostname + proc_hung_task + proc_kmsg + proc_loadavg + proc_max_map_count + proc_min_free_order_shift + proc_mounts + proc_page_cluster + proc_pagetypeinfo + proc_panic + proc_pid_max + proc_pipe_conf + proc_random + proc_sched + proc_slabinfo + proc_swaps + proc_uid_concurrent_active_time + proc_uid_concurrent_policy_time + proc_uid_cpupower + proc_uptime + proc_version + proc_vmallocinfo + proc_vmstat)) +(typeattributeset proc_bluetooth_writable_27_0 (proc_bluetooth_writable)) +(typeattributeset proc_cpuinfo_27_0 (proc_cpuinfo)) +(typeattributeset proc_drop_caches_27_0 (proc_drop_caches)) +(typeattributeset processinfo_service_27_0 (processinfo_service)) +(typeattributeset proc_interrupts_27_0 (proc_interrupts)) +(typeattributeset proc_iomem_27_0 (proc_iomem)) +(typeattributeset proc_meminfo_27_0 (proc_meminfo)) +(typeattributeset proc_misc_27_0 (proc_misc)) +(typeattributeset proc_modules_27_0 (proc_modules)) +(typeattributeset proc_net_27_0 + ( proc_net + proc_net_tcp_udp + proc_qtaguid_stat)) +(typeattributeset proc_overcommit_memory_27_0 (proc_overcommit_memory)) +(typeattributeset proc_perf_27_0 (proc_perf)) +(typeattributeset proc_security_27_0 (proc_security)) +(typeattributeset proc_stat_27_0 (proc_stat)) +(typeattributeset procstats_service_27_0 (procstats_service)) +(typeattributeset proc_sysrq_27_0 (proc_sysrq)) +(typeattributeset proc_timer_27_0 (proc_timer)) +(typeattributeset proc_tty_drivers_27_0 (proc_tty_drivers)) +(typeattributeset proc_uid_cputime_removeuid_27_0 (proc_uid_cputime_removeuid)) +(typeattributeset proc_uid_cputime_showstat_27_0 (proc_uid_cputime_showstat)) +(typeattributeset proc_uid_io_stats_27_0 (proc_uid_io_stats)) +(typeattributeset proc_uid_procstat_set_27_0 (proc_uid_procstat_set)) +(typeattributeset proc_uid_time_in_state_27_0 (proc_uid_time_in_state)) +(typeattributeset proc_zoneinfo_27_0 (proc_zoneinfo)) +(typeattributeset profman_27_0 (profman)) +(typeattributeset profman_dump_data_file_27_0 (profman_dump_data_file)) +(typeattributeset profman_exec_27_0 (profman_exec)) +(typeattributeset properties_device_27_0 (properties_device)) +(typeattributeset properties_serial_27_0 (properties_serial)) +(typeattributeset property_contexts_file_27_0 (property_contexts_file)) +(typeattributeset property_data_file_27_0 (property_data_file)) +(typeattributeset property_socket_27_0 (property_socket)) +(typeattributeset pstorefs_27_0 (pstorefs)) +(typeattributeset ptmx_device_27_0 (ptmx_device)) +(typeattributeset qtaguid_device_27_0 (qtaguid_device)) +(typeattributeset qtaguid_proc_27_0 + ( proc_qtaguid_ctrl + qtaguid_proc)) +(typeattributeset racoon_27_0 (racoon)) +(typeattributeset racoon_exec_27_0 (racoon_exec)) +(typeattributeset racoon_socket_27_0 (racoon_socket)) +(typeattributeset radio_27_0 (radio)) +(typeattributeset radio_data_file_27_0 (radio_data_file)) +(typeattributeset radio_device_27_0 (radio_device)) +(typeattributeset radio_prop_27_0 (radio_prop)) +(typeattributeset radio_service_27_0 (radio_service)) +(typeattributeset ram_device_27_0 (ram_device)) +(typeattributeset random_device_27_0 (random_device)) +(typeattributeset reboot_data_file_27_0 (reboot_data_file)) +(typeattributeset recovery_27_0 (recovery)) +(typeattributeset recovery_block_device_27_0 (recovery_block_device)) +(typeattributeset recovery_data_file_27_0 (recovery_data_file)) +(typeattributeset recovery_persist_27_0 (recovery_persist)) +(typeattributeset recovery_persist_exec_27_0 (recovery_persist_exec)) +(typeattributeset recovery_refresh_27_0 (recovery_refresh)) +(typeattributeset recovery_refresh_exec_27_0 (recovery_refresh_exec)) +(typeattributeset recovery_service_27_0 (recovery_service)) +(typeattributeset registry_service_27_0 (registry_service)) +(typeattributeset resourcecache_data_file_27_0 (resourcecache_data_file)) +(typeattributeset restorecon_prop_27_0 (restorecon_prop)) +(typeattributeset restrictions_service_27_0 (restrictions_service)) +(typeattributeset rild_27_0 (rild)) +(typeattributeset rild_debug_socket_27_0 (rild_debug_socket)) +(typeattributeset rild_socket_27_0 (rild_socket)) +(typeattributeset ringtone_file_27_0 (ringtone_file)) +(typeattributeset root_block_device_27_0 (root_block_device)) +(typeattributeset rootfs_27_0 (rootfs)) +(typeattributeset rpmsg_device_27_0 (rpmsg_device)) +(typeattributeset rtc_device_27_0 (rtc_device)) +(typeattributeset rttmanager_service_27_0 (rttmanager_service)) +(typeattributeset runas_27_0 (runas)) +(typeattributeset runas_exec_27_0 (runas_exec)) +(typeattributeset runtime_event_log_tags_file_27_0 (runtime_event_log_tags_file)) +(typeattributeset safemode_prop_27_0 (safemode_prop)) +(typeattributeset same_process_hal_file_27_0 + ( same_process_hal_file + vendor_public_lib_file)) +(typeattributeset samplingprofiler_service_27_0 (samplingprofiler_service)) +(typeattributeset scheduling_policy_service_27_0 (scheduling_policy_service)) +(typeattributeset sdcardd_27_0 (sdcardd)) +(typeattributeset sdcardd_exec_27_0 (sdcardd_exec)) +(typeattributeset sdcardfs_27_0 (sdcardfs)) +(typeattributeset seapp_contexts_file_27_0 (seapp_contexts_file)) +(typeattributeset search_service_27_0 (search_service)) +(typeattributeset sec_key_att_app_id_provider_service_27_0 (sec_key_att_app_id_provider_service)) +(typeattributeset selinuxfs_27_0 (selinuxfs)) +(typeattributeset sensors_device_27_0 (sensors_device)) +(typeattributeset sensorservice_service_27_0 (sensorservice_service)) +(typeattributeset sepolicy_file_27_0 (sepolicy_file)) +(typeattributeset serial_device_27_0 (serial_device)) +(typeattributeset serialno_prop_27_0 (serialno_prop)) +(typeattributeset serial_service_27_0 (serial_service)) +(typeattributeset service_contexts_file_27_0 (service_contexts_file)) +(typeattributeset servicediscovery_service_27_0 (servicediscovery_service)) +(typeattributeset servicemanager_27_0 (servicemanager)) +(typeattributeset servicemanager_exec_27_0 (servicemanager_exec)) +(typeattributeset settings_service_27_0 (settings_service)) +(typeattributeset sgdisk_27_0 (sgdisk)) +(typeattributeset sgdisk_exec_27_0 (sgdisk_exec)) +(typeattributeset shared_relro_27_0 (shared_relro)) +(typeattributeset shared_relro_file_27_0 (shared_relro_file)) +(typeattributeset shell_27_0 (shell)) +(typeattributeset shell_data_file_27_0 (shell_data_file)) +(typeattributeset shell_exec_27_0 (shell_exec)) +(typeattributeset shell_prop_27_0 (shell_prop)) +(typeattributeset shm_27_0 (shm)) +(typeattributeset shortcut_manager_icons_27_0 (shortcut_manager_icons)) +(typeattributeset shortcut_service_27_0 (shortcut_service)) +(typeattributeset slideshow_27_0 (slideshow)) +(typeattributeset socket_device_27_0 (socket_device)) +(typeattributeset sockfs_27_0 (sockfs)) +(typeattributeset statusbar_service_27_0 (statusbar_service)) +(typeattributeset storaged_service_27_0 (storaged_service)) +(typeattributeset storage_file_27_0 (storage_file)) +(typeattributeset storagestats_service_27_0 (storagestats_service)) +(typeattributeset storage_stub_file_27_0 (storage_stub_file)) +(typeattributeset su_27_0 (su)) +(typeattributeset su_exec_27_0 (su_exec)) +(typeattributeset surfaceflinger_27_0 (surfaceflinger)) +(typeattributeset surfaceflinger_service_27_0 (surfaceflinger_service)) +(typeattributeset swap_block_device_27_0 (swap_block_device)) +(typeattributeset sysfs_27_0 + ( sysfs + sysfs_android_usb + sysfs_dm + sysfs_dt_firmware_android + sysfs_ipv4 + sysfs_kernel_notes + sysfs_loop + sysfs_net + sysfs_power + sysfs_rtc + sysfs_switch + sysfs_wakeup_reasons)) +(typeattributeset sysfs_batteryinfo_27_0 (sysfs_batteryinfo)) +(typeattributeset sysfs_bluetooth_writable_27_0 (sysfs_bluetooth_writable)) +(typeattributeset sysfs_devices_system_cpu_27_0 (sysfs_devices_system_cpu)) +(typeattributeset sysfs_fs_ext4_features_27_0 (sysfs_fs_ext4_features)) +(typeattributeset sysfs_hwrandom_27_0 (sysfs_hwrandom)) +(typeattributeset sysfs_leds_27_0 (sysfs_leds)) +(typeattributeset sysfs_lowmemorykiller_27_0 (sysfs_lowmemorykiller)) +(typeattributeset sysfs_mac_address_27_0 (sysfs_mac_address)) +(typeattributeset sysfs_nfc_power_writable_27_0 (sysfs_nfc_power_writable)) +(typeattributeset sysfs_thermal_27_0 (sysfs_thermal)) +(typeattributeset sysfs_uio_27_0 (sysfs_uio)) +(typeattributeset sysfs_usb_27_0 (sysfs_usb)) +(typeattributeset sysfs_usermodehelper_27_0 (sysfs_usermodehelper)) +(typeattributeset sysfs_vibrator_27_0 (sysfs_vibrator)) +(typeattributeset sysfs_wake_lock_27_0 (sysfs_wake_lock)) +(typeattributeset sysfs_wlan_fwpath_27_0 (sysfs_wlan_fwpath)) +(typeattributeset sysfs_zram_27_0 (sysfs_zram)) +(typeattributeset sysfs_zram_uevent_27_0 (sysfs_zram_uevent)) +(typeattributeset system_app_27_0 (system_app)) +(typeattributeset system_app_data_file_27_0 (system_app_data_file)) +(typeattributeset system_app_service_27_0 (system_app_service)) +(typeattributeset system_block_device_27_0 (system_block_device)) +(typeattributeset system_data_file_27_0 + ( system_data_file + dropbox_data_file + vendor_data_file)) +(typeattributeset system_file_27_0 + ( system_file + system_lib_file + system_linker_config_file + system_linker_exec + system_seccomp_policy_file + system_security_cacerts_file + system_zoneinfo_file +)) +(typeattributeset systemkeys_data_file_27_0 (systemkeys_data_file)) +(typeattributeset system_ndebug_socket_27_0 (system_ndebug_socket)) +(typeattributeset system_net_netd_hwservice_27_0 (system_net_netd_hwservice)) +(typeattributeset system_prop_27_0 (system_prop)) +(typeattributeset system_radio_prop_27_0 (system_radio_prop)) +(typeattributeset system_server_27_0 (system_server)) +(typeattributeset system_wifi_keystore_hwservice_27_0 (system_wifi_keystore_hwservice)) +(typeattributeset system_wpa_socket_27_0 (system_wpa_socket)) +(typeattributeset task_service_27_0 (task_service)) +(typeattributeset tee_27_0 (tee)) +(typeattributeset tee_data_file_27_0 (tee_data_file)) +(typeattributeset tee_device_27_0 (tee_device)) +(typeattributeset telecom_service_27_0 (telecom_service)) +(typeattributeset textclassification_service_27_0 (textclassification_service)) +(typeattributeset textclassifier_data_file_27_0 (textclassifier_data_file)) +(typeattributeset textservices_service_27_0 (textservices_service)) +(typeattributeset thermalcallback_hwservice_27_0 (thermalcallback_hwservice)) +(typeattributeset thermal_service_27_0 (thermal_service)) +(typeattributeset thermalserviced_27_0 (thermalserviced)) +(typeattributeset thermalserviced_exec_27_0 (thermalserviced_exec)) +(typeattributeset timezone_service_27_0 (timezone_service)) +(typeattributeset tmpfs_27_0 (tmpfs)) +(typeattributeset tombstoned_27_0 (tombstoned)) +(typeattributeset tombstone_data_file_27_0 (tombstone_data_file)) +(typeattributeset tombstoned_crash_socket_27_0 (tombstoned_crash_socket)) +(typeattributeset tombstoned_exec_27_0 (tombstoned_exec)) +(typeattributeset tombstoned_intercept_socket_27_0 (tombstoned_intercept_socket)) +(typeattributeset tombstoned_java_trace_socket_27_0 (tombstoned_java_trace_socket)) +(typeattributeset toolbox_27_0 (toolbox)) +(typeattributeset toolbox_exec_27_0 (toolbox_exec)) +(typeattributeset trust_service_27_0 (trust_service)) +(typeattributeset tty_device_27_0 (tty_device)) +(typeattributeset tun_device_27_0 (tun_device)) +(typeattributeset tv_input_service_27_0 (tv_input_service)) +(typeattributeset tzdatacheck_27_0 (tzdatacheck)) +(typeattributeset tzdatacheck_exec_27_0 (tzdatacheck_exec)) +(typeattributeset ueventd_27_0 (ueventd)) +(typeattributeset uhid_device_27_0 (uhid_device)) +(typeattributeset uimode_service_27_0 (uimode_service)) +(typeattributeset uio_device_27_0 (uio_device)) +(typeattributeset uncrypt_27_0 (uncrypt)) +(typeattributeset uncrypt_exec_27_0 (uncrypt_exec)) +(typeattributeset uncrypt_socket_27_0 (uncrypt_socket)) +(typeattributeset unencrypted_data_file_27_0 (unencrypted_data_file)) +(typeattributeset unlabeled_27_0 (unlabeled)) +(typeattributeset untrusted_app_25_27_0 (untrusted_app_25)) +(typeattributeset untrusted_app_27_0 + ( untrusted_app + untrusted_app_27)) +(typeattributeset untrusted_v2_app_27_0 (untrusted_v2_app)) +(typeattributeset update_engine_27_0 (update_engine)) +(typeattributeset update_engine_data_file_27_0 (update_engine_data_file)) +(typeattributeset update_engine_exec_27_0 (update_engine_exec)) +(typeattributeset update_engine_service_27_0 (update_engine_service)) +(typeattributeset updatelock_service_27_0 (updatelock_service)) +(typeattributeset update_verifier_27_0 (update_verifier)) +(typeattributeset update_verifier_exec_27_0 (update_verifier_exec)) +(typeattributeset usagestats_service_27_0 (usagestats_service)) +(typeattributeset usbaccessory_device_27_0 (usbaccessory_device)) +(typeattributeset usb_device_27_0 (usb_device)) +(typeattributeset usbfs_27_0 (usbfs)) +(typeattributeset usb_service_27_0 (usb_service)) +(typeattributeset userdata_block_device_27_0 (userdata_block_device)) +(typeattributeset usermodehelper_27_0 (usermodehelper)) +(typeattributeset user_profile_data_file_27_0 (user_profile_data_file)) +(typeattributeset user_service_27_0 (user_service)) +(typeattributeset vcs_device_27_0 (vcs_device)) +(typeattributeset vdc_27_0 (vdc)) +(typeattributeset vdc_exec_27_0 (vdc_exec)) +(typeattributeset vendor_app_file_27_0 (vendor_app_file)) +(typeattributeset vendor_configs_file_27_0 (vendor_configs_file)) +(typeattributeset vendor_file_27_0 (vendor_file)) +(typeattributeset vendor_framework_file_27_0 (vendor_framework_file)) +(typeattributeset vendor_hal_file_27_0 (vendor_hal_file)) +(typeattributeset vendor_overlay_file_27_0 (vendor_overlay_file)) +(typeattributeset vendor_shell_exec_27_0 (vendor_shell_exec)) +(typeattributeset vendor_toolbox_exec_27_0 (vendor_toolbox_exec)) +(typeattributeset vfat_27_0 (vfat)) +(typeattributeset vibrator_service_27_0 (vibrator_service)) +(typeattributeset video_device_27_0 (video_device)) +(typeattributeset virtual_touchpad_27_0 (virtual_touchpad)) +(typeattributeset virtual_touchpad_exec_27_0 (virtual_touchpad_exec)) +(typeattributeset virtual_touchpad_service_27_0 (virtual_touchpad_service)) +(typeattributeset vndbinder_device_27_0 (vndbinder_device)) +(typeattributeset vndk_sp_file_27_0 (vndk_sp_file)) +(typeattributeset vndservice_contexts_file_27_0 (vndservice_contexts_file)) +(typeattributeset vndservicemanager_27_0 (vndservicemanager)) +(typeattributeset voiceinteraction_service_27_0 (voiceinteraction_service)) +(typeattributeset vold_27_0 (vold)) +(typeattributeset vold_data_file_27_0 (vold_data_file)) +(typeattributeset vold_device_27_0 (vold_device)) +(typeattributeset vold_exec_27_0 (vold_exec)) +(typeattributeset vold_prop_27_0 (vold_prop)) +(typeattributeset vold_socket_27_0 (vold_socket)) +(typeattributeset vpn_data_file_27_0 (vpn_data_file)) +(typeattributeset vr_hwc_27_0 (vr_hwc)) +(typeattributeset vr_hwc_exec_27_0 (vr_hwc_exec)) +(typeattributeset vr_hwc_service_27_0 (vr_hwc_service)) +(typeattributeset vr_manager_service_27_0 (vr_manager_service)) +(typeattributeset wallpaper_file_27_0 (wallpaper_file)) +(typeattributeset wallpaper_service_27_0 (wallpaper_service)) +(typeattributeset watchdogd_27_0 (watchdogd)) +(typeattributeset watchdog_device_27_0 (watchdog_device)) +(typeattributeset webviewupdate_service_27_0 (webviewupdate_service)) +(typeattributeset webview_zygote_27_0 (webview_zygote)) +(typeattributeset webview_zygote_exec_27_0 (webview_zygote_exec)) +(typeattributeset webview_zygote_socket_27_0 (webview_zygote_socket)) +(typeattributeset wifiaware_service_27_0 (wifiaware_service)) +(typeattributeset wificond_27_0 (wificond)) +(typeattributeset wificond_exec_27_0 (wificond_exec)) +(typeattributeset wificond_service_27_0 (wificond_service)) +(typeattributeset wifi_data_file_27_0 (wifi_data_file)) +(typeattributeset wifi_log_prop_27_0 (wifi_log_prop)) +(typeattributeset wifip2p_service_27_0 (wifip2p_service)) +(typeattributeset wifi_prop_27_0 (wifi_prop)) +(typeattributeset wifiscanner_service_27_0 (wifiscanner_service)) +(typeattributeset wifi_service_27_0 (wifi_service)) +(typeattributeset window_service_27_0 (window_service)) +(typeattributeset wpa_socket_27_0 (wpa_socket)) +(typeattributeset zero_device_27_0 (zero_device)) +(typeattributeset zoneinfo_data_file_27_0 (zoneinfo_data_file)) +(typeattributeset zygote_27_0 (zygote)) +(typeattributeset zygote_exec_27_0 (zygote_exec)) +(typeattributeset zygote_socket_27_0 (zygote_socket)) diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil new file mode 100644 index 000000000..30af58c42 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil @@ -0,0 +1,5 @@ +(typeattribute vendordomain) +(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) +(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff)))) +(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff)))) +(allow vendordomain self (netlink_route_socket (nlmsg_readpriv))) diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil new file mode 100644 index 000000000..cb500c9e0 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil @@ -0,0 +1,206 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + activity_task_service + adb_service + app_binding_service + apex_data_file + apex_metadata_file + apex_mnt_dir + apex_service + apexd + apexd_exec + apexd_prop + apexd_tmpfs + app_zygote + atrace + binder_calls_stats_service + biometric_service + blank_screen + blank_screen_exec + blank_screen_tmpfs + bootloader_boot_reason_prop + bluetooth_a2dp_offload_prop + bpfloader + bpfloader_exec + cgroup_bpf + charger_exec + color_display_service + content_capture_service + crossprofileapps_service + ctl_apexd_prop + ctl_interface_restart_prop + ctl_interface_start_prop + ctl_interface_stop_prop + ctl_sigstop_prop + device_config_boot_count_prop + device_config_reset_performed_prop + device_config_netd_native_prop + dnsresolver_service + exfat + exported2_config_prop + exported2_default_prop + exported2_radio_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_radio_prop + exported3_system_prop + exported_audio_prop + exported_bluetooth_prop + exported_config_prop + exported_dalvik_prop + exported_default_prop + exported_dumpstate_prop + exported_ffs_prop + exported_fingerprint_prop + exported_overlay_prop + exported_pm_prop + exported_radio_prop + exported_secure_prop + exported_system_prop + exported_system_radio_prop + exported_vold_prop + exported_wifi_prop + fastbootd + flags_health_check + flags_health_check_exec + fingerprint_vendor_data_file + fs_bpf + fwk_stats_hwservice + hal_atrace_hwservice + hal_audiocontrol_hwservice + hal_authsecret_hwservice + hal_codec2_hwservice + hal_confirmationui_hwservice + hal_evs_hwservice + hal_health_storage_hwservice + hal_lowpan_hwservice + hal_secure_element_hwservice + hal_usb_gadget_hwservice + hal_vehicle_hwservice + hal_wifi_hostapd_hwservice + heapprofd + heapprofd_exec + heapprofd_socket + incident_helper + incident_helper_exec + iorapd + iorapd_data_file + iorapd_exec + iorapd_service + iorapd_tmpfs + last_boot_reason_prop + llkd + llkd_exec + llkd_prop + llkd_tmpfs + looper_stats_service + lowpan_device + lowpan_prop + lowpan_service + mediaextractor_update_service + mediaswcodec + mediaswcodec_exec + mediaswcodec_tmpfs + metadata_bootstat_file + metadata_file + mnt_product_file + mnt_vendor_file + network_stack + network_stack_service + network_watchlist_data_file + network_watchlist_service + overlayfs_file + perfetto + perfetto_exec + perfetto_tmpfs + perfetto_traces_data_file + property_info + recovery_socket + role_service + runas_app + art_apex_dir + runtime_service + secure_element + secure_element_device + secure_element_service + secure_element_tmpfs + server_configurable_flags_data_file + simpleperf_app_runner + simpleperf_app_runner_exec + slice_service + socket_hook_prop + stats + stats_data_file + stats_exec + stats_service + statscompanion_service + statsd + statsd_exec + statsd_tmpfs + statsdw + statsdw_socket + storaged_data_file + super_block_device + staging_data_file + system_boot_reason_prop + system_bootstrap_lib_file + system_lmk_prop + system_update_service + test_boot_reason_prop + time_prop + timedetector_service + tombstone_wifi_data_file + trace_data_file + traced + traced_consumer_socket + traced_enabled_prop + traced_exec + traced_probes + traced_probes_exec + traced_probes_tmpfs + traced_producer_socket + traced_tmpfs + traceur_app + traceur_app_tmpfs + untrusted_app_all_devpts + update_engine_log_data_file + uri_grants_service + usbd + usbd_exec + usbd_tmpfs + vendor_apex_file + vendor_default_prop + vendor_init + vendor_security_patch_level_prop + vendor_shell + vendor_socket_hook_prop + vndk_prop + vold_metadata_file + vold_prepare_subdirs + vold_prepare_subdirs_exec + vold_service + vrflinger_vsync_service + wait_for_keymaster + wait_for_keymaster_exec + wait_for_keymaster_tmpfs + watchdogd_tmpfs + wm_trace_data_file + wpantund + wpantund_exec + wpantund_service + wpantund_tmpfs)) + +;; private_objects - a collection of types that were labeled differently in +;; older policy, but that should not remain accessible to vendor policy. +;; Thus, these types are also not mapped, but recorded for checkapi tests +(type priv_objects) +(typeattribute priv_objects) +(typeattributeset priv_objects + ( priv_objects + untrusted_app_27_tmpfs)) diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.cil new file mode 100644 index 000000000..321e9387e --- /dev/null +++ b/prebuilts/api/30.0/private/compat/28.0/28.0.cil @@ -0,0 +1,1744 @@ +;; attributes removed from current policy +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) + +;; types removed from current policy +(type alarm_device) +(type audio_seq_device) +(type audio_timer_device) +(type commontime_management_service) +(type cpuctl_device) +(type full_device) +(type hal_wifi_offload_hwservice) +(type i2c_device) +(type kmem_device) +(type mediacodec) +(type mediacodec_exec) +(type mediaextractor_update_service) +(type mtd_device) +(type netd_socket) +(type qtaguid_proc) +(type thermalcallback_hwservice) +(type thermalserviced) +(type thermalserviced_exec) +(type untrusted_v2_app) +(type vcs_device) + +;; Public 28.0 SEPolicy is divergent on different devices w.r.t +;; exported_audio_prop type. We need this typeattribute declaration so that the +;; mapping file compiles with vendor policies without exported_audio_prop type. +(typeattribute exported_audio_prop_28_0) + +(expandtypeattribute (accessibility_service_28_0) true) +(expandtypeattribute (account_service_28_0) true) +(expandtypeattribute (activity_service_28_0) true) +(expandtypeattribute (adbd_28_0) true) +(expandtypeattribute (adb_data_file_28_0) true) +(expandtypeattribute (adbd_exec_28_0) true) +(expandtypeattribute (adbd_socket_28_0) true) +(expandtypeattribute (adb_keys_file_28_0) true) +(expandtypeattribute (alarm_device_28_0) true) +(expandtypeattribute (alarm_service_28_0) true) +(expandtypeattribute (anr_data_file_28_0) true) +(expandtypeattribute (apk_data_file_28_0) true) +(expandtypeattribute (apk_private_data_file_28_0) true) +(expandtypeattribute (apk_private_tmp_file_28_0) true) +(expandtypeattribute (apk_tmp_file_28_0) true) +(expandtypeattribute (app_data_file_28_0) true) +(expandtypeattribute (app_fuse_file_28_0) true) +(expandtypeattribute (app_fusefs_28_0) true) +(expandtypeattribute (appops_service_28_0) true) +(expandtypeattribute (appwidget_service_28_0) true) +(expandtypeattribute (asec_apk_file_28_0) true) +(expandtypeattribute (asec_image_file_28_0) true) +(expandtypeattribute (asec_public_file_28_0) true) +(expandtypeattribute (ashmem_device_28_0) true) +(expandtypeattribute (assetatlas_service_28_0) true) +(expandtypeattribute (audio_data_file_28_0) true) +(expandtypeattribute (audio_device_28_0) true) +(expandtypeattribute (audiohal_data_file_28_0) true) +(expandtypeattribute (audio_prop_28_0) true) +(expandtypeattribute (audio_seq_device_28_0) true) +(expandtypeattribute (audioserver_28_0) true) +(expandtypeattribute (audioserver_data_file_28_0) true) +(expandtypeattribute (audioserver_service_28_0) true) +(expandtypeattribute (audio_service_28_0) true) +(expandtypeattribute (audio_timer_device_28_0) true) +(expandtypeattribute (autofill_service_28_0) true) +(expandtypeattribute (backup_data_file_28_0) true) +(expandtypeattribute (backup_service_28_0) true) +(expandtypeattribute (batteryproperties_service_28_0) true) +(expandtypeattribute (battery_service_28_0) true) +(expandtypeattribute (batterystats_service_28_0) true) +(expandtypeattribute (binder_calls_stats_service_28_0) true) +(expandtypeattribute (binder_device_28_0) true) +(expandtypeattribute (binfmt_miscfs_28_0) true) +(expandtypeattribute (blkid_28_0) true) +(expandtypeattribute (blkid_untrusted_28_0) true) +(expandtypeattribute (block_device_28_0) true) +(expandtypeattribute (bluetooth_28_0) true) +(expandtypeattribute (bluetooth_a2dp_offload_prop_28_0) true) +(expandtypeattribute (bluetooth_data_file_28_0) true) +(expandtypeattribute (bluetooth_efs_file_28_0) true) +(expandtypeattribute (bluetooth_logs_data_file_28_0) true) +(expandtypeattribute (bluetooth_manager_service_28_0) true) +(expandtypeattribute (bluetooth_prop_28_0) true) +(expandtypeattribute (bluetooth_service_28_0) true) +(expandtypeattribute (bluetooth_socket_28_0) true) +(expandtypeattribute (bootanim_28_0) true) +(expandtypeattribute (bootanim_exec_28_0) true) +(expandtypeattribute (boot_block_device_28_0) true) +(expandtypeattribute (bootchart_data_file_28_0) true) +(expandtypeattribute (bootloader_boot_reason_prop_28_0) true) +(expandtypeattribute (bootstat_28_0) true) +(expandtypeattribute (bootstat_data_file_28_0) true) +(expandtypeattribute (bootstat_exec_28_0) true) +(expandtypeattribute (boottime_prop_28_0) true) +(expandtypeattribute (boottrace_data_file_28_0) true) +(expandtypeattribute (broadcastradio_service_28_0) true) +(expandtypeattribute (bufferhubd_28_0) true) +(expandtypeattribute (bufferhubd_exec_28_0) true) +(expandtypeattribute (cache_backup_file_28_0) true) +(expandtypeattribute (cache_block_device_28_0) true) +(expandtypeattribute (cache_file_28_0) true) +(expandtypeattribute (cache_private_backup_file_28_0) true) +(expandtypeattribute (cache_recovery_file_28_0) true) +(expandtypeattribute (camera_data_file_28_0) true) +(expandtypeattribute (camera_device_28_0) true) +(expandtypeattribute (cameraproxy_service_28_0) true) +(expandtypeattribute (cameraserver_28_0) true) +(expandtypeattribute (cameraserver_exec_28_0) true) +(expandtypeattribute (cameraserver_service_28_0) true) +(expandtypeattribute (cgroup_28_0) true) +(expandtypeattribute (cgroup_bpf_28_0) true) +(expandtypeattribute (charger_28_0) true) +(expandtypeattribute (clatd_28_0) true) +(expandtypeattribute (clatd_exec_28_0) true) +(expandtypeattribute (clipboard_service_28_0) true) +(expandtypeattribute (commontime_management_service_28_0) true) +(expandtypeattribute (companion_device_service_28_0) true) +(expandtypeattribute (configfs_28_0) true) +(expandtypeattribute (config_prop_28_0) true) +(expandtypeattribute (connectivity_service_28_0) true) +(expandtypeattribute (connmetrics_service_28_0) true) +(expandtypeattribute (console_device_28_0) true) +(expandtypeattribute (consumer_ir_service_28_0) true) +(expandtypeattribute (content_service_28_0) true) +(expandtypeattribute (contexthub_service_28_0) true) +(expandtypeattribute (coredump_file_28_0) true) +(expandtypeattribute (country_detector_service_28_0) true) +(expandtypeattribute (coverage_service_28_0) true) +(expandtypeattribute (cppreopt_prop_28_0) true) +(expandtypeattribute (cppreopts_28_0) true) +(expandtypeattribute (cppreopts_exec_28_0) true) +(expandtypeattribute (cpuctl_device_28_0) true) +(expandtypeattribute (cpuinfo_service_28_0) true) +(expandtypeattribute (crash_dump_28_0) true) +(expandtypeattribute (crash_dump_exec_28_0) true) +(expandtypeattribute (crossprofileapps_service_28_0) true) +(expandtypeattribute (ctl_bootanim_prop_28_0) true) +(expandtypeattribute (ctl_bugreport_prop_28_0) true) +(expandtypeattribute (ctl_console_prop_28_0) true) +(expandtypeattribute (ctl_default_prop_28_0) true) +(expandtypeattribute (ctl_dumpstate_prop_28_0) true) +(expandtypeattribute (ctl_fuse_prop_28_0) true) +(expandtypeattribute (ctl_interface_restart_prop_28_0) true) +(expandtypeattribute (ctl_interface_start_prop_28_0) true) +(expandtypeattribute (ctl_interface_stop_prop_28_0) true) +(expandtypeattribute (ctl_mdnsd_prop_28_0) true) +(expandtypeattribute (ctl_restart_prop_28_0) true) +(expandtypeattribute (ctl_rildaemon_prop_28_0) true) +(expandtypeattribute (ctl_sigstop_prop_28_0) true) +(expandtypeattribute (ctl_start_prop_28_0) true) +(expandtypeattribute (ctl_stop_prop_28_0) true) +(expandtypeattribute (dalvikcache_data_file_28_0) true) +(expandtypeattribute (dalvik_prop_28_0) true) +(expandtypeattribute (dbinfo_service_28_0) true) +(expandtypeattribute (debugfs_28_0) true) +(expandtypeattribute (debugfs_mmc_28_0) true) +(expandtypeattribute (debugfs_trace_marker_28_0) true) +(expandtypeattribute (debugfs_tracing_28_0) true) +(expandtypeattribute (debugfs_tracing_debug_28_0) true) +(expandtypeattribute (debugfs_tracing_instances_28_0) true) +(expandtypeattribute (debugfs_wakeup_sources_28_0) true) +(expandtypeattribute (debugfs_wifi_tracing_28_0) true) +(expandtypeattribute (debuggerd_prop_28_0) true) +(expandtypeattribute (debug_prop_28_0) true) +(expandtypeattribute (default_android_hwservice_28_0) true) +(expandtypeattribute (default_android_service_28_0) true) +(expandtypeattribute (default_android_vndservice_28_0) true) +(expandtypeattribute (default_prop_28_0) true) +(expandtypeattribute (device_28_0) true) +(expandtypeattribute (device_identifiers_service_28_0) true) +(expandtypeattribute (deviceidle_service_28_0) true) +(expandtypeattribute (device_logging_prop_28_0) true) +(expandtypeattribute (device_policy_service_28_0) true) +(expandtypeattribute (devicestoragemonitor_service_28_0) true) +(expandtypeattribute (devpts_28_0) true) +(expandtypeattribute (dex2oat_28_0) true) +(expandtypeattribute (dex2oat_exec_28_0) true) +(expandtypeattribute (dhcp_28_0) true) +(expandtypeattribute (dhcp_data_file_28_0) true) +(expandtypeattribute (dhcp_exec_28_0) true) +(expandtypeattribute (dhcp_prop_28_0) true) +(expandtypeattribute (diskstats_service_28_0) true) +(expandtypeattribute (display_service_28_0) true) +(expandtypeattribute (dm_device_28_0) true) +(expandtypeattribute (dnsmasq_28_0) true) +(expandtypeattribute (dnsmasq_exec_28_0) true) +(expandtypeattribute (dnsproxyd_socket_28_0) true) +(expandtypeattribute (DockObserver_service_28_0) true) +(expandtypeattribute (dreams_service_28_0) true) +(expandtypeattribute (drm_data_file_28_0) true) +(expandtypeattribute (drmserver_28_0) true) +(expandtypeattribute (drmserver_exec_28_0) true) +(expandtypeattribute (drmserver_service_28_0) true) +(expandtypeattribute (drmserver_socket_28_0) true) +(expandtypeattribute (dropbox_service_28_0) true) +(expandtypeattribute (dumpstate_28_0) true) +(expandtypeattribute (dumpstate_exec_28_0) true) +(expandtypeattribute (dumpstate_options_prop_28_0) true) +(expandtypeattribute (dumpstate_prop_28_0) true) +(expandtypeattribute (dumpstate_service_28_0) true) +(expandtypeattribute (dumpstate_socket_28_0) true) +(expandtypeattribute (e2fs_28_0) true) +(expandtypeattribute (e2fs_exec_28_0) true) +(expandtypeattribute (efs_file_28_0) true) +(expandtypeattribute (ephemeral_app_28_0) true) +(expandtypeattribute (ethernet_service_28_0) true) +(expandtypeattribute (exfat_28_0) true) +(expandtypeattribute (exported2_config_prop_28_0) true) +(expandtypeattribute (exported2_default_prop_28_0) true) +(expandtypeattribute (exported2_radio_prop_28_0) true) +(expandtypeattribute (exported2_system_prop_28_0) true) +(expandtypeattribute (exported2_vold_prop_28_0) true) +(expandtypeattribute (exported3_default_prop_28_0) true) +(expandtypeattribute (exported3_radio_prop_28_0) true) +(expandtypeattribute (exported3_system_prop_28_0) true) +(expandtypeattribute (exported_audio_prop_28_0) true) +(expandtypeattribute (exported_bluetooth_prop_28_0) true) +(expandtypeattribute (exported_config_prop_28_0) true) +(expandtypeattribute (exported_dalvik_prop_28_0) true) +(expandtypeattribute (exported_default_prop_28_0) true) +(expandtypeattribute (exported_dumpstate_prop_28_0) true) +(expandtypeattribute (exported_ffs_prop_28_0) true) +(expandtypeattribute (exported_fingerprint_prop_28_0) true) +(expandtypeattribute (exported_overlay_prop_28_0) true) +(expandtypeattribute (exported_pm_prop_28_0) true) +(expandtypeattribute (exported_radio_prop_28_0) true) +(expandtypeattribute (exported_secure_prop_28_0) true) +(expandtypeattribute (exported_system_prop_28_0) true) +(expandtypeattribute (exported_system_radio_prop_28_0) true) +(expandtypeattribute (exported_vold_prop_28_0) true) +(expandtypeattribute (exported_wifi_prop_28_0) true) +(expandtypeattribute (ffs_prop_28_0) true) +(expandtypeattribute (file_contexts_file_28_0) true) +(expandtypeattribute (fingerprintd_28_0) true) +(expandtypeattribute (fingerprintd_data_file_28_0) true) +(expandtypeattribute (fingerprintd_exec_28_0) true) +(expandtypeattribute (fingerprintd_service_28_0) true) +(expandtypeattribute (fingerprint_prop_28_0) true) +(expandtypeattribute (fingerprint_service_28_0) true) +(expandtypeattribute (fingerprint_vendor_data_file_28_0) true) +(expandtypeattribute (firstboot_prop_28_0) true) +(expandtypeattribute (font_service_28_0) true) +(expandtypeattribute (frp_block_device_28_0) true) +(expandtypeattribute (fs_bpf_28_0) true) +(expandtypeattribute (fsck_28_0) true) +(expandtypeattribute (fsck_exec_28_0) true) +(expandtypeattribute (fscklogs_28_0) true) +(expandtypeattribute (fsck_untrusted_28_0) true) +(expandtypeattribute (full_device_28_0) true) +(expandtypeattribute (functionfs_28_0) true) +(expandtypeattribute (fuse_28_0) true) +(expandtypeattribute (fuse_device_28_0) true) +(expandtypeattribute (fwk_display_hwservice_28_0) true) +(expandtypeattribute (fwk_scheduler_hwservice_28_0) true) +(expandtypeattribute (fwk_sensor_hwservice_28_0) true) +(expandtypeattribute (fwmarkd_socket_28_0) true) +(expandtypeattribute (gatekeeperd_28_0) true) +(expandtypeattribute (gatekeeper_data_file_28_0) true) +(expandtypeattribute (gatekeeperd_exec_28_0) true) +(expandtypeattribute (gatekeeper_service_28_0) true) +(expandtypeattribute (gfxinfo_service_28_0) true) +(expandtypeattribute (gps_control_28_0) true) +(expandtypeattribute (gpu_device_28_0) true) +(expandtypeattribute (gpu_service_28_0) true) +(expandtypeattribute (graphics_device_28_0) true) +(expandtypeattribute (graphicsstats_service_28_0) true) +(expandtypeattribute (hal_audiocontrol_hwservice_28_0) true) +(expandtypeattribute (hal_audio_hwservice_28_0) true) +(expandtypeattribute (hal_authsecret_hwservice_28_0) true) +(expandtypeattribute (hal_bluetooth_hwservice_28_0) true) +(expandtypeattribute (hal_bootctl_hwservice_28_0) true) +(expandtypeattribute (hal_broadcastradio_hwservice_28_0) true) +(expandtypeattribute (hal_camera_hwservice_28_0) true) +(expandtypeattribute (hal_cas_hwservice_28_0) true) +(expandtypeattribute (hal_codec2_hwservice_28_0) true) +(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_28_0) true) +(expandtypeattribute (hal_confirmationui_hwservice_28_0) true) +(expandtypeattribute (hal_contexthub_hwservice_28_0) true) +(expandtypeattribute (hal_drm_hwservice_28_0) true) +(expandtypeattribute (hal_dumpstate_hwservice_28_0) true) +(expandtypeattribute (hal_evs_hwservice_28_0) true) +(expandtypeattribute (hal_fingerprint_hwservice_28_0) true) +(expandtypeattribute (hal_fingerprint_service_28_0) true) +(expandtypeattribute (hal_gatekeeper_hwservice_28_0) true) +(expandtypeattribute (hal_gnss_hwservice_28_0) true) +(expandtypeattribute (hal_graphics_allocator_hwservice_28_0) true) +(expandtypeattribute (hal_graphics_composer_hwservice_28_0) true) +(expandtypeattribute (hal_graphics_mapper_hwservice_28_0) true) +(expandtypeattribute (hal_health_hwservice_28_0) true) +(expandtypeattribute (hal_ir_hwservice_28_0) true) +(expandtypeattribute (hal_keymaster_hwservice_28_0) true) +(expandtypeattribute (hal_light_hwservice_28_0) true) +(expandtypeattribute (hal_lowpan_hwservice_28_0) true) +(expandtypeattribute (hal_memtrack_hwservice_28_0) true) +(expandtypeattribute (hal_neuralnetworks_hwservice_28_0) true) +(expandtypeattribute (hal_nfc_hwservice_28_0) true) +(expandtypeattribute (hal_oemlock_hwservice_28_0) true) +(expandtypeattribute (hal_omx_hwservice_28_0) true) +(expandtypeattribute (hal_power_hwservice_28_0) true) +(expandtypeattribute (hal_renderscript_hwservice_28_0) true) +(expandtypeattribute (hal_secure_element_hwservice_28_0) true) +(expandtypeattribute (hal_sensors_hwservice_28_0) true) +(expandtypeattribute (hal_telephony_hwservice_28_0) true) +(expandtypeattribute (hal_tetheroffload_hwservice_28_0) true) +(expandtypeattribute (hal_thermal_hwservice_28_0) true) +(expandtypeattribute (hal_tv_cec_hwservice_28_0) true) +(expandtypeattribute (hal_tv_input_hwservice_28_0) true) +(expandtypeattribute (hal_usb_gadget_hwservice_28_0) true) +(expandtypeattribute (hal_usb_hwservice_28_0) true) +(expandtypeattribute (hal_vehicle_hwservice_28_0) true) +(expandtypeattribute (hal_vibrator_hwservice_28_0) true) +(expandtypeattribute (hal_vr_hwservice_28_0) true) +(expandtypeattribute (hal_weaver_hwservice_28_0) true) +(expandtypeattribute (hal_wifi_hostapd_hwservice_28_0) true) +(expandtypeattribute (hal_wifi_hwservice_28_0) true) +(expandtypeattribute (hal_wifi_offload_hwservice_28_0) true) +(expandtypeattribute (hal_wifi_supplicant_hwservice_28_0) true) +(expandtypeattribute (hardware_properties_service_28_0) true) +(expandtypeattribute (hardware_service_28_0) true) +(expandtypeattribute (hci_attach_dev_28_0) true) +(expandtypeattribute (hdmi_control_service_28_0) true) +(expandtypeattribute (healthd_28_0) true) +(expandtypeattribute (healthd_exec_28_0) true) +(expandtypeattribute (heapdump_data_file_28_0) true) +(expandtypeattribute (hidl_allocator_hwservice_28_0) true) +(expandtypeattribute (hidl_base_hwservice_28_0) true) +(expandtypeattribute (hidl_manager_hwservice_28_0) true) +(expandtypeattribute (hidl_memory_hwservice_28_0) true) +(expandtypeattribute (hidl_token_hwservice_28_0) true) +(expandtypeattribute (hwbinder_device_28_0) true) +(expandtypeattribute (hw_random_device_28_0) true) +(expandtypeattribute (hwservice_contexts_file_28_0) true) +(expandtypeattribute (hwservicemanager_28_0) true) +(expandtypeattribute (hwservicemanager_exec_28_0) true) +(expandtypeattribute (hwservicemanager_prop_28_0) true) +(expandtypeattribute (i2c_device_28_0) true) +(expandtypeattribute (icon_file_28_0) true) +(expandtypeattribute (idmap_28_0) true) +(expandtypeattribute (idmap_exec_28_0) true) +(expandtypeattribute (iio_device_28_0) true) +(expandtypeattribute (imms_service_28_0) true) +(expandtypeattribute (incident_28_0) true) +(expandtypeattribute (incidentd_28_0) true) +(expandtypeattribute (incident_data_file_28_0) true) +(expandtypeattribute (incident_helper_28_0) true) +(expandtypeattribute (incident_service_28_0) true) +(expandtypeattribute (init_28_0) true) +(expandtypeattribute (init_exec_28_0) true) +(expandtypeattribute (inotify_28_0) true) +(expandtypeattribute (input_device_28_0) true) +(expandtypeattribute (inputflinger_28_0) true) +(expandtypeattribute (inputflinger_exec_28_0) true) +(expandtypeattribute (inputflinger_service_28_0) true) +(expandtypeattribute (input_method_service_28_0) true) +(expandtypeattribute (input_service_28_0) true) +(expandtypeattribute (installd_28_0) true) +(expandtypeattribute (install_data_file_28_0) true) +(expandtypeattribute (installd_exec_28_0) true) +(expandtypeattribute (installd_service_28_0) true) +(expandtypeattribute (install_recovery_28_0) true) +(expandtypeattribute (install_recovery_exec_28_0) true) +(expandtypeattribute (ion_device_28_0) true) +(expandtypeattribute (IProxyService_service_28_0) true) +(expandtypeattribute (ipsec_service_28_0) true) +(expandtypeattribute (isolated_app_28_0) true) +(expandtypeattribute (jobscheduler_service_28_0) true) +(expandtypeattribute (kernel_28_0) true) +(expandtypeattribute (keychain_data_file_28_0) true) +(expandtypeattribute (keychord_device_28_0) true) +(expandtypeattribute (keystore_28_0) true) +(expandtypeattribute (keystore_data_file_28_0) true) +(expandtypeattribute (keystore_exec_28_0) true) +(expandtypeattribute (keystore_service_28_0) true) +(expandtypeattribute (kmem_device_28_0) true) +(expandtypeattribute (kmsg_debug_device_28_0) true) +(expandtypeattribute (kmsg_device_28_0) true) +(expandtypeattribute (labeledfs_28_0) true) +(expandtypeattribute (last_boot_reason_prop_28_0) true) +(expandtypeattribute (launcherapps_service_28_0) true) +(expandtypeattribute (lmkd_28_0) true) +(expandtypeattribute (lmkd_exec_28_0) true) +(expandtypeattribute (lmkd_socket_28_0) true) +(expandtypeattribute (location_service_28_0) true) +(expandtypeattribute (lock_settings_service_28_0) true) +(expandtypeattribute (logcat_exec_28_0) true) +(expandtypeattribute (logd_28_0) true) +(expandtypeattribute (logd_exec_28_0) true) +(expandtypeattribute (logd_prop_28_0) true) +(expandtypeattribute (logdr_socket_28_0) true) +(expandtypeattribute (logd_socket_28_0) true) +(expandtypeattribute (logdw_socket_28_0) true) +(expandtypeattribute (logpersist_28_0) true) +(expandtypeattribute (logpersistd_logging_prop_28_0) true) +(expandtypeattribute (log_prop_28_0) true) +(expandtypeattribute (log_tag_prop_28_0) true) +(expandtypeattribute (loop_control_device_28_0) true) +(expandtypeattribute (loop_device_28_0) true) +(expandtypeattribute (lowpan_device_28_0) true) +(expandtypeattribute (lowpan_prop_28_0) true) +(expandtypeattribute (lowpan_service_28_0) true) +(expandtypeattribute (mac_perms_file_28_0) true) +(expandtypeattribute (mdnsd_28_0) true) +(expandtypeattribute (mdnsd_socket_28_0) true) +(expandtypeattribute (mdns_socket_28_0) true) +(expandtypeattribute (mediacodec_28_0) true) +(expandtypeattribute (mediacodec_exec_28_0) true) +(expandtypeattribute (mediacodec_service_28_0) true) +(expandtypeattribute (media_data_file_28_0) true) +(expandtypeattribute (mediadrmserver_28_0) true) +(expandtypeattribute (mediadrmserver_exec_28_0) true) +(expandtypeattribute (mediadrmserver_service_28_0) true) +(expandtypeattribute (mediaextractor_28_0) true) +(expandtypeattribute (mediaextractor_exec_28_0) true) +(expandtypeattribute (mediaextractor_service_28_0) true) +(expandtypeattribute (mediaextractor_update_service_28_0) true) +(expandtypeattribute (mediametrics_28_0) true) +(expandtypeattribute (mediametrics_exec_28_0) true) +(expandtypeattribute (mediametrics_service_28_0) true) +(expandtypeattribute (media_projection_service_28_0) true) +(expandtypeattribute (mediaprovider_28_0) true) +(expandtypeattribute (media_router_service_28_0) true) +(expandtypeattribute (media_rw_data_file_28_0) true) +(expandtypeattribute (mediaserver_28_0) true) +(expandtypeattribute (mediaserver_exec_28_0) true) +(expandtypeattribute (mediaserver_service_28_0) true) +(expandtypeattribute (media_session_service_28_0) true) +(expandtypeattribute (meminfo_service_28_0) true) +(expandtypeattribute (metadata_block_device_28_0) true) +(expandtypeattribute (metadata_file_28_0) true) +(expandtypeattribute (method_trace_data_file_28_0) true) +(expandtypeattribute (midi_service_28_0) true) +(expandtypeattribute (misc_block_device_28_0) true) +(expandtypeattribute (misc_logd_file_28_0) true) +(expandtypeattribute (misc_user_data_file_28_0) true) +(expandtypeattribute (mmc_prop_28_0) true) +(expandtypeattribute (mnt_expand_file_28_0) true) +(expandtypeattribute (mnt_media_rw_file_28_0) true) +(expandtypeattribute (mnt_media_rw_stub_file_28_0) true) +(expandtypeattribute (mnt_user_file_28_0) true) +(expandtypeattribute (mnt_vendor_file_28_0) true) +(expandtypeattribute (modprobe_28_0) true) +(expandtypeattribute (mount_service_28_0) true) +(expandtypeattribute (mqueue_28_0) true) +(expandtypeattribute (mtd_device_28_0) true) +(expandtypeattribute (mtp_28_0) true) +(expandtypeattribute (mtp_device_28_0) true) +(expandtypeattribute (mtpd_socket_28_0) true) +(expandtypeattribute (mtp_exec_28_0) true) +(expandtypeattribute (nativetest_data_file_28_0) true) +(expandtypeattribute (netd_28_0) true) +(expandtypeattribute (net_data_file_28_0) true) +(expandtypeattribute (netd_exec_28_0) true) +(expandtypeattribute (netd_listener_service_28_0) true) +(expandtypeattribute (net_dns_prop_28_0) true) +(expandtypeattribute (netd_service_28_0) true) +(expandtypeattribute (netd_socket_28_0) true) +(expandtypeattribute (netd_stable_secret_prop_28_0) true) +(expandtypeattribute (netif_28_0) true) +(expandtypeattribute (netpolicy_service_28_0) true) +(expandtypeattribute (net_radio_prop_28_0) true) +(expandtypeattribute (netstats_service_28_0) true) +(expandtypeattribute (netutils_wrapper_28_0) true) +(expandtypeattribute (netutils_wrapper_exec_28_0) true) +(expandtypeattribute (network_management_service_28_0) true) +(expandtypeattribute (network_score_service_28_0) true) +(expandtypeattribute (network_time_update_service_28_0) true) +(expandtypeattribute (network_watchlist_data_file_28_0) true) +(expandtypeattribute (network_watchlist_service_28_0) true) +(expandtypeattribute (nfc_28_0) true) +(expandtypeattribute (nfc_data_file_28_0) true) +(expandtypeattribute (nfc_device_28_0) true) +(expandtypeattribute (nfc_prop_28_0) true) +(expandtypeattribute (nfc_service_28_0) true) +(expandtypeattribute (node_28_0) true) +(expandtypeattribute (nonplat_service_contexts_file_28_0) true) +(expandtypeattribute (notification_service_28_0) true) +(expandtypeattribute (null_device_28_0) true) +(expandtypeattribute (oemfs_28_0) true) +(expandtypeattribute (oem_lock_service_28_0) true) +(expandtypeattribute (ota_data_file_28_0) true) +(expandtypeattribute (otadexopt_service_28_0) true) +(expandtypeattribute (ota_package_file_28_0) true) +(expandtypeattribute (otapreopt_chroot_28_0) true) +(expandtypeattribute (otapreopt_chroot_exec_28_0) true) +(expandtypeattribute (otapreopt_slot_28_0) true) +(expandtypeattribute (otapreopt_slot_exec_28_0) true) +(expandtypeattribute (overlay_prop_28_0) true) +(expandtypeattribute (overlay_service_28_0) true) +(expandtypeattribute (owntty_device_28_0) true) +(expandtypeattribute (package_native_service_28_0) true) +(expandtypeattribute (package_service_28_0) true) +(expandtypeattribute (pan_result_prop_28_0) true) +(expandtypeattribute (pdx_bufferhub_client_channel_socket_28_0) true) +(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_bufferhub_dir_28_0) true) +(expandtypeattribute (pdx_display_client_channel_socket_28_0) true) +(expandtypeattribute (pdx_display_client_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_display_dir_28_0) true) +(expandtypeattribute (pdx_display_manager_channel_socket_28_0) true) +(expandtypeattribute (pdx_display_manager_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_display_screenshot_channel_socket_28_0) true) +(expandtypeattribute (pdx_display_screenshot_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_display_vsync_channel_socket_28_0) true) +(expandtypeattribute (pdx_display_vsync_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_performance_client_channel_socket_28_0) true) +(expandtypeattribute (pdx_performance_client_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_performance_dir_28_0) true) +(expandtypeattribute (performanced_28_0) true) +(expandtypeattribute (performanced_exec_28_0) true) +(expandtypeattribute (permission_service_28_0) true) +(expandtypeattribute (persist_debug_prop_28_0) true) +(expandtypeattribute (persistent_data_block_service_28_0) true) +(expandtypeattribute (persistent_properties_ready_prop_28_0) true) +(expandtypeattribute (pinner_service_28_0) true) +(expandtypeattribute (pipefs_28_0) true) +(expandtypeattribute (platform_app_28_0) true) +(expandtypeattribute (pm_prop_28_0) true) +(expandtypeattribute (pmsg_device_28_0) true) +(expandtypeattribute (port_28_0) true) +(expandtypeattribute (port_device_28_0) true) +(expandtypeattribute (postinstall_28_0) true) +(expandtypeattribute (postinstall_dexopt_28_0) true) +(expandtypeattribute (postinstall_file_28_0) true) +(expandtypeattribute (postinstall_mnt_dir_28_0) true) +(expandtypeattribute (powerctl_prop_28_0) true) +(expandtypeattribute (power_service_28_0) true) +(expandtypeattribute (ppp_28_0) true) +(expandtypeattribute (ppp_device_28_0) true) +(expandtypeattribute (ppp_exec_28_0) true) +(expandtypeattribute (preloads_data_file_28_0) true) +(expandtypeattribute (preloads_media_file_28_0) true) +(expandtypeattribute (preopt2cachename_28_0) true) +(expandtypeattribute (preopt2cachename_exec_28_0) true) +(expandtypeattribute (print_service_28_0) true) +(expandtypeattribute (priv_app_28_0) true) +(expandtypeattribute (proc_28_0) true) +(expandtypeattribute (proc_abi_28_0) true) +(expandtypeattribute (proc_asound_28_0) true) +(expandtypeattribute (proc_bluetooth_writable_28_0) true) +(expandtypeattribute (proc_buddyinfo_28_0) true) +(expandtypeattribute (proc_cmdline_28_0) true) +(expandtypeattribute (proc_cpuinfo_28_0) true) +(expandtypeattribute (proc_dirty_28_0) true) +(expandtypeattribute (proc_diskstats_28_0) true) +(expandtypeattribute (proc_drop_caches_28_0) true) +(expandtypeattribute (processinfo_service_28_0) true) +(expandtypeattribute (proc_extra_free_kbytes_28_0) true) +(expandtypeattribute (proc_filesystems_28_0) true) +(expandtypeattribute (proc_hostname_28_0) true) +(expandtypeattribute (proc_hung_task_28_0) true) +(expandtypeattribute (proc_interrupts_28_0) true) +(expandtypeattribute (proc_iomem_28_0) true) +(expandtypeattribute (proc_kmsg_28_0) true) +(expandtypeattribute (proc_loadavg_28_0) true) +(expandtypeattribute (proc_max_map_count_28_0) true) +(expandtypeattribute (proc_meminfo_28_0) true) +(expandtypeattribute (proc_min_free_order_shift_28_0) true) +(expandtypeattribute (proc_misc_28_0) true) +(expandtypeattribute (proc_modules_28_0) true) +(expandtypeattribute (proc_mounts_28_0) true) +(expandtypeattribute (proc_net_28_0) true) +(expandtypeattribute (proc_overcommit_memory_28_0) true) +(expandtypeattribute (proc_page_cluster_28_0) true) +(expandtypeattribute (proc_pagetypeinfo_28_0) true) +(expandtypeattribute (proc_panic_28_0) true) +(expandtypeattribute (proc_perf_28_0) true) +(expandtypeattribute (proc_pid_max_28_0) true) +(expandtypeattribute (proc_pipe_conf_28_0) true) +(expandtypeattribute (proc_qtaguid_stat_28_0) true) +(expandtypeattribute (proc_random_28_0) true) +(expandtypeattribute (proc_sched_28_0) true) +(expandtypeattribute (proc_security_28_0) true) +(expandtypeattribute (proc_stat_28_0) true) +(expandtypeattribute (procstats_service_28_0) true) +(expandtypeattribute (proc_swaps_28_0) true) +(expandtypeattribute (proc_sysrq_28_0) true) +(expandtypeattribute (proc_timer_28_0) true) +(expandtypeattribute (proc_tty_drivers_28_0) true) +(expandtypeattribute (proc_uid_concurrent_active_time_28_0) true) +(expandtypeattribute (proc_uid_concurrent_policy_time_28_0) true) +(expandtypeattribute (proc_uid_cpupower_28_0) true) +(expandtypeattribute (proc_uid_cputime_removeuid_28_0) true) +(expandtypeattribute (proc_uid_cputime_showstat_28_0) true) +(expandtypeattribute (proc_uid_io_stats_28_0) true) +(expandtypeattribute (proc_uid_procstat_set_28_0) true) +(expandtypeattribute (proc_uid_time_in_state_28_0) true) +(expandtypeattribute (proc_uptime_28_0) true) +(expandtypeattribute (proc_version_28_0) true) +(expandtypeattribute (proc_vmallocinfo_28_0) true) +(expandtypeattribute (proc_vmstat_28_0) true) +(expandtypeattribute (proc_zoneinfo_28_0) true) +(expandtypeattribute (profman_28_0) true) +(expandtypeattribute (profman_dump_data_file_28_0) true) +(expandtypeattribute (profman_exec_28_0) true) +(expandtypeattribute (properties_device_28_0) true) +(expandtypeattribute (properties_serial_28_0) true) +(expandtypeattribute (property_contexts_file_28_0) true) +(expandtypeattribute (property_data_file_28_0) true) +(expandtypeattribute (property_info_28_0) true) +(expandtypeattribute (property_socket_28_0) true) +(expandtypeattribute (pstorefs_28_0) true) +(expandtypeattribute (ptmx_device_28_0) true) +(expandtypeattribute (qtaguid_device_28_0) true) +(expandtypeattribute (qtaguid_proc_28_0) true) +(expandtypeattribute (racoon_28_0) true) +(expandtypeattribute (racoon_exec_28_0) true) +(expandtypeattribute (racoon_socket_28_0) true) +(expandtypeattribute (radio_28_0) true) +(expandtypeattribute (radio_data_file_28_0) true) +(expandtypeattribute (radio_device_28_0) true) +(expandtypeattribute (radio_prop_28_0) true) +(expandtypeattribute (radio_service_28_0) true) +(expandtypeattribute (ram_device_28_0) true) +(expandtypeattribute (random_device_28_0) true) +(expandtypeattribute (recovery_28_0) true) +(expandtypeattribute (recovery_block_device_28_0) true) +(expandtypeattribute (recovery_data_file_28_0) true) +(expandtypeattribute (recovery_persist_28_0) true) +(expandtypeattribute (recovery_persist_exec_28_0) true) +(expandtypeattribute (recovery_refresh_28_0) true) +(expandtypeattribute (recovery_refresh_exec_28_0) true) +(expandtypeattribute (recovery_service_28_0) true) +(expandtypeattribute (registry_service_28_0) true) +(expandtypeattribute (resourcecache_data_file_28_0) true) +(expandtypeattribute (restorecon_prop_28_0) true) +(expandtypeattribute (restrictions_service_28_0) true) +(expandtypeattribute (rild_debug_socket_28_0) true) +(expandtypeattribute (rild_socket_28_0) true) +(expandtypeattribute (ringtone_file_28_0) true) +(expandtypeattribute (root_block_device_28_0) true) +(expandtypeattribute (rootfs_28_0) true) +(expandtypeattribute (rpmsg_device_28_0) true) +(expandtypeattribute (rtc_device_28_0) true) +(expandtypeattribute (rttmanager_service_28_0) true) +(expandtypeattribute (runas_28_0) true) +(expandtypeattribute (runas_exec_28_0) true) +(expandtypeattribute (runtime_event_log_tags_file_28_0) true) +(expandtypeattribute (safemode_prop_28_0) true) +(expandtypeattribute (same_process_hal_file_28_0) true) +(expandtypeattribute (samplingprofiler_service_28_0) true) +(expandtypeattribute (scheduling_policy_service_28_0) true) +(expandtypeattribute (sdcardd_28_0) true) +(expandtypeattribute (sdcardd_exec_28_0) true) +(expandtypeattribute (sdcardfs_28_0) true) +(expandtypeattribute (seapp_contexts_file_28_0) true) +(expandtypeattribute (search_service_28_0) true) +(expandtypeattribute (sec_key_att_app_id_provider_service_28_0) true) +(expandtypeattribute (secure_element_28_0) true) +(expandtypeattribute (secure_element_device_28_0) true) +(expandtypeattribute (secure_element_service_28_0) true) +(expandtypeattribute (selinuxfs_28_0) true) +(expandtypeattribute (sensors_device_28_0) true) +(expandtypeattribute (sensorservice_service_28_0) true) +(expandtypeattribute (sepolicy_file_28_0) true) +(expandtypeattribute (serial_device_28_0) true) +(expandtypeattribute (serialno_prop_28_0) true) +(expandtypeattribute (serial_service_28_0) true) +(expandtypeattribute (service_contexts_file_28_0) true) +(expandtypeattribute (servicediscovery_service_28_0) true) +(expandtypeattribute (servicemanager_28_0) true) +(expandtypeattribute (servicemanager_exec_28_0) true) +(expandtypeattribute (settings_service_28_0) true) +(expandtypeattribute (sgdisk_28_0) true) +(expandtypeattribute (sgdisk_exec_28_0) true) +(expandtypeattribute (shared_relro_28_0) true) +(expandtypeattribute (shared_relro_file_28_0) true) +(expandtypeattribute (shell_28_0) true) +(expandtypeattribute (shell_data_file_28_0) true) +(expandtypeattribute (shell_exec_28_0) true) +(expandtypeattribute (shell_prop_28_0) true) +(expandtypeattribute (shm_28_0) true) +(expandtypeattribute (shortcut_manager_icons_28_0) true) +(expandtypeattribute (shortcut_service_28_0) true) +(expandtypeattribute (slice_service_28_0) true) +(expandtypeattribute (slideshow_28_0) true) +(expandtypeattribute (socket_device_28_0) true) +(expandtypeattribute (sockfs_28_0) true) +(expandtypeattribute (statusbar_service_28_0) true) +(expandtypeattribute (storaged_service_28_0) true) +(expandtypeattribute (storage_file_28_0) true) +(expandtypeattribute (storagestats_service_28_0) true) +(expandtypeattribute (storage_stub_file_28_0) true) +(expandtypeattribute (su_28_0) true) +(expandtypeattribute (su_exec_28_0) true) +(expandtypeattribute (surfaceflinger_28_0) true) +(expandtypeattribute (surfaceflinger_service_28_0) true) +(expandtypeattribute (swap_block_device_28_0) true) +(expandtypeattribute (sysfs_28_0) true) +(expandtypeattribute (sysfs_android_usb_28_0) true) +(expandtypeattribute (sysfs_batteryinfo_28_0) true) +(expandtypeattribute (sysfs_bluetooth_writable_28_0) true) +(expandtypeattribute (sysfs_devices_system_cpu_28_0) true) +(expandtypeattribute (sysfs_dm_28_0) true) +(expandtypeattribute (sysfs_dt_firmware_android_28_0) true) +(expandtypeattribute (sysfs_fs_ext4_features_28_0) true) +(expandtypeattribute (sysfs_hwrandom_28_0) true) +(expandtypeattribute (sysfs_ipv4_28_0) true) +(expandtypeattribute (sysfs_kernel_notes_28_0) true) +(expandtypeattribute (sysfs_leds_28_0) true) +(expandtypeattribute (sysfs_lowmemorykiller_28_0) true) +(expandtypeattribute (sysfs_mac_address_28_0) true) +(expandtypeattribute (sysfs_net_28_0) true) +(expandtypeattribute (sysfs_nfc_power_writable_28_0) true) +(expandtypeattribute (sysfs_power_28_0) true) +(expandtypeattribute (sysfs_rtc_28_0) true) +(expandtypeattribute (sysfs_switch_28_0) true) +(expandtypeattribute (sysfs_thermal_28_0) true) +(expandtypeattribute (sysfs_uio_28_0) true) +(expandtypeattribute (sysfs_usb_28_0) true) +(expandtypeattribute (sysfs_usermodehelper_28_0) true) +(expandtypeattribute (sysfs_vibrator_28_0) true) +(expandtypeattribute (sysfs_wake_lock_28_0) true) +(expandtypeattribute (sysfs_wakeup_reasons_28_0) true) +(expandtypeattribute (sysfs_wlan_fwpath_28_0) true) +(expandtypeattribute (sysfs_zram_28_0) true) +(expandtypeattribute (sysfs_zram_uevent_28_0) true) +(expandtypeattribute (system_app_28_0) true) +(expandtypeattribute (system_app_data_file_28_0) true) +(expandtypeattribute (system_app_service_28_0) true) +(expandtypeattribute (system_block_device_28_0) true) +(expandtypeattribute (system_boot_reason_prop_28_0) true) +(expandtypeattribute (system_data_file_28_0) true) +(expandtypeattribute (system_file_28_0) true) +(expandtypeattribute (systemkeys_data_file_28_0) true) +(expandtypeattribute (system_ndebug_socket_28_0) true) +(expandtypeattribute (system_net_netd_hwservice_28_0) true) +(expandtypeattribute (system_prop_28_0) true) +(expandtypeattribute (system_radio_prop_28_0) true) +(expandtypeattribute (system_server_28_0) true) +(expandtypeattribute (system_update_service_28_0) true) +(expandtypeattribute (system_wifi_keystore_hwservice_28_0) true) +(expandtypeattribute (system_wpa_socket_28_0) true) +(expandtypeattribute (task_service_28_0) true) +(expandtypeattribute (tee_28_0) true) +(expandtypeattribute (tee_data_file_28_0) true) +(expandtypeattribute (tee_device_28_0) true) +(expandtypeattribute (telecom_service_28_0) true) +(expandtypeattribute (test_boot_reason_prop_28_0) true) +(expandtypeattribute (textclassification_service_28_0) true) +(expandtypeattribute (textclassifier_data_file_28_0) true) +(expandtypeattribute (textservices_service_28_0) true) +(expandtypeattribute (thermalcallback_hwservice_28_0) true) +(expandtypeattribute (thermal_service_28_0) true) +(expandtypeattribute (timezone_service_28_0) true) +(expandtypeattribute (tmpfs_28_0) true) +(expandtypeattribute (tombstoned_28_0) true) +(expandtypeattribute (tombstone_data_file_28_0) true) +(expandtypeattribute (tombstoned_crash_socket_28_0) true) +(expandtypeattribute (tombstoned_exec_28_0) true) +(expandtypeattribute (tombstoned_intercept_socket_28_0) true) +(expandtypeattribute (tombstoned_java_trace_socket_28_0) true) +(expandtypeattribute (tombstone_wifi_data_file_28_0) true) +(expandtypeattribute (toolbox_28_0) true) +(expandtypeattribute (toolbox_exec_28_0) true) +(expandtypeattribute (trace_data_file_28_0) true) +(expandtypeattribute (traced_consumer_socket_28_0) true) +(expandtypeattribute (traced_enabled_prop_28_0) true) +(expandtypeattribute (traced_probes_28_0) true) +(expandtypeattribute (traced_producer_socket_28_0) true) +(expandtypeattribute (traceur_app_28_0) true) +(expandtypeattribute (trust_service_28_0) true) +(expandtypeattribute (tty_device_28_0) true) +(expandtypeattribute (tun_device_28_0) true) +(expandtypeattribute (tv_input_service_28_0) true) +(expandtypeattribute (tzdatacheck_28_0) true) +(expandtypeattribute (tzdatacheck_exec_28_0) true) +(expandtypeattribute (ueventd_28_0) true) +(expandtypeattribute (uhid_device_28_0) true) +(expandtypeattribute (uimode_service_28_0) true) +(expandtypeattribute (uio_device_28_0) true) +(expandtypeattribute (uncrypt_28_0) true) +(expandtypeattribute (uncrypt_exec_28_0) true) +(expandtypeattribute (uncrypt_socket_28_0) true) +(expandtypeattribute (unencrypted_data_file_28_0) true) +(expandtypeattribute (unlabeled_28_0) true) +(expandtypeattribute (untrusted_app_25_28_0) true) +(expandtypeattribute (untrusted_app_27_28_0) true) +(expandtypeattribute (untrusted_app_28_0) true) +(expandtypeattribute (untrusted_v2_app_28_0) true) +(expandtypeattribute (update_engine_28_0) true) +(expandtypeattribute (update_engine_data_file_28_0) true) +(expandtypeattribute (update_engine_exec_28_0) true) +(expandtypeattribute (update_engine_log_data_file_28_0) true) +(expandtypeattribute (update_engine_service_28_0) true) +(expandtypeattribute (updatelock_service_28_0) true) +(expandtypeattribute (update_verifier_28_0) true) +(expandtypeattribute (update_verifier_exec_28_0) true) +(expandtypeattribute (usagestats_service_28_0) true) +(expandtypeattribute (usbaccessory_device_28_0) true) +(expandtypeattribute (usbd_28_0) true) +(expandtypeattribute (usb_device_28_0) true) +(expandtypeattribute (usbd_exec_28_0) true) +(expandtypeattribute (usbfs_28_0) true) +(expandtypeattribute (usb_service_28_0) true) +(expandtypeattribute (userdata_block_device_28_0) true) +(expandtypeattribute (usermodehelper_28_0) true) +(expandtypeattribute (user_profile_data_file_28_0) true) +(expandtypeattribute (user_service_28_0) true) +(expandtypeattribute (vcs_device_28_0) true) +(expandtypeattribute (vdc_28_0) true) +(expandtypeattribute (vdc_exec_28_0) true) +(expandtypeattribute (vendor_app_file_28_0) true) +(expandtypeattribute (vendor_configs_file_28_0) true) +(expandtypeattribute (vendor_data_file_28_0) true) +(expandtypeattribute (vendor_default_prop_28_0) true) +(expandtypeattribute (vendor_file_28_0) true) +(expandtypeattribute (vendor_framework_file_28_0) true) +(expandtypeattribute (vendor_hal_file_28_0) true) +(expandtypeattribute (vendor_init_28_0) true) +(expandtypeattribute (vendor_overlay_file_28_0) true) +(expandtypeattribute (vendor_security_patch_level_prop_28_0) true) +(expandtypeattribute (vendor_shell_28_0) true) +(expandtypeattribute (vendor_shell_exec_28_0) true) +(expandtypeattribute (vendor_toolbox_exec_28_0) true) +(expandtypeattribute (vfat_28_0) true) +(expandtypeattribute (vibrator_service_28_0) true) +(expandtypeattribute (video_device_28_0) true) +(expandtypeattribute (virtual_touchpad_28_0) true) +(expandtypeattribute (virtual_touchpad_exec_28_0) true) +(expandtypeattribute (virtual_touchpad_service_28_0) true) +(expandtypeattribute (vndbinder_device_28_0) true) +(expandtypeattribute (vndk_sp_file_28_0) true) +(expandtypeattribute (vndservice_contexts_file_28_0) true) +(expandtypeattribute (vndservicemanager_28_0) true) +(expandtypeattribute (voiceinteraction_service_28_0) true) +(expandtypeattribute (vold_28_0) true) +(expandtypeattribute (vold_data_file_28_0) true) +(expandtypeattribute (vold_device_28_0) true) +(expandtypeattribute (vold_exec_28_0) true) +(expandtypeattribute (vold_metadata_file_28_0) true) +(expandtypeattribute (vold_prepare_subdirs_28_0) true) +(expandtypeattribute (vold_prepare_subdirs_exec_28_0) true) +(expandtypeattribute (vold_prop_28_0) true) +(expandtypeattribute (vold_service_28_0) true) +(expandtypeattribute (vpn_data_file_28_0) true) +(expandtypeattribute (vr_hwc_28_0) true) +(expandtypeattribute (vr_hwc_exec_28_0) true) +(expandtypeattribute (vr_hwc_service_28_0) true) +(expandtypeattribute (vr_manager_service_28_0) true) +(expandtypeattribute (wallpaper_file_28_0) true) +(expandtypeattribute (wallpaper_service_28_0) true) +(expandtypeattribute (watchdogd_28_0) true) +(expandtypeattribute (watchdog_device_28_0) true) +(expandtypeattribute (webviewupdate_service_28_0) true) +(expandtypeattribute (webview_zygote_28_0) true) +(expandtypeattribute (webview_zygote_exec_28_0) true) +(expandtypeattribute (wifiaware_service_28_0) true) +(expandtypeattribute (wificond_28_0) true) +(expandtypeattribute (wificond_exec_28_0) true) +(expandtypeattribute (wificond_service_28_0) true) +(expandtypeattribute (wifi_data_file_28_0) true) +(expandtypeattribute (wifi_log_prop_28_0) true) +(expandtypeattribute (wifip2p_service_28_0) true) +(expandtypeattribute (wifi_prop_28_0) true) +(expandtypeattribute (wifiscanner_service_28_0) true) +(expandtypeattribute (wifi_service_28_0) true) +(expandtypeattribute (window_service_28_0) true) +(expandtypeattribute (wpantund_28_0) true) +(expandtypeattribute (wpantund_exec_28_0) true) +(expandtypeattribute (wpantund_service_28_0) true) +(expandtypeattribute (wpa_socket_28_0) true) +(expandtypeattribute (zero_device_28_0) true) +(expandtypeattribute (zoneinfo_data_file_28_0) true) +(expandtypeattribute (zygote_28_0) true) +(expandtypeattribute (zygote_exec_28_0) true) +(expandtypeattribute (zygote_socket_28_0) true) +(typeattributeset accessibility_service_28_0 (accessibility_service)) +(typeattributeset account_service_28_0 (account_service)) +(typeattributeset activity_service_28_0 (activity_service)) +(typeattributeset adbd_28_0 (adbd)) +(typeattributeset adb_data_file_28_0 (adb_data_file)) +(typeattributeset adbd_exec_28_0 (adbd_exec)) +(typeattributeset adbd_socket_28_0 (adbd_socket)) +(typeattributeset adb_keys_file_28_0 (adb_keys_file)) +(typeattributeset alarm_device_28_0 (alarm_device)) +(typeattributeset alarm_service_28_0 (alarm_service)) +(typeattributeset anr_data_file_28_0 (anr_data_file)) +(typeattributeset apk_data_file_28_0 (apk_data_file)) +(typeattributeset apk_private_data_file_28_0 (apk_private_data_file)) +(typeattributeset apk_private_tmp_file_28_0 (apk_private_tmp_file)) +(typeattributeset apk_tmp_file_28_0 (apk_tmp_file)) +(typeattributeset app_data_file_28_0 (app_data_file privapp_data_file)) +(typeattributeset app_fuse_file_28_0 (app_fuse_file)) +(typeattributeset app_fusefs_28_0 (app_fusefs)) +(typeattributeset appops_service_28_0 (appops_service)) +(typeattributeset appwidget_service_28_0 (appwidget_service)) +(typeattributeset asec_apk_file_28_0 (asec_apk_file)) +(typeattributeset asec_image_file_28_0 (asec_image_file)) +(typeattributeset asec_public_file_28_0 (asec_public_file)) +(typeattributeset ashmem_device_28_0 (ashmem_device)) +(typeattributeset assetatlas_service_28_0 (assetatlas_service)) +(typeattributeset audio_data_file_28_0 (audio_data_file)) +(typeattributeset audio_device_28_0 (audio_device)) +(typeattributeset audiohal_data_file_28_0 (audiohal_data_file)) +(typeattributeset audio_prop_28_0 (audio_prop)) +(typeattributeset audio_seq_device_28_0 (audio_seq_device)) +(typeattributeset audioserver_28_0 (audioserver)) +(typeattributeset audioserver_data_file_28_0 (audioserver_data_file)) +(typeattributeset audioserver_service_28_0 (audioserver_service)) +(typeattributeset audio_service_28_0 (audio_service)) +(typeattributeset audio_timer_device_28_0 (audio_timer_device)) +(typeattributeset autofill_service_28_0 (autofill_service)) +(typeattributeset backup_data_file_28_0 (backup_data_file)) +(typeattributeset backup_service_28_0 (backup_service)) +(typeattributeset batteryproperties_service_28_0 (batteryproperties_service)) +(typeattributeset battery_service_28_0 (battery_service)) +(typeattributeset batterystats_service_28_0 (batterystats_service)) +(typeattributeset binder_calls_stats_service_28_0 (binder_calls_stats_service)) +(typeattributeset binder_device_28_0 (binder_device)) +(typeattributeset binfmt_miscfs_28_0 (binfmt_miscfs)) +(typeattributeset blkid_28_0 (blkid)) +(typeattributeset blkid_untrusted_28_0 (blkid_untrusted)) +(typeattributeset block_device_28_0 (block_device)) +(typeattributeset bluetooth_28_0 (bluetooth)) +(typeattributeset bluetooth_a2dp_offload_prop_28_0 (bluetooth_a2dp_offload_prop)) +(typeattributeset bluetooth_data_file_28_0 (bluetooth_data_file)) +(typeattributeset bluetooth_efs_file_28_0 (bluetooth_efs_file)) +(typeattributeset bluetooth_logs_data_file_28_0 (bluetooth_logs_data_file)) +(typeattributeset bluetooth_manager_service_28_0 (bluetooth_manager_service)) +(typeattributeset bluetooth_prop_28_0 (bluetooth_prop)) +(typeattributeset bluetooth_service_28_0 (bluetooth_service)) +(typeattributeset bluetooth_socket_28_0 (bluetooth_socket)) +(typeattributeset bootanim_28_0 (bootanim)) +(typeattributeset bootanim_exec_28_0 (bootanim_exec)) +(typeattributeset boot_block_device_28_0 (boot_block_device)) +(typeattributeset bootchart_data_file_28_0 (bootchart_data_file)) +(typeattributeset bootloader_boot_reason_prop_28_0 (bootloader_boot_reason_prop)) +(typeattributeset bootstat_28_0 (bootstat)) +(typeattributeset bootstat_data_file_28_0 (bootstat_data_file)) +(typeattributeset bootstat_exec_28_0 (bootstat_exec)) +(typeattributeset boottime_prop_28_0 (boottime_prop)) +(typeattributeset boottrace_data_file_28_0 (boottrace_data_file)) +(typeattributeset broadcastradio_service_28_0 (broadcastradio_service)) +(typeattributeset bufferhubd_28_0 (bufferhubd)) +(typeattributeset bufferhubd_exec_28_0 (bufferhubd_exec)) +(typeattributeset cache_backup_file_28_0 (cache_backup_file)) +(typeattributeset cache_block_device_28_0 (cache_block_device)) +(typeattributeset cache_file_28_0 (cache_file)) +(typeattributeset cache_private_backup_file_28_0 (cache_private_backup_file)) +(typeattributeset cache_recovery_file_28_0 (cache_recovery_file)) +(typeattributeset camera_data_file_28_0 (camera_data_file)) +(typeattributeset camera_device_28_0 (camera_device)) +(typeattributeset cameraproxy_service_28_0 (cameraproxy_service)) +(typeattributeset cameraserver_28_0 (cameraserver)) +(typeattributeset cameraserver_exec_28_0 (cameraserver_exec)) +(typeattributeset cameraserver_service_28_0 (cameraserver_service)) +(typeattributeset cgroup_28_0 (cgroup)) +(typeattributeset cgroup_bpf_28_0 (cgroup_bpf)) +(typeattributeset charger_28_0 (charger)) +(typeattributeset clatd_28_0 (clatd)) +(typeattributeset clatd_exec_28_0 (clatd_exec)) +(typeattributeset clipboard_service_28_0 (clipboard_service)) +(typeattributeset commontime_management_service_28_0 (commontime_management_service)) +(typeattributeset companion_device_service_28_0 (companion_device_service)) +(typeattributeset configfs_28_0 (configfs)) +(typeattributeset config_prop_28_0 (config_prop)) +(typeattributeset connectivity_service_28_0 (connectivity_service)) +(typeattributeset connmetrics_service_28_0 (connmetrics_service)) +(typeattributeset console_device_28_0 (console_device)) +(typeattributeset consumer_ir_service_28_0 (consumer_ir_service)) +(typeattributeset content_service_28_0 (content_service)) +(typeattributeset contexthub_service_28_0 (contexthub_service)) +(typeattributeset coredump_file_28_0 (coredump_file)) +(typeattributeset country_detector_service_28_0 (country_detector_service)) +(typeattributeset coverage_service_28_0 (coverage_service)) +(typeattributeset cppreopt_prop_28_0 (cppreopt_prop)) +(typeattributeset cppreopts_28_0 (cppreopts)) +(typeattributeset cppreopts_exec_28_0 (cppreopts_exec)) +(typeattributeset cpuctl_device_28_0 (cpuctl_device)) +(typeattributeset cpuinfo_service_28_0 (cpuinfo_service)) +(typeattributeset crash_dump_28_0 (crash_dump)) +(typeattributeset crash_dump_exec_28_0 (crash_dump_exec)) +(typeattributeset crossprofileapps_service_28_0 (crossprofileapps_service)) +(typeattributeset ctl_bootanim_prop_28_0 (ctl_bootanim_prop)) +(typeattributeset ctl_bugreport_prop_28_0 (ctl_bugreport_prop)) +(typeattributeset ctl_console_prop_28_0 (ctl_console_prop)) +(typeattributeset ctl_default_prop_28_0 + ( ctl_adbd_prop + ctl_default_prop)) +(typeattributeset ctl_dumpstate_prop_28_0 (ctl_dumpstate_prop)) +(typeattributeset ctl_fuse_prop_28_0 (ctl_fuse_prop)) +(typeattributeset ctl_interface_restart_prop_28_0 (ctl_interface_restart_prop)) +(typeattributeset ctl_interface_start_prop_28_0 (ctl_interface_start_prop)) +(typeattributeset ctl_interface_stop_prop_28_0 (ctl_interface_stop_prop)) +(typeattributeset ctl_mdnsd_prop_28_0 (ctl_mdnsd_prop)) +(typeattributeset ctl_restart_prop_28_0 (ctl_restart_prop)) +(typeattributeset ctl_rildaemon_prop_28_0 (ctl_rildaemon_prop)) +(typeattributeset ctl_sigstop_prop_28_0 (ctl_sigstop_prop)) +(typeattributeset ctl_start_prop_28_0 (ctl_start_prop)) +(typeattributeset ctl_stop_prop_28_0 (ctl_stop_prop)) +(typeattributeset dalvikcache_data_file_28_0 (dalvikcache_data_file)) +(typeattributeset dalvik_prop_28_0 (dalvik_prop)) +(typeattributeset dbinfo_service_28_0 (dbinfo_service)) +(typeattributeset debugfs_28_0 (debugfs)) +(typeattributeset debugfs_mmc_28_0 (debugfs_mmc)) +(typeattributeset debugfs_trace_marker_28_0 (debugfs_trace_marker)) +(typeattributeset debugfs_tracing_28_0 (debugfs_tracing)) +(typeattributeset debugfs_tracing_debug_28_0 (debugfs_tracing_debug)) +(typeattributeset debugfs_tracing_instances_28_0 (debugfs_tracing_instances)) +(typeattributeset debugfs_wakeup_sources_28_0 (debugfs_wakeup_sources)) +(typeattributeset debugfs_wifi_tracing_28_0 (debugfs_wifi_tracing)) +(typeattributeset debuggerd_prop_28_0 (debuggerd_prop)) +(typeattributeset debug_prop_28_0 (debug_prop)) +(typeattributeset default_android_hwservice_28_0 (default_android_hwservice)) +(typeattributeset default_android_service_28_0 (default_android_service)) +(typeattributeset default_android_vndservice_28_0 (default_android_vndservice)) +(typeattributeset default_prop_28_0 (default_prop)) +(typeattributeset device_28_0 (device)) +(typeattributeset device_identifiers_service_28_0 (device_identifiers_service)) +(typeattributeset deviceidle_service_28_0 (deviceidle_service)) +(typeattributeset device_logging_prop_28_0 (device_logging_prop)) +(typeattributeset device_policy_service_28_0 (device_policy_service)) +(typeattributeset devicestoragemonitor_service_28_0 (devicestoragemonitor_service)) +(typeattributeset devpts_28_0 (devpts)) +(typeattributeset dex2oat_28_0 (dex2oat)) +(typeattributeset dex2oat_exec_28_0 (dex2oat_exec)) +(typeattributeset dhcp_28_0 (dhcp)) +(typeattributeset dhcp_data_file_28_0 (dhcp_data_file)) +(typeattributeset dhcp_exec_28_0 (dhcp_exec)) +(typeattributeset dhcp_prop_28_0 (dhcp_prop)) +(typeattributeset diskstats_service_28_0 (diskstats_service)) +(typeattributeset display_service_28_0 (display_service)) +(typeattributeset dm_device_28_0 (dm_device)) +(typeattributeset dnsmasq_28_0 (dnsmasq)) +(typeattributeset dnsmasq_exec_28_0 (dnsmasq_exec)) +(typeattributeset dnsproxyd_socket_28_0 (dnsproxyd_socket)) +(typeattributeset DockObserver_service_28_0 (DockObserver_service)) +(typeattributeset dreams_service_28_0 (dreams_service)) +(typeattributeset drm_data_file_28_0 (drm_data_file)) +(typeattributeset drmserver_28_0 (drmserver)) +(typeattributeset drmserver_exec_28_0 (drmserver_exec)) +(typeattributeset drmserver_service_28_0 (drmserver_service)) +(typeattributeset drmserver_socket_28_0 (drmserver_socket)) +(typeattributeset dropbox_service_28_0 (dropbox_service)) +(typeattributeset dumpstate_28_0 (dumpstate)) +(typeattributeset dumpstate_exec_28_0 (dumpstate_exec)) +(typeattributeset dumpstate_options_prop_28_0 (dumpstate_options_prop)) +(typeattributeset dumpstate_prop_28_0 (dumpstate_prop)) +(typeattributeset dumpstate_service_28_0 (dumpstate_service)) +(typeattributeset dumpstate_socket_28_0 (dumpstate_socket)) +(typeattributeset e2fs_28_0 (e2fs)) +(typeattributeset e2fs_exec_28_0 (e2fs_exec)) +(typeattributeset efs_file_28_0 (efs_file)) +(typeattributeset ephemeral_app_28_0 (ephemeral_app)) +(typeattributeset ethernet_service_28_0 (ethernet_service)) +(typeattributeset exfat_28_0 (exfat)) +(typeattributeset exported2_config_prop_28_0 (exported2_config_prop)) +(typeattributeset exported2_default_prop_28_0 (exported2_default_prop)) +(typeattributeset exported2_radio_prop_28_0 (exported2_radio_prop)) +(typeattributeset exported2_system_prop_28_0 (exported2_system_prop)) +(typeattributeset exported2_vold_prop_28_0 (exported2_vold_prop)) +(typeattributeset exported3_default_prop_28_0 (exported3_default_prop)) +(typeattributeset exported3_radio_prop_28_0 (exported3_radio_prop)) +(typeattributeset exported3_system_prop_28_0 (exported3_system_prop)) +(typeattributeset exported_audio_prop_28_0 (exported_audio_prop)) +(typeattributeset exported_bluetooth_prop_28_0 (exported_bluetooth_prop)) +(typeattributeset exported_config_prop_28_0 (exported_config_prop)) +(typeattributeset exported_dalvik_prop_28_0 (exported_dalvik_prop)) +(typeattributeset exported_default_prop_28_0 (exported_default_prop)) +(typeattributeset exported_dumpstate_prop_28_0 (exported_dumpstate_prop)) +(typeattributeset exported_ffs_prop_28_0 (exported_ffs_prop)) +(typeattributeset exported_fingerprint_prop_28_0 (exported_fingerprint_prop)) +(typeattributeset exported_overlay_prop_28_0 (exported_overlay_prop)) +(typeattributeset exported_pm_prop_28_0 (exported_pm_prop)) +(typeattributeset exported_radio_prop_28_0 (exported_radio_prop)) +(typeattributeset exported_secure_prop_28_0 (exported_secure_prop)) +(typeattributeset exported_system_prop_28_0 (exported_system_prop)) +(typeattributeset exported_system_radio_prop_28_0 (exported_system_radio_prop)) +(typeattributeset exported_vold_prop_28_0 (exported_vold_prop)) +(typeattributeset exported_wifi_prop_28_0 (exported_wifi_prop)) +(typeattributeset ffs_prop_28_0 (ffs_prop)) +(typeattributeset file_contexts_file_28_0 (file_contexts_file)) +(typeattributeset fingerprintd_28_0 (fingerprintd)) +(typeattributeset fingerprintd_data_file_28_0 (fingerprintd_data_file)) +(typeattributeset fingerprintd_exec_28_0 (fingerprintd_exec)) +(typeattributeset fingerprintd_service_28_0 (fingerprintd_service)) +(typeattributeset fingerprint_prop_28_0 (fingerprint_prop)) +(typeattributeset fingerprint_service_28_0 (fingerprint_service)) +(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file)) +(typeattributeset firstboot_prop_28_0 (firstboot_prop)) +(typeattributeset font_service_28_0 (font_service)) +(typeattributeset frp_block_device_28_0 (frp_block_device)) +(typeattributeset fs_bpf_28_0 (fs_bpf)) +(typeattributeset fsck_28_0 (fsck)) +(typeattributeset fsck_exec_28_0 (fsck_exec)) +(typeattributeset fscklogs_28_0 (fscklogs)) +(typeattributeset fsck_untrusted_28_0 (fsck_untrusted)) +(typeattributeset full_device_28_0 (full_device)) +(typeattributeset functionfs_28_0 (functionfs)) +(typeattributeset fuse_28_0 (fuse)) +(typeattributeset fuse_device_28_0 (fuse_device)) +(typeattributeset fwk_display_hwservice_28_0 (fwk_display_hwservice)) +(typeattributeset fwk_scheduler_hwservice_28_0 (fwk_scheduler_hwservice)) +(typeattributeset fwk_sensor_hwservice_28_0 (fwk_sensor_hwservice)) +(typeattributeset fwmarkd_socket_28_0 (fwmarkd_socket)) +(typeattributeset gatekeeperd_28_0 (gatekeeperd)) +(typeattributeset gatekeeper_data_file_28_0 (gatekeeper_data_file)) +(typeattributeset gatekeeperd_exec_28_0 (gatekeeperd_exec)) +(typeattributeset gatekeeper_service_28_0 (gatekeeper_service)) +(typeattributeset gfxinfo_service_28_0 (gfxinfo_service)) +(typeattributeset gps_control_28_0 (gps_control)) +(typeattributeset gpu_device_28_0 (gpu_device)) +(typeattributeset gpu_service_28_0 (gpu_service)) +(typeattributeset graphics_device_28_0 (graphics_device)) +(typeattributeset graphicsstats_service_28_0 (graphicsstats_service)) +(typeattributeset hal_audiocontrol_hwservice_28_0 (hal_audiocontrol_hwservice)) +(typeattributeset hal_audio_hwservice_28_0 (hal_audio_hwservice)) +(typeattributeset hal_authsecret_hwservice_28_0 (hal_authsecret_hwservice)) +(typeattributeset hal_bluetooth_hwservice_28_0 (hal_bluetooth_hwservice)) +(typeattributeset hal_bootctl_hwservice_28_0 (hal_bootctl_hwservice)) +(typeattributeset hal_broadcastradio_hwservice_28_0 (hal_broadcastradio_hwservice)) +(typeattributeset hal_camera_hwservice_28_0 (hal_camera_hwservice)) +(typeattributeset hal_cas_hwservice_28_0 (hal_cas_hwservice)) +(typeattributeset hal_codec2_hwservice_28_0 (hal_codec2_hwservice)) +(typeattributeset hal_configstore_ISurfaceFlingerConfigs_28_0 (hal_configstore_ISurfaceFlingerConfigs)) +(typeattributeset hal_confirmationui_hwservice_28_0 (hal_confirmationui_hwservice)) +(typeattributeset hal_contexthub_hwservice_28_0 (hal_contexthub_hwservice)) +(typeattributeset hal_drm_hwservice_28_0 (hal_drm_hwservice)) +(typeattributeset hal_dumpstate_hwservice_28_0 (hal_dumpstate_hwservice)) +(typeattributeset hal_evs_hwservice_28_0 (hal_evs_hwservice)) +(typeattributeset hal_fingerprint_hwservice_28_0 (hal_fingerprint_hwservice)) +(typeattributeset hal_fingerprint_service_28_0 (hal_fingerprint_service)) +(typeattributeset hal_gatekeeper_hwservice_28_0 (hal_gatekeeper_hwservice)) +(typeattributeset hal_gnss_hwservice_28_0 (hal_gnss_hwservice)) +(typeattributeset hal_graphics_allocator_hwservice_28_0 (hal_graphics_allocator_hwservice)) +(typeattributeset hal_graphics_composer_hwservice_28_0 (hal_graphics_composer_hwservice)) +(typeattributeset hal_graphics_mapper_hwservice_28_0 (hal_graphics_mapper_hwservice)) +(typeattributeset hal_health_hwservice_28_0 (hal_health_hwservice)) +(typeattributeset hal_ir_hwservice_28_0 (hal_ir_hwservice)) +(typeattributeset hal_keymaster_hwservice_28_0 (hal_keymaster_hwservice)) +(typeattributeset hal_light_hwservice_28_0 (hal_light_hwservice)) +(typeattributeset hal_lowpan_hwservice_28_0 (hal_lowpan_hwservice)) +(typeattributeset hal_memtrack_hwservice_28_0 (hal_memtrack_hwservice)) +(typeattributeset hal_neuralnetworks_hwservice_28_0 (hal_neuralnetworks_hwservice)) +(typeattributeset hal_nfc_hwservice_28_0 (hal_nfc_hwservice)) +(typeattributeset hal_oemlock_hwservice_28_0 (hal_oemlock_hwservice)) +(typeattributeset hal_omx_hwservice_28_0 (hal_omx_hwservice)) +(typeattributeset hal_power_hwservice_28_0 (hal_power_hwservice)) +(typeattributeset hal_renderscript_hwservice_28_0 (hal_renderscript_hwservice)) +(typeattributeset hal_secure_element_hwservice_28_0 (hal_secure_element_hwservice)) +(typeattributeset hal_sensors_hwservice_28_0 (hal_sensors_hwservice)) +(typeattributeset hal_telephony_hwservice_28_0 (hal_telephony_hwservice)) +(typeattributeset hal_tetheroffload_hwservice_28_0 (hal_tetheroffload_hwservice)) +(typeattributeset hal_thermal_hwservice_28_0 (hal_thermal_hwservice)) +(typeattributeset hal_tv_cec_hwservice_28_0 (hal_tv_cec_hwservice)) +(typeattributeset hal_tv_input_hwservice_28_0 (hal_tv_input_hwservice)) +(typeattributeset hal_usb_gadget_hwservice_28_0 (hal_usb_gadget_hwservice)) +(typeattributeset hal_usb_hwservice_28_0 (hal_usb_hwservice)) +(typeattributeset hal_vehicle_hwservice_28_0 (hal_vehicle_hwservice)) +(typeattributeset hal_vibrator_hwservice_28_0 (hal_vibrator_hwservice)) +(typeattributeset hal_vr_hwservice_28_0 (hal_vr_hwservice)) +(typeattributeset hal_weaver_hwservice_28_0 (hal_weaver_hwservice)) +(typeattributeset hal_wifi_hostapd_hwservice_28_0 (hal_wifi_hostapd_hwservice)) +(typeattributeset hal_wifi_hwservice_28_0 (hal_wifi_hwservice)) +(typeattributeset hal_wifi_offload_hwservice_28_0 (hal_wifi_offload_hwservice)) +(typeattributeset hal_wifi_supplicant_hwservice_28_0 (hal_wifi_supplicant_hwservice)) +(typeattributeset hardware_properties_service_28_0 (hardware_properties_service)) +(typeattributeset hardware_service_28_0 (hardware_service)) +(typeattributeset hci_attach_dev_28_0 (hci_attach_dev)) +(typeattributeset hdmi_control_service_28_0 (hdmi_control_service)) +(typeattributeset healthd_28_0 (healthd)) +(typeattributeset healthd_exec_28_0 (healthd_exec)) +(typeattributeset heapdump_data_file_28_0 (heapdump_data_file)) +(typeattributeset hidl_allocator_hwservice_28_0 (hidl_allocator_hwservice)) +(typeattributeset hidl_base_hwservice_28_0 (hidl_base_hwservice)) +(typeattributeset hidl_manager_hwservice_28_0 (hidl_manager_hwservice)) +(typeattributeset hidl_memory_hwservice_28_0 (hidl_memory_hwservice)) +(typeattributeset hidl_token_hwservice_28_0 (hidl_token_hwservice)) +(typeattributeset hwbinder_device_28_0 (hwbinder_device)) +(typeattributeset hw_random_device_28_0 (hw_random_device)) +(typeattributeset hwservice_contexts_file_28_0 (hwservice_contexts_file)) +(typeattributeset hwservicemanager_28_0 (hwservicemanager)) +(typeattributeset hwservicemanager_exec_28_0 (hwservicemanager_exec)) +(typeattributeset hwservicemanager_prop_28_0 (hwservicemanager_prop)) +(typeattributeset i2c_device_28_0 (i2c_device)) +(typeattributeset icon_file_28_0 (icon_file)) +(typeattributeset idmap_28_0 (idmap)) +(typeattributeset idmap_exec_28_0 (idmap_exec)) +(typeattributeset iio_device_28_0 (iio_device)) +(typeattributeset imms_service_28_0 (imms_service)) +(typeattributeset incident_28_0 (incident)) +(typeattributeset incidentd_28_0 (incidentd)) +(typeattributeset incident_data_file_28_0 (incident_data_file)) +(typeattributeset incident_helper_28_0 (incident_helper)) +(typeattributeset incident_service_28_0 (incident_service)) +(typeattributeset init_28_0 (init)) +(typeattributeset init_exec_28_0 (init_exec watchdogd_exec)) +(typeattributeset inotify_28_0 (inotify)) +(typeattributeset input_device_28_0 (input_device)) +(typeattributeset inputflinger_28_0 (inputflinger)) +(typeattributeset inputflinger_exec_28_0 (inputflinger_exec)) +(typeattributeset inputflinger_service_28_0 (inputflinger_service)) +(typeattributeset input_method_service_28_0 (input_method_service)) +(typeattributeset input_service_28_0 (input_service)) +(typeattributeset installd_28_0 (installd)) +(typeattributeset install_data_file_28_0 (install_data_file)) +(typeattributeset installd_exec_28_0 (installd_exec)) +(typeattributeset installd_service_28_0 (installd_service)) +(typeattributeset install_recovery_28_0 (install_recovery)) +(typeattributeset install_recovery_exec_28_0 (install_recovery_exec)) +(typeattributeset ion_device_28_0 (ion_device)) +(typeattributeset IProxyService_service_28_0 (IProxyService_service)) +(typeattributeset ipsec_service_28_0 (ipsec_service)) +(typeattributeset isolated_app_28_0 (isolated_app)) +(typeattributeset jobscheduler_service_28_0 (jobscheduler_service)) +(typeattributeset kernel_28_0 (kernel)) +(typeattributeset keychain_data_file_28_0 (keychain_data_file)) +(typeattributeset keychord_device_28_0 (keychord_device)) +(typeattributeset keystore_28_0 (keystore)) +(typeattributeset keystore_data_file_28_0 (keystore_data_file)) +(typeattributeset keystore_exec_28_0 (keystore_exec)) +(typeattributeset keystore_service_28_0 (keystore_service)) +(typeattributeset kmem_device_28_0 (kmem_device)) +(typeattributeset kmsg_debug_device_28_0 (kmsg_debug_device)) +(typeattributeset kmsg_device_28_0 (kmsg_device)) +(typeattributeset labeledfs_28_0 (labeledfs)) +(typeattributeset last_boot_reason_prop_28_0 (last_boot_reason_prop)) +(typeattributeset launcherapps_service_28_0 (launcherapps_service)) +(typeattributeset lmkd_28_0 (lmkd)) +(typeattributeset lmkd_exec_28_0 (lmkd_exec)) +(typeattributeset lmkd_socket_28_0 (lmkd_socket)) +(typeattributeset location_service_28_0 (location_service)) +(typeattributeset lock_settings_service_28_0 (lock_settings_service)) +(typeattributeset logcat_exec_28_0 (logcat_exec)) +(typeattributeset logd_28_0 (logd)) +(typeattributeset logd_exec_28_0 (logd_exec)) +(typeattributeset logd_prop_28_0 (logd_prop)) +(typeattributeset logdr_socket_28_0 (logdr_socket)) +(typeattributeset logd_socket_28_0 (logd_socket)) +(typeattributeset logdw_socket_28_0 (logdw_socket)) +(typeattributeset logpersist_28_0 (logpersist)) +(typeattributeset logpersistd_logging_prop_28_0 (logpersistd_logging_prop)) +(typeattributeset log_prop_28_0 (log_prop)) +(typeattributeset log_tag_prop_28_0 (log_tag_prop)) +(typeattributeset loop_control_device_28_0 (loop_control_device)) +(typeattributeset loop_device_28_0 (loop_device)) +(typeattributeset lowpan_device_28_0 (lowpan_device)) +(typeattributeset lowpan_prop_28_0 (lowpan_prop)) +(typeattributeset lowpan_service_28_0 (lowpan_service)) +(typeattributeset mac_perms_file_28_0 (mac_perms_file)) +(typeattributeset mdnsd_28_0 (mdnsd)) +(typeattributeset mdnsd_socket_28_0 (mdnsd_socket)) +(typeattributeset mdns_socket_28_0 (mdns_socket)) +(typeattributeset hal_omx_server (mediacodec_28_0)) +(typeattributeset mediacodec_28_0 (mediacodec)) +(typeattributeset mediacodec_exec_28_0 (mediacodec_exec)) +(typeattributeset mediacodec_service_28_0 (mediacodec_service)) +(typeattributeset media_data_file_28_0 (media_data_file)) +(typeattributeset mediadrmserver_28_0 (mediadrmserver)) +(typeattributeset mediadrmserver_exec_28_0 (mediadrmserver_exec)) +(typeattributeset mediadrmserver_service_28_0 (mediadrmserver_service)) +(typeattributeset mediaextractor_28_0 (mediaextractor)) +(typeattributeset mediaextractor_exec_28_0 (mediaextractor_exec)) +(typeattributeset mediaextractor_service_28_0 (mediaextractor_service)) +(typeattributeset mediaextractor_update_service_28_0 (mediaextractor_update_service)) +(typeattributeset mediametrics_28_0 (mediametrics)) +(typeattributeset mediametrics_exec_28_0 (mediametrics_exec)) +(typeattributeset mediametrics_service_28_0 (mediametrics_service)) +(typeattributeset media_projection_service_28_0 (media_projection_service)) +(typeattributeset mediaprovider_28_0 (mediaprovider)) +(typeattributeset media_router_service_28_0 (media_router_service)) +(typeattributeset media_rw_data_file_28_0 (media_rw_data_file)) +(typeattributeset mediaserver_28_0 (mediaserver)) +(typeattributeset mediaserver_exec_28_0 (mediaserver_exec)) +(typeattributeset mediaserver_service_28_0 (mediaserver_service)) +(typeattributeset media_session_service_28_0 (media_session_service)) +(typeattributeset meminfo_service_28_0 (meminfo_service)) +(typeattributeset metadata_block_device_28_0 (metadata_block_device)) +(typeattributeset metadata_file_28_0 (metadata_file)) +(typeattributeset method_trace_data_file_28_0 (method_trace_data_file)) +(typeattributeset midi_service_28_0 (midi_service)) +(typeattributeset misc_block_device_28_0 (misc_block_device)) +(typeattributeset misc_logd_file_28_0 (misc_logd_file)) +(typeattributeset misc_user_data_file_28_0 (misc_user_data_file)) +(typeattributeset mmc_prop_28_0 (mmc_prop)) +(typeattributeset mnt_expand_file_28_0 (mnt_expand_file)) +(typeattributeset mnt_media_rw_file_28_0 (mnt_media_rw_file)) +(typeattributeset mnt_media_rw_stub_file_28_0 (mnt_media_rw_stub_file)) +(typeattributeset mnt_user_file_28_0 (mnt_user_file)) +(typeattributeset mnt_vendor_file_28_0 (mnt_vendor_file)) +(typeattributeset modprobe_28_0 (modprobe)) +(typeattributeset mount_service_28_0 (mount_service)) +(typeattributeset mqueue_28_0 (mqueue)) +(typeattributeset mtd_device_28_0 (mtd_device)) +(typeattributeset mtp_28_0 (mtp)) +(typeattributeset mtp_device_28_0 (mtp_device)) +(typeattributeset mtpd_socket_28_0 (mtpd_socket)) +(typeattributeset mtp_exec_28_0 (mtp_exec)) +(typeattributeset nativetest_data_file_28_0 (nativetest_data_file)) +(typeattributeset netd_28_0 (netd)) +(typeattributeset net_data_file_28_0 (net_data_file)) +(typeattributeset netd_exec_28_0 (netd_exec)) +(typeattributeset netd_listener_service_28_0 (netd_listener_service)) +(typeattributeset net_dns_prop_28_0 (net_dns_prop)) +(typeattributeset netd_service_28_0 (netd_service)) +(typeattributeset netd_socket_28_0 (netd_socket)) +(typeattributeset netd_stable_secret_prop_28_0 (netd_stable_secret_prop)) +(typeattributeset netif_28_0 (netif)) +(typeattributeset netpolicy_service_28_0 (netpolicy_service)) +(typeattributeset net_radio_prop_28_0 (net_radio_prop)) +(typeattributeset netstats_service_28_0 (netstats_service)) +(typeattributeset netutils_wrapper_28_0 (netutils_wrapper)) +(typeattributeset netutils_wrapper_exec_28_0 (netutils_wrapper_exec)) +(typeattributeset network_management_service_28_0 (network_management_service)) +(typeattributeset network_score_service_28_0 (network_score_service)) +(typeattributeset network_time_update_service_28_0 (network_time_update_service)) +(typeattributeset network_watchlist_data_file_28_0 (network_watchlist_data_file)) +(typeattributeset network_watchlist_service_28_0 (network_watchlist_service)) +(typeattributeset nfc_28_0 (nfc)) +(typeattributeset nfc_data_file_28_0 (nfc_data_file)) +(typeattributeset nfc_device_28_0 (nfc_device)) +(typeattributeset nfc_prop_28_0 (nfc_prop)) +(typeattributeset nfc_service_28_0 (nfc_service)) +(typeattributeset node_28_0 (node)) +(typeattributeset nonplat_service_contexts_file_28_0 (nonplat_service_contexts_file)) +(typeattributeset notification_service_28_0 (notification_service)) +(typeattributeset null_device_28_0 (null_device)) +(typeattributeset oemfs_28_0 (oemfs)) +(typeattributeset oem_lock_service_28_0 (oem_lock_service)) +(typeattributeset ota_data_file_28_0 (ota_data_file)) +(typeattributeset otadexopt_service_28_0 (otadexopt_service)) +(typeattributeset ota_package_file_28_0 (ota_package_file)) +(typeattributeset otapreopt_chroot_28_0 (otapreopt_chroot)) +(typeattributeset otapreopt_chroot_exec_28_0 (otapreopt_chroot_exec)) +(typeattributeset otapreopt_slot_28_0 (otapreopt_slot)) +(typeattributeset otapreopt_slot_exec_28_0 (otapreopt_slot_exec)) +(typeattributeset overlay_prop_28_0 (overlay_prop)) +(typeattributeset overlay_service_28_0 (overlay_service)) +(typeattributeset owntty_device_28_0 (owntty_device)) +(typeattributeset package_native_service_28_0 (package_native_service)) +(typeattributeset package_service_28_0 (package_service)) +(typeattributeset pan_result_prop_28_0 (pan_result_prop)) +(typeattributeset pdx_bufferhub_client_channel_socket_28_0 (pdx_bufferhub_client_channel_socket)) +(typeattributeset pdx_bufferhub_client_endpoint_socket_28_0 (pdx_bufferhub_client_endpoint_socket)) +(typeattributeset pdx_bufferhub_dir_28_0 (pdx_bufferhub_dir)) +(typeattributeset pdx_display_client_channel_socket_28_0 (pdx_display_client_channel_socket)) +(typeattributeset pdx_display_client_endpoint_socket_28_0 (pdx_display_client_endpoint_socket)) +(typeattributeset pdx_display_dir_28_0 (pdx_display_dir)) +(typeattributeset pdx_display_manager_channel_socket_28_0 (pdx_display_manager_channel_socket)) +(typeattributeset pdx_display_manager_endpoint_socket_28_0 (pdx_display_manager_endpoint_socket)) +(typeattributeset pdx_display_screenshot_channel_socket_28_0 (pdx_display_screenshot_channel_socket)) +(typeattributeset pdx_display_screenshot_endpoint_socket_28_0 (pdx_display_screenshot_endpoint_socket)) +(typeattributeset pdx_display_vsync_channel_socket_28_0 (pdx_display_vsync_channel_socket)) +(typeattributeset pdx_display_vsync_endpoint_socket_28_0 (pdx_display_vsync_endpoint_socket)) +(typeattributeset pdx_performance_client_channel_socket_28_0 (pdx_performance_client_channel_socket)) +(typeattributeset pdx_performance_client_endpoint_socket_28_0 (pdx_performance_client_endpoint_socket)) +(typeattributeset pdx_performance_dir_28_0 (pdx_performance_dir)) +(typeattributeset performanced_28_0 (performanced)) +(typeattributeset performanced_exec_28_0 (performanced_exec)) +(typeattributeset permission_service_28_0 (permission_service)) +(typeattributeset persist_debug_prop_28_0 (persist_debug_prop)) +(typeattributeset persistent_data_block_service_28_0 (persistent_data_block_service)) +(typeattributeset persistent_properties_ready_prop_28_0 (persistent_properties_ready_prop)) +(typeattributeset pinner_service_28_0 (pinner_service)) +(typeattributeset pipefs_28_0 (pipefs)) +(typeattributeset platform_app_28_0 (platform_app)) +(typeattributeset pm_prop_28_0 (pm_prop)) +(typeattributeset pmsg_device_28_0 (pmsg_device)) +(typeattributeset port_28_0 (port)) +(typeattributeset port_device_28_0 (port_device)) +(typeattributeset postinstall_28_0 (postinstall)) +(typeattributeset postinstall_dexopt_28_0 (postinstall_dexopt)) +(typeattributeset postinstall_file_28_0 (postinstall_file)) +(typeattributeset postinstall_mnt_dir_28_0 (postinstall_mnt_dir)) +(typeattributeset powerctl_prop_28_0 (powerctl_prop)) +(typeattributeset power_service_28_0 (power_service)) +(typeattributeset ppp_28_0 (ppp)) +(typeattributeset ppp_device_28_0 (ppp_device)) +(typeattributeset ppp_exec_28_0 (ppp_exec)) +(typeattributeset preloads_data_file_28_0 (preloads_data_file)) +(typeattributeset preloads_media_file_28_0 (preloads_media_file)) +(typeattributeset preopt2cachename_28_0 (preopt2cachename)) +(typeattributeset preopt2cachename_exec_28_0 (preopt2cachename_exec)) +(typeattributeset print_service_28_0 (print_service)) +(typeattributeset priv_app_28_0 (priv_app)) +(typeattributeset proc_28_0 + ( proc + proc_fs_verity + proc_keys + proc_kpageflags + proc_lowmemorykiller + proc_pressure_cpu + proc_pressure_io + proc_pressure_mem + proc_slabinfo)) +(typeattributeset proc_abi_28_0 (proc_abi)) +(typeattributeset proc_asound_28_0 (proc_asound)) +(typeattributeset proc_bluetooth_writable_28_0 (proc_bluetooth_writable)) +(typeattributeset proc_buddyinfo_28_0 (proc_buddyinfo)) +(typeattributeset proc_cmdline_28_0 (proc_cmdline)) +(typeattributeset proc_cpuinfo_28_0 (proc_cpuinfo)) +(typeattributeset proc_dirty_28_0 (proc_dirty)) +(typeattributeset proc_diskstats_28_0 (proc_diskstats)) +(typeattributeset proc_drop_caches_28_0 (proc_drop_caches)) +(typeattributeset processinfo_service_28_0 (processinfo_service)) +(typeattributeset proc_extra_free_kbytes_28_0 (proc_extra_free_kbytes)) +(typeattributeset proc_filesystems_28_0 (proc_filesystems)) +(typeattributeset proc_hostname_28_0 (proc_hostname)) +(typeattributeset proc_hung_task_28_0 (proc_hung_task)) +(typeattributeset proc_interrupts_28_0 (proc_interrupts)) +(typeattributeset proc_iomem_28_0 (proc_iomem)) +(typeattributeset proc_kmsg_28_0 (proc_kmsg)) +(typeattributeset proc_loadavg_28_0 (proc_loadavg)) +(typeattributeset proc_max_map_count_28_0 (proc_max_map_count)) +(typeattributeset proc_meminfo_28_0 (proc_meminfo)) +(typeattributeset proc_min_free_order_shift_28_0 (proc_min_free_order_shift)) +(typeattributeset proc_misc_28_0 (proc_misc)) +(typeattributeset proc_modules_28_0 (proc_modules)) +(typeattributeset proc_mounts_28_0 (proc_mounts)) +(typeattributeset proc_net_28_0 + ( proc_net + proc_net_tcp_udp)) +(typeattributeset proc_overcommit_memory_28_0 (proc_overcommit_memory)) +(typeattributeset proc_page_cluster_28_0 (proc_page_cluster)) +(typeattributeset proc_pagetypeinfo_28_0 (proc_pagetypeinfo)) +(typeattributeset proc_panic_28_0 (proc_panic)) +(typeattributeset proc_perf_28_0 (proc_perf)) +(typeattributeset proc_pid_max_28_0 (proc_pid_max)) +(typeattributeset proc_pipe_conf_28_0 (proc_pipe_conf)) +(typeattributeset proc_qtaguid_stat_28_0 (proc_qtaguid_stat)) +(typeattributeset proc_random_28_0 (proc_random)) +(typeattributeset proc_sched_28_0 (proc_sched)) +(typeattributeset proc_security_28_0 (proc_security)) +(typeattributeset proc_stat_28_0 (proc_stat)) +(typeattributeset procstats_service_28_0 (procstats_service)) +(typeattributeset proc_swaps_28_0 (proc_swaps)) +(typeattributeset proc_sysrq_28_0 (proc_sysrq)) +(typeattributeset proc_timer_28_0 (proc_timer)) +(typeattributeset proc_tty_drivers_28_0 (proc_tty_drivers)) +(typeattributeset proc_uid_concurrent_active_time_28_0 (proc_uid_concurrent_active_time)) +(typeattributeset proc_uid_concurrent_policy_time_28_0 (proc_uid_concurrent_policy_time)) +(typeattributeset proc_uid_cpupower_28_0 (proc_uid_cpupower)) +(typeattributeset proc_uid_cputime_removeuid_28_0 (proc_uid_cputime_removeuid)) +(typeattributeset proc_uid_cputime_showstat_28_0 (proc_uid_cputime_showstat)) +(typeattributeset proc_uid_io_stats_28_0 (proc_uid_io_stats)) +(typeattributeset proc_uid_procstat_set_28_0 (proc_uid_procstat_set)) +(typeattributeset proc_uid_time_in_state_28_0 (proc_uid_time_in_state)) +(typeattributeset proc_uptime_28_0 (proc_uptime)) +(typeattributeset proc_version_28_0 (proc_version)) +(typeattributeset proc_vmallocinfo_28_0 (proc_vmallocinfo)) +(typeattributeset proc_vmstat_28_0 (proc_vmstat)) +(typeattributeset proc_zoneinfo_28_0 (proc_zoneinfo)) +(typeattributeset profman_28_0 (profman)) +(typeattributeset profman_dump_data_file_28_0 (profman_dump_data_file)) +(typeattributeset profman_exec_28_0 (profman_exec)) +(typeattributeset properties_device_28_0 (properties_device)) +(typeattributeset properties_serial_28_0 (properties_serial)) +(typeattributeset property_contexts_file_28_0 (property_contexts_file)) +(typeattributeset property_data_file_28_0 (property_data_file)) +(typeattributeset property_info_28_0 (property_info)) +(typeattributeset property_socket_28_0 (property_socket)) +(typeattributeset pstorefs_28_0 (pstorefs)) +(typeattributeset ptmx_device_28_0 (ptmx_device)) +(typeattributeset qtaguid_device_28_0 (qtaguid_device)) +(typeattributeset qtaguid_proc_28_0 + ( proc_qtaguid_ctrl + qtaguid_proc)) +(typeattributeset racoon_28_0 (racoon)) +(typeattributeset racoon_exec_28_0 (racoon_exec)) +(typeattributeset racoon_socket_28_0 (racoon_socket)) +(typeattributeset radio_28_0 (radio)) +(typeattributeset radio_data_file_28_0 (radio_data_file)) +(typeattributeset radio_device_28_0 (radio_device)) +(typeattributeset radio_prop_28_0 (radio_prop)) +(typeattributeset radio_service_28_0 (radio_service)) +(typeattributeset ram_device_28_0 (ram_device)) +(typeattributeset random_device_28_0 (random_device)) +(typeattributeset recovery_28_0 (recovery)) +(typeattributeset recovery_block_device_28_0 (recovery_block_device)) +(typeattributeset recovery_data_file_28_0 (recovery_data_file)) +(typeattributeset recovery_persist_28_0 (recovery_persist)) +(typeattributeset recovery_persist_exec_28_0 (recovery_persist_exec)) +(typeattributeset recovery_refresh_28_0 (recovery_refresh)) +(typeattributeset recovery_refresh_exec_28_0 (recovery_refresh_exec)) +(typeattributeset recovery_service_28_0 (recovery_service)) +(typeattributeset registry_service_28_0 (registry_service)) +(typeattributeset resourcecache_data_file_28_0 (resourcecache_data_file)) +(typeattributeset restorecon_prop_28_0 (restorecon_prop)) +(typeattributeset restrictions_service_28_0 (restrictions_service)) +(typeattributeset rild_debug_socket_28_0 (rild_debug_socket)) +(typeattributeset rild_socket_28_0 (rild_socket)) +(typeattributeset ringtone_file_28_0 (ringtone_file)) +(typeattributeset root_block_device_28_0 (root_block_device)) +(typeattributeset rootfs_28_0 (rootfs)) +(typeattributeset rpmsg_device_28_0 (rpmsg_device)) +(typeattributeset rtc_device_28_0 (rtc_device)) +(typeattributeset rttmanager_service_28_0 (rttmanager_service)) +(typeattributeset runas_28_0 (runas)) +(typeattributeset runas_exec_28_0 (runas_exec)) +(typeattributeset runtime_event_log_tags_file_28_0 (runtime_event_log_tags_file)) +(typeattributeset safemode_prop_28_0 (safemode_prop)) +(typeattributeset same_process_hal_file_28_0 + ( same_process_hal_file + vendor_public_lib_file)) +(typeattributeset samplingprofiler_service_28_0 (samplingprofiler_service)) +(typeattributeset scheduling_policy_service_28_0 (scheduling_policy_service)) +(typeattributeset sdcardd_28_0 (sdcardd)) +(typeattributeset sdcardd_exec_28_0 (sdcardd_exec)) +(typeattributeset sdcardfs_28_0 (sdcardfs)) +(typeattributeset seapp_contexts_file_28_0 (seapp_contexts_file)) +(typeattributeset search_service_28_0 (search_service)) +(typeattributeset sec_key_att_app_id_provider_service_28_0 (sec_key_att_app_id_provider_service)) +(typeattributeset secure_element_28_0 (secure_element)) +(typeattributeset secure_element_device_28_0 (secure_element_device)) +(typeattributeset secure_element_service_28_0 (secure_element_service)) +(typeattributeset selinuxfs_28_0 (selinuxfs)) +(typeattributeset sensors_device_28_0 (sensors_device)) +(typeattributeset sensorservice_service_28_0 (sensorservice_service)) +(typeattributeset sepolicy_file_28_0 (sepolicy_file)) +(typeattributeset serial_device_28_0 (serial_device)) +(typeattributeset serialno_prop_28_0 (serialno_prop)) +(typeattributeset serial_service_28_0 (serial_service)) +(typeattributeset service_contexts_file_28_0 (service_contexts_file)) +(typeattributeset servicediscovery_service_28_0 (servicediscovery_service)) +(typeattributeset servicemanager_28_0 (servicemanager)) +(typeattributeset servicemanager_exec_28_0 (servicemanager_exec)) +(typeattributeset settings_service_28_0 (settings_service)) +(typeattributeset sgdisk_28_0 (sgdisk)) +(typeattributeset sgdisk_exec_28_0 (sgdisk_exec)) +(typeattributeset shared_relro_28_0 (shared_relro)) +(typeattributeset shared_relro_file_28_0 (shared_relro_file)) +(typeattributeset shell_28_0 (shell)) +(typeattributeset shell_data_file_28_0 (shell_data_file)) +(typeattributeset shell_exec_28_0 (shell_exec)) +(typeattributeset shell_prop_28_0 (shell_prop)) +(typeattributeset shm_28_0 (shm)) +(typeattributeset shortcut_manager_icons_28_0 (shortcut_manager_icons)) +(typeattributeset shortcut_service_28_0 (shortcut_service)) +(typeattributeset slice_service_28_0 (slice_service)) +(typeattributeset slideshow_28_0 (slideshow)) +(typeattributeset socket_device_28_0 (socket_device)) +(typeattributeset sockfs_28_0 (sockfs)) +(typeattributeset statusbar_service_28_0 (statusbar_service)) +(typeattributeset storaged_service_28_0 (storaged_service)) +(typeattributeset storage_file_28_0 (storage_file)) +(typeattributeset storagestats_service_28_0 (storagestats_service)) +(typeattributeset storage_stub_file_28_0 (storage_stub_file)) +(typeattributeset su_28_0 (su)) +(typeattributeset su_exec_28_0 (su_exec)) +(typeattributeset surfaceflinger_28_0 (surfaceflinger)) +(typeattributeset surfaceflinger_service_28_0 (surfaceflinger_service)) +(typeattributeset swap_block_device_28_0 (swap_block_device)) +(typeattributeset sysfs_28_0 + ( sysfs + sysfs_devices_block + sysfs_extcon + sysfs_loop + sysfs_transparent_hugepage)) +(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb)) +(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo)) +(typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable)) +(typeattributeset sysfs_devices_system_cpu_28_0 (sysfs_devices_system_cpu)) +(typeattributeset sysfs_dm_28_0 (sysfs_dm)) +(typeattributeset sysfs_dt_firmware_android_28_0 (sysfs_dt_firmware_android)) +(typeattributeset sysfs_fs_ext4_features_28_0 (sysfs_fs_ext4_features)) +(typeattributeset sysfs_hwrandom_28_0 (sysfs_hwrandom)) +(typeattributeset sysfs_ipv4_28_0 (sysfs_ipv4)) +(typeattributeset sysfs_kernel_notes_28_0 (sysfs_kernel_notes)) +(typeattributeset sysfs_leds_28_0 (sysfs_leds)) +(typeattributeset sysfs_lowmemorykiller_28_0 (sysfs_lowmemorykiller)) +(typeattributeset sysfs_mac_address_28_0 (sysfs_mac_address)) +(typeattributeset sysfs_net_28_0 (sysfs_net)) +(typeattributeset sysfs_nfc_power_writable_28_0 (sysfs_nfc_power_writable)) +(typeattributeset sysfs_power_28_0 (sysfs_power)) +(typeattributeset sysfs_rtc_28_0 (sysfs_rtc)) +(typeattributeset sysfs_switch_28_0 (sysfs_switch)) +(typeattributeset sysfs_thermal_28_0 (sysfs_thermal)) +(typeattributeset sysfs_uio_28_0 (sysfs_uio)) +(typeattributeset sysfs_usb_28_0 (sysfs_usb)) +(typeattributeset sysfs_usermodehelper_28_0 (sysfs_usermodehelper)) +(typeattributeset sysfs_vibrator_28_0 (sysfs_vibrator)) +(typeattributeset sysfs_wake_lock_28_0 (sysfs_wake_lock)) +(typeattributeset sysfs_wakeup_reasons_28_0 (sysfs_wakeup_reasons)) +(typeattributeset sysfs_wlan_fwpath_28_0 (sysfs_wlan_fwpath)) +(typeattributeset sysfs_zram_28_0 (sysfs_zram)) +(typeattributeset sysfs_zram_uevent_28_0 (sysfs_zram_uevent)) +(typeattributeset system_app_28_0 (system_app)) +(typeattributeset system_app_data_file_28_0 (system_app_data_file)) +(typeattributeset system_app_service_28_0 (system_app_service)) +(typeattributeset system_block_device_28_0 (system_block_device)) +(typeattributeset system_boot_reason_prop_28_0 (system_boot_reason_prop)) +(typeattributeset system_data_file_28_0 + ( dropbox_data_file + system_data_file + packages_list_file)) +(typeattributeset system_file_28_0 + ( system_file + system_asan_options_file + system_lib_file + system_linker_config_file + system_linker_exec + system_seccomp_policy_file + system_security_cacerts_file + tcpdump_exec + system_zoneinfo_file +)) +(typeattributeset systemkeys_data_file_28_0 (systemkeys_data_file)) +(typeattributeset system_ndebug_socket_28_0 (system_ndebug_socket)) +(typeattributeset system_net_netd_hwservice_28_0 (system_net_netd_hwservice)) +(typeattributeset system_prop_28_0 (system_prop)) +(typeattributeset system_radio_prop_28_0 (system_radio_prop)) +(typeattributeset system_server_28_0 (system_server)) +(typeattributeset system_update_service_28_0 (system_update_service)) +(typeattributeset system_wifi_keystore_hwservice_28_0 (system_wifi_keystore_hwservice)) +(typeattributeset system_wpa_socket_28_0 (system_wpa_socket)) +(typeattributeset task_service_28_0 (task_service)) +(typeattributeset tee_28_0 (tee)) +(typeattributeset tee_data_file_28_0 (tee_data_file)) +(typeattributeset tee_device_28_0 (tee_device)) +(typeattributeset telecom_service_28_0 (telecom_service)) +(typeattributeset test_boot_reason_prop_28_0 (test_boot_reason_prop)) +(typeattributeset textclassification_service_28_0 (textclassification_service)) +(typeattributeset textclassifier_data_file_28_0 (textclassifier_data_file)) +(typeattributeset textservices_service_28_0 (textservices_service)) +(typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice)) +(typeattributeset thermal_service_28_0 (thermal_service)) +(typeattributeset timezone_service_28_0 (timezone_service)) +(typeattributeset tmpfs_28_0 + ( mnt_sdcard_file + tmpfs)) +(typeattributeset tombstoned_28_0 (tombstoned)) +(typeattributeset tombstone_data_file_28_0 (tombstone_data_file)) +(typeattributeset tombstoned_crash_socket_28_0 (tombstoned_crash_socket)) +(typeattributeset tombstoned_exec_28_0 (tombstoned_exec)) +(typeattributeset tombstoned_intercept_socket_28_0 (tombstoned_intercept_socket)) +(typeattributeset tombstoned_java_trace_socket_28_0 (tombstoned_java_trace_socket)) +(typeattributeset tombstone_wifi_data_file_28_0 (tombstone_wifi_data_file)) +(typeattributeset toolbox_28_0 (toolbox)) +(typeattributeset toolbox_exec_28_0 (toolbox_exec)) +(typeattributeset trace_data_file_28_0 (trace_data_file)) +(typeattributeset traced_consumer_socket_28_0 (traced_consumer_socket)) +(typeattributeset traced_enabled_prop_28_0 (traced_enabled_prop)) +(typeattributeset traced_probes_28_0 (traced_probes)) +(typeattributeset traced_producer_socket_28_0 (traced_producer_socket)) +(typeattributeset traceur_app_28_0 (traceur_app)) +(typeattributeset trust_service_28_0 (trust_service)) +(typeattributeset tty_device_28_0 (tty_device)) +(typeattributeset tun_device_28_0 (tun_device)) +(typeattributeset tv_input_service_28_0 (tv_input_service)) +(typeattributeset tzdatacheck_28_0 (tzdatacheck)) +(typeattributeset tzdatacheck_exec_28_0 (tzdatacheck_exec)) +(typeattributeset ueventd_28_0 (ueventd)) +(typeattributeset uhid_device_28_0 (uhid_device)) +(typeattributeset uimode_service_28_0 (uimode_service)) +(typeattributeset uio_device_28_0 (uio_device)) +(typeattributeset uncrypt_28_0 (uncrypt)) +(typeattributeset uncrypt_exec_28_0 (uncrypt_exec)) +(typeattributeset uncrypt_socket_28_0 (uncrypt_socket)) +(typeattributeset unencrypted_data_file_28_0 (unencrypted_data_file)) +(typeattributeset unlabeled_28_0 (unlabeled)) +(typeattributeset untrusted_app_25_28_0 (untrusted_app_25)) +(typeattributeset untrusted_app_27_28_0 (untrusted_app_27)) +(typeattributeset untrusted_app_28_0 (untrusted_app)) +(typeattributeset untrusted_v2_app_28_0 (untrusted_v2_app)) +(typeattributeset update_engine_28_0 (update_engine)) +(typeattributeset update_engine_data_file_28_0 (update_engine_data_file)) +(typeattributeset update_engine_exec_28_0 (update_engine_exec)) +(typeattributeset update_engine_log_data_file_28_0 (update_engine_log_data_file)) +(typeattributeset update_engine_service_28_0 (update_engine_service)) +(typeattributeset updatelock_service_28_0 (updatelock_service)) +(typeattributeset update_verifier_28_0 (update_verifier)) +(typeattributeset update_verifier_exec_28_0 (update_verifier_exec)) +(typeattributeset usagestats_service_28_0 (usagestats_service)) +(typeattributeset usbaccessory_device_28_0 (usbaccessory_device)) +(typeattributeset usbd_28_0 (usbd)) +(typeattributeset usb_device_28_0 (usb_device)) +(typeattributeset usbd_exec_28_0 (usbd_exec)) +(typeattributeset usbfs_28_0 (usbfs)) +(typeattributeset usb_service_28_0 (usb_service)) +(typeattributeset userdata_block_device_28_0 (userdata_block_device)) +(typeattributeset usermodehelper_28_0 (usermodehelper)) +(typeattributeset user_profile_data_file_28_0 (user_profile_data_file)) +(typeattributeset user_service_28_0 (user_service)) +(typeattributeset vcs_device_28_0 (vcs_device)) +(typeattributeset vdc_28_0 (vdc)) +(typeattributeset vdc_exec_28_0 (vdc_exec)) +(typeattributeset vendor_app_file_28_0 (vendor_app_file)) +(typeattributeset vendor_configs_file_28_0 (vendor_configs_file)) +(typeattributeset vendor_data_file_28_0 (vendor_data_file)) +(typeattributeset vendor_default_prop_28_0 (vendor_default_prop)) +(typeattributeset vendor_file_28_0 (vendor_file)) +(typeattributeset vendor_framework_file_28_0 (vendor_framework_file)) +(typeattributeset vendor_hal_file_28_0 (vendor_hal_file)) +(typeattributeset vendor_init_28_0 (vendor_init)) +(typeattributeset vendor_overlay_file_28_0 (vendor_overlay_file)) +(typeattributeset vendor_security_patch_level_prop_28_0 (vendor_security_patch_level_prop)) +(typeattributeset vendor_shell_28_0 (vendor_shell)) +(typeattributeset vendor_shell_exec_28_0 (vendor_shell_exec)) +(typeattributeset vendor_toolbox_exec_28_0 (vendor_toolbox_exec)) +(typeattributeset vfat_28_0 (vfat)) +(typeattributeset vibrator_service_28_0 (vibrator_service)) +(typeattributeset video_device_28_0 (video_device)) +(typeattributeset virtual_touchpad_28_0 (virtual_touchpad)) +(typeattributeset virtual_touchpad_exec_28_0 (virtual_touchpad_exec)) +(typeattributeset virtual_touchpad_service_28_0 (virtual_touchpad_service)) +(typeattributeset vndbinder_device_28_0 (vndbinder_device)) +(typeattributeset vndk_sp_file_28_0 (vndk_sp_file)) +(typeattributeset vndservice_contexts_file_28_0 (vndservice_contexts_file)) +(typeattributeset vndservicemanager_28_0 (vndservicemanager)) +(typeattributeset voiceinteraction_service_28_0 (voiceinteraction_service)) +(typeattributeset vold_28_0 (vold)) +(typeattributeset vold_data_file_28_0 (vold_data_file)) +(typeattributeset vold_device_28_0 (vold_device)) +(typeattributeset vold_exec_28_0 (vold_exec)) +(typeattributeset vold_metadata_file_28_0 (vold_metadata_file)) +(typeattributeset vold_prepare_subdirs_28_0 (vold_prepare_subdirs)) +(typeattributeset vold_prepare_subdirs_exec_28_0 (vold_prepare_subdirs_exec)) +(typeattributeset vold_prop_28_0 (vold_prop)) +(typeattributeset vold_service_28_0 (vold_service)) +(typeattributeset vpn_data_file_28_0 (vpn_data_file)) +(typeattributeset vr_hwc_28_0 (vr_hwc)) +(typeattributeset vr_hwc_exec_28_0 (vr_hwc_exec)) +(typeattributeset vr_hwc_service_28_0 (vr_hwc_service)) +(typeattributeset vr_manager_service_28_0 (vr_manager_service)) +(typeattributeset wallpaper_file_28_0 (wallpaper_file)) +(typeattributeset wallpaper_service_28_0 (wallpaper_service)) +(typeattributeset watchdogd_28_0 (watchdogd)) +(typeattributeset watchdog_device_28_0 (watchdog_device)) +(typeattributeset webviewupdate_service_28_0 (webviewupdate_service)) +(typeattributeset webview_zygote_28_0 (webview_zygote)) +(typeattributeset webview_zygote_exec_28_0 (webview_zygote_exec)) +(typeattributeset wifiaware_service_28_0 (wifiaware_service)) +(typeattributeset wificond_28_0 (wificond)) +(typeattributeset wificond_exec_28_0 (wificond_exec)) +(typeattributeset wificond_service_28_0 (wificond_service)) +(typeattributeset wifi_data_file_28_0 (wifi_data_file)) +(typeattributeset wifi_log_prop_28_0 (wifi_log_prop)) +(typeattributeset wifip2p_service_28_0 (wifip2p_service)) +(typeattributeset wifi_prop_28_0 (wifi_prop)) +(typeattributeset wifiscanner_service_28_0 (wifiscanner_service)) +(typeattributeset wifi_service_28_0 (wifi_service)) +(typeattributeset window_service_28_0 (window_service)) +(typeattributeset wpantund_28_0 (wpantund)) +(typeattributeset wpantund_exec_28_0 (wpantund_exec)) +(typeattributeset wpantund_service_28_0 (wpantund_service)) +(typeattributeset wpa_socket_28_0 (wpa_socket)) +(typeattributeset zero_device_28_0 (zero_device)) +(typeattributeset zoneinfo_data_file_28_0 (zoneinfo_data_file)) +(typeattributeset zygote_28_0 (zygote)) +(typeattributeset zygote_exec_28_0 (zygote_exec)) +(typeattributeset zygote_socket_28_0 (zygote_socket)) diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil new file mode 100644 index 000000000..30af58c42 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil @@ -0,0 +1,5 @@ +(typeattribute vendordomain) +(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) +(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff)))) +(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff)))) +(allow vendordomain self (netlink_route_socket (nlmsg_readpriv))) diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil new file mode 100644 index 000000000..d24d12d25 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil @@ -0,0 +1,159 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + activity_task_service + adb_service + apex_data_file + apex_metadata_file + apex_mnt_dir + apex_service + apexd + apexd_exec + apexd_prop + apexd_tmpfs + appdomain_tmpfs + app_binding_service + app_prediction_service + app_zygote + app_zygote_tmpfs + ashmemd + ashmem_device_service + attention_service + biometric_service + bluetooth_audio_hal_prop + bpf_progs_loaded_prop + bugreport_service + cgroup_desc_file + cgroup_rc_file + charger_exec + content_capture_service + content_suggestions_service + cpu_variant_prop + ctl_apexd_prop + ctl_gsid_prop + dev_cpu_variant + device_config_activity_manager_native_boot_prop + device_config_boot_count_prop + device_config_input_native_boot_prop + device_config_netd_native_prop + device_config_reset_performed_prop + device_config_runtime_native_boot_prop + device_config_runtime_native_prop + device_config_media_native_prop + device_config_service + device_config_sys_traced_prop + dnsresolver_service + dynamic_system_service + dynamic_system_prop + face_service + face_vendor_data_file + sota_prop + fastbootd + flags_health_check + flags_health_check_exec + fwk_bufferhub_hwservice + fwk_camera_hwservice + fwk_stats_hwservice + gpuservice + gsi_data_file + gsi_metadata_file + gsi_service + gsid + gsid_exec + gsid_prop + color_display_service + external_vibrator_service + hal_atrace_hwservice + hal_face_hwservice + hal_graphics_composer_server_tmpfs + hal_health_storage_hwservice + hal_input_classifier_hwservice + hal_power_stats_hwservice + heapprofd + heapprofd_enabled_prop + heapprofd_exec + heapprofd_prop + heapprofd_socket + idmap_service + iris_service + iris_vendor_data_file + llkd + llkd_exec + llkd_prop + llkd_tmpfs + looper_stats_service + lpdumpd + lpdumpd_exec + lpdumpd_prop + lpdump_service + iorapd + iorapd_exec + iorapd_data_file + iorapd_service + iorapd_tmpfs + mediaswcodec + mediaswcodec_exec + mediaswcodec_tmpfs + metadata_bootstat_file + mnt_product_file + network_stack + network_stack_service + network_stack_tmpfs + nnapi_ext_deny_product_prop + overlayfs_file + password_slot_metadata_file + permissionmgr_service + postinstall_apex_mnt_dir + recovery_socket + role_service + rollback_service + rs + rs_exec + rss_hwm_reset + rss_hwm_reset_exec + runas_app + runas_app_tmpfs + art_apex_dir + runtime_service + sdcard_block_device + sensor_privacy_service + server_configurable_flags_data_file + simpleperf_app_runner + simpleperf_app_runner_exec + socket_hook_prop + su_tmpfs + super_block_device + sysfs_fs_f2fs + system_bootstrap_lib_file + system_event_log_tags_file + system_lmk_prop + system_suspend_hwservice + system_suspend_control_service + system_trace_prop + staging_data_file + task_profiles_file + testharness_service + test_harness_prop + theme_prop + time_prop + timedetector_service + timezonedetector_service + traced_lazy_prop + uri_grants_service + use_memfd_prop + vendor_apex_file + vendor_cgroup_desc_file + vendor_idc_file + vendor_keychars_file + vendor_keylayout_file + vendor_misc_writer + vendor_misc_writer_exec + vendor_socket_hook_prop + vendor_task_profiles_file + vndk_prop + vrflinger_vsync_service + watchdogd_tmpfs)) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.cil new file mode 100644 index 000000000..5231498e1 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.cil @@ -0,0 +1,1970 @@ +;; types removed from current policy +(type ashmemd) +(type hal_wifi_offload_hwservice) +(type install_recovery) +(type install_recovery_exec) +(type mediacodec_service) +(type perfprofd_data_file) +(type perfprofd_service) +(type sysfs_mac_address) +(type wificond_service) + +(expandtypeattribute (accessibility_service_29_0) true) +(expandtypeattribute (account_service_29_0) true) +(expandtypeattribute (activity_service_29_0) true) +(expandtypeattribute (activity_task_service_29_0) true) +(expandtypeattribute (adbd_29_0) true) +(expandtypeattribute (adb_data_file_29_0) true) +(expandtypeattribute (adbd_exec_29_0) true) +(expandtypeattribute (adbd_socket_29_0) true) +(expandtypeattribute (adb_keys_file_29_0) true) +(expandtypeattribute (adb_service_29_0) true) +(expandtypeattribute (alarm_service_29_0) true) +(expandtypeattribute (anr_data_file_29_0) true) +(expandtypeattribute (apexd_29_0) true) +(expandtypeattribute (apex_data_file_29_0) true) +(expandtypeattribute (apexd_exec_29_0) true) +(expandtypeattribute (apexd_prop_29_0) true) +(expandtypeattribute (apex_metadata_file_29_0) true) +(expandtypeattribute (apex_mnt_dir_29_0) true) +(expandtypeattribute (apex_service_29_0) true) +(expandtypeattribute (apk_data_file_29_0) true) +(expandtypeattribute (apk_private_data_file_29_0) true) +(expandtypeattribute (apk_private_tmp_file_29_0) true) +(expandtypeattribute (apk_tmp_file_29_0) true) +(expandtypeattribute (app_binding_service_29_0) true) +(expandtypeattribute (app_data_file_29_0) true) +(expandtypeattribute (appdomain_tmpfs_29_0) true) +(expandtypeattribute (app_fuse_file_29_0) true) +(expandtypeattribute (app_fusefs_29_0) true) +(expandtypeattribute (appops_service_29_0) true) +(expandtypeattribute (app_prediction_service_29_0) true) +(expandtypeattribute (appwidget_service_29_0) true) +(expandtypeattribute (app_zygote_29_0) true) +(expandtypeattribute (app_zygote_tmpfs_29_0) true) +(expandtypeattribute (asec_apk_file_29_0) true) +(expandtypeattribute (asec_image_file_29_0) true) +(expandtypeattribute (asec_public_file_29_0) true) +(expandtypeattribute (ashmemd_29_0) true) +(expandtypeattribute (ashmem_device_29_0) true) +(expandtypeattribute (assetatlas_service_29_0) true) +(expandtypeattribute (audio_data_file_29_0) true) +(expandtypeattribute (audio_device_29_0) true) +(expandtypeattribute (audiohal_data_file_29_0) true) +(expandtypeattribute (audio_prop_29_0) true) +(expandtypeattribute (audioserver_29_0) true) +(expandtypeattribute (audioserver_data_file_29_0) true) +(expandtypeattribute (audioserver_service_29_0) true) +(expandtypeattribute (audioserver_tmpfs_29_0) true) +(expandtypeattribute (audio_service_29_0) true) +(expandtypeattribute (autofill_service_29_0) true) +(expandtypeattribute (backup_data_file_29_0) true) +(expandtypeattribute (backup_service_29_0) true) +(expandtypeattribute (batteryproperties_service_29_0) true) +(expandtypeattribute (battery_service_29_0) true) +(expandtypeattribute (batterystats_service_29_0) true) +(expandtypeattribute (binder_calls_stats_service_29_0) true) +(expandtypeattribute (binder_device_29_0) true) +(expandtypeattribute (binfmt_miscfs_29_0) true) +(expandtypeattribute (biometric_service_29_0) true) +(expandtypeattribute (blkid_29_0) true) +(expandtypeattribute (blkid_untrusted_29_0) true) +(expandtypeattribute (block_device_29_0) true) +(expandtypeattribute (bluetooth_29_0) true) +(expandtypeattribute (bluetooth_a2dp_offload_prop_29_0) true) +(expandtypeattribute (bluetooth_audio_hal_prop_29_0) true) +(expandtypeattribute (bluetooth_data_file_29_0) true) +(expandtypeattribute (bluetooth_efs_file_29_0) true) +(expandtypeattribute (bluetooth_logs_data_file_29_0) true) +(expandtypeattribute (bluetooth_manager_service_29_0) true) +(expandtypeattribute (bluetooth_prop_29_0) true) +(expandtypeattribute (bluetooth_service_29_0) true) +(expandtypeattribute (bluetooth_socket_29_0) true) +(expandtypeattribute (bootanim_29_0) true) +(expandtypeattribute (bootanim_exec_29_0) true) +(expandtypeattribute (boot_block_device_29_0) true) +(expandtypeattribute (bootchart_data_file_29_0) true) +(expandtypeattribute (bootloader_boot_reason_prop_29_0) true) +(expandtypeattribute (bootstat_29_0) true) +(expandtypeattribute (bootstat_data_file_29_0) true) +(expandtypeattribute (bootstat_exec_29_0) true) +(expandtypeattribute (boottime_prop_29_0) true) +(expandtypeattribute (boottrace_data_file_29_0) true) +(expandtypeattribute (bpf_progs_loaded_prop_29_0) true) +(expandtypeattribute (broadcastradio_service_29_0) true) +(expandtypeattribute (bufferhubd_29_0) true) +(expandtypeattribute (bufferhubd_exec_29_0) true) +(expandtypeattribute (bugreport_service_29_0) true) +(expandtypeattribute (cache_backup_file_29_0) true) +(expandtypeattribute (cache_block_device_29_0) true) +(expandtypeattribute (cache_file_29_0) true) +(expandtypeattribute (cache_private_backup_file_29_0) true) +(expandtypeattribute (cache_recovery_file_29_0) true) +(expandtypeattribute (camera_data_file_29_0) true) +(expandtypeattribute (camera_device_29_0) true) +(expandtypeattribute (cameraproxy_service_29_0) true) +(expandtypeattribute (cameraserver_29_0) true) +(expandtypeattribute (cameraserver_exec_29_0) true) +(expandtypeattribute (cameraserver_service_29_0) true) +(expandtypeattribute (cameraserver_tmpfs_29_0) true) +(expandtypeattribute (cgroup_29_0) true) +(expandtypeattribute (cgroup_bpf_29_0) true) +(expandtypeattribute (cgroup_desc_file_29_0) true) +(expandtypeattribute (cgroup_rc_file_29_0) true) +(expandtypeattribute (charger_29_0) true) +(expandtypeattribute (charger_exec_29_0) true) +(expandtypeattribute (clatd_29_0) true) +(expandtypeattribute (clatd_exec_29_0) true) +(expandtypeattribute (clipboard_service_29_0) true) +(expandtypeattribute (color_display_service_29_0) true) +(expandtypeattribute (companion_device_service_29_0) true) +(expandtypeattribute (configfs_29_0) true) +(expandtypeattribute (config_prop_29_0) true) +(expandtypeattribute (connectivity_service_29_0) true) +(expandtypeattribute (connmetrics_service_29_0) true) +(expandtypeattribute (console_device_29_0) true) +(expandtypeattribute (consumer_ir_service_29_0) true) +(expandtypeattribute (content_capture_service_29_0) true) +(expandtypeattribute (content_service_29_0) true) +(expandtypeattribute (content_suggestions_service_29_0) true) +(expandtypeattribute (contexthub_service_29_0) true) +(expandtypeattribute (coredump_file_29_0) true) +(expandtypeattribute (country_detector_service_29_0) true) +(expandtypeattribute (coverage_service_29_0) true) +(expandtypeattribute (cppreopt_prop_29_0) true) +(expandtypeattribute (cpuinfo_service_29_0) true) +(expandtypeattribute (cpu_variant_prop_29_0) true) +(expandtypeattribute (crash_dump_29_0) true) +(expandtypeattribute (crash_dump_exec_29_0) true) +(expandtypeattribute (crossprofileapps_service_29_0) true) +(expandtypeattribute (ctl_adbd_prop_29_0) true) +(expandtypeattribute (ctl_bootanim_prop_29_0) true) +(expandtypeattribute (ctl_bugreport_prop_29_0) true) +(expandtypeattribute (ctl_console_prop_29_0) true) +(expandtypeattribute (ctl_default_prop_29_0) true) +(expandtypeattribute (ctl_dumpstate_prop_29_0) true) +(expandtypeattribute (ctl_fuse_prop_29_0) true) +(expandtypeattribute (ctl_gsid_prop_29_0) true) +(expandtypeattribute (ctl_interface_restart_prop_29_0) true) +(expandtypeattribute (ctl_interface_start_prop_29_0) true) +(expandtypeattribute (ctl_interface_stop_prop_29_0) true) +(expandtypeattribute (ctl_mdnsd_prop_29_0) true) +(expandtypeattribute (ctl_restart_prop_29_0) true) +(expandtypeattribute (ctl_rildaemon_prop_29_0) true) +(expandtypeattribute (ctl_sigstop_prop_29_0) true) +(expandtypeattribute (ctl_start_prop_29_0) true) +(expandtypeattribute (ctl_stop_prop_29_0) true) +(expandtypeattribute (dalvikcache_data_file_29_0) true) +(expandtypeattribute (dalvik_prop_29_0) true) +(expandtypeattribute (dbinfo_service_29_0) true) +(expandtypeattribute (debugfs_29_0) true) +(expandtypeattribute (debugfs_mmc_29_0) true) +(expandtypeattribute (debugfs_trace_marker_29_0) true) +(expandtypeattribute (debugfs_tracing_29_0) true) +(expandtypeattribute (debugfs_tracing_debug_29_0) true) +(expandtypeattribute (debugfs_tracing_instances_29_0) true) +(expandtypeattribute (debugfs_wakeup_sources_29_0) true) +(expandtypeattribute (debugfs_wifi_tracing_29_0) true) +(expandtypeattribute (debuggerd_prop_29_0) true) +(expandtypeattribute (debug_prop_29_0) true) +(expandtypeattribute (default_android_hwservice_29_0) true) +(expandtypeattribute (default_android_service_29_0) true) +(expandtypeattribute (default_android_vndservice_29_0) true) +(expandtypeattribute (default_prop_29_0) true) +(expandtypeattribute (dev_cpu_variant_29_0) true) +(expandtypeattribute (device_29_0) true) +(expandtypeattribute (device_config_activity_manager_native_boot_prop_29_0) true) +(expandtypeattribute (device_config_boot_count_prop_29_0) true) +(expandtypeattribute (device_config_input_native_boot_prop_29_0) true) +(expandtypeattribute (device_config_media_native_prop_29_0) true) +(expandtypeattribute (device_config_netd_native_prop_29_0) true) +(expandtypeattribute (device_config_reset_performed_prop_29_0) true) +(expandtypeattribute (device_config_runtime_native_boot_prop_29_0) true) +(expandtypeattribute (device_config_runtime_native_prop_29_0) true) +(expandtypeattribute (device_config_service_29_0) true) +(expandtypeattribute (device_identifiers_service_29_0) true) +(expandtypeattribute (deviceidle_service_29_0) true) +(expandtypeattribute (device_logging_prop_29_0) true) +(expandtypeattribute (device_policy_service_29_0) true) +(expandtypeattribute (devicestoragemonitor_service_29_0) true) +(expandtypeattribute (devpts_29_0) true) +(expandtypeattribute (dhcp_29_0) true) +(expandtypeattribute (dhcp_data_file_29_0) true) +(expandtypeattribute (dhcp_exec_29_0) true) +(expandtypeattribute (dhcp_prop_29_0) true) +(expandtypeattribute (diskstats_service_29_0) true) +(expandtypeattribute (display_service_29_0) true) +(expandtypeattribute (dm_device_29_0) true) +(expandtypeattribute (dnsmasq_29_0) true) +(expandtypeattribute (dnsmasq_exec_29_0) true) +(expandtypeattribute (dnsproxyd_socket_29_0) true) +(expandtypeattribute (dnsresolver_service_29_0) true) +(expandtypeattribute (DockObserver_service_29_0) true) +(expandtypeattribute (dreams_service_29_0) true) +(expandtypeattribute (drm_data_file_29_0) true) +(expandtypeattribute (drmserver_29_0) true) +(expandtypeattribute (drmserver_exec_29_0) true) +(expandtypeattribute (drmserver_service_29_0) true) +(expandtypeattribute (drmserver_socket_29_0) true) +(expandtypeattribute (dropbox_data_file_29_0) true) +(expandtypeattribute (dropbox_service_29_0) true) +(expandtypeattribute (dumpstate_29_0) true) +(expandtypeattribute (dumpstate_exec_29_0) true) +(expandtypeattribute (dumpstate_options_prop_29_0) true) +(expandtypeattribute (dumpstate_prop_29_0) true) +(expandtypeattribute (dumpstate_service_29_0) true) +(expandtypeattribute (dumpstate_socket_29_0) true) +(expandtypeattribute (dynamic_system_prop_29_0) true) +(expandtypeattribute (e2fs_29_0) true) +(expandtypeattribute (e2fs_exec_29_0) true) +(expandtypeattribute (efs_file_29_0) true) +(expandtypeattribute (ephemeral_app_29_0) true) +(expandtypeattribute (ethernet_service_29_0) true) +(expandtypeattribute (exfat_29_0) true) +(expandtypeattribute (exported2_config_prop_29_0) true) +(expandtypeattribute (exported2_default_prop_29_0) true) +(expandtypeattribute (exported2_radio_prop_29_0) true) +(expandtypeattribute (exported2_system_prop_29_0) true) +(expandtypeattribute (exported2_vold_prop_29_0) true) +(expandtypeattribute (exported3_default_prop_29_0) true) +(expandtypeattribute (exported3_radio_prop_29_0) true) +(expandtypeattribute (exported3_system_prop_29_0) true) +(expandtypeattribute (exported_audio_prop_29_0) true) +(expandtypeattribute (exported_bluetooth_prop_29_0) true) +(expandtypeattribute (exported_config_prop_29_0) true) +(expandtypeattribute (exported_dalvik_prop_29_0) true) +(expandtypeattribute (exported_default_prop_29_0) true) +(expandtypeattribute (exported_dumpstate_prop_29_0) true) +(expandtypeattribute (exported_ffs_prop_29_0) true) +(expandtypeattribute (exported_fingerprint_prop_29_0) true) +(expandtypeattribute (exported_overlay_prop_29_0) true) +(expandtypeattribute (exported_pm_prop_29_0) true) +(expandtypeattribute (exported_radio_prop_29_0) true) +(expandtypeattribute (exported_secure_prop_29_0) true) +(expandtypeattribute (exported_system_prop_29_0) true) +(expandtypeattribute (exported_system_radio_prop_29_0) true) +(expandtypeattribute (exported_vold_prop_29_0) true) +(expandtypeattribute (exported_wifi_prop_29_0) true) +(expandtypeattribute (external_vibrator_service_29_0) true) +(expandtypeattribute (face_service_29_0) true) +(expandtypeattribute (face_vendor_data_file_29_0) true) +(expandtypeattribute (fastbootd_29_0) true) +(expandtypeattribute (ffs_prop_29_0) true) +(expandtypeattribute (file_contexts_file_29_0) true) +(expandtypeattribute (fingerprintd_29_0) true) +(expandtypeattribute (fingerprintd_data_file_29_0) true) +(expandtypeattribute (fingerprintd_exec_29_0) true) +(expandtypeattribute (fingerprintd_service_29_0) true) +(expandtypeattribute (fingerprint_prop_29_0) true) +(expandtypeattribute (fingerprint_service_29_0) true) +(expandtypeattribute (fingerprint_vendor_data_file_29_0) true) +(expandtypeattribute (firstboot_prop_29_0) true) +(expandtypeattribute (flags_health_check_29_0) true) +(expandtypeattribute (flags_health_check_exec_29_0) true) +(expandtypeattribute (font_service_29_0) true) +(expandtypeattribute (frp_block_device_29_0) true) +(expandtypeattribute (fs_bpf_29_0) true) +(expandtypeattribute (fsck_29_0) true) +(expandtypeattribute (fsck_exec_29_0) true) +(expandtypeattribute (fscklogs_29_0) true) +(expandtypeattribute (fsck_untrusted_29_0) true) +(expandtypeattribute (functionfs_29_0) true) +(expandtypeattribute (fuse_29_0) true) +(expandtypeattribute (fuse_device_29_0) true) +(expandtypeattribute (fwk_bufferhub_hwservice_29_0) true) +(expandtypeattribute (fwk_camera_hwservice_29_0) true) +(expandtypeattribute (fwk_display_hwservice_29_0) true) +(expandtypeattribute (fwk_scheduler_hwservice_29_0) true) +(expandtypeattribute (fwk_sensor_hwservice_29_0) true) +(expandtypeattribute (fwk_stats_hwservice_29_0) true) +(expandtypeattribute (fwmarkd_socket_29_0) true) +(expandtypeattribute (gatekeeperd_29_0) true) +(expandtypeattribute (gatekeeper_data_file_29_0) true) +(expandtypeattribute (gatekeeperd_exec_29_0) true) +(expandtypeattribute (gatekeeper_service_29_0) true) +(expandtypeattribute (gfxinfo_service_29_0) true) +(expandtypeattribute (gps_control_29_0) true) +(expandtypeattribute (gpu_device_29_0) true) +(expandtypeattribute (gpu_service_29_0) true) +(expandtypeattribute (gpuservice_29_0) true) +(expandtypeattribute (graphics_device_29_0) true) +(expandtypeattribute (graphicsstats_service_29_0) true) +(expandtypeattribute (gsi_data_file_29_0) true) +(expandtypeattribute (gsid_prop_29_0) true) +(expandtypeattribute (gsi_metadata_file_29_0) true) +(expandtypeattribute (hal_atrace_hwservice_29_0) true) +(expandtypeattribute (hal_audiocontrol_hwservice_29_0) true) +(expandtypeattribute (hal_audio_hwservice_29_0) true) +(expandtypeattribute (hal_authsecret_hwservice_29_0) true) +(expandtypeattribute (hal_bluetooth_hwservice_29_0) true) +(expandtypeattribute (hal_bootctl_hwservice_29_0) true) +(expandtypeattribute (hal_broadcastradio_hwservice_29_0) true) +(expandtypeattribute (hal_camera_hwservice_29_0) true) +(expandtypeattribute (hal_cas_hwservice_29_0) true) +(expandtypeattribute (hal_codec2_hwservice_29_0) true) +(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_29_0) true) +(expandtypeattribute (hal_confirmationui_hwservice_29_0) true) +(expandtypeattribute (hal_contexthub_hwservice_29_0) true) +(expandtypeattribute (hal_drm_hwservice_29_0) true) +(expandtypeattribute (hal_dumpstate_hwservice_29_0) true) +(expandtypeattribute (hal_evs_hwservice_29_0) true) +(expandtypeattribute (hal_face_hwservice_29_0) true) +(expandtypeattribute (hal_fingerprint_hwservice_29_0) true) +(expandtypeattribute (hal_fingerprint_service_29_0) true) +(expandtypeattribute (hal_gatekeeper_hwservice_29_0) true) +(expandtypeattribute (hal_gnss_hwservice_29_0) true) +(expandtypeattribute (hal_graphics_allocator_hwservice_29_0) true) +(expandtypeattribute (hal_graphics_composer_hwservice_29_0) true) +(expandtypeattribute (hal_graphics_composer_server_tmpfs_29_0) true) +(expandtypeattribute (hal_graphics_mapper_hwservice_29_0) true) +(expandtypeattribute (hal_health_hwservice_29_0) true) +(expandtypeattribute (hal_health_storage_hwservice_29_0) true) +(expandtypeattribute (hal_input_classifier_hwservice_29_0) true) +(expandtypeattribute (hal_ir_hwservice_29_0) true) +(expandtypeattribute (hal_keymaster_hwservice_29_0) true) +(expandtypeattribute (hal_light_hwservice_29_0) true) +(expandtypeattribute (hal_lowpan_hwservice_29_0) true) +(expandtypeattribute (hal_memtrack_hwservice_29_0) true) +(expandtypeattribute (hal_neuralnetworks_hwservice_29_0) true) +(expandtypeattribute (hal_nfc_hwservice_29_0) true) +(expandtypeattribute (hal_oemlock_hwservice_29_0) true) +(expandtypeattribute (hal_omx_hwservice_29_0) true) +(expandtypeattribute (hal_power_hwservice_29_0) true) +(expandtypeattribute (hal_power_stats_hwservice_29_0) true) +(expandtypeattribute (hal_renderscript_hwservice_29_0) true) +(expandtypeattribute (hal_secure_element_hwservice_29_0) true) +(expandtypeattribute (hal_sensors_hwservice_29_0) true) +(expandtypeattribute (hal_telephony_hwservice_29_0) true) +(expandtypeattribute (hal_tetheroffload_hwservice_29_0) true) +(expandtypeattribute (hal_thermal_hwservice_29_0) true) +(expandtypeattribute (hal_tv_cec_hwservice_29_0) true) +(expandtypeattribute (hal_tv_input_hwservice_29_0) true) +(expandtypeattribute (hal_usb_gadget_hwservice_29_0) true) +(expandtypeattribute (hal_usb_hwservice_29_0) true) +(expandtypeattribute (hal_vehicle_hwservice_29_0) true) +(expandtypeattribute (hal_vibrator_hwservice_29_0) true) +(expandtypeattribute (hal_vr_hwservice_29_0) true) +(expandtypeattribute (hal_weaver_hwservice_29_0) true) +(expandtypeattribute (hal_wifi_hostapd_hwservice_29_0) true) +(expandtypeattribute (hal_wifi_hwservice_29_0) true) +(expandtypeattribute (hal_wifi_offload_hwservice_29_0) true) +(expandtypeattribute (hal_wifi_supplicant_hwservice_29_0) true) +(expandtypeattribute (hardware_properties_service_29_0) true) +(expandtypeattribute (hardware_service_29_0) true) +(expandtypeattribute (hci_attach_dev_29_0) true) +(expandtypeattribute (hdmi_control_service_29_0) true) +(expandtypeattribute (healthd_29_0) true) +(expandtypeattribute (healthd_exec_29_0) true) +(expandtypeattribute (heapdump_data_file_29_0) true) +(expandtypeattribute (heapprofd_29_0) true) +(expandtypeattribute (heapprofd_enabled_prop_29_0) true) +(expandtypeattribute (heapprofd_prop_29_0) true) +(expandtypeattribute (heapprofd_socket_29_0) true) +(expandtypeattribute (hidl_allocator_hwservice_29_0) true) +(expandtypeattribute (hidl_base_hwservice_29_0) true) +(expandtypeattribute (hidl_manager_hwservice_29_0) true) +(expandtypeattribute (hidl_memory_hwservice_29_0) true) +(expandtypeattribute (hidl_token_hwservice_29_0) true) +(expandtypeattribute (hwbinder_device_29_0) true) +(expandtypeattribute (hw_random_device_29_0) true) +(expandtypeattribute (hwservice_contexts_file_29_0) true) +(expandtypeattribute (hwservicemanager_29_0) true) +(expandtypeattribute (hwservicemanager_exec_29_0) true) +(expandtypeattribute (hwservicemanager_prop_29_0) true) +(expandtypeattribute (icon_file_29_0) true) +(expandtypeattribute (idmap_29_0) true) +(expandtypeattribute (idmap_exec_29_0) true) +(expandtypeattribute (idmap_service_29_0) true) +(expandtypeattribute (iio_device_29_0) true) +(expandtypeattribute (imms_service_29_0) true) +(expandtypeattribute (incident_29_0) true) +(expandtypeattribute (incidentd_29_0) true) +(expandtypeattribute (incident_data_file_29_0) true) +(expandtypeattribute (incident_helper_29_0) true) +(expandtypeattribute (incident_service_29_0) true) +(expandtypeattribute (init_29_0) true) +(expandtypeattribute (init_exec_29_0) true) +(expandtypeattribute (init_tmpfs_29_0) true) +(expandtypeattribute (inotify_29_0) true) +(expandtypeattribute (input_device_29_0) true) +(expandtypeattribute (inputflinger_29_0) true) +(expandtypeattribute (inputflinger_exec_29_0) true) +(expandtypeattribute (inputflinger_service_29_0) true) +(expandtypeattribute (input_method_service_29_0) true) +(expandtypeattribute (input_service_29_0) true) +(expandtypeattribute (installd_29_0) true) +(expandtypeattribute (install_data_file_29_0) true) +(expandtypeattribute (installd_exec_29_0) true) +(expandtypeattribute (installd_service_29_0) true) +(expandtypeattribute (install_recovery_29_0) true) +(expandtypeattribute (install_recovery_exec_29_0) true) +(expandtypeattribute (ion_device_29_0) true) +(expandtypeattribute (iorapd_29_0) true) +(expandtypeattribute (iorapd_data_file_29_0) true) +(expandtypeattribute (iorapd_exec_29_0) true) +(expandtypeattribute (iorapd_service_29_0) true) +(expandtypeattribute (iorapd_tmpfs_29_0) true) +(expandtypeattribute (IProxyService_service_29_0) true) +(expandtypeattribute (ipsec_service_29_0) true) +(expandtypeattribute (iris_service_29_0) true) +(expandtypeattribute (iris_vendor_data_file_29_0) true) +(expandtypeattribute (isolated_app_29_0) true) +(expandtypeattribute (jobscheduler_service_29_0) true) +(expandtypeattribute (kernel_29_0) true) +(expandtypeattribute (keychain_data_file_29_0) true) +(expandtypeattribute (keychord_device_29_0) true) +(expandtypeattribute (keystore_29_0) true) +(expandtypeattribute (keystore_data_file_29_0) true) +(expandtypeattribute (keystore_exec_29_0) true) +(expandtypeattribute (keystore_service_29_0) true) +(expandtypeattribute (kmsg_debug_device_29_0) true) +(expandtypeattribute (kmsg_device_29_0) true) +(expandtypeattribute (labeledfs_29_0) true) +(expandtypeattribute (last_boot_reason_prop_29_0) true) +(expandtypeattribute (launcherapps_service_29_0) true) +(expandtypeattribute (llkd_29_0) true) +(expandtypeattribute (llkd_exec_29_0) true) +(expandtypeattribute (llkd_prop_29_0) true) +(expandtypeattribute (lmkd_29_0) true) +(expandtypeattribute (lmkd_exec_29_0) true) +(expandtypeattribute (lmkd_socket_29_0) true) +(expandtypeattribute (location_service_29_0) true) +(expandtypeattribute (lock_settings_service_29_0) true) +(expandtypeattribute (logcat_exec_29_0) true) +(expandtypeattribute (logd_29_0) true) +(expandtypeattribute (logd_exec_29_0) true) +(expandtypeattribute (logd_prop_29_0) true) +(expandtypeattribute (logdr_socket_29_0) true) +(expandtypeattribute (logd_socket_29_0) true) +(expandtypeattribute (logdw_socket_29_0) true) +(expandtypeattribute (logpersist_29_0) true) +(expandtypeattribute (logpersistd_logging_prop_29_0) true) +(expandtypeattribute (log_prop_29_0) true) +(expandtypeattribute (log_tag_prop_29_0) true) +(expandtypeattribute (loop_control_device_29_0) true) +(expandtypeattribute (loop_device_29_0) true) +(expandtypeattribute (looper_stats_service_29_0) true) +(expandtypeattribute (lowpan_device_29_0) true) +(expandtypeattribute (lowpan_prop_29_0) true) +(expandtypeattribute (lowpan_service_29_0) true) +(expandtypeattribute (lpdumpd_prop_29_0) true) +(expandtypeattribute (lpdump_service_29_0) true) +(expandtypeattribute (mac_perms_file_29_0) true) +(expandtypeattribute (mdnsd_29_0) true) +(expandtypeattribute (mdnsd_socket_29_0) true) +(expandtypeattribute (mdns_socket_29_0) true) +(expandtypeattribute (mediacodec_service_29_0) true) +(expandtypeattribute (media_data_file_29_0) true) +(expandtypeattribute (mediadrmserver_29_0) true) +(expandtypeattribute (mediadrmserver_exec_29_0) true) +(expandtypeattribute (mediadrmserver_service_29_0) true) +(expandtypeattribute (mediaextractor_29_0) true) +(expandtypeattribute (mediaextractor_exec_29_0) true) +(expandtypeattribute (mediaextractor_service_29_0) true) +(expandtypeattribute (mediaextractor_tmpfs_29_0) true) +(expandtypeattribute (mediametrics_29_0) true) +(expandtypeattribute (mediametrics_exec_29_0) true) +(expandtypeattribute (mediametrics_service_29_0) true) +(expandtypeattribute (media_projection_service_29_0) true) +(expandtypeattribute (mediaprovider_29_0) true) +(expandtypeattribute (media_router_service_29_0) true) +(expandtypeattribute (media_rw_data_file_29_0) true) +(expandtypeattribute (mediaserver_29_0) true) +(expandtypeattribute (mediaserver_exec_29_0) true) +(expandtypeattribute (mediaserver_service_29_0) true) +(expandtypeattribute (mediaserver_tmpfs_29_0) true) +(expandtypeattribute (media_session_service_29_0) true) +(expandtypeattribute (mediaswcodec_29_0) true) +(expandtypeattribute (mediaswcodec_exec_29_0) true) +(expandtypeattribute (meminfo_service_29_0) true) +(expandtypeattribute (metadata_block_device_29_0) true) +(expandtypeattribute (metadata_file_29_0) true) +(expandtypeattribute (method_trace_data_file_29_0) true) +(expandtypeattribute (midi_service_29_0) true) +(expandtypeattribute (misc_block_device_29_0) true) +(expandtypeattribute (misc_logd_file_29_0) true) +(expandtypeattribute (misc_user_data_file_29_0) true) +(expandtypeattribute (mmc_prop_29_0) true) +(expandtypeattribute (mnt_expand_file_29_0) true) +(expandtypeattribute (mnt_media_rw_file_29_0) true) +(expandtypeattribute (mnt_media_rw_stub_file_29_0) true) +(expandtypeattribute (mnt_product_file_29_0) true) +(expandtypeattribute (mnt_user_file_29_0) true) +(expandtypeattribute (mnt_vendor_file_29_0) true) +(expandtypeattribute (modprobe_29_0) true) +(expandtypeattribute (mount_service_29_0) true) +(expandtypeattribute (mqueue_29_0) true) +(expandtypeattribute (mtp_29_0) true) +(expandtypeattribute (mtp_device_29_0) true) +(expandtypeattribute (mtpd_socket_29_0) true) +(expandtypeattribute (mtp_exec_29_0) true) +(expandtypeattribute (nativetest_data_file_29_0) true) +(expandtypeattribute (netd_29_0) true) +(expandtypeattribute (net_data_file_29_0) true) +(expandtypeattribute (netd_exec_29_0) true) +(expandtypeattribute (netd_listener_service_29_0) true) +(expandtypeattribute (net_dns_prop_29_0) true) +(expandtypeattribute (netd_service_29_0) true) +(expandtypeattribute (netd_stable_secret_prop_29_0) true) +(expandtypeattribute (netif_29_0) true) +(expandtypeattribute (netpolicy_service_29_0) true) +(expandtypeattribute (net_radio_prop_29_0) true) +(expandtypeattribute (netstats_service_29_0) true) +(expandtypeattribute (netutils_wrapper_29_0) true) +(expandtypeattribute (netutils_wrapper_exec_29_0) true) +(expandtypeattribute (network_management_service_29_0) true) +(expandtypeattribute (network_score_service_29_0) true) +(expandtypeattribute (network_stack_29_0) true) +(expandtypeattribute (network_stack_service_29_0) true) +(expandtypeattribute (network_time_update_service_29_0) true) +(expandtypeattribute (network_watchlist_data_file_29_0) true) +(expandtypeattribute (network_watchlist_service_29_0) true) +(expandtypeattribute (nfc_29_0) true) +(expandtypeattribute (nfc_data_file_29_0) true) +(expandtypeattribute (nfc_device_29_0) true) +(expandtypeattribute (nfc_prop_29_0) true) +(expandtypeattribute (nfc_service_29_0) true) +(expandtypeattribute (nnapi_ext_deny_product_prop_29_0) true) +(expandtypeattribute (node_29_0) true) +(expandtypeattribute (nonplat_service_contexts_file_29_0) true) +(expandtypeattribute (notification_service_29_0) true) +(expandtypeattribute (null_device_29_0) true) +(expandtypeattribute (oemfs_29_0) true) +(expandtypeattribute (oem_lock_service_29_0) true) +(expandtypeattribute (ota_data_file_29_0) true) +(expandtypeattribute (otadexopt_service_29_0) true) +(expandtypeattribute (ota_package_file_29_0) true) +(expandtypeattribute (overlayfs_file_29_0) true) +(expandtypeattribute (overlay_prop_29_0) true) +(expandtypeattribute (overlay_service_29_0) true) +(expandtypeattribute (owntty_device_29_0) true) +(expandtypeattribute (package_native_service_29_0) true) +(expandtypeattribute (package_service_29_0) true) +(expandtypeattribute (packages_list_file_29_0) true) +(expandtypeattribute (pan_result_prop_29_0) true) +(expandtypeattribute (password_slot_metadata_file_29_0) true) +(expandtypeattribute (pdx_bufferhub_client_channel_socket_29_0) true) +(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_bufferhub_dir_29_0) true) +(expandtypeattribute (pdx_display_client_channel_socket_29_0) true) +(expandtypeattribute (pdx_display_client_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_display_dir_29_0) true) +(expandtypeattribute (pdx_display_manager_channel_socket_29_0) true) +(expandtypeattribute (pdx_display_manager_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_display_screenshot_channel_socket_29_0) true) +(expandtypeattribute (pdx_display_screenshot_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_display_vsync_channel_socket_29_0) true) +(expandtypeattribute (pdx_display_vsync_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_performance_client_channel_socket_29_0) true) +(expandtypeattribute (pdx_performance_client_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_performance_dir_29_0) true) +(expandtypeattribute (perfetto_29_0) true) +(expandtypeattribute (performanced_29_0) true) +(expandtypeattribute (performanced_exec_29_0) true) +(expandtypeattribute (permissionmgr_service_29_0) true) +(expandtypeattribute (permission_service_29_0) true) +(expandtypeattribute (persist_debug_prop_29_0) true) +(expandtypeattribute (persistent_data_block_service_29_0) true) +(expandtypeattribute (persistent_properties_ready_prop_29_0) true) +(expandtypeattribute (pinner_service_29_0) true) +(expandtypeattribute (pipefs_29_0) true) +(expandtypeattribute (platform_app_29_0) true) +(expandtypeattribute (pm_prop_29_0) true) +(expandtypeattribute (pmsg_device_29_0) true) +(expandtypeattribute (port_29_0) true) +(expandtypeattribute (port_device_29_0) true) +(expandtypeattribute (postinstall_29_0) true) +(expandtypeattribute (postinstall_apex_mnt_dir_29_0) true) +(expandtypeattribute (postinstall_file_29_0) true) +(expandtypeattribute (postinstall_mnt_dir_29_0) true) +(expandtypeattribute (powerctl_prop_29_0) true) +(expandtypeattribute (power_service_29_0) true) +(expandtypeattribute (ppp_29_0) true) +(expandtypeattribute (ppp_device_29_0) true) +(expandtypeattribute (ppp_exec_29_0) true) +(expandtypeattribute (preloads_data_file_29_0) true) +(expandtypeattribute (preloads_media_file_29_0) true) +(expandtypeattribute (print_service_29_0) true) +(expandtypeattribute (priv_app_29_0) true) +(expandtypeattribute (privapp_data_file_29_0) true) +(expandtypeattribute (proc_29_0) true) +(expandtypeattribute (proc_abi_29_0) true) +(expandtypeattribute (proc_asound_29_0) true) +(expandtypeattribute (proc_bluetooth_writable_29_0) true) +(expandtypeattribute (proc_buddyinfo_29_0) true) +(expandtypeattribute (proc_cmdline_29_0) true) +(expandtypeattribute (proc_cpuinfo_29_0) true) +(expandtypeattribute (proc_dirty_29_0) true) +(expandtypeattribute (proc_diskstats_29_0) true) +(expandtypeattribute (proc_drop_caches_29_0) true) +(expandtypeattribute (processinfo_service_29_0) true) +(expandtypeattribute (proc_extra_free_kbytes_29_0) true) +(expandtypeattribute (proc_filesystems_29_0) true) +(expandtypeattribute (proc_fs_verity_29_0) true) +(expandtypeattribute (proc_hostname_29_0) true) +(expandtypeattribute (proc_hung_task_29_0) true) +(expandtypeattribute (proc_interrupts_29_0) true) +(expandtypeattribute (proc_iomem_29_0) true) +(expandtypeattribute (proc_keys_29_0) true) +(expandtypeattribute (proc_kmsg_29_0) true) +(expandtypeattribute (proc_loadavg_29_0) true) +(expandtypeattribute (proc_max_map_count_29_0) true) +(expandtypeattribute (proc_meminfo_29_0) true) +(expandtypeattribute (proc_min_free_order_shift_29_0) true) +(expandtypeattribute (proc_misc_29_0) true) +(expandtypeattribute (proc_modules_29_0) true) +(expandtypeattribute (proc_mounts_29_0) true) +(expandtypeattribute (proc_net_29_0) true) +(expandtypeattribute (proc_net_tcp_udp_29_0) true) +(expandtypeattribute (proc_overcommit_memory_29_0) true) +(expandtypeattribute (proc_page_cluster_29_0) true) +(expandtypeattribute (proc_pagetypeinfo_29_0) true) +(expandtypeattribute (proc_panic_29_0) true) +(expandtypeattribute (proc_perf_29_0) true) +(expandtypeattribute (proc_pid_max_29_0) true) +(expandtypeattribute (proc_pipe_conf_29_0) true) +(expandtypeattribute (proc_pressure_cpu_29_0) true) +(expandtypeattribute (proc_pressure_io_29_0) true) +(expandtypeattribute (proc_pressure_mem_29_0) true) +(expandtypeattribute (proc_qtaguid_ctrl_29_0) true) +(expandtypeattribute (proc_qtaguid_stat_29_0) true) +(expandtypeattribute (proc_random_29_0) true) +(expandtypeattribute (proc_sched_29_0) true) +(expandtypeattribute (proc_security_29_0) true) +(expandtypeattribute (proc_slabinfo_29_0) true) +(expandtypeattribute (proc_stat_29_0) true) +(expandtypeattribute (procstats_service_29_0) true) +(expandtypeattribute (proc_swaps_29_0) true) +(expandtypeattribute (proc_sysrq_29_0) true) +(expandtypeattribute (proc_timer_29_0) true) +(expandtypeattribute (proc_tty_drivers_29_0) true) +(expandtypeattribute (proc_uid_concurrent_active_time_29_0) true) +(expandtypeattribute (proc_uid_concurrent_policy_time_29_0) true) +(expandtypeattribute (proc_uid_cpupower_29_0) true) +(expandtypeattribute (proc_uid_cputime_removeuid_29_0) true) +(expandtypeattribute (proc_uid_cputime_showstat_29_0) true) +(expandtypeattribute (proc_uid_io_stats_29_0) true) +(expandtypeattribute (proc_uid_procstat_set_29_0) true) +(expandtypeattribute (proc_uid_time_in_state_29_0) true) +(expandtypeattribute (proc_uptime_29_0) true) +(expandtypeattribute (proc_version_29_0) true) +(expandtypeattribute (proc_vmallocinfo_29_0) true) +(expandtypeattribute (proc_vmstat_29_0) true) +(expandtypeattribute (proc_zoneinfo_29_0) true) +(expandtypeattribute (profman_29_0) true) +(expandtypeattribute (profman_dump_data_file_29_0) true) +(expandtypeattribute (profman_exec_29_0) true) +(expandtypeattribute (properties_device_29_0) true) +(expandtypeattribute (properties_serial_29_0) true) +(expandtypeattribute (property_contexts_file_29_0) true) +(expandtypeattribute (property_data_file_29_0) true) +(expandtypeattribute (property_info_29_0) true) +(expandtypeattribute (property_socket_29_0) true) +(expandtypeattribute (pstorefs_29_0) true) +(expandtypeattribute (ptmx_device_29_0) true) +(expandtypeattribute (qtaguid_device_29_0) true) +(expandtypeattribute (racoon_29_0) true) +(expandtypeattribute (racoon_exec_29_0) true) +(expandtypeattribute (racoon_socket_29_0) true) +(expandtypeattribute (radio_29_0) true) +(expandtypeattribute (radio_data_file_29_0) true) +(expandtypeattribute (radio_device_29_0) true) +(expandtypeattribute (radio_prop_29_0) true) +(expandtypeattribute (radio_service_29_0) true) +(expandtypeattribute (ram_device_29_0) true) +(expandtypeattribute (random_device_29_0) true) +(expandtypeattribute (recovery_29_0) true) +(expandtypeattribute (recovery_block_device_29_0) true) +(expandtypeattribute (recovery_data_file_29_0) true) +(expandtypeattribute (recovery_persist_29_0) true) +(expandtypeattribute (recovery_persist_exec_29_0) true) +(expandtypeattribute (recovery_refresh_29_0) true) +(expandtypeattribute (recovery_refresh_exec_29_0) true) +(expandtypeattribute (recovery_service_29_0) true) +(expandtypeattribute (recovery_socket_29_0) true) +(expandtypeattribute (registry_service_29_0) true) +(expandtypeattribute (resourcecache_data_file_29_0) true) +(expandtypeattribute (restorecon_prop_29_0) true) +(expandtypeattribute (restrictions_service_29_0) true) +(expandtypeattribute (rild_debug_socket_29_0) true) +(expandtypeattribute (rild_socket_29_0) true) +(expandtypeattribute (ringtone_file_29_0) true) +(expandtypeattribute (role_service_29_0) true) +(expandtypeattribute (rollback_service_29_0) true) +(expandtypeattribute (root_block_device_29_0) true) +(expandtypeattribute (rootfs_29_0) true) +(expandtypeattribute (rpmsg_device_29_0) true) +(expandtypeattribute (rs_29_0) true) +(expandtypeattribute (rs_exec_29_0) true) +(expandtypeattribute (rss_hwm_reset_29_0) true) +(expandtypeattribute (rtc_device_29_0) true) +(expandtypeattribute (rttmanager_service_29_0) true) +(expandtypeattribute (runas_29_0) true) +(expandtypeattribute (runas_app_29_0) true) +(expandtypeattribute (runas_exec_29_0) true) +(expandtypeattribute (runtime_event_log_tags_file_29_0) true) +(expandtypeattribute (runtime_service_29_0) true) +(expandtypeattribute (safemode_prop_29_0) true) +(expandtypeattribute (same_process_hal_file_29_0) true) +(expandtypeattribute (samplingprofiler_service_29_0) true) +(expandtypeattribute (scheduling_policy_service_29_0) true) +(expandtypeattribute (sdcard_block_device_29_0) true) +(expandtypeattribute (sdcardd_29_0) true) +(expandtypeattribute (sdcardd_exec_29_0) true) +(expandtypeattribute (sdcardfs_29_0) true) +(expandtypeattribute (seapp_contexts_file_29_0) true) +(expandtypeattribute (search_service_29_0) true) +(expandtypeattribute (sec_key_att_app_id_provider_service_29_0) true) +(expandtypeattribute (secure_element_29_0) true) +(expandtypeattribute (secure_element_device_29_0) true) +(expandtypeattribute (secure_element_service_29_0) true) +(expandtypeattribute (selinuxfs_29_0) true) +(expandtypeattribute (sensor_privacy_service_29_0) true) +(expandtypeattribute (sensors_device_29_0) true) +(expandtypeattribute (sensorservice_service_29_0) true) +(expandtypeattribute (sepolicy_file_29_0) true) +(expandtypeattribute (serial_device_29_0) true) +(expandtypeattribute (serialno_prop_29_0) true) +(expandtypeattribute (serial_service_29_0) true) +(expandtypeattribute (server_configurable_flags_data_file_29_0) true) +(expandtypeattribute (service_contexts_file_29_0) true) +(expandtypeattribute (servicediscovery_service_29_0) true) +(expandtypeattribute (servicemanager_29_0) true) +(expandtypeattribute (servicemanager_exec_29_0) true) +(expandtypeattribute (settings_service_29_0) true) +(expandtypeattribute (sgdisk_29_0) true) +(expandtypeattribute (sgdisk_exec_29_0) true) +(expandtypeattribute (shared_relro_29_0) true) +(expandtypeattribute (shared_relro_file_29_0) true) +(expandtypeattribute (shell_29_0) true) +(expandtypeattribute (shell_data_file_29_0) true) +(expandtypeattribute (shell_exec_29_0) true) +(expandtypeattribute (shell_prop_29_0) true) +(expandtypeattribute (shm_29_0) true) +(expandtypeattribute (shortcut_manager_icons_29_0) true) +(expandtypeattribute (shortcut_service_29_0) true) +(expandtypeattribute (simpleperf_app_runner_29_0) true) +(expandtypeattribute (simpleperf_app_runner_exec_29_0) true) +(expandtypeattribute (slice_service_29_0) true) +(expandtypeattribute (slideshow_29_0) true) +(expandtypeattribute (socket_device_29_0) true) +(expandtypeattribute (sockfs_29_0) true) +(expandtypeattribute (staging_data_file_29_0) true) +(expandtypeattribute (statsd_29_0) true) +(expandtypeattribute (stats_data_file_29_0) true) +(expandtypeattribute (statsd_exec_29_0) true) +(expandtypeattribute (statsdw_socket_29_0) true) +(expandtypeattribute (statusbar_service_29_0) true) +(expandtypeattribute (storaged_service_29_0) true) +(expandtypeattribute (storage_file_29_0) true) +(expandtypeattribute (storagestats_service_29_0) true) +(expandtypeattribute (storage_stub_file_29_0) true) +(expandtypeattribute (su_29_0) true) +(expandtypeattribute (su_exec_29_0) true) +(expandtypeattribute (super_block_device_29_0) true) +(expandtypeattribute (surfaceflinger_29_0) true) +(expandtypeattribute (surfaceflinger_service_29_0) true) +(expandtypeattribute (surfaceflinger_tmpfs_29_0) true) +(expandtypeattribute (swap_block_device_29_0) true) +(expandtypeattribute (sysfs_29_0) true) +(expandtypeattribute (sysfs_android_usb_29_0) true) +(expandtypeattribute (sysfs_batteryinfo_29_0) true) +(expandtypeattribute (sysfs_bluetooth_writable_29_0) true) +(expandtypeattribute (sysfs_devices_block_29_0) true) +(expandtypeattribute (sysfs_devices_system_cpu_29_0) true) +(expandtypeattribute (sysfs_dm_29_0) true) +(expandtypeattribute (sysfs_dt_firmware_android_29_0) true) +(expandtypeattribute (sysfs_extcon_29_0) true) +(expandtypeattribute (sysfs_fs_ext4_features_29_0) true) +(expandtypeattribute (sysfs_fs_f2fs_29_0) true) +(expandtypeattribute (sysfs_hwrandom_29_0) true) +(expandtypeattribute (sysfs_ipv4_29_0) true) +(expandtypeattribute (sysfs_kernel_notes_29_0) true) +(expandtypeattribute (sysfs_leds_29_0) true) +(expandtypeattribute (sysfs_loop_29_0) true) +(expandtypeattribute (sysfs_lowmemorykiller_29_0) true) +(expandtypeattribute (sysfs_mac_address_29_0) true) +(expandtypeattribute (sysfs_net_29_0) true) +(expandtypeattribute (sysfs_nfc_power_writable_29_0) true) +(expandtypeattribute (sysfs_power_29_0) true) +(expandtypeattribute (sysfs_rtc_29_0) true) +(expandtypeattribute (sysfs_switch_29_0) true) +(expandtypeattribute (sysfs_thermal_29_0) true) +(expandtypeattribute (sysfs_transparent_hugepage_29_0) true) +(expandtypeattribute (sysfs_uio_29_0) true) +(expandtypeattribute (sysfs_usb_29_0) true) +(expandtypeattribute (sysfs_usermodehelper_29_0) true) +(expandtypeattribute (sysfs_vibrator_29_0) true) +(expandtypeattribute (sysfs_wake_lock_29_0) true) +(expandtypeattribute (sysfs_wakeup_reasons_29_0) true) +(expandtypeattribute (sysfs_wlan_fwpath_29_0) true) +(expandtypeattribute (sysfs_zram_29_0) true) +(expandtypeattribute (sysfs_zram_uevent_29_0) true) +(expandtypeattribute (system_app_29_0) true) +(expandtypeattribute (system_app_data_file_29_0) true) +(expandtypeattribute (system_app_service_29_0) true) +(expandtypeattribute (system_asan_options_file_29_0) true) +(expandtypeattribute (system_block_device_29_0) true) +(expandtypeattribute (system_boot_reason_prop_29_0) true) +(expandtypeattribute (system_bootstrap_lib_file_29_0) true) +(expandtypeattribute (system_data_file_29_0) true) +(expandtypeattribute (system_event_log_tags_file_29_0) true) +(expandtypeattribute (system_file_29_0) true) +(expandtypeattribute (systemkeys_data_file_29_0) true) +(expandtypeattribute (system_lib_file_29_0) true) +(expandtypeattribute (system_linker_config_file_29_0) true) +(expandtypeattribute (system_linker_exec_29_0) true) +(expandtypeattribute (system_lmk_prop_29_0) true) +(expandtypeattribute (system_ndebug_socket_29_0) true) +(expandtypeattribute (system_net_netd_hwservice_29_0) true) +(expandtypeattribute (system_prop_29_0) true) +(expandtypeattribute (system_radio_prop_29_0) true) +(expandtypeattribute (system_seccomp_policy_file_29_0) true) +(expandtypeattribute (system_security_cacerts_file_29_0) true) +(expandtypeattribute (system_server_29_0) true) +(expandtypeattribute (system_server_tmpfs_29_0) true) +(expandtypeattribute (system_suspend_control_service_29_0) true) +(expandtypeattribute (system_suspend_hwservice_29_0) true) +(expandtypeattribute (system_trace_prop_29_0) true) +(expandtypeattribute (system_update_service_29_0) true) +(expandtypeattribute (system_wifi_keystore_hwservice_29_0) true) +(expandtypeattribute (system_wpa_socket_29_0) true) +(expandtypeattribute (system_zoneinfo_file_29_0) true) +(expandtypeattribute (task_profiles_file_29_0) true) +(expandtypeattribute (task_service_29_0) true) +(expandtypeattribute (tcpdump_exec_29_0) true) +(expandtypeattribute (tee_29_0) true) +(expandtypeattribute (tee_data_file_29_0) true) +(expandtypeattribute (tee_device_29_0) true) +(expandtypeattribute (telecom_service_29_0) true) +(expandtypeattribute (test_boot_reason_prop_29_0) true) +(expandtypeattribute (test_harness_prop_29_0) true) +(expandtypeattribute (testharness_service_29_0) true) +(expandtypeattribute (textclassification_service_29_0) true) +(expandtypeattribute (textclassifier_data_file_29_0) true) +(expandtypeattribute (textservices_service_29_0) true) +(expandtypeattribute (thermalcallback_hwservice_29_0) true) +(expandtypeattribute (thermal_service_29_0) true) +(expandtypeattribute (timedetector_service_29_0) true) +(expandtypeattribute (time_prop_29_0) true) +(expandtypeattribute (timezone_service_29_0) true) +(expandtypeattribute (tmpfs_29_0) true) +(expandtypeattribute (tombstoned_29_0) true) +(expandtypeattribute (tombstone_data_file_29_0) true) +(expandtypeattribute (tombstoned_crash_socket_29_0) true) +(expandtypeattribute (tombstoned_exec_29_0) true) +(expandtypeattribute (tombstoned_intercept_socket_29_0) true) +(expandtypeattribute (tombstoned_java_trace_socket_29_0) true) +(expandtypeattribute (tombstone_wifi_data_file_29_0) true) +(expandtypeattribute (toolbox_29_0) true) +(expandtypeattribute (toolbox_exec_29_0) true) +(expandtypeattribute (traced_29_0) true) +(expandtypeattribute (trace_data_file_29_0) true) +(expandtypeattribute (traced_consumer_socket_29_0) true) +(expandtypeattribute (traced_enabled_prop_29_0) true) +(expandtypeattribute (traced_lazy_prop_29_0) true) +(expandtypeattribute (traced_probes_29_0) true) +(expandtypeattribute (traced_producer_socket_29_0) true) +(expandtypeattribute (traceur_app_29_0) true) +(expandtypeattribute (trust_service_29_0) true) +(expandtypeattribute (tty_device_29_0) true) +(expandtypeattribute (tun_device_29_0) true) +(expandtypeattribute (tv_input_service_29_0) true) +(expandtypeattribute (tzdatacheck_29_0) true) +(expandtypeattribute (tzdatacheck_exec_29_0) true) +(expandtypeattribute (ueventd_29_0) true) +(expandtypeattribute (ueventd_tmpfs_29_0) true) +(expandtypeattribute (uhid_device_29_0) true) +(expandtypeattribute (uimode_service_29_0) true) +(expandtypeattribute (uio_device_29_0) true) +(expandtypeattribute (uncrypt_29_0) true) +(expandtypeattribute (uncrypt_exec_29_0) true) +(expandtypeattribute (uncrypt_socket_29_0) true) +(expandtypeattribute (unencrypted_data_file_29_0) true) +(expandtypeattribute (unlabeled_29_0) true) +(expandtypeattribute (untrusted_app_25_29_0) true) +(expandtypeattribute (untrusted_app_27_29_0) true) +(expandtypeattribute (untrusted_app_29_0) true) +(expandtypeattribute (update_engine_29_0) true) +(expandtypeattribute (update_engine_data_file_29_0) true) +(expandtypeattribute (update_engine_exec_29_0) true) +(expandtypeattribute (update_engine_log_data_file_29_0) true) +(expandtypeattribute (update_engine_service_29_0) true) +(expandtypeattribute (updatelock_service_29_0) true) +(expandtypeattribute (update_verifier_29_0) true) +(expandtypeattribute (update_verifier_exec_29_0) true) +(expandtypeattribute (uri_grants_service_29_0) true) +(expandtypeattribute (usagestats_service_29_0) true) +(expandtypeattribute (usbaccessory_device_29_0) true) +(expandtypeattribute (usbd_29_0) true) +(expandtypeattribute (usb_device_29_0) true) +(expandtypeattribute (usbd_exec_29_0) true) +(expandtypeattribute (usbfs_29_0) true) +(expandtypeattribute (usb_service_29_0) true) +(expandtypeattribute (use_memfd_prop_29_0) true) +(expandtypeattribute (userdata_block_device_29_0) true) +(expandtypeattribute (usermodehelper_29_0) true) +(expandtypeattribute (user_profile_data_file_29_0) true) +(expandtypeattribute (user_service_29_0) true) +(expandtypeattribute (vdc_29_0) true) +(expandtypeattribute (vdc_exec_29_0) true) +(expandtypeattribute (vendor_app_file_29_0) true) +(expandtypeattribute (vendor_cgroup_desc_file_29_0) true) +(expandtypeattribute (vendor_configs_file_29_0) true) +(expandtypeattribute (vendor_data_file_29_0) true) +(expandtypeattribute (vendor_default_prop_29_0) true) +(expandtypeattribute (vendor_file_29_0) true) +(expandtypeattribute (vendor_framework_file_29_0) true) +(expandtypeattribute (vendor_hal_file_29_0) true) +(expandtypeattribute (vendor_idc_file_29_0) true) +(expandtypeattribute (vendor_init_29_0) true) +(expandtypeattribute (vendor_keychars_file_29_0) true) +(expandtypeattribute (vendor_keylayout_file_29_0) true) +(expandtypeattribute (vendor_overlay_file_29_0) true) +(expandtypeattribute (vendor_public_lib_file_29_0) true) +(expandtypeattribute (vendor_security_patch_level_prop_29_0) true) +(expandtypeattribute (vendor_shell_29_0) true) +(expandtypeattribute (vendor_shell_exec_29_0) true) +(expandtypeattribute (vendor_task_profiles_file_29_0) true) +(expandtypeattribute (vendor_toolbox_exec_29_0) true) +(expandtypeattribute (vfat_29_0) true) +(expandtypeattribute (vibrator_service_29_0) true) +(expandtypeattribute (video_device_29_0) true) +(expandtypeattribute (virtual_touchpad_29_0) true) +(expandtypeattribute (virtual_touchpad_exec_29_0) true) +(expandtypeattribute (virtual_touchpad_service_29_0) true) +(expandtypeattribute (vndbinder_device_29_0) true) +(expandtypeattribute (vndk_sp_file_29_0) true) +(expandtypeattribute (vndservice_contexts_file_29_0) true) +(expandtypeattribute (vndservicemanager_29_0) true) +(expandtypeattribute (voiceinteraction_service_29_0) true) +(expandtypeattribute (vold_29_0) true) +(expandtypeattribute (vold_data_file_29_0) true) +(expandtypeattribute (vold_device_29_0) true) +(expandtypeattribute (vold_exec_29_0) true) +(expandtypeattribute (vold_metadata_file_29_0) true) +(expandtypeattribute (vold_prepare_subdirs_29_0) true) +(expandtypeattribute (vold_prepare_subdirs_exec_29_0) true) +(expandtypeattribute (vold_prop_29_0) true) +(expandtypeattribute (vold_service_29_0) true) +(expandtypeattribute (vpn_data_file_29_0) true) +(expandtypeattribute (vrflinger_vsync_service_29_0) true) +(expandtypeattribute (vr_hwc_29_0) true) +(expandtypeattribute (vr_hwc_exec_29_0) true) +(expandtypeattribute (vr_hwc_service_29_0) true) +(expandtypeattribute (vr_manager_service_29_0) true) +(expandtypeattribute (wallpaper_file_29_0) true) +(expandtypeattribute (wallpaper_service_29_0) true) +(expandtypeattribute (watchdogd_29_0) true) +(expandtypeattribute (watchdog_device_29_0) true) +(expandtypeattribute (watchdogd_exec_29_0) true) +(expandtypeattribute (webviewupdate_service_29_0) true) +(expandtypeattribute (webview_zygote_29_0) true) +(expandtypeattribute (webview_zygote_exec_29_0) true) +(expandtypeattribute (webview_zygote_tmpfs_29_0) true) +(expandtypeattribute (wifiaware_service_29_0) true) +(expandtypeattribute (wificond_29_0) true) +(expandtypeattribute (wificond_exec_29_0) true) +(expandtypeattribute (wificond_service_29_0) true) +(expandtypeattribute (wifi_data_file_29_0) true) +(expandtypeattribute (wifi_log_prop_29_0) true) +(expandtypeattribute (wifip2p_service_29_0) true) +(expandtypeattribute (wifi_prop_29_0) true) +(expandtypeattribute (wifiscanner_service_29_0) true) +(expandtypeattribute (wifi_service_29_0) true) +(expandtypeattribute (window_service_29_0) true) +(expandtypeattribute (wpantund_29_0) true) +(expandtypeattribute (wpantund_exec_29_0) true) +(expandtypeattribute (wpantund_service_29_0) true) +(expandtypeattribute (wpa_socket_29_0) true) +(expandtypeattribute (zero_device_29_0) true) +(expandtypeattribute (zoneinfo_data_file_29_0) true) +(expandtypeattribute (zygote_29_0) true) +(expandtypeattribute (zygote_exec_29_0) true) +(expandtypeattribute (zygote_socket_29_0) true) +(expandtypeattribute (zygote_tmpfs_29_0) true) +(typeattributeset accessibility_service_29_0 (accessibility_service)) +(typeattributeset account_service_29_0 (account_service)) +(typeattributeset activity_service_29_0 (activity_service)) +(typeattributeset activity_task_service_29_0 (activity_task_service)) +(typeattributeset adbd_29_0 (adbd)) +(typeattributeset adb_data_file_29_0 (adb_data_file)) +(typeattributeset adbd_exec_29_0 (adbd_exec)) +(typeattributeset adbd_socket_29_0 (adbd_socket)) +(typeattributeset adb_keys_file_29_0 (adb_keys_file)) +(typeattributeset adb_service_29_0 (adb_service)) +(typeattributeset alarm_service_29_0 (alarm_service)) +(typeattributeset anr_data_file_29_0 (anr_data_file)) +(typeattributeset apexd_29_0 (apexd)) +(typeattributeset apex_data_file_29_0 (apex_data_file)) +(typeattributeset apexd_exec_29_0 (apexd_exec)) +(typeattributeset apexd_prop_29_0 (apexd_prop)) +(typeattributeset apex_metadata_file_29_0 (apex_metadata_file)) +(typeattributeset apex_mnt_dir_29_0 (apex_mnt_dir)) +(typeattributeset apex_service_29_0 (apex_service)) +(typeattributeset apk_data_file_29_0 (apk_data_file)) +(typeattributeset apk_private_data_file_29_0 (apk_private_data_file)) +(typeattributeset apk_private_tmp_file_29_0 (apk_private_tmp_file)) +(typeattributeset apk_tmp_file_29_0 (apk_tmp_file)) +(typeattributeset app_binding_service_29_0 (app_binding_service)) +(typeattributeset app_data_file_29_0 (app_data_file)) +(typeattributeset appdomain_tmpfs_29_0 (appdomain_tmpfs)) +(typeattributeset app_fuse_file_29_0 (app_fuse_file)) +(typeattributeset app_fusefs_29_0 (app_fusefs)) +(typeattributeset appops_service_29_0 (appops_service)) +(typeattributeset app_prediction_service_29_0 (app_prediction_service)) +(typeattributeset appwidget_service_29_0 (appwidget_service)) +(typeattributeset app_zygote_29_0 (app_zygote)) +(typeattributeset app_zygote_tmpfs_29_0 (app_zygote_tmpfs)) +(typeattributeset asec_apk_file_29_0 (asec_apk_file)) +(typeattributeset asec_image_file_29_0 (asec_image_file)) +(typeattributeset asec_public_file_29_0 (asec_public_file)) +(typeattributeset ashmemd_29_0 (ashmemd)) +(typeattributeset ashmem_device_29_0 (ashmem_device)) +(typeattributeset assetatlas_service_29_0 (assetatlas_service)) +(typeattributeset audio_data_file_29_0 (audio_data_file)) +(typeattributeset audio_device_29_0 (audio_device)) +(typeattributeset audiohal_data_file_29_0 (audiohal_data_file)) +(typeattributeset audio_prop_29_0 (audio_prop)) +(typeattributeset audioserver_29_0 (audioserver)) +(typeattributeset audioserver_data_file_29_0 (audioserver_data_file)) +(typeattributeset audioserver_service_29_0 (audioserver_service)) +(typeattributeset audioserver_tmpfs_29_0 (audioserver_tmpfs)) +(typeattributeset audio_service_29_0 (audio_service)) +(typeattributeset autofill_service_29_0 (autofill_service)) +(typeattributeset backup_data_file_29_0 (backup_data_file)) +(typeattributeset backup_service_29_0 (backup_service)) +(typeattributeset batteryproperties_service_29_0 (batteryproperties_service)) +(typeattributeset battery_service_29_0 (battery_service)) +(typeattributeset batterystats_service_29_0 (batterystats_service)) +(typeattributeset binder_calls_stats_service_29_0 (binder_calls_stats_service)) +(typeattributeset binder_device_29_0 (binder_device)) +(typeattributeset binfmt_miscfs_29_0 (binfmt_miscfs)) +(typeattributeset biometric_service_29_0 (biometric_service)) +(typeattributeset blkid_29_0 (blkid)) +(typeattributeset blkid_untrusted_29_0 (blkid_untrusted)) +(typeattributeset block_device_29_0 (block_device)) +(typeattributeset bluetooth_29_0 (bluetooth)) +(typeattributeset bluetooth_a2dp_offload_prop_29_0 (bluetooth_a2dp_offload_prop)) +(typeattributeset bluetooth_audio_hal_prop_29_0 (bluetooth_audio_hal_prop)) +(typeattributeset bluetooth_data_file_29_0 (bluetooth_data_file)) +(typeattributeset bluetooth_efs_file_29_0 (bluetooth_efs_file)) +(typeattributeset bluetooth_logs_data_file_29_0 (bluetooth_logs_data_file)) +(typeattributeset bluetooth_manager_service_29_0 (bluetooth_manager_service)) +(typeattributeset bluetooth_prop_29_0 (bluetooth_prop)) +(typeattributeset bluetooth_service_29_0 (bluetooth_service)) +(typeattributeset bluetooth_socket_29_0 (bluetooth_socket)) +(typeattributeset bootanim_29_0 (bootanim)) +(typeattributeset bootanim_exec_29_0 (bootanim_exec)) +(typeattributeset boot_block_device_29_0 (boot_block_device)) +(typeattributeset bootchart_data_file_29_0 (bootchart_data_file)) +(typeattributeset bootloader_boot_reason_prop_29_0 (bootloader_boot_reason_prop)) +(typeattributeset bootstat_29_0 (bootstat)) +(typeattributeset bootstat_data_file_29_0 (bootstat_data_file)) +(typeattributeset bootstat_exec_29_0 (bootstat_exec)) +(typeattributeset boottime_prop_29_0 (boottime_prop)) +(typeattributeset boottrace_data_file_29_0 (boottrace_data_file)) +(typeattributeset bpf_progs_loaded_prop_29_0 (bpf_progs_loaded_prop)) +(typeattributeset broadcastradio_service_29_0 (broadcastradio_service)) +(typeattributeset bufferhubd_29_0 (bufferhubd)) +(typeattributeset bufferhubd_exec_29_0 (bufferhubd_exec)) +(typeattributeset bugreport_service_29_0 (bugreport_service)) +(typeattributeset cache_backup_file_29_0 (cache_backup_file)) +(typeattributeset cache_block_device_29_0 (cache_block_device)) +(typeattributeset cache_file_29_0 (cache_file)) +(typeattributeset cache_private_backup_file_29_0 (cache_private_backup_file)) +(typeattributeset cache_recovery_file_29_0 (cache_recovery_file)) +(typeattributeset camera_data_file_29_0 (camera_data_file)) +(typeattributeset camera_device_29_0 (camera_device)) +(typeattributeset cameraproxy_service_29_0 (cameraproxy_service)) +(typeattributeset cameraserver_29_0 (cameraserver)) +(typeattributeset cameraserver_exec_29_0 (cameraserver_exec)) +(typeattributeset cameraserver_service_29_0 (cameraserver_service)) +(typeattributeset cameraserver_tmpfs_29_0 (cameraserver_tmpfs)) +(typeattributeset cgroup_29_0 (cgroup)) +(typeattributeset cgroup_bpf_29_0 (cgroup_bpf)) +(typeattributeset cgroup_desc_file_29_0 (cgroup_desc_file)) +(typeattributeset cgroup_rc_file_29_0 (cgroup_rc_file)) +(typeattributeset charger_29_0 (charger)) +(typeattributeset charger_exec_29_0 (charger_exec)) +(typeattributeset clatd_29_0 (clatd)) +(typeattributeset clatd_exec_29_0 (clatd_exec)) +(typeattributeset clipboard_service_29_0 (clipboard_service)) +(typeattributeset color_display_service_29_0 (color_display_service)) +(typeattributeset companion_device_service_29_0 (companion_device_service)) +(typeattributeset configfs_29_0 (configfs)) +(typeattributeset config_prop_29_0 (config_prop)) +(typeattributeset connectivity_service_29_0 (connectivity_service)) +(typeattributeset connmetrics_service_29_0 (connmetrics_service)) +(typeattributeset console_device_29_0 (console_device)) +(typeattributeset consumer_ir_service_29_0 (consumer_ir_service)) +(typeattributeset content_capture_service_29_0 (content_capture_service)) +(typeattributeset content_service_29_0 (content_service)) +(typeattributeset content_suggestions_service_29_0 (content_suggestions_service)) +(typeattributeset contexthub_service_29_0 (contexthub_service)) +(typeattributeset coredump_file_29_0 (coredump_file)) +(typeattributeset country_detector_service_29_0 (country_detector_service)) +(typeattributeset coverage_service_29_0 (coverage_service)) +(typeattributeset cppreopt_prop_29_0 (cppreopt_prop)) +(typeattributeset cpuinfo_service_29_0 (cpuinfo_service)) +(typeattributeset cpu_variant_prop_29_0 (cpu_variant_prop)) +(typeattributeset crash_dump_29_0 (crash_dump)) +(typeattributeset crash_dump_exec_29_0 (crash_dump_exec)) +(typeattributeset crossprofileapps_service_29_0 (crossprofileapps_service)) +(typeattributeset ctl_adbd_prop_29_0 (ctl_adbd_prop)) +(typeattributeset ctl_bootanim_prop_29_0 (ctl_bootanim_prop)) +(typeattributeset ctl_bugreport_prop_29_0 (ctl_bugreport_prop)) +(typeattributeset ctl_console_prop_29_0 (ctl_console_prop)) +(typeattributeset ctl_default_prop_29_0 (ctl_default_prop)) +(typeattributeset ctl_dumpstate_prop_29_0 (ctl_dumpstate_prop)) +(typeattributeset ctl_fuse_prop_29_0 (ctl_fuse_prop)) +(typeattributeset ctl_gsid_prop_29_0 (ctl_gsid_prop)) +(typeattributeset ctl_interface_restart_prop_29_0 (ctl_interface_restart_prop)) +(typeattributeset ctl_interface_start_prop_29_0 (ctl_interface_start_prop)) +(typeattributeset ctl_interface_stop_prop_29_0 (ctl_interface_stop_prop)) +(typeattributeset ctl_mdnsd_prop_29_0 (ctl_mdnsd_prop)) +(typeattributeset ctl_restart_prop_29_0 (ctl_restart_prop)) +(typeattributeset ctl_rildaemon_prop_29_0 (ctl_rildaemon_prop)) +(typeattributeset ctl_sigstop_prop_29_0 (ctl_sigstop_prop)) +(typeattributeset ctl_start_prop_29_0 (ctl_start_prop)) +(typeattributeset ctl_stop_prop_29_0 (ctl_stop_prop)) +(typeattributeset dalvikcache_data_file_29_0 (dalvikcache_data_file)) +(typeattributeset dalvik_prop_29_0 (dalvik_prop)) +(typeattributeset dbinfo_service_29_0 (dbinfo_service)) +(typeattributeset debugfs_29_0 (debugfs)) +(typeattributeset debugfs_mmc_29_0 (debugfs_mmc)) +(typeattributeset debugfs_trace_marker_29_0 (debugfs_trace_marker)) +(typeattributeset debugfs_tracing_29_0 (debugfs_tracing)) +(typeattributeset debugfs_tracing_debug_29_0 (debugfs_tracing_debug)) +(typeattributeset debugfs_tracing_instances_29_0 (debugfs_tracing_instances)) +(typeattributeset debugfs_wakeup_sources_29_0 (debugfs_wakeup_sources)) +(typeattributeset debugfs_wifi_tracing_29_0 (debugfs_wifi_tracing)) +(typeattributeset debuggerd_prop_29_0 (debuggerd_prop)) +(typeattributeset debug_prop_29_0 (debug_prop)) +(typeattributeset default_android_hwservice_29_0 (default_android_hwservice)) +(typeattributeset default_android_service_29_0 (default_android_service)) +(typeattributeset default_android_vndservice_29_0 (default_android_vndservice)) +(typeattributeset default_prop_29_0 (default_prop apk_verity_prop)) +(typeattributeset dev_cpu_variant_29_0 (dev_cpu_variant)) +(typeattributeset device_29_0 (device)) +(typeattributeset device_config_activity_manager_native_boot_prop_29_0 (device_config_activity_manager_native_boot_prop)) +(typeattributeset device_config_boot_count_prop_29_0 (device_config_boot_count_prop)) +(typeattributeset device_config_input_native_boot_prop_29_0 (device_config_input_native_boot_prop)) +(typeattributeset device_config_media_native_prop_29_0 (device_config_media_native_prop)) +(typeattributeset device_config_netd_native_prop_29_0 (device_config_netd_native_prop)) +(typeattributeset device_config_reset_performed_prop_29_0 (device_config_reset_performed_prop)) +(typeattributeset device_config_runtime_native_boot_prop_29_0 (device_config_runtime_native_boot_prop)) +(typeattributeset device_config_runtime_native_prop_29_0 (device_config_runtime_native_prop)) +(typeattributeset device_config_service_29_0 (device_config_service)) +(typeattributeset device_identifiers_service_29_0 (device_identifiers_service)) +(typeattributeset deviceidle_service_29_0 (deviceidle_service)) +(typeattributeset device_logging_prop_29_0 (device_logging_prop)) +(typeattributeset device_policy_service_29_0 (device_policy_service)) +(typeattributeset devicestoragemonitor_service_29_0 (devicestoragemonitor_service)) +(typeattributeset devpts_29_0 (devpts)) +(typeattributeset dhcp_29_0 (dhcp)) +(typeattributeset dhcp_data_file_29_0 (dhcp_data_file)) +(typeattributeset dhcp_exec_29_0 (dhcp_exec)) +(typeattributeset dhcp_prop_29_0 (dhcp_prop)) +(typeattributeset diskstats_service_29_0 (diskstats_service)) +(typeattributeset display_service_29_0 (display_service)) +(typeattributeset dm_device_29_0 (dm_device)) +(typeattributeset dnsmasq_29_0 (dnsmasq)) +(typeattributeset dnsmasq_exec_29_0 (dnsmasq_exec)) +(typeattributeset dnsproxyd_socket_29_0 (dnsproxyd_socket)) +(typeattributeset dnsresolver_service_29_0 (dnsresolver_service)) +(typeattributeset DockObserver_service_29_0 (DockObserver_service)) +(typeattributeset dreams_service_29_0 (dreams_service)) +(typeattributeset drm_data_file_29_0 (drm_data_file)) +(typeattributeset drmserver_29_0 (drmserver)) +(typeattributeset drmserver_exec_29_0 (drmserver_exec)) +(typeattributeset drmserver_service_29_0 (drmserver_service)) +(typeattributeset drmserver_socket_29_0 (drmserver_socket)) +(typeattributeset dropbox_data_file_29_0 (dropbox_data_file)) +(typeattributeset dropbox_service_29_0 (dropbox_service)) +(typeattributeset dumpstate_29_0 (dumpstate)) +(typeattributeset dumpstate_exec_29_0 (dumpstate_exec)) +(typeattributeset dumpstate_options_prop_29_0 (dumpstate_options_prop)) +(typeattributeset dumpstate_prop_29_0 (dumpstate_prop)) +(typeattributeset dumpstate_service_29_0 (dumpstate_service)) +(typeattributeset dumpstate_socket_29_0 (dumpstate_socket)) +(typeattributeset dynamic_system_prop_29_0 (dynamic_system_prop)) +(typeattributeset e2fs_29_0 (e2fs)) +(typeattributeset e2fs_exec_29_0 (e2fs_exec)) +(typeattributeset efs_file_29_0 (efs_file)) +(typeattributeset ephemeral_app_29_0 (ephemeral_app)) +(typeattributeset ethernet_service_29_0 (ethernet_service)) +(typeattributeset exfat_29_0 (exfat)) +(typeattributeset exported2_config_prop_29_0 (exported2_config_prop)) +(typeattributeset exported2_default_prop_29_0 (exported2_default_prop)) +(typeattributeset exported2_radio_prop_29_0 (exported2_radio_prop)) +(typeattributeset exported2_system_prop_29_0 (exported2_system_prop)) +(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop)) +(typeattributeset exported3_default_prop_29_0 (exported3_default_prop)) +(typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop)) +(typeattributeset exported3_system_prop_29_0 (exported3_system_prop)) +(typeattributeset exported_audio_prop_29_0 (exported_audio_prop)) +(typeattributeset exported_bluetooth_prop_29_0 (exported_bluetooth_prop)) +(typeattributeset exported_config_prop_29_0 (exported_config_prop)) +(typeattributeset exported_dalvik_prop_29_0 (exported_dalvik_prop)) +(typeattributeset exported_default_prop_29_0 + ( exported_default_prop + vndk_prop)) +(typeattributeset exported_dumpstate_prop_29_0 (exported_dumpstate_prop)) +(typeattributeset exported_ffs_prop_29_0 (exported_ffs_prop)) +(typeattributeset exported_fingerprint_prop_29_0 (exported_fingerprint_prop)) +(typeattributeset exported_overlay_prop_29_0 (exported_overlay_prop)) +(typeattributeset exported_pm_prop_29_0 (exported_pm_prop)) +(typeattributeset exported_radio_prop_29_0 (exported_radio_prop)) +(typeattributeset exported_secure_prop_29_0 (exported_secure_prop)) +(typeattributeset exported_system_prop_29_0 (exported_system_prop)) +(typeattributeset exported_system_radio_prop_29_0 (exported_system_radio_prop)) +(typeattributeset exported_vold_prop_29_0 (exported_vold_prop)) +(typeattributeset exported_wifi_prop_29_0 (exported_wifi_prop)) +(typeattributeset external_vibrator_service_29_0 (external_vibrator_service)) +(typeattributeset face_service_29_0 (face_service)) +(typeattributeset face_vendor_data_file_29_0 (face_vendor_data_file)) +(typeattributeset fastbootd_29_0 (fastbootd)) +(typeattributeset ffs_prop_29_0 (ffs_prop)) +(typeattributeset file_contexts_file_29_0 (file_contexts_file)) +(typeattributeset fingerprintd_29_0 (fingerprintd)) +(typeattributeset fingerprintd_data_file_29_0 (fingerprintd_data_file)) +(typeattributeset fingerprintd_exec_29_0 (fingerprintd_exec)) +(typeattributeset fingerprintd_service_29_0 (fingerprintd_service)) +(typeattributeset fingerprint_prop_29_0 (fingerprint_prop)) +(typeattributeset fingerprint_service_29_0 (fingerprint_service)) +(typeattributeset fingerprint_vendor_data_file_29_0 (fingerprint_vendor_data_file)) +(typeattributeset firstboot_prop_29_0 (firstboot_prop)) +(typeattributeset flags_health_check_29_0 (flags_health_check)) +(typeattributeset flags_health_check_exec_29_0 (flags_health_check_exec)) +(typeattributeset font_service_29_0 (font_service)) +(typeattributeset frp_block_device_29_0 (frp_block_device)) +(typeattributeset fs_bpf_29_0 (fs_bpf)) +(typeattributeset fsck_29_0 (fsck)) +(typeattributeset fsck_exec_29_0 (fsck_exec)) +(typeattributeset fscklogs_29_0 (fscklogs)) +(typeattributeset fsck_untrusted_29_0 (fsck_untrusted)) +(typeattributeset functionfs_29_0 (functionfs)) +(typeattributeset fuse_29_0 (fuse)) +(typeattributeset fuse_device_29_0 (fuse_device)) +(typeattributeset fwk_bufferhub_hwservice_29_0 (fwk_bufferhub_hwservice)) +(typeattributeset fwk_camera_hwservice_29_0 (fwk_camera_hwservice)) +(typeattributeset fwk_display_hwservice_29_0 (fwk_display_hwservice)) +(typeattributeset fwk_scheduler_hwservice_29_0 (fwk_scheduler_hwservice)) +(typeattributeset fwk_sensor_hwservice_29_0 (fwk_sensor_hwservice)) +(typeattributeset fwk_stats_hwservice_29_0 (fwk_stats_hwservice)) +(typeattributeset fwmarkd_socket_29_0 (fwmarkd_socket)) +(typeattributeset gatekeeperd_29_0 (gatekeeperd)) +(typeattributeset gatekeeper_data_file_29_0 (gatekeeper_data_file)) +(typeattributeset gatekeeperd_exec_29_0 (gatekeeperd_exec)) +(typeattributeset gatekeeper_service_29_0 (gatekeeper_service)) +(typeattributeset gfxinfo_service_29_0 (gfxinfo_service)) +(typeattributeset gps_control_29_0 (gps_control)) +(typeattributeset gpu_device_29_0 (gpu_device)) +(typeattributeset gpu_service_29_0 (gpu_service)) +(typeattributeset gpuservice_29_0 (gpuservice)) +(typeattributeset graphics_device_29_0 (graphics_device)) +(typeattributeset graphicsstats_service_29_0 (graphicsstats_service)) +(typeattributeset gsi_data_file_29_0 (gsi_data_file)) +(typeattributeset gsid_prop_29_0 (gsid_prop)) +(typeattributeset gsi_metadata_file_29_0 (gsi_metadata_file)) +(typeattributeset hal_atrace_hwservice_29_0 (hal_atrace_hwservice)) +(typeattributeset hal_audiocontrol_hwservice_29_0 (hal_audiocontrol_hwservice)) +(typeattributeset hal_audio_hwservice_29_0 (hal_audio_hwservice)) +(typeattributeset hal_authsecret_hwservice_29_0 (hal_authsecret_hwservice)) +(typeattributeset hal_bluetooth_hwservice_29_0 (hal_bluetooth_hwservice)) +(typeattributeset hal_bootctl_hwservice_29_0 (hal_bootctl_hwservice)) +(typeattributeset hal_broadcastradio_hwservice_29_0 (hal_broadcastradio_hwservice)) +(typeattributeset hal_camera_hwservice_29_0 (hal_camera_hwservice)) +(typeattributeset hal_cas_hwservice_29_0 (hal_cas_hwservice)) +(typeattributeset hal_codec2_hwservice_29_0 (hal_codec2_hwservice)) +(typeattributeset hal_configstore_ISurfaceFlingerConfigs_29_0 (hal_configstore_ISurfaceFlingerConfigs)) +(typeattributeset hal_confirmationui_hwservice_29_0 (hal_confirmationui_hwservice)) +(typeattributeset hal_contexthub_hwservice_29_0 (hal_contexthub_hwservice)) +(typeattributeset hal_drm_hwservice_29_0 (hal_drm_hwservice)) +(typeattributeset hal_dumpstate_hwservice_29_0 (hal_dumpstate_hwservice)) +(typeattributeset hal_evs_hwservice_29_0 (hal_evs_hwservice)) +(typeattributeset hal_face_hwservice_29_0 (hal_face_hwservice)) +(typeattributeset hal_fingerprint_hwservice_29_0 (hal_fingerprint_hwservice)) +(typeattributeset hal_fingerprint_service_29_0 (hal_fingerprint_service)) +(typeattributeset hal_gatekeeper_hwservice_29_0 (hal_gatekeeper_hwservice)) +(typeattributeset hal_gnss_hwservice_29_0 (hal_gnss_hwservice)) +(typeattributeset hal_graphics_allocator_hwservice_29_0 (hal_graphics_allocator_hwservice)) +(typeattributeset hal_graphics_composer_hwservice_29_0 (hal_graphics_composer_hwservice)) +(typeattributeset hal_graphics_composer_server_tmpfs_29_0 (hal_graphics_composer_server_tmpfs)) +(typeattributeset hal_graphics_mapper_hwservice_29_0 (hal_graphics_mapper_hwservice)) +(typeattributeset hal_health_hwservice_29_0 (hal_health_hwservice)) +(typeattributeset hal_health_storage_hwservice_29_0 (hal_health_storage_hwservice)) +(typeattributeset hal_input_classifier_hwservice_29_0 (hal_input_classifier_hwservice)) +(typeattributeset hal_ir_hwservice_29_0 (hal_ir_hwservice)) +(typeattributeset hal_keymaster_hwservice_29_0 (hal_keymaster_hwservice)) +(typeattributeset hal_light_hwservice_29_0 (hal_light_hwservice)) +(typeattributeset hal_lowpan_hwservice_29_0 (hal_lowpan_hwservice)) +(typeattributeset hal_memtrack_hwservice_29_0 (hal_memtrack_hwservice)) +(typeattributeset hal_neuralnetworks_hwservice_29_0 (hal_neuralnetworks_hwservice)) +(typeattributeset hal_nfc_hwservice_29_0 (hal_nfc_hwservice)) +(typeattributeset hal_oemlock_hwservice_29_0 (hal_oemlock_hwservice)) +(typeattributeset hal_omx_hwservice_29_0 (hal_omx_hwservice)) +(typeattributeset hal_power_hwservice_29_0 (hal_power_hwservice)) +(typeattributeset hal_power_stats_hwservice_29_0 (hal_power_stats_hwservice)) +(typeattributeset hal_renderscript_hwservice_29_0 (hal_renderscript_hwservice)) +(typeattributeset hal_secure_element_hwservice_29_0 (hal_secure_element_hwservice)) +(typeattributeset hal_sensors_hwservice_29_0 (hal_sensors_hwservice)) +(typeattributeset hal_telephony_hwservice_29_0 (hal_telephony_hwservice)) +(typeattributeset hal_tetheroffload_hwservice_29_0 (hal_tetheroffload_hwservice)) +(typeattributeset hal_thermal_hwservice_29_0 (hal_thermal_hwservice)) +(typeattributeset hal_tv_cec_hwservice_29_0 (hal_tv_cec_hwservice)) +(typeattributeset hal_tv_input_hwservice_29_0 (hal_tv_input_hwservice)) +(typeattributeset hal_usb_gadget_hwservice_29_0 (hal_usb_gadget_hwservice)) +(typeattributeset hal_usb_hwservice_29_0 (hal_usb_hwservice)) +(typeattributeset hal_vehicle_hwservice_29_0 (hal_vehicle_hwservice)) +(typeattributeset hal_vibrator_hwservice_29_0 (hal_vibrator_hwservice)) +(typeattributeset hal_vr_hwservice_29_0 (hal_vr_hwservice)) +(typeattributeset hal_weaver_hwservice_29_0 (hal_weaver_hwservice)) +(typeattributeset hal_wifi_hostapd_hwservice_29_0 (hal_wifi_hostapd_hwservice)) +(typeattributeset hal_wifi_hwservice_29_0 (hal_wifi_hwservice)) +(typeattributeset hal_wifi_offload_hwservice_29_0 (hal_wifi_offload_hwservice)) +(typeattributeset hal_wifi_supplicant_hwservice_29_0 (hal_wifi_supplicant_hwservice)) +(typeattributeset hardware_properties_service_29_0 (hardware_properties_service)) +(typeattributeset hardware_service_29_0 (hardware_service)) +(typeattributeset hci_attach_dev_29_0 (hci_attach_dev)) +(typeattributeset hdmi_control_service_29_0 (hdmi_control_service)) +(typeattributeset healthd_29_0 (healthd)) +(typeattributeset healthd_exec_29_0 (healthd_exec)) +(typeattributeset heapdump_data_file_29_0 (heapdump_data_file)) +(typeattributeset heapprofd_29_0 (heapprofd)) +(typeattributeset heapprofd_enabled_prop_29_0 (heapprofd_enabled_prop)) +(typeattributeset heapprofd_prop_29_0 (heapprofd_prop)) +(typeattributeset heapprofd_socket_29_0 (heapprofd_socket)) +(typeattributeset hidl_allocator_hwservice_29_0 (hidl_allocator_hwservice)) +(typeattributeset hidl_base_hwservice_29_0 (hidl_base_hwservice)) +(typeattributeset hidl_manager_hwservice_29_0 (hidl_manager_hwservice)) +(typeattributeset hidl_memory_hwservice_29_0 (hidl_memory_hwservice)) +(typeattributeset hidl_token_hwservice_29_0 (hidl_token_hwservice)) +(typeattributeset hwbinder_device_29_0 (hwbinder_device)) +(typeattributeset hw_random_device_29_0 (hw_random_device)) +(typeattributeset hwservice_contexts_file_29_0 (hwservice_contexts_file)) +(typeattributeset hwservicemanager_29_0 (hwservicemanager)) +(typeattributeset hwservicemanager_exec_29_0 (hwservicemanager_exec)) +(typeattributeset hwservicemanager_prop_29_0 (hwservicemanager_prop)) +(typeattributeset icon_file_29_0 (icon_file)) +(typeattributeset idmap_29_0 (idmap)) +(typeattributeset idmap_exec_29_0 (idmap_exec)) +(typeattributeset idmap_service_29_0 (idmap_service)) +(typeattributeset iio_device_29_0 (iio_device)) +(typeattributeset imms_service_29_0 (imms_service)) +(typeattributeset incident_29_0 (incident)) +(typeattributeset incidentd_29_0 (incidentd)) +(typeattributeset incident_data_file_29_0 (incident_data_file)) +(typeattributeset incident_helper_29_0 (incident_helper)) +(typeattributeset incident_service_29_0 (incident_service)) +(typeattributeset init_29_0 (init)) +(typeattributeset init_exec_29_0 (init_exec)) +(typeattributeset init_tmpfs_29_0 (init_tmpfs)) +(typeattributeset inotify_29_0 (inotify)) +(typeattributeset input_device_29_0 (input_device)) +(typeattributeset inputflinger_29_0 (inputflinger)) +(typeattributeset inputflinger_exec_29_0 (inputflinger_exec)) +(typeattributeset inputflinger_service_29_0 (inputflinger_service)) +(typeattributeset input_method_service_29_0 (input_method_service)) +(typeattributeset input_service_29_0 (input_service)) +(typeattributeset installd_29_0 (installd)) +(typeattributeset install_data_file_29_0 (install_data_file)) +(typeattributeset installd_exec_29_0 (installd_exec)) +(typeattributeset installd_service_29_0 (installd_service)) +(typeattributeset install_recovery_29_0 (install_recovery)) +(typeattributeset install_recovery_exec_29_0 (install_recovery_exec)) +(typeattributeset ion_device_29_0 (ion_device)) +(typeattributeset iorapd_29_0 (iorapd)) +(typeattributeset iorapd_data_file_29_0 (iorapd_data_file)) +(typeattributeset iorapd_exec_29_0 (iorapd_exec)) +(typeattributeset iorapd_service_29_0 (iorapd_service)) +(typeattributeset iorapd_tmpfs_29_0 (iorapd_tmpfs)) +(typeattributeset IProxyService_service_29_0 (IProxyService_service)) +(typeattributeset ipsec_service_29_0 (ipsec_service)) +(typeattributeset iris_service_29_0 (iris_service)) +(typeattributeset iris_vendor_data_file_29_0 (iris_vendor_data_file)) +(typeattributeset isolated_app_29_0 (isolated_app)) +(typeattributeset jobscheduler_service_29_0 (jobscheduler_service)) +(typeattributeset kernel_29_0 (kernel)) +(typeattributeset keychain_data_file_29_0 (keychain_data_file)) +(typeattributeset keychord_device_29_0 (keychord_device)) +(typeattributeset keystore_29_0 (keystore)) +(typeattributeset keystore_data_file_29_0 (keystore_data_file)) +(typeattributeset keystore_exec_29_0 (keystore_exec)) +(typeattributeset keystore_service_29_0 (keystore_service)) +(typeattributeset kmsg_debug_device_29_0 (kmsg_debug_device)) +(typeattributeset kmsg_device_29_0 (kmsg_device)) +(typeattributeset labeledfs_29_0 (labeledfs)) +(typeattributeset last_boot_reason_prop_29_0 (last_boot_reason_prop)) +(typeattributeset launcherapps_service_29_0 (launcherapps_service)) +(typeattributeset llkd_29_0 (llkd)) +(typeattributeset llkd_exec_29_0 (llkd_exec)) +(typeattributeset llkd_prop_29_0 (llkd_prop)) +(typeattributeset lmkd_29_0 (lmkd)) +(typeattributeset lmkd_exec_29_0 (lmkd_exec)) +(typeattributeset lmkd_socket_29_0 (lmkd_socket)) +(typeattributeset location_service_29_0 (location_service)) +(typeattributeset lock_settings_service_29_0 (lock_settings_service)) +(typeattributeset logcat_exec_29_0 (logcat_exec)) +(typeattributeset logd_29_0 (logd)) +(typeattributeset logd_exec_29_0 (logd_exec)) +(typeattributeset logd_prop_29_0 (logd_prop)) +(typeattributeset logdr_socket_29_0 (logdr_socket)) +(typeattributeset logd_socket_29_0 (logd_socket)) +(typeattributeset logdw_socket_29_0 (logdw_socket)) +(typeattributeset logpersist_29_0 (logpersist)) +(typeattributeset logpersistd_logging_prop_29_0 (logpersistd_logging_prop)) +(typeattributeset log_prop_29_0 (log_prop)) +(typeattributeset log_tag_prop_29_0 (log_tag_prop)) +(typeattributeset loop_control_device_29_0 (loop_control_device)) +(typeattributeset loop_device_29_0 (loop_device)) +(typeattributeset looper_stats_service_29_0 (looper_stats_service)) +(typeattributeset lowpan_device_29_0 (lowpan_device)) +(typeattributeset lowpan_prop_29_0 (lowpan_prop)) +(typeattributeset lowpan_service_29_0 (lowpan_service)) +(typeattributeset lpdumpd_prop_29_0 (lpdumpd_prop)) +(typeattributeset lpdump_service_29_0 (lpdump_service)) +(typeattributeset mac_perms_file_29_0 (mac_perms_file)) +(typeattributeset mdnsd_29_0 (mdnsd)) +(typeattributeset mdnsd_socket_29_0 (mdnsd_socket)) +(typeattributeset mdns_socket_29_0 (mdns_socket)) +(typeattributeset mediacodec_service_29_0 (mediacodec_service)) +(typeattributeset media_data_file_29_0 (media_data_file)) +(typeattributeset mediadrmserver_29_0 (mediadrmserver)) +(typeattributeset mediadrmserver_exec_29_0 (mediadrmserver_exec)) +(typeattributeset mediadrmserver_service_29_0 (mediadrmserver_service)) +(typeattributeset mediaextractor_29_0 (mediaextractor)) +(typeattributeset mediaextractor_exec_29_0 (mediaextractor_exec)) +(typeattributeset mediaextractor_service_29_0 (mediaextractor_service)) +(typeattributeset mediaextractor_tmpfs_29_0 (mediaextractor_tmpfs)) +(typeattributeset mediametrics_29_0 (mediametrics)) +(typeattributeset mediametrics_exec_29_0 (mediametrics_exec)) +(typeattributeset mediametrics_service_29_0 (mediametrics_service)) +(typeattributeset media_projection_service_29_0 (media_projection_service)) +(typeattributeset mediaprovider_29_0 (mediaprovider)) +(typeattributeset media_router_service_29_0 (media_router_service)) +(typeattributeset media_rw_data_file_29_0 (media_rw_data_file)) +(typeattributeset mediaserver_29_0 (mediaserver)) +(typeattributeset mediaserver_exec_29_0 (mediaserver_exec)) +(typeattributeset mediaserver_service_29_0 (mediaserver_service)) +(typeattributeset mediaserver_tmpfs_29_0 (mediaserver_tmpfs)) +(typeattributeset media_session_service_29_0 (media_session_service)) +(typeattributeset mediaswcodec_29_0 (mediaswcodec)) +(typeattributeset mediaswcodec_exec_29_0 (mediaswcodec_exec)) +(typeattributeset meminfo_service_29_0 (meminfo_service)) +(typeattributeset metadata_block_device_29_0 (metadata_block_device)) +(typeattributeset metadata_file_29_0 (metadata_file)) +(typeattributeset method_trace_data_file_29_0 (method_trace_data_file)) +(typeattributeset midi_service_29_0 (midi_service)) +(typeattributeset misc_block_device_29_0 (misc_block_device)) +(typeattributeset misc_logd_file_29_0 (misc_logd_file)) +(typeattributeset misc_user_data_file_29_0 (misc_user_data_file)) +(typeattributeset mmc_prop_29_0 (mmc_prop)) +(typeattributeset mnt_expand_file_29_0 (mnt_expand_file)) +(typeattributeset mnt_media_rw_file_29_0 (mnt_media_rw_file)) +(typeattributeset mnt_media_rw_stub_file_29_0 (mnt_media_rw_stub_file)) +(typeattributeset mnt_product_file_29_0 (mnt_product_file)) +(typeattributeset mnt_user_file_29_0 (mnt_user_file)) +(typeattributeset mnt_vendor_file_29_0 (mnt_vendor_file)) +(typeattributeset modprobe_29_0 (modprobe)) +(typeattributeset mount_service_29_0 (mount_service)) +(typeattributeset mqueue_29_0 (mqueue)) +(typeattributeset mtp_29_0 (mtp)) +(typeattributeset mtp_device_29_0 (mtp_device)) +(typeattributeset mtpd_socket_29_0 (mtpd_socket)) +(typeattributeset mtp_exec_29_0 (mtp_exec)) +(typeattributeset nativetest_data_file_29_0 (nativetest_data_file)) +(typeattributeset netd_29_0 (netd)) +(typeattributeset net_data_file_29_0 (net_data_file)) +(typeattributeset netd_exec_29_0 (netd_exec)) +(typeattributeset netd_listener_service_29_0 (netd_listener_service)) +(typeattributeset net_dns_prop_29_0 (net_dns_prop)) +(typeattributeset netd_service_29_0 (netd_service)) +(typeattributeset netd_stable_secret_prop_29_0 (netd_stable_secret_prop)) +(typeattributeset netif_29_0 (netif)) +(typeattributeset netpolicy_service_29_0 (netpolicy_service)) +(typeattributeset net_radio_prop_29_0 (net_radio_prop)) +(typeattributeset netstats_service_29_0 (netstats_service)) +(typeattributeset netutils_wrapper_29_0 (netutils_wrapper)) +(typeattributeset netutils_wrapper_exec_29_0 (netutils_wrapper_exec)) +(typeattributeset network_management_service_29_0 (network_management_service)) +(typeattributeset network_score_service_29_0 (network_score_service)) +(typeattributeset network_stack_29_0 (network_stack)) +(typeattributeset network_stack_service_29_0 (network_stack_service)) +(typeattributeset network_time_update_service_29_0 (network_time_update_service)) +(typeattributeset network_watchlist_data_file_29_0 (network_watchlist_data_file)) +(typeattributeset network_watchlist_service_29_0 (network_watchlist_service)) +(typeattributeset nfc_29_0 (nfc)) +(typeattributeset nfc_data_file_29_0 (nfc_data_file)) +(typeattributeset nfc_device_29_0 (nfc_device)) +(typeattributeset nfc_prop_29_0 (nfc_prop)) +(typeattributeset nfc_service_29_0 (nfc_service)) +(typeattributeset nnapi_ext_deny_product_prop_29_0 (nnapi_ext_deny_product_prop)) +(typeattributeset node_29_0 (node)) +(typeattributeset nonplat_service_contexts_file_29_0 (nonplat_service_contexts_file)) +(typeattributeset notification_service_29_0 (notification_service)) +(typeattributeset null_device_29_0 (null_device)) +(typeattributeset oemfs_29_0 (oemfs)) +(typeattributeset oem_lock_service_29_0 (oem_lock_service)) +(typeattributeset ota_data_file_29_0 (ota_data_file)) +(typeattributeset otadexopt_service_29_0 (otadexopt_service)) +(typeattributeset ota_package_file_29_0 (ota_package_file)) +(typeattributeset overlayfs_file_29_0 (overlayfs_file)) +(typeattributeset overlay_prop_29_0 (overlay_prop)) +(typeattributeset overlay_service_29_0 (overlay_service)) +(typeattributeset owntty_device_29_0 (owntty_device)) +(typeattributeset package_native_service_29_0 (package_native_service)) +(typeattributeset package_service_29_0 (package_service)) +(typeattributeset packages_list_file_29_0 (packages_list_file)) +(typeattributeset pan_result_prop_29_0 (pan_result_prop)) +(typeattributeset password_slot_metadata_file_29_0 (password_slot_metadata_file)) +(typeattributeset pdx_bufferhub_client_channel_socket_29_0 (pdx_bufferhub_client_channel_socket)) +(typeattributeset pdx_bufferhub_client_endpoint_socket_29_0 (pdx_bufferhub_client_endpoint_socket)) +(typeattributeset pdx_bufferhub_dir_29_0 (pdx_bufferhub_dir)) +(typeattributeset pdx_display_client_channel_socket_29_0 (pdx_display_client_channel_socket)) +(typeattributeset pdx_display_client_endpoint_socket_29_0 (pdx_display_client_endpoint_socket)) +(typeattributeset pdx_display_dir_29_0 (pdx_display_dir)) +(typeattributeset pdx_display_manager_channel_socket_29_0 (pdx_display_manager_channel_socket)) +(typeattributeset pdx_display_manager_endpoint_socket_29_0 (pdx_display_manager_endpoint_socket)) +(typeattributeset pdx_display_screenshot_channel_socket_29_0 (pdx_display_screenshot_channel_socket)) +(typeattributeset pdx_display_screenshot_endpoint_socket_29_0 (pdx_display_screenshot_endpoint_socket)) +(typeattributeset pdx_display_vsync_channel_socket_29_0 (pdx_display_vsync_channel_socket)) +(typeattributeset pdx_display_vsync_endpoint_socket_29_0 (pdx_display_vsync_endpoint_socket)) +(typeattributeset pdx_performance_client_channel_socket_29_0 (pdx_performance_client_channel_socket)) +(typeattributeset pdx_performance_client_endpoint_socket_29_0 (pdx_performance_client_endpoint_socket)) +(typeattributeset pdx_performance_dir_29_0 (pdx_performance_dir)) +(typeattributeset perfetto_29_0 (perfetto)) +(typeattributeset performanced_29_0 (performanced)) +(typeattributeset performanced_exec_29_0 (performanced_exec)) +(typeattributeset permissionmgr_service_29_0 (permissionmgr_service)) +(typeattributeset permission_service_29_0 (permission_service)) +(typeattributeset persist_debug_prop_29_0 (persist_debug_prop)) +(typeattributeset persistent_data_block_service_29_0 (persistent_data_block_service)) +(typeattributeset persistent_properties_ready_prop_29_0 (persistent_properties_ready_prop)) +(typeattributeset pinner_service_29_0 (pinner_service)) +(typeattributeset pipefs_29_0 (pipefs)) +(typeattributeset platform_app_29_0 (platform_app)) +(typeattributeset pm_prop_29_0 (pm_prop)) +(typeattributeset pmsg_device_29_0 (pmsg_device)) +(typeattributeset port_29_0 (port)) +(typeattributeset port_device_29_0 (port_device)) +(typeattributeset postinstall_29_0 (postinstall)) +(typeattributeset postinstall_apex_mnt_dir_29_0 (postinstall_apex_mnt_dir)) +(typeattributeset postinstall_file_29_0 (postinstall_file)) +(typeattributeset postinstall_mnt_dir_29_0 (postinstall_mnt_dir)) +(typeattributeset powerctl_prop_29_0 (powerctl_prop)) +(typeattributeset power_service_29_0 (power_service)) +(typeattributeset ppp_29_0 (ppp)) +(typeattributeset ppp_device_29_0 (ppp_device)) +(typeattributeset ppp_exec_29_0 (ppp_exec)) +(typeattributeset preloads_data_file_29_0 (preloads_data_file)) +(typeattributeset preloads_media_file_29_0 (preloads_media_file)) +(typeattributeset print_service_29_0 (print_service)) +(typeattributeset priv_app_29_0 (priv_app)) +(typeattributeset privapp_data_file_29_0 (privapp_data_file)) +(typeattributeset proc_29_0 + ( proc + proc_kpageflags + proc_lowmemorykiller)) +(typeattributeset proc_abi_29_0 (proc_abi)) +(typeattributeset proc_asound_29_0 (proc_asound)) +(typeattributeset proc_bluetooth_writable_29_0 (proc_bluetooth_writable)) +(typeattributeset proc_buddyinfo_29_0 (proc_buddyinfo)) +(typeattributeset proc_cmdline_29_0 (proc_cmdline)) +(typeattributeset proc_cpuinfo_29_0 (proc_cpuinfo)) +(typeattributeset proc_dirty_29_0 (proc_dirty)) +(typeattributeset proc_diskstats_29_0 (proc_diskstats)) +(typeattributeset proc_drop_caches_29_0 (proc_drop_caches)) +(typeattributeset processinfo_service_29_0 (processinfo_service)) +(typeattributeset proc_extra_free_kbytes_29_0 (proc_extra_free_kbytes)) +(typeattributeset proc_filesystems_29_0 (proc_filesystems)) +(typeattributeset proc_fs_verity_29_0 (proc_fs_verity)) +(typeattributeset proc_hostname_29_0 (proc_hostname)) +(typeattributeset proc_hung_task_29_0 (proc_hung_task)) +(typeattributeset proc_interrupts_29_0 (proc_interrupts)) +(typeattributeset proc_iomem_29_0 (proc_iomem)) +(typeattributeset proc_keys_29_0 (proc_keys)) +(typeattributeset proc_kmsg_29_0 (proc_kmsg)) +(typeattributeset proc_loadavg_29_0 (proc_loadavg)) +(typeattributeset proc_max_map_count_29_0 (proc_max_map_count)) +(typeattributeset proc_meminfo_29_0 (proc_meminfo)) +(typeattributeset proc_min_free_order_shift_29_0 (proc_min_free_order_shift)) +(typeattributeset proc_misc_29_0 (proc_misc)) +(typeattributeset proc_modules_29_0 (proc_modules)) +(typeattributeset proc_mounts_29_0 (proc_mounts)) +(typeattributeset proc_net_29_0 (proc_net)) +(typeattributeset proc_net_tcp_udp_29_0 (proc_net_tcp_udp)) +(typeattributeset proc_overcommit_memory_29_0 (proc_overcommit_memory)) +(typeattributeset proc_page_cluster_29_0 (proc_page_cluster)) +(typeattributeset proc_pagetypeinfo_29_0 (proc_pagetypeinfo)) +(typeattributeset proc_panic_29_0 (proc_panic)) +(typeattributeset proc_perf_29_0 (proc_perf)) +(typeattributeset proc_pid_max_29_0 (proc_pid_max)) +(typeattributeset proc_pipe_conf_29_0 (proc_pipe_conf)) +(typeattributeset proc_pressure_cpu_29_0 (proc_pressure_cpu)) +(typeattributeset proc_pressure_io_29_0 (proc_pressure_io)) +(typeattributeset proc_pressure_mem_29_0 (proc_pressure_mem)) +(typeattributeset proc_qtaguid_ctrl_29_0 (proc_qtaguid_ctrl)) +(typeattributeset proc_qtaguid_stat_29_0 (proc_qtaguid_stat)) +(typeattributeset proc_random_29_0 (proc_random)) +(typeattributeset proc_sched_29_0 (proc_sched)) +(typeattributeset proc_security_29_0 (proc_security)) +(typeattributeset proc_slabinfo_29_0 (proc_slabinfo)) +(typeattributeset proc_stat_29_0 (proc_stat)) +(typeattributeset procstats_service_29_0 (procstats_service)) +(typeattributeset proc_swaps_29_0 (proc_swaps)) +(typeattributeset proc_sysrq_29_0 (proc_sysrq)) +(typeattributeset proc_timer_29_0 (proc_timer)) +(typeattributeset proc_tty_drivers_29_0 (proc_tty_drivers)) +(typeattributeset proc_uid_concurrent_active_time_29_0 (proc_uid_concurrent_active_time)) +(typeattributeset proc_uid_concurrent_policy_time_29_0 (proc_uid_concurrent_policy_time)) +(typeattributeset proc_uid_cpupower_29_0 (proc_uid_cpupower)) +(typeattributeset proc_uid_cputime_removeuid_29_0 (proc_uid_cputime_removeuid)) +(typeattributeset proc_uid_cputime_showstat_29_0 (proc_uid_cputime_showstat)) +(typeattributeset proc_uid_io_stats_29_0 (proc_uid_io_stats)) +(typeattributeset proc_uid_procstat_set_29_0 (proc_uid_procstat_set)) +(typeattributeset proc_uid_time_in_state_29_0 (proc_uid_time_in_state)) +(typeattributeset proc_uptime_29_0 (proc_uptime)) +(typeattributeset proc_version_29_0 (proc_version)) +(typeattributeset proc_vmallocinfo_29_0 (proc_vmallocinfo)) +(typeattributeset proc_vmstat_29_0 (proc_vmstat)) +(typeattributeset proc_zoneinfo_29_0 (proc_zoneinfo)) +(typeattributeset profman_29_0 (profman)) +(typeattributeset profman_dump_data_file_29_0 (profman_dump_data_file)) +(typeattributeset profman_exec_29_0 (profman_exec)) +(typeattributeset properties_device_29_0 (properties_device)) +(typeattributeset properties_serial_29_0 (properties_serial)) +(typeattributeset property_contexts_file_29_0 (property_contexts_file)) +(typeattributeset property_data_file_29_0 (property_data_file)) +(typeattributeset property_info_29_0 (property_info)) +(typeattributeset property_socket_29_0 (property_socket)) +(typeattributeset pstorefs_29_0 (pstorefs)) +(typeattributeset ptmx_device_29_0 (ptmx_device)) +(typeattributeset qtaguid_device_29_0 (qtaguid_device)) +(typeattributeset racoon_29_0 (racoon)) +(typeattributeset racoon_exec_29_0 (racoon_exec)) +(typeattributeset racoon_socket_29_0 (racoon_socket)) +(typeattributeset radio_29_0 (radio)) +(typeattributeset radio_data_file_29_0 (radio_data_file)) +(typeattributeset radio_device_29_0 (radio_device)) +(typeattributeset radio_prop_29_0 (radio_prop)) +(typeattributeset radio_service_29_0 (radio_service)) +(typeattributeset ram_device_29_0 (ram_device)) +(typeattributeset random_device_29_0 (random_device)) +(typeattributeset recovery_29_0 (recovery)) +(typeattributeset recovery_block_device_29_0 (recovery_block_device)) +(typeattributeset recovery_data_file_29_0 (recovery_data_file)) +(typeattributeset recovery_persist_29_0 (recovery_persist)) +(typeattributeset recovery_persist_exec_29_0 (recovery_persist_exec)) +(typeattributeset recovery_refresh_29_0 (recovery_refresh)) +(typeattributeset recovery_refresh_exec_29_0 (recovery_refresh_exec)) +(typeattributeset recovery_service_29_0 (recovery_service)) +(typeattributeset recovery_socket_29_0 (recovery_socket)) +(typeattributeset registry_service_29_0 (registry_service)) +(typeattributeset resourcecache_data_file_29_0 (resourcecache_data_file)) +(typeattributeset restorecon_prop_29_0 (restorecon_prop)) +(typeattributeset restrictions_service_29_0 (restrictions_service)) +(typeattributeset rild_debug_socket_29_0 (rild_debug_socket)) +(typeattributeset rild_socket_29_0 (rild_socket)) +(typeattributeset ringtone_file_29_0 (ringtone_file)) +(typeattributeset role_service_29_0 (role_service)) +(typeattributeset rollback_service_29_0 (rollback_service)) +(typeattributeset root_block_device_29_0 (root_block_device)) +(typeattributeset rootfs_29_0 (rootfs)) +(typeattributeset rpmsg_device_29_0 (rpmsg_device)) +(typeattributeset rs_29_0 (rs)) +(typeattributeset rs_exec_29_0 (rs_exec)) +(typeattributeset rss_hwm_reset_29_0 (rss_hwm_reset)) +(typeattributeset rtc_device_29_0 (rtc_device)) +(typeattributeset rttmanager_service_29_0 (rttmanager_service)) +(typeattributeset runas_29_0 (runas)) +(typeattributeset runas_app_29_0 (runas_app)) +(typeattributeset runas_exec_29_0 (runas_exec)) +(typeattributeset runtime_event_log_tags_file_29_0 (runtime_event_log_tags_file)) +(typeattributeset runtime_service_29_0 (runtime_service)) +(typeattributeset safemode_prop_29_0 (safemode_prop)) +(typeattributeset same_process_hal_file_29_0 (same_process_hal_file)) +(typeattributeset samplingprofiler_service_29_0 (samplingprofiler_service)) +(typeattributeset scheduling_policy_service_29_0 (scheduling_policy_service)) +(typeattributeset sdcard_block_device_29_0 (sdcard_block_device)) +(typeattributeset sdcardd_29_0 (sdcardd)) +(typeattributeset sdcardd_exec_29_0 (sdcardd_exec)) +(typeattributeset sdcardfs_29_0 (sdcardfs)) +(typeattributeset seapp_contexts_file_29_0 (seapp_contexts_file)) +(typeattributeset search_service_29_0 (search_service)) +(typeattributeset sec_key_att_app_id_provider_service_29_0 (sec_key_att_app_id_provider_service)) +(typeattributeset secure_element_29_0 (secure_element)) +(typeattributeset secure_element_device_29_0 (secure_element_device)) +(typeattributeset secure_element_service_29_0 (secure_element_service)) +(typeattributeset selinuxfs_29_0 (selinuxfs)) +(typeattributeset sensor_privacy_service_29_0 (sensor_privacy_service)) +(typeattributeset sensors_device_29_0 (sensors_device)) +(typeattributeset sensorservice_service_29_0 (sensorservice_service)) +(typeattributeset sepolicy_file_29_0 (sepolicy_file)) +(typeattributeset serial_device_29_0 (serial_device)) +(typeattributeset serialno_prop_29_0 (serialno_prop)) +(typeattributeset serial_service_29_0 (serial_service)) +(typeattributeset server_configurable_flags_data_file_29_0 (server_configurable_flags_data_file)) +(typeattributeset service_contexts_file_29_0 (service_contexts_file)) +(typeattributeset servicediscovery_service_29_0 (servicediscovery_service)) +(typeattributeset servicemanager_29_0 (servicemanager)) +(typeattributeset servicemanager_exec_29_0 (servicemanager_exec)) +(typeattributeset settings_service_29_0 (settings_service)) +(typeattributeset sgdisk_29_0 (sgdisk)) +(typeattributeset sgdisk_exec_29_0 (sgdisk_exec)) +(typeattributeset shared_relro_29_0 (shared_relro)) +(typeattributeset shared_relro_file_29_0 (shared_relro_file)) +(typeattributeset shell_29_0 (shell)) +(typeattributeset shell_data_file_29_0 (shell_data_file)) +(typeattributeset shell_exec_29_0 (shell_exec)) +(typeattributeset shell_prop_29_0 (shell_prop)) +(typeattributeset shm_29_0 (shm)) +(typeattributeset shortcut_manager_icons_29_0 (shortcut_manager_icons)) +(typeattributeset shortcut_service_29_0 (shortcut_service)) +(typeattributeset simpleperf_app_runner_29_0 (simpleperf_app_runner)) +(typeattributeset simpleperf_app_runner_exec_29_0 (simpleperf_app_runner_exec)) +(typeattributeset slice_service_29_0 (slice_service)) +(typeattributeset slideshow_29_0 (slideshow)) +(typeattributeset socket_device_29_0 (socket_device)) +(typeattributeset sockfs_29_0 (sockfs)) +(typeattributeset staging_data_file_29_0 (staging_data_file)) +(typeattributeset statsd_29_0 (statsd)) +(typeattributeset stats_data_file_29_0 (stats_data_file)) +(typeattributeset statsd_exec_29_0 (statsd_exec)) +(typeattributeset statsdw_socket_29_0 (statsdw_socket)) +(typeattributeset statusbar_service_29_0 (statusbar_service)) +(typeattributeset storaged_service_29_0 (storaged_service)) +(typeattributeset storage_file_29_0 (storage_file)) +(typeattributeset storagestats_service_29_0 (storagestats_service)) +(typeattributeset storage_stub_file_29_0 (storage_stub_file)) +(typeattributeset su_29_0 (su)) +(typeattributeset su_exec_29_0 (su_exec)) +(typeattributeset super_block_device_29_0 (super_block_device)) +(typeattributeset surfaceflinger_29_0 (surfaceflinger)) +(typeattributeset surfaceflinger_service_29_0 (surfaceflinger_service)) +(typeattributeset surfaceflinger_tmpfs_29_0 (surfaceflinger_tmpfs)) +(typeattributeset swap_block_device_29_0 (swap_block_device)) +(typeattributeset sysfs_29_0 + ( sysfs + sysfs_ion + sysfs_suspend_stats + sysfs_wakeup)) +(typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb)) +(typeattributeset sysfs_batteryinfo_29_0 (sysfs_batteryinfo)) +(typeattributeset sysfs_bluetooth_writable_29_0 (sysfs_bluetooth_writable)) +(typeattributeset sysfs_devices_block_29_0 (sysfs_devices_block)) +(typeattributeset sysfs_devices_system_cpu_29_0 (sysfs_devices_system_cpu)) +(typeattributeset sysfs_dm_29_0 (sysfs_dm)) +(typeattributeset sysfs_dt_firmware_android_29_0 (sysfs_dt_firmware_android)) +(typeattributeset sysfs_extcon_29_0 (sysfs_extcon)) +(typeattributeset sysfs_fs_ext4_features_29_0 (sysfs_fs_ext4_features)) +(typeattributeset sysfs_fs_f2fs_29_0 (sysfs_fs_f2fs)) +(typeattributeset sysfs_hwrandom_29_0 (sysfs_hwrandom)) +(typeattributeset sysfs_ipv4_29_0 (sysfs_ipv4)) +(typeattributeset sysfs_kernel_notes_29_0 (sysfs_kernel_notes)) +(typeattributeset sysfs_leds_29_0 (sysfs_leds)) +(typeattributeset sysfs_loop_29_0 (sysfs_loop)) +(typeattributeset sysfs_lowmemorykiller_29_0 (sysfs_lowmemorykiller)) +(typeattributeset sysfs_mac_address_29_0 (sysfs_mac_address)) +(typeattributeset sysfs_net_29_0 (sysfs_net)) +(typeattributeset sysfs_nfc_power_writable_29_0 (sysfs_nfc_power_writable)) +(typeattributeset sysfs_power_29_0 (sysfs_power)) +(typeattributeset sysfs_rtc_29_0 (sysfs_rtc)) +(typeattributeset sysfs_switch_29_0 (sysfs_switch)) +(typeattributeset sysfs_thermal_29_0 (sysfs_thermal)) +(typeattributeset sysfs_transparent_hugepage_29_0 (sysfs_transparent_hugepage)) +(typeattributeset sysfs_uio_29_0 (sysfs_uio)) +(typeattributeset sysfs_usb_29_0 (sysfs_usb)) +(typeattributeset sysfs_usermodehelper_29_0 (sysfs_usermodehelper)) +(typeattributeset sysfs_vibrator_29_0 (sysfs_vibrator)) +(typeattributeset sysfs_wake_lock_29_0 (sysfs_wake_lock)) +(typeattributeset sysfs_wakeup_reasons_29_0 (sysfs_wakeup_reasons)) +(typeattributeset sysfs_wlan_fwpath_29_0 (sysfs_wlan_fwpath)) +(typeattributeset sysfs_zram_29_0 (sysfs_zram)) +(typeattributeset sysfs_zram_uevent_29_0 (sysfs_zram_uevent)) +(typeattributeset system_app_29_0 (system_app)) +(typeattributeset system_app_data_file_29_0 (system_app_data_file)) +(typeattributeset system_app_service_29_0 (system_app_service)) +(typeattributeset system_asan_options_file_29_0 (system_asan_options_file)) +(typeattributeset system_block_device_29_0 (system_block_device)) +(typeattributeset system_boot_reason_prop_29_0 (system_boot_reason_prop)) +(typeattributeset system_bootstrap_lib_file_29_0 (system_bootstrap_lib_file)) +(typeattributeset system_data_file_29_0 (system_data_file system_data_root_file)) +(typeattributeset system_event_log_tags_file_29_0 (system_event_log_tags_file)) +(typeattributeset system_file_29_0 (system_file)) +(typeattributeset systemkeys_data_file_29_0 (systemkeys_data_file)) +(typeattributeset system_lib_file_29_0 (system_lib_file)) +(typeattributeset system_linker_config_file_29_0 (system_linker_config_file)) +(typeattributeset system_linker_exec_29_0 (system_linker_exec)) +(typeattributeset system_lmk_prop_29_0 (system_lmk_prop)) +(typeattributeset system_ndebug_socket_29_0 (system_ndebug_socket)) +(typeattributeset system_net_netd_hwservice_29_0 (system_net_netd_hwservice)) +(typeattributeset system_prop_29_0 (system_prop)) +(typeattributeset system_radio_prop_29_0 (system_radio_prop)) +(typeattributeset system_seccomp_policy_file_29_0 (system_seccomp_policy_file)) +(typeattributeset system_security_cacerts_file_29_0 (system_security_cacerts_file)) +(typeattributeset system_server_29_0 (system_server)) +(typeattributeset system_server_tmpfs_29_0 (system_server_tmpfs)) +(typeattributeset system_suspend_control_service_29_0 (system_suspend_control_service)) +(typeattributeset system_suspend_hwservice_29_0 (system_suspend_hwservice)) +(typeattributeset system_trace_prop_29_0 (system_trace_prop)) +(typeattributeset system_update_service_29_0 (system_update_service)) +(typeattributeset system_wifi_keystore_hwservice_29_0 (system_wifi_keystore_hwservice)) +(typeattributeset system_wpa_socket_29_0 (system_wpa_socket)) +(typeattributeset system_zoneinfo_file_29_0 (system_zoneinfo_file)) +(typeattributeset task_profiles_file_29_0 (task_profiles_file)) +(typeattributeset task_service_29_0 (task_service)) +(typeattributeset tcpdump_exec_29_0 (tcpdump_exec)) +(typeattributeset tee_29_0 (tee)) +(typeattributeset tee_data_file_29_0 (tee_data_file)) +(typeattributeset tee_device_29_0 (tee_device)) +(typeattributeset telecom_service_29_0 (telecom_service)) +(typeattributeset test_boot_reason_prop_29_0 (test_boot_reason_prop)) +(typeattributeset test_harness_prop_29_0 (test_harness_prop)) +(typeattributeset testharness_service_29_0 (testharness_service)) +(typeattributeset textclassification_service_29_0 (textclassification_service)) +(typeattributeset textclassifier_data_file_29_0 (textclassifier_data_file)) +(typeattributeset textservices_service_29_0 (textservices_service)) +(typeattributeset thermalcallback_hwservice_29_0 (thermalcallback_hwservice)) +(typeattributeset thermal_service_29_0 (thermal_service)) +(typeattributeset timedetector_service_29_0 (timedetector_service)) +(typeattributeset time_prop_29_0 (time_prop)) +(typeattributeset timezone_service_29_0 (timezone_service)) +(typeattributeset tmpfs_29_0 + ( mnt_sdcard_file + tmpfs)) +(typeattributeset tombstoned_29_0 (tombstoned)) +(typeattributeset tombstone_data_file_29_0 (tombstone_data_file)) +(typeattributeset tombstoned_crash_socket_29_0 (tombstoned_crash_socket)) +(typeattributeset tombstoned_exec_29_0 (tombstoned_exec)) +(typeattributeset tombstoned_intercept_socket_29_0 (tombstoned_intercept_socket)) +(typeattributeset tombstoned_java_trace_socket_29_0 (tombstoned_java_trace_socket)) +(typeattributeset tombstone_wifi_data_file_29_0 (tombstone_wifi_data_file)) +(typeattributeset toolbox_29_0 (toolbox)) +(typeattributeset toolbox_exec_29_0 (toolbox_exec)) +(typeattributeset traced_29_0 (traced)) +(typeattributeset trace_data_file_29_0 (trace_data_file)) +(typeattributeset traced_consumer_socket_29_0 (traced_consumer_socket)) +(typeattributeset traced_enabled_prop_29_0 (traced_enabled_prop)) +(typeattributeset traced_lazy_prop_29_0 (traced_lazy_prop)) +(typeattributeset traced_probes_29_0 (traced_probes)) +(typeattributeset traced_producer_socket_29_0 (traced_producer_socket)) +(typeattributeset traceur_app_29_0 (traceur_app)) +(typeattributeset trust_service_29_0 (trust_service)) +(typeattributeset tty_device_29_0 (tty_device)) +(typeattributeset tun_device_29_0 (tun_device)) +(typeattributeset tv_input_service_29_0 (tv_input_service)) +(typeattributeset tzdatacheck_29_0 (tzdatacheck)) +(typeattributeset tzdatacheck_exec_29_0 (tzdatacheck_exec)) +(typeattributeset ueventd_29_0 (ueventd)) +(typeattributeset ueventd_tmpfs_29_0 (ueventd_tmpfs)) +(typeattributeset uhid_device_29_0 (uhid_device)) +(typeattributeset uimode_service_29_0 (uimode_service)) +(typeattributeset uio_device_29_0 (uio_device)) +(typeattributeset uncrypt_29_0 (uncrypt)) +(typeattributeset uncrypt_exec_29_0 (uncrypt_exec)) +(typeattributeset uncrypt_socket_29_0 (uncrypt_socket)) +(typeattributeset unencrypted_data_file_29_0 (unencrypted_data_file)) +(typeattributeset unlabeled_29_0 (unlabeled)) +(typeattributeset untrusted_app_25_29_0 (untrusted_app_25)) +(typeattributeset untrusted_app_27_29_0 (untrusted_app_27)) +(typeattributeset untrusted_app_29_0 (untrusted_app)) +(typeattributeset update_engine_29_0 (update_engine)) +(typeattributeset update_engine_data_file_29_0 (update_engine_data_file)) +(typeattributeset update_engine_exec_29_0 (update_engine_exec)) +(typeattributeset update_engine_log_data_file_29_0 (update_engine_log_data_file)) +(typeattributeset update_engine_service_29_0 (update_engine_service)) +(typeattributeset updatelock_service_29_0 (updatelock_service)) +(typeattributeset update_verifier_29_0 (update_verifier)) +(typeattributeset update_verifier_exec_29_0 (update_verifier_exec)) +(typeattributeset uri_grants_service_29_0 (uri_grants_service)) +(typeattributeset usagestats_service_29_0 (usagestats_service)) +(typeattributeset usbaccessory_device_29_0 (usbaccessory_device)) +(typeattributeset usbd_29_0 (usbd)) +(typeattributeset usb_device_29_0 (usb_device)) +(typeattributeset usbd_exec_29_0 (usbd_exec)) +(typeattributeset usbfs_29_0 (usbfs)) +(typeattributeset usb_service_29_0 (usb_service)) +(typeattributeset use_memfd_prop_29_0 (use_memfd_prop)) +(typeattributeset userdata_block_device_29_0 (userdata_block_device)) +(typeattributeset usermodehelper_29_0 (usermodehelper)) +(typeattributeset user_profile_data_file_29_0 (user_profile_data_file)) +(typeattributeset user_service_29_0 (user_service)) +(typeattributeset vdc_29_0 (vdc)) +(typeattributeset vdc_exec_29_0 (vdc_exec)) +(typeattributeset vendor_app_file_29_0 (vendor_app_file)) +(typeattributeset vendor_cgroup_desc_file_29_0 (vendor_cgroup_desc_file)) +(typeattributeset vendor_configs_file_29_0 (vendor_configs_file)) +(typeattributeset vendor_data_file_29_0 (vendor_data_file)) +(typeattributeset vendor_default_prop_29_0 (vendor_default_prop)) +(typeattributeset vendor_file_29_0 (vendor_file)) +(typeattributeset vendor_framework_file_29_0 (vendor_framework_file)) +(typeattributeset vendor_hal_file_29_0 (vendor_hal_file)) +(typeattributeset vendor_idc_file_29_0 (vendor_idc_file)) +(typeattributeset vendor_init_29_0 (vendor_init)) +(typeattributeset vendor_keychars_file_29_0 (vendor_keychars_file)) +(typeattributeset vendor_keylayout_file_29_0 (vendor_keylayout_file)) +(typeattributeset vendor_overlay_file_29_0 (vendor_overlay_file)) +(typeattributeset vendor_public_lib_file_29_0 (vendor_public_lib_file)) +(typeattributeset vendor_security_patch_level_prop_29_0 (vendor_security_patch_level_prop)) +(typeattributeset vendor_shell_29_0 (vendor_shell)) +(typeattributeset vendor_shell_exec_29_0 (vendor_shell_exec)) +(typeattributeset vendor_task_profiles_file_29_0 (vendor_task_profiles_file)) +(typeattributeset vendor_toolbox_exec_29_0 (vendor_toolbox_exec)) +(typeattributeset vfat_29_0 (vfat)) +(typeattributeset vibrator_service_29_0 (vibrator_service)) +(typeattributeset video_device_29_0 (video_device)) +(typeattributeset virtual_touchpad_29_0 (virtual_touchpad)) +(typeattributeset virtual_touchpad_exec_29_0 (virtual_touchpad_exec)) +(typeattributeset virtual_touchpad_service_29_0 (virtual_touchpad_service)) +(typeattributeset vndbinder_device_29_0 (vndbinder_device)) +(typeattributeset vndk_sp_file_29_0 (vndk_sp_file)) +(typeattributeset vndservice_contexts_file_29_0 (vndservice_contexts_file)) +(typeattributeset vndservicemanager_29_0 (vndservicemanager)) +(typeattributeset voiceinteraction_service_29_0 (voiceinteraction_service)) +(typeattributeset vold_29_0 (vold)) +(typeattributeset vold_data_file_29_0 (vold_data_file)) +(typeattributeset vold_device_29_0 (vold_device)) +(typeattributeset vold_exec_29_0 (vold_exec)) +(typeattributeset vold_metadata_file_29_0 (vold_metadata_file)) +(typeattributeset vold_prepare_subdirs_29_0 (vold_prepare_subdirs)) +(typeattributeset vold_prepare_subdirs_exec_29_0 (vold_prepare_subdirs_exec)) +(typeattributeset vold_prop_29_0 (vold_prop)) +(typeattributeset vold_service_29_0 (vold_service)) +(typeattributeset vpn_data_file_29_0 (vpn_data_file)) +(typeattributeset vrflinger_vsync_service_29_0 (vrflinger_vsync_service)) +(typeattributeset vr_hwc_29_0 (vr_hwc)) +(typeattributeset vr_hwc_exec_29_0 (vr_hwc_exec)) +(typeattributeset vr_hwc_service_29_0 (vr_hwc_service)) +(typeattributeset vr_manager_service_29_0 (vr_manager_service)) +(typeattributeset wallpaper_file_29_0 (wallpaper_file)) +(typeattributeset wallpaper_service_29_0 (wallpaper_service)) +(typeattributeset watchdogd_29_0 (watchdogd)) +(typeattributeset watchdog_device_29_0 (watchdog_device)) +(typeattributeset watchdogd_exec_29_0 (watchdogd_exec)) +(typeattributeset webviewupdate_service_29_0 (webviewupdate_service)) +(typeattributeset webview_zygote_29_0 (webview_zygote)) +(typeattributeset webview_zygote_exec_29_0 (webview_zygote_exec)) +(typeattributeset webview_zygote_tmpfs_29_0 (webview_zygote_tmpfs)) +(typeattributeset wifiaware_service_29_0 (wifiaware_service)) +(typeattributeset wificond_29_0 (wificond)) +(typeattributeset wificond_exec_29_0 (wificond_exec)) +(typeattributeset wificond_service_29_0 (wificond_service wifinl80211_service)) +(typeattributeset wifi_data_file_29_0 (wifi_data_file)) +(typeattributeset wifi_log_prop_29_0 (wifi_log_prop)) +(typeattributeset wifip2p_service_29_0 (wifip2p_service)) +(typeattributeset wifi_prop_29_0 (wifi_prop)) +(typeattributeset wifiscanner_service_29_0 (wifiscanner_service)) +(typeattributeset wifi_service_29_0 (wifi_service)) +(typeattributeset window_service_29_0 (window_service)) +(typeattributeset wpantund_29_0 (wpantund)) +(typeattributeset wpantund_exec_29_0 (wpantund_exec)) +(typeattributeset wpantund_service_29_0 (wpantund_service)) +(typeattributeset wpa_socket_29_0 (wpa_socket)) +(typeattributeset zero_device_29_0 (zero_device)) +(typeattributeset zoneinfo_data_file_29_0 (zoneinfo_data_file)) +(typeattributeset zygote_29_0 (zygote)) +(typeattributeset zygote_exec_29_0 (zygote_exec)) +(typeattributeset zygote_socket_29_0 (zygote_socket)) +(typeattributeset zygote_tmpfs_29_0 (zygote_tmpfs)) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil new file mode 100644 index 000000000..af4da8a23 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil @@ -0,0 +1,3 @@ +(typeattribute vendordomain) +(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) +(allow vendordomain self (netlink_route_socket (nlmsg_readpriv))) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil new file mode 100644 index 000000000..e54aa776c --- /dev/null +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -0,0 +1,120 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + aidl_lazy_test_server + aidl_lazy_test_server_exec + aidl_lazy_test_service + adbd_prop + apex_module_data_file + apex_permission_data_file + apex_rollback_data_file + apex_wifi_data_file + app_integrity_service + app_search_service + auth_service + automotive_display_service + automotive_display_service_exec + ashmem_libcutils_device + blob_store_service + binder_cache_bluetooth_server_prop + binder_cache_system_server_prop + binder_cache_telephony_server_prop + binderfs + binderfs_logs + binderfs_logs_proc + boringssl_self_test + bq_config_prop + charger_prop + cold_boot_done_prop + credstore + credstore_data_file + credstore_exec + credstore_service + platform_compat_service + ctl_apexd_prop + dataloader_manager_service + device_config_storage_native_boot_prop + device_config_sys_traced_prop + device_config_window_manager_native_boot_prop + device_config_configuration_prop + emergency_affordance_service + exported_camera_prop + file_integrity_service + fwk_automotive_display_hwservice + gmscore_app + hal_can_bus_hwservice + hal_can_controller_hwservice + hal_identity_service + hal_light_service + hal_power_service + hal_rebootescrow_service + hal_tv_tuner_hwservice + hal_vibrator_service + incremental_control_file + incremental_service + init_perf_lsm_hooks_prop + init_svc_debug_prop + iorap_inode2filename + iorap_inode2filename_data_file + iorap_inode2filename_exec + iorap_inode2filename_tmpfs + iorap_prefetcherd + iorap_prefetcherd_data_file + iorap_prefetcherd_exec + iorap_prefetcherd_tmpfs + mediatranscoding_service + mediatranscoding + mediatranscoding_exec + mediatranscoding_tmpfs + mirror_data_file + light_service + linkerconfig_file + media_variant_prop + metadata_bootstat_file + mnt_pass_through_file + mock_ota_prop + module_sdkextensions_prop + ota_metadata_file + ota_prop + prereboot_data_file + art_apex_dir + rebootescrow_hal_prop + securityfs + service_manager_service + service_manager_vndservice + simpleperf + snapshotctl_log_data_file + socket_hook_prop + soundtrigger_middleware_service + storage_config_prop + sysfs_dm_verity + system_adbd_prop + system_config_service + system_group_file + system_jvmti_agent_prop + system_passwd_file + system_unsolzygote_socket + tethering_service + traced_perf + traced_perf_enabled_prop + traced_perf_socket + timezonedetector_service + untrusted_app_29 + usb_serial_device + userspace_reboot_config_prop + userspace_reboot_exported_prop + userspace_reboot_log_prop + userspace_reboot_test_prop + vehicle_hal_prop + tv_tuner_resource_mgr_service + vendor_apex_file + vendor_boringssl_self_test + vendor_install_recovery + vendor_install_recovery_exec + vendor_socket_hook_prop + vendor_socket_hook_prop + virtual_ab_prop)) diff --git a/prebuilts/api/30.0/private/coredomain.te b/prebuilts/api/30.0/private/coredomain.te new file mode 100644 index 000000000..32a1e3f5b --- /dev/null +++ b/prebuilts/api/30.0/private/coredomain.te @@ -0,0 +1,198 @@ +get_prop(coredomain, pm_prop) +get_prop(coredomain, exported_pm_prop) + +full_treble_only(` +neverallow { + coredomain + + # for chowning + -init + + # generic access to sysfs_type + -ueventd + -vold +} sysfs_leds:file *; +') + +# On TREBLE devices, a limited set of files in /vendor are accessible to +# only a few whitelisted coredomains to keep system/vendor separation. +full_treble_only(` + # Limit access to /vendor/app + neverallow { + coredomain + -appdomain + -dex2oat + -idmap + -init + -installd + userdebug_or_eng(`-heapprofd') + -postinstall_dexopt + -rs # spawned by appdomain, so carryover the exception above + -system_server + -traced_perf + } vendor_app_file:dir { open read getattr search }; +') + +full_treble_only(` + neverallow { + coredomain + -appdomain + -dex2oat + -idmap + -init + -installd + userdebug_or_eng(`-heapprofd') + -postinstall_dexopt + -rs # spawned by appdomain, so carryover the exception above + -system_server + -traced_perf + -mediaserver + } vendor_app_file:file r_file_perms; +') + +full_treble_only(` + # Limit access to /vendor/overlay + neverallow { + coredomain + -appdomain + -idmap + -init + -installd + -iorap_inode2filename + -iorap_prefetcherd + -postinstall_dexopt + -rs # spawned by appdomain, so carryover the exception above + -system_server + -traced_perf + -app_zygote + -webview_zygote + -zygote + userdebug_or_eng(`-heapprofd') + } vendor_overlay_file:dir { getattr open read search }; +') + +full_treble_only(` + neverallow { + coredomain + -appdomain + -idmap + -init + -installd + -iorap_inode2filename + -iorap_prefetcherd + -postinstall_dexopt + -rs # spawned by appdomain, so carryover the exception above + -system_server + -traced_perf + -app_zygote + -webview_zygote + -zygote + userdebug_or_eng(`-heapprofd') + } vendor_overlay_file:file r_file_perms; +') + +# Core domains are not permitted to use kernel interfaces which are not +# explicitly labeled. +# TODO(b/65643247): Apply these neverallow rules to all coredomain. +full_treble_only(` + # /proc + neverallow { + coredomain + -init + -vold + } proc:file no_rw_file_perms; + + # /sys + neverallow { + coredomain + -init + -ueventd + -vold + } sysfs:file no_rw_file_perms; + + # /dev + neverallow { + coredomain + -fsck + -init + -ueventd + } device:{ blk_file file } no_rw_file_perms; + + # debugfs + neverallow { + coredomain + -dumpstate + -init + -system_server + } debugfs:file no_rw_file_perms; + + # tracefs + neverallow { + coredomain + -atrace + -dumpstate + -init + -traced_probes + -shell + -system_server + -traceur_app + } debugfs_tracing:file no_rw_file_perms; + + # inotifyfs + neverallow { + coredomain + -init + } inotify:file no_rw_file_perms; + + # pstorefs + neverallow { + coredomain + -bootstat + -charger + -dumpstate + -healthd + userdebug_or_eng(`-incidentd') + -init + -logd + -logpersist + -recovery_persist + -recovery_refresh + -shell + -system_server + } pstorefs:file no_rw_file_perms; + + # configfs + neverallow { + coredomain + -init + -system_server + } configfs:file no_rw_file_perms; + + # functionfs + neverallow { + coredomain + -adbd + -init + -mediaprovider + -system_server + } functionfs:file no_rw_file_perms; + + # usbfs and binfmt_miscfs + neverallow { + coredomain + -init + }{ usbfs binfmt_miscfs }:file no_rw_file_perms; +') + +# Following /dev nodes must not be directly accessed by coredomain, but should +# instead be wrapped by HALs. +neverallow coredomain { + iio_device + radio_device +}:chr_file { open read append write ioctl }; + +# TODO(b/120243891): HAL permission to tee_device is included into coredomain +# on non-Treble devices. +full_treble_only(` + neverallow coredomain tee_device:chr_file { open read append write ioctl }; +') diff --git a/prebuilts/api/30.0/private/cppreopts.te b/prebuilts/api/30.0/private/cppreopts.te new file mode 100644 index 000000000..1192ba676 --- /dev/null +++ b/prebuilts/api/30.0/private/cppreopts.te @@ -0,0 +1,31 @@ +# cppreopts +# +# This command copies preopted files from the system_b partition to the data +# partition. This domain ensures that we are only copying into specific +# directories. + +type cppreopts, domain, mlstrustedsubject, coredomain; +type cppreopts_exec, system_file_type, exec_type, file_type; + +# Technically not a daemon but we do want the transition from init domain to +# cppreopts to occur. +init_daemon_domain(cppreopts) +domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename); + +# Allow cppreopts copy files into the dalvik-cache +allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write }; +allow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink }; + +# Allow cppreopts to execute itself using #!/system/bin/sh +allow cppreopts shell_exec:file rx_file_perms; + +# Allow us to run find on /postinstall +allow cppreopts system_file:dir { open read }; + +# Allow running the cp command using cppreopts permissions. Needed so we can +# write into dalvik-cache +allow cppreopts toolbox_exec:file rx_file_perms; + +# Silence the denial when /postinstall cannot be mounted, e.g., system_other +# is wiped, but cppreopts.sh still runs. +dontaudit cppreopts postinstall_mnt_dir:dir search; diff --git a/prebuilts/api/30.0/private/crash_dump.te b/prebuilts/api/30.0/private/crash_dump.te new file mode 100644 index 000000000..f130327da --- /dev/null +++ b/prebuilts/api/30.0/private/crash_dump.te @@ -0,0 +1,49 @@ +typeattribute crash_dump coredomain; + +# Crash dump does not need to access devices passed across exec(). +dontaudit crash_dump { devpts dev_type }:chr_file { read write }; + +allow crash_dump { + domain + -apexd + -bpfloader + -crash_dump + -init + -kernel + -keystore + -llkd + -logd + -ueventd + -vendor_init + -vold +}:process { ptrace signal sigchld sigstop sigkill }; +userdebug_or_eng(` + allow crash_dump { apexd llkd logd vold }:process { ptrace signal sigchld sigstop sigkill }; +') + +### +### neverallow assertions +### + +# ptrace neverallow assertions are spread throughout the other policy +# files, so we avoid adding redundant assertions here + +neverallow crash_dump { + apexd + userdebug_or_eng(`-apexd') + bpfloader + init + kernel + keystore + llkd + userdebug_or_eng(`-llkd') + logd + userdebug_or_eng(`-logd') + ueventd + vendor_init + vold + userdebug_or_eng(`-vold') +}:process { signal sigstop sigkill }; + +neverallow crash_dump self:process ptrace; +neverallow crash_dump gpu_device:chr_file *; diff --git a/prebuilts/api/30.0/private/credstore.te b/prebuilts/api/30.0/private/credstore.te new file mode 100644 index 000000000..8d87e2f33 --- /dev/null +++ b/prebuilts/api/30.0/private/credstore.te @@ -0,0 +1,6 @@ +typeattribute credstore coredomain; + +init_daemon_domain(credstore) + +# talk to Identity Credential +hal_client_domain(credstore, hal_identity) diff --git a/prebuilts/api/30.0/private/derive_sdk.te b/prebuilts/api/30.0/private/derive_sdk.te new file mode 100644 index 000000000..1f60e3446 --- /dev/null +++ b/prebuilts/api/30.0/private/derive_sdk.te @@ -0,0 +1,12 @@ + +# Domain for derive_sdk +type derive_sdk, domain, coredomain; +type derive_sdk_exec, system_file_type, exec_type, file_type; +init_daemon_domain(derive_sdk) + +# Read /apex +allow derive_sdk apex_mnt_dir:dir r_dir_perms; + +# Prop rules: writable by derive_sdk, readable by bootclasspath (apps) +set_prop(derive_sdk, module_sdkextensions_prop) +neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set; diff --git a/prebuilts/api/30.0/private/dex2oat.te b/prebuilts/api/30.0/private/dex2oat.te new file mode 100644 index 000000000..7907f6c2a --- /dev/null +++ b/prebuilts/api/30.0/private/dex2oat.te @@ -0,0 +1,84 @@ +# dex2oat +type dex2oat, domain, coredomain; +type dex2oat_exec, system_file_type, exec_type, file_type; + +r_dir_file(dex2oat, apk_data_file) +# Access to /vendor/app +r_dir_file(dex2oat, vendor_app_file) +# Access /vendor/framework +allow dex2oat vendor_framework_file:dir { getattr search }; +allow dex2oat vendor_framework_file:file { getattr open read map }; + +allow dex2oat tmpfs:file { read getattr map }; + +r_dir_file(dex2oat, dalvikcache_data_file) +allow dex2oat dalvikcache_data_file:file write; +# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot images, where +# the oat file is symlinked to the original file in /system. +allow dex2oat dalvikcache_data_file:lnk_file read; +allow dex2oat installd:fd use; + +# Acquire advisory lock on /system/framework/arm/* +allow dex2oat system_file:file lock; + +# Read already open asec_apk_file file descriptors passed by installd. +# Also allow reading unlabeled files, to allow for upgrading forward +# locked APKs. +allow dex2oat asec_apk_file:file { read map }; +allow dex2oat unlabeled:file { read map }; +allow dex2oat oemfs:file { read map }; +allow dex2oat apk_tmp_file:dir search; +allow dex2oat apk_tmp_file:file r_file_perms; +allow dex2oat user_profile_data_file:file { getattr read lock map }; + +# Allow dex2oat to compile app's secondary dex files which were reported back to +# the framework. +allow dex2oat { privapp_data_file app_data_file }:file { getattr read write lock map }; + +################## +# A/B OTA Dexopt # +################## + +# Allow dex2oat to use file descriptors from otapreopt. +allow dex2oat postinstall_dexopt:fd use; + +# Allow dex2oat to read files under /postinstall (e.g. APKs under /system, /system/bin/linker). +allow dex2oat postinstall_file:dir r_dir_perms; +allow dex2oat postinstall_file:filesystem getattr; +allow dex2oat postinstall_file:lnk_file { getattr read }; +allow dex2oat postinstall_file:file read; +# Allow dex2oat to use libraries under /postinstall/system (e.g. /system/lib/libc.so). +# TODO(b/120266448): Remove when Bionic libraries are part of the Runtime APEX. +allow dex2oat postinstall_file:file { execute getattr open }; + +# Allow dex2oat access to /postinstall/apex. +allow dex2oat postinstall_apex_mnt_dir:dir { getattr search }; + +# Allow dex2oat access to files in /data/ota. +allow dex2oat ota_data_file:dir ra_dir_perms; +allow dex2oat ota_data_file:file r_file_perms; + +# Create and read symlinks in /data/ota/dalvik-cache. This is required for PIC mode boot images, +# where the oat file is symlinked to the original file in /system. +allow dex2oat ota_data_file:lnk_file { create read }; + +# It would be nice to tie this down, but currently, because of how images are written, we can't +# pass file descriptors for the preopted boot image to dex2oat. So dex2oat needs to be able to +# create them itself (and make them world-readable). +allow dex2oat ota_data_file:file { create w_file_perms setattr }; + +############### +# APEX Update # +############### + +# /dev/zero is inherited. +allow dex2oat apexd:fd use; + +# Allow dex2oat to use file descriptors from preinstall. +allow dex2oat art_apex_preinstall:fd use; + +############## +# Neverallow # +############## + +neverallow dex2oat { privapp_data_file app_data_file }:notdevfile_class_set open; diff --git a/prebuilts/api/30.0/private/dexoptanalyzer.te b/prebuilts/api/30.0/private/dexoptanalyzer.te new file mode 100644 index 000000000..1f9246230 --- /dev/null +++ b/prebuilts/api/30.0/private/dexoptanalyzer.te @@ -0,0 +1,35 @@ +# dexoptanalyzer +type dexoptanalyzer, domain, coredomain, mlstrustedsubject; +type dexoptanalyzer_exec, system_file_type, exec_type, file_type; +type dexoptanalyzer_tmpfs, file_type; + +# Reading an APK opens a ZipArchive, which unpack to tmpfs. +# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their +# own label, which differs from other labels created by other processes. +# This allows to distinguish in policy files created by dexoptanalyzer vs other +#processes. +tmpfs_domain(dexoptanalyzer) + +# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot +# app_data_file the oat file is symlinked to the original file in /system. +allow dexoptanalyzer dalvikcache_data_file:dir { getattr search }; +allow dexoptanalyzer dalvikcache_data_file:file r_file_perms; +allow dexoptanalyzer dalvikcache_data_file:lnk_file read; + +allow dexoptanalyzer installd:fd use; +allow dexoptanalyzer installd:fifo_file { getattr write }; + +# Acquire advisory lock on /system/framework/arm/* +allow dexoptanalyzer system_file:file lock; + +# Allow reading secondary dex files that were reported by the app to the +# package manager. +allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search }; +allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map }; +# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the +# "dontaudit...audit_access" policy line to suppress the audit access without +# suppressing denial on actual access. +dontaudit dexoptanalyzer { privapp_data_file app_data_file }:dir audit_access; + +# Allow testing /data/user/0 which symlinks to /data/data +allow dexoptanalyzer system_data_file:lnk_file { getattr }; diff --git a/prebuilts/api/30.0/private/dhcp.te b/prebuilts/api/30.0/private/dhcp.te new file mode 100644 index 000000000..b2f8ac7c7 --- /dev/null +++ b/prebuilts/api/30.0/private/dhcp.te @@ -0,0 +1,4 @@ +typeattribute dhcp coredomain; + +init_daemon_domain(dhcp) +type_transition dhcp system_data_file:{ dir file } dhcp_data_file; diff --git a/prebuilts/api/30.0/private/dnsmasq.te b/prebuilts/api/30.0/private/dnsmasq.te new file mode 100644 index 000000000..96084b490 --- /dev/null +++ b/prebuilts/api/30.0/private/dnsmasq.te @@ -0,0 +1 @@ +typeattribute dnsmasq coredomain; diff --git a/prebuilts/api/30.0/private/domain.te b/prebuilts/api/30.0/private/domain.te new file mode 100644 index 000000000..1a8ce5053 --- /dev/null +++ b/prebuilts/api/30.0/private/domain.te @@ -0,0 +1,371 @@ +# Transition to crash_dump when /system/bin/crash_dump* is executed. +# This occurs when the process crashes. +# We do not apply this to the su domain to avoid interfering with +# tests (b/114136122) +domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump); +allow domain crash_dump:process sigchld; + +# Allow every process to check the heapprofd.enable properties to determine +# whether to load the heap profiling library. This does not necessarily enable +# heap profiling, as initialization will fail if it does not have the +# necessary SELinux permissions. +get_prop(domain, heapprofd_prop); +# Allow heap profiling on debug builds. +userdebug_or_eng(`can_profile_heap_central({ + domain + -bpfloader + -init + -kernel + -keystore + -llkd + -logd + -logpersist + -recovery + -recovery_persist + -recovery_refresh + -ueventd + -vendor_init + -vold +})') + +# As above, allow perf profiling most processes on debug builds. +# zygote is excluded as system-wide profiling could end up with it +# (unexpectedly) holding an open fd across a fork. +userdebug_or_eng(`can_profile_perf({ + domain + -bpfloader + -init + -kernel + -keystore + -llkd + -logd + -logpersist + -recovery + -recovery_persist + -recovery_refresh + -ueventd + -vendor_init + -vold + -zygote +})') + +# Path resolution access in cgroups. +allow domain cgroup:dir search; +allow { domain -appdomain -rs } cgroup:dir w_dir_perms; +allow { domain -appdomain -rs } cgroup:file w_file_perms; + +allow domain cgroup_rc_file:dir search; +allow domain cgroup_rc_file:file r_file_perms; +allow domain task_profiles_file:file r_file_perms; +allow domain vendor_task_profiles_file:file r_file_perms; + +# Allow all domains to read sys.use_memfd to determine +# if memfd support can be used if device supports it +get_prop(domain, use_memfd_prop); + +# Read access to sdkextensions props +get_prop(domain, module_sdkextensions_prop) + +# Read access to bq configuration values +get_prop(domain, bq_config_prop); + +# For now, everyone can access core property files +# Device specific properties are not granted by default +not_compatible_property(` + get_prop(domain, core_property_type) + get_prop(domain, exported_dalvik_prop) + get_prop(domain, exported_ffs_prop) + get_prop(domain, exported_system_radio_prop) + get_prop(domain, exported2_config_prop) + get_prop(domain, exported2_radio_prop) + get_prop(domain, exported2_system_prop) + get_prop(domain, exported2_vold_prop) + get_prop(domain, exported3_default_prop) + get_prop(domain, exported3_radio_prop) + get_prop(domain, exported3_system_prop) + get_prop(domain, vendor_default_prop) +') +compatible_property_only(` + get_prop({coredomain appdomain shell}, core_property_type) + get_prop({coredomain appdomain shell}, exported_dalvik_prop) + get_prop({coredomain appdomain shell}, exported_ffs_prop) + get_prop({coredomain appdomain shell}, exported_system_radio_prop) + get_prop({coredomain appdomain shell}, exported2_config_prop) + get_prop({coredomain appdomain shell}, exported2_radio_prop) + get_prop({coredomain appdomain shell}, exported2_system_prop) + get_prop({coredomain appdomain shell}, exported2_vold_prop) + get_prop({coredomain appdomain shell}, exported3_default_prop) + get_prop({coredomain appdomain shell}, exported3_radio_prop) + get_prop({coredomain appdomain shell}, exported3_system_prop) + get_prop({coredomain appdomain shell}, exported_camera_prop) + get_prop({coredomain appdomain shell}, userspace_reboot_config_prop) + get_prop({coredomain shell}, userspace_reboot_exported_prop) + get_prop({coredomain shell}, userspace_reboot_log_prop) + get_prop({coredomain shell}, userspace_reboot_test_prop) + get_prop({domain -coredomain -appdomain}, vendor_default_prop) +') + +# Allow access to fsverity keyring. +allow domain kernel:key search; +# Allow access to keys in the fsverity keyring that were installed at boot. +allow domain fsverity_init:key search; +# For testing purposes, allow access to keys installed with su. +userdebug_or_eng(` + allow domain su:key search; +') + +# Allow access to linkerconfig file +allow domain linkerconfig_file:dir search; +allow domain linkerconfig_file:file r_file_perms; + +# Allow all processes to check for the existence of the boringssl_self_test_marker files. +allow domain boringssl_self_test_marker:dir search; + +# Limit ability to ptrace or read sensitive /proc/pid files of processes +# with other UIDs to these whitelisted domains. +neverallow { + domain + -vold + userdebug_or_eng(`-llkd') + -dumpstate + userdebug_or_eng(`-incidentd') + -storaged + -system_server +} self:global_capability_class_set sys_ptrace; + +# Limit ability to generate hardware unique device ID attestations to priv_apps +neverallow { domain -priv_app -gmscore_app } *:keystore_key gen_unique_id; + +neverallow { + domain + -init + -vendor_init + userdebug_or_eng(`-domain') +} debugfs_tracing_debug:file no_rw_file_perms; + +# System_server owns dropbox data, and init creates/restorecons the directory +# Disallow direct access by other processes. +neverallow { domain -init -system_server } dropbox_data_file:dir *; +neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read }; + +### +# Services should respect app sandboxes +neverallow { + domain + -appdomain + -installd # creation of sandbox +} { privapp_data_file app_data_file }:dir_file_class_set { create unlink }; + +# Only the following processes should be directly accessing private app +# directories. +neverallow { + domain + -adbd + -appdomain + -app_zygote + -dexoptanalyzer + -installd + -iorap_inode2filename + -iorap_prefetcherd + -profman + -rs # spawned by appdomain, so carryover the exception above + -runas + -system_server + -viewcompiler + -zygote +} { privapp_data_file app_data_file }:dir *; + +# Only apps should be modifying app data. installd is exempted for +# restorecon and package install/uninstall. +neverallow { + domain + -appdomain + -installd + -rs # spawned by appdomain, so carryover the exception above +} { privapp_data_file app_data_file }:dir ~r_dir_perms; + +neverallow { + domain + -appdomain + -app_zygote + -installd + -iorap_prefetcherd + -rs # spawned by appdomain, so carryover the exception above +} { privapp_data_file app_data_file }:file_class_set open; + +neverallow { + domain + -appdomain + -installd # creation of sandbox +} { privapp_data_file app_data_file }:dir_file_class_set { create unlink }; + +neverallow { + domain + -installd +} { privapp_data_file app_data_file }:dir_file_class_set { relabelfrom relabelto }; + +# The staging directory contains APEX and APK files. It is important to ensure +# that these files cannot be accessed by other domains to ensure that the files +# do not change between system_server staging the files and apexd processing +# the files. +neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename } staging_data_file:dir *; +neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename -priv_app } staging_data_file:file *; +neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms; +# apexd needs the link and unlink permissions, so list every `no_w_file_perms` +# except for `link` and `unlink`. +neverallow { domain -init -system_server } staging_data_file:file + { append create relabelfrom rename setattr write no_x_file_perms }; + +neverallow { + domain + -appdomain # for oemfs + -bootanim # for oemfs + -recovery # for /tmp/update_binary in tmpfs +} { fs_type -rootfs }:file execute; + +# +# Assert that, to the extent possible, we're not loading executable content from +# outside the rootfs or /system partition except for a few whitelisted domains. +# Executable files loaded from /data is a persistence vector +# we want to avoid. See +# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example. +# +neverallow { + domain + -appdomain + with_asan(`-asan_extract') + -iorap_prefetcherd + -shell + userdebug_or_eng(`-su') + -system_server_startup # for memfd backed executable regions + -app_zygote + -webview_zygote + -zygote + userdebug_or_eng(`-mediaextractor') + userdebug_or_eng(`-mediaswcodec') +} { + file_type + -system_file_type + -system_lib_file + -system_linker_exec + -vendor_file_type + -exec_type + -postinstall_file +}:file execute; + +# Only init is allowed to write cgroup.rc file +neverallow { + domain + -init + -vendor_init +} cgroup_rc_file:file no_w_file_perms; + +# Only authorized processes should be writing to files in /data/dalvik-cache +neverallow { + domain + -init # TODO: limit init to relabelfrom for files + -zygote + -installd + -postinstall_dexopt + -cppreopts + -dex2oat + -otapreopt_slot + -art_apex_postinstall + -art_apex_boot_integrity +} dalvikcache_data_file:file no_w_file_perms; + +neverallow { + domain + -init + -installd + -postinstall_dexopt + -cppreopts + -dex2oat + -zygote + -otapreopt_slot + -art_apex_boot_integrity + -art_apex_postinstall +} dalvikcache_data_file:dir no_w_dir_perms; + +# Minimize dac_override and dac_read_search. +# Instead of granting them it is usually better to add the domain to +# a Unix group or change the permissions of a file. +define(`dac_override_allowed', `{ + apexd + dnsmasq + dumpstate + init + installd + userdebug_or_eng(`llkd') + lmkd + migrate_legacy_obb_data + netd + postinstall_dexopt + recovery + rss_hwm_reset + sdcardd + tee + ueventd + uncrypt + vendor_init + vold + vold_prepare_subdirs + zygote +}') +neverallow ~dac_override_allowed self:global_capability_class_set dac_override; +# Since the kernel checks dac_read_search before dac_override, domains that +# have dac_override should also have dac_read_search to eliminate spurious +# denials. Some domains have dac_read_search without having dac_override, so +# this list should be a superset of the one above. +neverallow ~{ + dac_override_allowed + iorap_inode2filename + iorap_prefetcherd + traced_perf + traced_probes + userdebug_or_eng(`heapprofd') +} self:global_capability_class_set dac_read_search; + +# Limit what domains can mount filesystems or change their mount flags. +# sdcard_type / vfat is exempt as a larger set of domains need +# this capability, including device-specific domains. +neverallow { + domain + -apexd + recovery_only(`userdebug_or_eng(`-fastbootd')') + -init + -kernel + -otapreopt_chroot + -recovery + -update_engine + -vold + -zygote +} { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto }; + +# Limit raw I/O to these whitelisted domains. Do not apply to debug builds. +neverallow { + domain + userdebug_or_eng(`-domain') + -kernel + -gsid + -init + -recovery + -ueventd + -healthd + -uncrypt + -tee + -hal_bootctl_server + -fastbootd +} self:global_capability_class_set sys_rawio; + +# Limit directory operations that doesn't need to do app data isolation. +neverallow { + domain + -init + -installd + -zygote +} mirror_data_file:dir *; + +# This property is being removed. Remove remaining access. +neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set; +neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read; diff --git a/prebuilts/api/30.0/private/drmserver.te b/prebuilts/api/30.0/private/drmserver.te new file mode 100644 index 000000000..afe4f0aae --- /dev/null +++ b/prebuilts/api/30.0/private/drmserver.te @@ -0,0 +1,7 @@ +typeattribute drmserver coredomain; + +init_daemon_domain(drmserver) + +type_transition drmserver apk_data_file:sock_file drmserver_socket; + +typeattribute drmserver_socket coredomain_socket; diff --git a/prebuilts/api/30.0/private/dumpstate.te b/prebuilts/api/30.0/private/dumpstate.te new file mode 100644 index 000000000..72e508e86 --- /dev/null +++ b/prebuilts/api/30.0/private/dumpstate.te @@ -0,0 +1,62 @@ +typeattribute dumpstate coredomain; + +init_daemon_domain(dumpstate) + +# Execute and transition to the vdc domain +domain_auto_trans(dumpstate, vdc_exec, vdc) + +# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables +allow dumpstate system_file:file lock; + +allow dumpstate storaged_exec:file rx_file_perms; + +# /data/misc/wmtrace for wm traces +userdebug_or_eng(` + allow dumpstate wm_trace_data_file:dir r_dir_perms; + allow dumpstate wm_trace_data_file:file r_file_perms; +') + +# Allow dumpstate to make binder calls to incidentd +binder_call(dumpstate, incidentd) + +# Allow dumpstate to make binder calls to storaged service +binder_call(dumpstate, storaged) + +# Allow dumpstate to make binder calls to statsd +binder_call(dumpstate, statsd) + +# Allow dumpstate to talk to gpuservice over binder +binder_call(dumpstate, gpuservice); + +# Allow dumpstate to talk to idmap over binder +binder_call(dumpstate, idmap); + +# Collect metrics on boot time created by init +get_prop(dumpstate, boottime_prop) + +# Signal native processes to dump their stack. +allow dumpstate { + statsd + netd +}:process signal; + +# For collecting bugreports. +allow dumpstate debugfs_wakeup_sources:file r_file_perms; +allow dumpstate dev_type:blk_file getattr; +allow dumpstate webview_zygote:process signal; +dontaudit dumpstate update_engine:binder call; +allow dumpstate proc_net_tcp_udp:file r_file_perms; + +# For comminucating with the system process to do confirmation ui. +binder_call(dumpstate, incidentcompanion_service) + +# For dumping dynamic partition information. +set_prop(dumpstate, lpdumpd_prop) +binder_call(dumpstate, lpdumpd) + +# For dumping device-mapper and snapshot information. +allow dumpstate gsid_exec:file rx_file_perms; +set_prop(dumpstate, ctl_gsid_prop) +binder_call(dumpstate, gsid) + +r_dir_file(dumpstate, ota_metadata_file) diff --git a/prebuilts/api/30.0/private/ephemeral_app.te b/prebuilts/api/30.0/private/ephemeral_app.te new file mode 100644 index 000000000..56d47474b --- /dev/null +++ b/prebuilts/api/30.0/private/ephemeral_app.te @@ -0,0 +1,99 @@ +### +### Ephemeral apps. +### +### This file defines the security policy for apps with the ephemeral +### feature. +### +### The ephemeral_app domain is a reduced permissions sandbox allowing +### ephemeral applications to be safely installed and run. Non ephemeral +### applications may also opt-in to ephemeral to take advantage of the +### additional security features. +### +### PackageManager flags an app as ephemeral at install time. + +typeattribute ephemeral_app coredomain; + +net_domain(ephemeral_app) +app_domain(ephemeral_app) + +# Allow ephemeral apps to read/write files in visible storage if provided fds +allow ephemeral_app { sdcard_type media_rw_data_file }:file {read write getattr ioctl lock append}; + +# Some apps ship with shared libraries and binaries that they write out +# to their sandbox directory and then execute. +allow ephemeral_app privapp_data_file:file { r_file_perms execute }; +allow ephemeral_app app_data_file:file { r_file_perms execute }; + +# Follow priv-app symlinks. This is used for dynamite functionality. +allow ephemeral_app privapp_data_file:lnk_file r_file_perms; + +# Allow the renderscript compiler to be run. +domain_auto_trans(ephemeral_app, rs_exec, rs) + +# Allow loading and deleting shared libraries created by trusted system +# components within an application home directory. +allow ephemeral_app app_exec_data_file:file { r_file_perms execute unlink }; + +# services +allow ephemeral_app audioserver_service:service_manager find; +allow ephemeral_app cameraserver_service:service_manager find; +allow ephemeral_app mediaserver_service:service_manager find; +allow ephemeral_app mediaextractor_service:service_manager find; +allow ephemeral_app mediametrics_service:service_manager find; +allow ephemeral_app mediadrmserver_service:service_manager find; +allow ephemeral_app drmserver_service:service_manager find; +allow ephemeral_app radio_service:service_manager find; +allow ephemeral_app ephemeral_app_api_service:service_manager find; +allow ephemeral_app gpu_service:service_manager find; + +# Allow ephemeral apps to interact with gpuservice +binder_call(ephemeral_app, gpuservice) + +# Write app-specific trace data to the Perfetto traced damon. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(ephemeral_app) + +# Allow profiling if the app opts in by being marked profileable/debuggable. +can_profile_heap(ephemeral_app) +can_profile_perf(ephemeral_app) + +# allow ephemeral apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow ephemeral_app system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +allow ephemeral_app ashmem_device:chr_file rw_file_perms; + +### +### neverallow rules +### + +neverallow ephemeral_app { app_data_file privapp_data_file }:file execute_no_trans; + +# Receive or send uevent messages. +neverallow ephemeral_app domain:netlink_kobject_uevent_socket *; + +# Receive or send generic netlink messages +neverallow ephemeral_app domain:netlink_socket *; + +# Too much leaky information in debugfs. It's a security +# best practice to ensure these files aren't readable. +neverallow ephemeral_app debugfs:file read; + +# execute gpu_device +neverallow ephemeral_app gpu_device:chr_file execute; + +# access files in /sys with the default sysfs label +neverallow ephemeral_app sysfs:file *; + +# Avoid reads from generically labeled /proc files +# Create a more specific label if needed +neverallow ephemeral_app proc:file { no_rw_file_perms no_x_file_perms }; + +# Directly access external storage +neverallow ephemeral_app { sdcard_type media_rw_data_file }:file {open create}; +neverallow ephemeral_app { sdcard_type media_rw_data_file }:dir search; + +# Avoid reads to proc_net, it contains too much device wide information about +# ongoing connections. +neverallow ephemeral_app proc_net:file no_rw_file_perms; diff --git a/prebuilts/api/30.0/private/fastbootd.te b/prebuilts/api/30.0/private/fastbootd.te new file mode 100644 index 000000000..29a9157e6 --- /dev/null +++ b/prebuilts/api/30.0/private/fastbootd.te @@ -0,0 +1 @@ +typeattribute fastbootd coredomain; diff --git a/prebuilts/api/30.0/private/file.te b/prebuilts/api/30.0/private/file.te new file mode 100644 index 000000000..44920029c --- /dev/null +++ b/prebuilts/api/30.0/private/file.te @@ -0,0 +1,28 @@ +# /proc/config.gz +type config_gz, fs_type, proc_type; + +# /data/misc/storaged +type storaged_data_file, file_type, data_file_type, core_data_file_type; + +# /data/misc/wmtrace for wm traces +type wm_trace_data_file, file_type, data_file_type, core_data_file_type; + +# /data/misc/perfetto-traces for perfetto traces +type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type; + +# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds. +type debugfs_kcov, fs_type, debugfs_type; + +# App executable files in /data/data directories +type app_exec_data_file, file_type, data_file_type, core_data_file_type; +typealias app_exec_data_file alias rs_data_file; + +# /data/misc_[ce|de]/rollback : Used by installd to store snapshots +# of application data. +type rollback_data_file, file_type, data_file_type, core_data_file_type; + +# /data/gsi/ota +type ota_image_data_file, file_type, data_file_type, core_data_file_type; + +# /data/misc/emergencynumberdb +type emergency_data_file, file_type, data_file_type, core_data_file_type; diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts new file mode 100644 index 000000000..4f86f710f --- /dev/null +++ b/prebuilts/api/30.0/private/file_contexts @@ -0,0 +1,733 @@ +########################################### +# Root +/ u:object_r:rootfs:s0 + +# Data files +/adb_keys u:object_r:adb_keys_file:s0 +/build\.prop u:object_r:rootfs:s0 +/default\.prop u:object_r:rootfs:s0 +/fstab\..* u:object_r:rootfs:s0 +/init\..* u:object_r:rootfs:s0 +/res(/.*)? u:object_r:rootfs:s0 +/selinux_version u:object_r:rootfs:s0 +/ueventd\..* u:object_r:rootfs:s0 +/verity_key u:object_r:rootfs:s0 + +# Executables +/init u:object_r:init_exec:s0 +/sbin(/.*)? u:object_r:rootfs:s0 + +# For kernel modules +/lib(/.*)? u:object_r:rootfs:s0 + +# Empty directories +/lost\+found u:object_r:rootfs:s0 +/acct u:object_r:cgroup:s0 +/config u:object_r:rootfs:s0 +/data_mirror u:object_r:mirror_data_file:s0 +/debug_ramdisk u:object_r:tmpfs:s0 +/mnt u:object_r:tmpfs:s0 +/postinstall u:object_r:postinstall_mnt_dir:s0 +/postinstall/apex u:object_r:postinstall_apex_mnt_dir:s0 +/proc u:object_r:rootfs:s0 +/sys u:object_r:sysfs:s0 +/apex u:object_r:apex_mnt_dir:s0 + +# Symlinks +/bin u:object_r:rootfs:s0 +/bugreports u:object_r:rootfs:s0 +/charger u:object_r:rootfs:s0 +/d u:object_r:rootfs:s0 +/etc u:object_r:rootfs:s0 +/sdcard u:object_r:rootfs:s0 + +# SELinux policy files +/vendor_file_contexts u:object_r:file_contexts_file:s0 +/nonplat_file_contexts u:object_r:file_contexts_file:s0 +/plat_file_contexts u:object_r:file_contexts_file:s0 +/product_file_contexts u:object_r:file_contexts_file:s0 +/mapping_sepolicy\.cil u:object_r:sepolicy_file:s0 +/nonplat_sepolicy\.cil u:object_r:sepolicy_file:s0 +/plat_sepolicy\.cil u:object_r:sepolicy_file:s0 +/plat_property_contexts u:object_r:property_contexts_file:s0 +/product_property_contexts u:object_r:property_contexts_file:s0 +/nonplat_property_contexts u:object_r:property_contexts_file:s0 +/vendor_property_contexts u:object_r:property_contexts_file:s0 +/seapp_contexts u:object_r:seapp_contexts_file:s0 +/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0 +/vendor_seapp_contexts u:object_r:seapp_contexts_file:s0 +/plat_seapp_contexts u:object_r:seapp_contexts_file:s0 +/sepolicy u:object_r:sepolicy_file:s0 +/plat_service_contexts u:object_r:service_contexts_file:s0 +/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0 +# Use nonplat_service_contexts_file to allow servicemanager to read it +# on non full-treble devices. +/vendor_service_contexts u:object_r:nonplat_service_contexts_file:s0 +/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/vendor_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/vndservice_contexts u:object_r:vndservice_contexts_file:s0 + +########################## +# Devices +# +/dev(/.*)? u:object_r:device:s0 +/dev/adf[0-9]* u:object_r:graphics_device:s0 +/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0 +/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0 +/dev/ashmem u:object_r:ashmem_device:s0 +/dev/ashmem(.*)? u:object_r:ashmem_libcutils_device:s0 +/dev/audio.* u:object_r:audio_device:s0 +/dev/binder u:object_r:binder_device:s0 +/dev/block(/.*)? u:object_r:block_device:s0 +/dev/block/dm-[0-9]+ u:object_r:dm_device:s0 +/dev/block/loop[0-9]* u:object_r:loop_device:s0 +/dev/block/vold/.+ u:object_r:vold_device:s0 +/dev/block/ram[0-9]* u:object_r:ram_device:s0 +/dev/block/zram[0-9]* u:object_r:ram_device:s0 +/dev/boringssl/selftest(/.*)? u:object_r:boringssl_self_test_marker:s0 +/dev/bus/usb(.*)? u:object_r:usb_device:s0 +/dev/console u:object_r:console_device:s0 +/dev/cpu_variant:.* u:object_r:dev_cpu_variant:s0 +/dev/device-mapper u:object_r:dm_device:s0 +/dev/eac u:object_r:audio_device:s0 +/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0 +/dev/cgroup_info(/.*)? u:object_r:cgroup_rc_file:s0 +/dev/fscklogs(/.*)? u:object_r:fscklogs:s0 +/dev/fuse u:object_r:fuse_device:s0 +/dev/graphics(/.*)? u:object_r:graphics_device:s0 +/dev/hw_random u:object_r:hw_random_device:s0 +/dev/hwbinder u:object_r:hwbinder_device:s0 +/dev/input(/.*)? u:object_r:input_device:s0 +/dev/iio:device[0-9]+ u:object_r:iio_device:s0 +/dev/ion u:object_r:ion_device:s0 +/dev/keychord u:object_r:keychord_device:s0 +/dev/loop-control u:object_r:loop_control_device:s0 +/dev/modem.* u:object_r:radio_device:s0 +/dev/mtp_usb u:object_r:mtp_device:s0 +/dev/pmsg0 u:object_r:pmsg_device:s0 +/dev/pn544 u:object_r:nfc_device:s0 +/dev/port u:object_r:port_device:s0 +/dev/ppp u:object_r:ppp_device:s0 +/dev/ptmx u:object_r:ptmx_device:s0 +/dev/pvrsrvkm u:object_r:gpu_device:s0 +/dev/kmsg u:object_r:kmsg_device:s0 +/dev/kmsg_debug u:object_r:kmsg_debug_device:s0 +/dev/null u:object_r:null_device:s0 +/dev/nvhdcp1 u:object_r:video_device:s0 +/dev/random u:object_r:random_device:s0 +/dev/rpmsg-omx[0-9] u:object_r:rpmsg_device:s0 +/dev/rproc_user u:object_r:rpmsg_device:s0 +/dev/rtc[0-9] u:object_r:rtc_device:s0 +/dev/snd(/.*)? u:object_r:audio_device:s0 +/dev/socket(/.*)? u:object_r:socket_device:s0 +/dev/socket/adbd u:object_r:adbd_socket:s0 +/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0 +/dev/socket/dumpstate u:object_r:dumpstate_socket:s0 +/dev/socket/fwmarkd u:object_r:fwmarkd_socket:s0 +/dev/socket/lmkd u:object_r:lmkd_socket:s0 +/dev/socket/logd u:object_r:logd_socket:s0 +/dev/socket/logdr u:object_r:logdr_socket:s0 +/dev/socket/logdw u:object_r:logdw_socket:s0 +/dev/socket/statsdw u:object_r:statsdw_socket:s0 +/dev/socket/mdns u:object_r:mdns_socket:s0 +/dev/socket/mdnsd u:object_r:mdnsd_socket:s0 +/dev/socket/mtpd u:object_r:mtpd_socket:s0 +/dev/socket/pdx/system/buffer_hub u:object_r:pdx_bufferhub_dir:s0 +/dev/socket/pdx/system/buffer_hub/client u:object_r:pdx_bufferhub_client_endpoint_socket:s0 +/dev/socket/pdx/system/performance u:object_r:pdx_performance_dir:s0 +/dev/socket/pdx/system/performance/client u:object_r:pdx_performance_client_endpoint_socket:s0 +/dev/socket/pdx/system/vr/display u:object_r:pdx_display_dir:s0 +/dev/socket/pdx/system/vr/display/client u:object_r:pdx_display_client_endpoint_socket:s0 +/dev/socket/pdx/system/vr/display/manager u:object_r:pdx_display_manager_endpoint_socket:s0 +/dev/socket/pdx/system/vr/display/screenshot u:object_r:pdx_display_screenshot_endpoint_socket:s0 +/dev/socket/pdx/system/vr/display/vsync u:object_r:pdx_display_vsync_endpoint_socket:s0 +/dev/socket/property_service u:object_r:property_socket:s0 +/dev/socket/racoon u:object_r:racoon_socket:s0 +/dev/socket/recovery u:object_r:recovery_socket:s0 +/dev/socket/rild u:object_r:rild_socket:s0 +/dev/socket/rild-debug u:object_r:rild_debug_socket:s0 +/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0 +/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0 +/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0 +/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0 +/dev/socket/traced_perf u:object_r:traced_perf_socket:s0 +/dev/socket/traced_producer u:object_r:traced_producer_socket:s0 +/dev/socket/heapprofd u:object_r:heapprofd_socket:s0 +/dev/socket/uncrypt u:object_r:uncrypt_socket:s0 +/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0 +/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0 +/dev/socket/zygote u:object_r:zygote_socket:s0 +/dev/socket/zygote_secondary u:object_r:zygote_socket:s0 +/dev/socket/usap_pool_primary u:object_r:zygote_socket:s0 +/dev/socket/usap_pool_secondary u:object_r:zygote_socket:s0 +/dev/spdif_out.* u:object_r:audio_device:s0 +/dev/tty u:object_r:owntty_device:s0 +/dev/tty[0-9]* u:object_r:tty_device:s0 +/dev/ttyS[0-9]* u:object_r:serial_device:s0 +/dev/ttyUSB[0-9]* u:object_r:usb_serial_device:s0 +/dev/ttyACM[0-9]* u:object_r:usb_serial_device:s0 +/dev/tun u:object_r:tun_device:s0 +/dev/uhid u:object_r:uhid_device:s0 +/dev/uinput u:object_r:uhid_device:s0 +/dev/uio[0-9]* u:object_r:uio_device:s0 +/dev/urandom u:object_r:random_device:s0 +/dev/usb_accessory u:object_r:usbaccessory_device:s0 +/dev/v4l-touch[0-9]* u:object_r:input_device:s0 +/dev/video[0-9]* u:object_r:video_device:s0 +/dev/vndbinder u:object_r:vndbinder_device:s0 +/dev/watchdog u:object_r:watchdog_device:s0 +/dev/xt_qtaguid u:object_r:qtaguid_device:s0 +/dev/zero u:object_r:zero_device:s0 +/dev/__properties__ u:object_r:properties_device:s0 +/dev/__properties__/property_info u:object_r:property_info:s0 +############################# +# Linker configuration +# +/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0 +############################# +# System files +# +/system(/.*)? u:object_r:system_file:s0 +/system/apex/com.android.art u:object_r:art_apex_dir:s0 +/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0 +/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0 +/system/bin/atrace u:object_r:atrace_exec:s0 +/system/bin/auditctl u:object_r:auditctl_exec:s0 +/system/bin/bcc u:object_r:rs_exec:s0 +/system/bin/blank_screen u:object_r:blank_screen_exec:s0 +/system/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0 +/system/bin/charger u:object_r:charger_exec:s0 +/system/bin/e2fsdroid u:object_r:e2fs_exec:s0 +/system/bin/mke2fs u:object_r:e2fs_exec:s0 +/system/bin/e2fsck -- u:object_r:fsck_exec:s0 +/system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0 +/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0 +/system/bin/init u:object_r:init_exec:s0 +# TODO(/123600489): merge mini-keyctl into toybox +/system/bin/mini-keyctl -- u:object_r:toolbox_exec:s0 +/system/bin/fsverity_init u:object_r:fsverity_init_exec:s0 +/system/bin/sload_f2fs -- u:object_r:e2fs_exec:s0 +/system/bin/make_f2fs -- u:object_r:e2fs_exec:s0 +/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0 +/system/bin/tcpdump -- u:object_r:tcpdump_exec:s0 +/system/bin/tune2fs -- u:object_r:fsck_exec:s0 +/system/bin/toolbox -- u:object_r:toolbox_exec:s0 +/system/bin/toybox -- u:object_r:toolbox_exec:s0 +/system/bin/ld\.mc u:object_r:rs_exec:s0 +/system/bin/logcat -- u:object_r:logcat_exec:s0 +/system/bin/logcatd -- u:object_r:logcat_exec:s0 +/system/bin/sh -- u:object_r:shell_exec:s0 +/system/bin/run-as -- u:object_r:runas_exec:s0 +/system/bin/bootanimation u:object_r:bootanim_exec:s0 +/system/bin/bootstat u:object_r:bootstat_exec:s0 +/system/bin/app_process32 u:object_r:zygote_exec:s0 +/system/bin/app_process64 u:object_r:zygote_exec:s0 +/system/bin/servicemanager u:object_r:servicemanager_exec:s0 +/system/bin/hwservicemanager u:object_r:hwservicemanager_exec:s0 +/system/bin/surfaceflinger u:object_r:surfaceflinger_exec:s0 +/system/bin/gpuservice u:object_r:gpuservice_exec:s0 +/system/bin/bufferhubd u:object_r:bufferhubd_exec:s0 +/system/bin/performanced u:object_r:performanced_exec:s0 +/system/bin/drmserver u:object_r:drmserver_exec:s0 +/system/bin/dumpstate u:object_r:dumpstate_exec:s0 +/system/bin/incident u:object_r:incident_exec:s0 +/system/bin/incidentd u:object_r:incidentd_exec:s0 +/system/bin/incident_helper u:object_r:incident_helper_exec:s0 +/system/bin/iw u:object_r:iw_exec:s0 +/system/bin/netutils-wrapper-1\.0 u:object_r:netutils_wrapper_exec:s0 +/system/bin/vold u:object_r:vold_exec:s0 +/system/bin/netd u:object_r:netd_exec:s0 +/system/bin/wificond u:object_r:wificond_exec:s0 +/system/bin/audioserver u:object_r:audioserver_exec:s0 +/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0 +/system/bin/mediaserver u:object_r:mediaserver_exec:s0 +/system/bin/mediametrics u:object_r:mediametrics_exec:s0 +/system/bin/cameraserver u:object_r:cameraserver_exec:s0 +/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0 +/system/bin/mediaswcodec u:object_r:mediaswcodec_exec:s0 +/system/bin/mediatranscoding u:object_r:mediatranscoding_exec:s0 +/system/bin/mdnsd u:object_r:mdnsd_exec:s0 +/system/bin/installd u:object_r:installd_exec:s0 +/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0 +/system/bin/otapreopt_slot u:object_r:otapreopt_slot_exec:s0 +/system/bin/art_apex_boot_integrity u:object_r:art_apex_boot_integrity_exec:s0 +/system/bin/credstore u:object_r:credstore_exec:s0 +/system/bin/keystore u:object_r:keystore_exec:s0 +/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0 +/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0 +/system/bin/crash_dump32 u:object_r:crash_dump_exec:s0 +/system/bin/crash_dump64 u:object_r:crash_dump_exec:s0 +/system/bin/tombstoned u:object_r:tombstoned_exec:s0 +/system/bin/recovery-persist u:object_r:recovery_persist_exec:s0 +/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0 +/system/bin/sdcard u:object_r:sdcardd_exec:s0 +/system/bin/snapshotctl u:object_r:snapshotctl_exec:s0 +/system/bin/dhcpcd u:object_r:dhcp_exec:s0 +/system/bin/dhcpcd-6\.8\.2 u:object_r:dhcp_exec:s0 +/system/bin/mtpd u:object_r:mtp_exec:s0 +/system/bin/pppd u:object_r:ppp_exec:s0 +/system/bin/racoon u:object_r:racoon_exec:s0 +/system/xbin/su u:object_r:su_exec:s0 +/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0 +/system/bin/healthd u:object_r:healthd_exec:s0 +/system/bin/clatd u:object_r:clatd_exec:s0 +/system/bin/linker(64)? u:object_r:system_linker_exec:s0 +/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0 +/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0 +/system/bin/llkd u:object_r:llkd_exec:s0 +/system/bin/lmkd u:object_r:lmkd_exec:s0 +/system/bin/usbd u:object_r:usbd_exec:s0 +/system/bin/inputflinger u:object_r:inputflinger_exec:s0 +/system/bin/logd u:object_r:logd_exec:s0 +/system/bin/lpdumpd u:object_r:lpdumpd_exec:s0 +/system/bin/rss_hwm_reset u:object_r:rss_hwm_reset_exec:s0 +/system/bin/perfetto u:object_r:perfetto_exec:s0 +/system/bin/traced u:object_r:traced_exec:s0 +/system/bin/traced_perf u:object_r:traced_perf_exec:s0 +/system/bin/traced_probes u:object_r:traced_probes_exec:s0 +/system/bin/heapprofd u:object_r:heapprofd_exec:s0 +/system/bin/uncrypt u:object_r:uncrypt_exec:s0 +/system/bin/update_verifier u:object_r:update_verifier_exec:s0 +/system/bin/logwrapper u:object_r:system_file:s0 +/system/bin/vdc u:object_r:vdc_exec:s0 +/system/bin/cppreopts\.sh u:object_r:cppreopts_exec:s0 +/system/bin/preloads_copy\.sh u:object_r:preloads_copy_exec:s0 +/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0 +/system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0 +/system/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0 +/system/bin/viewcompiler u:object_r:viewcompiler_exec:s0 +/system/bin/profman(d)? u:object_r:profman_exec:s0 +/system/bin/iorapd u:object_r:iorapd_exec:s0 +/system/bin/iorap\.inode2filename u:object_r:iorap_inode2filename_exec:s0 +/system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0 +/system/bin/sgdisk u:object_r:sgdisk_exec:s0 +/system/bin/blkid u:object_r:blkid_exec:s0 +/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0 +/system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0 +/system/bin/idmap u:object_r:idmap_exec:s0 +/system/bin/idmap2(d)? u:object_r:idmap_exec:s0 +/system/bin/update_engine u:object_r:update_engine_exec:s0 +/system/bin/storaged u:object_r:storaged_exec:s0 +/system/bin/wpantund u:object_r:wpantund_exec:s0 +/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0 +/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0 +/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0 +/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:system_suspend_exec:s0 +/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0 +/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0 +/system/etc/group u:object_r:system_group_file:s0 +/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0 +/system/etc/passwd u:object_r:system_passwd_file:s0 +/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0 +/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0 +/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0 +/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0 +/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0 +/system/etc/selinux/plat_service_contexts u:object_r:service_contexts_file:s0 +/system/etc/selinux/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/system/etc/selinux/plat_file_contexts u:object_r:file_contexts_file:s0 +/system/etc/selinux/plat_seapp_contexts u:object_r:seapp_contexts_file:s0 +/system/etc/selinux/plat_sepolicy\.cil u:object_r:sepolicy_file:s0 +/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0 +/system/etc/task_profiles\.json u:object_r:task_profiles_file:s0 +/system/usr/share/zoneinfo(/.*)? u:object_r:system_zoneinfo_file:s0 +/system/bin/vr_hwc u:object_r:vr_hwc_exec:s0 +/system/bin/adbd u:object_r:adbd_exec:s0 +/system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0 +/system/bin/stats u:object_r:stats_exec:s0 +/system/bin/statsd u:object_r:statsd_exec:s0 +/system/bin/bpfloader u:object_r:bpfloader_exec:s0 +/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0 +/system/bin/watchdogd u:object_r:watchdogd_exec:s0 +/system/bin/apexd u:object_r:apexd_exec:s0 +/system/bin/gsid u:object_r:gsid_exec:s0 +/system/bin/simpleperf u:object_r:simpleperf_exec:s0 +/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0 +/system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0 +/system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0 +/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0 + +############################# +# Vendor files +# +/(vendor|system/vendor)(/.*)? u:object_r:vendor_file:s0 +/(vendor|system/vendor)/bin/sh u:object_r:vendor_shell_exec:s0 +/(vendor|system/vendor)/bin/toybox_vendor u:object_r:vendor_toolbox_exec:s0 +/(vendor|system/vendor)/bin/toolbox u:object_r:vendor_toolbox_exec:s0 +/(vendor|system/vendor)/etc(/.*)? u:object_r:vendor_configs_file:s0 +/(vendor|system/vendor)/etc/cgroups\.json u:object_r:vendor_cgroup_desc_file:s0 +/(vendor|system/vendor)/etc/task_profiles\.json u:object_r:vendor_task_profiles_file:s0 + +/(vendor|system/vendor)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0 + +/(vendor|system/vendor)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0 + +/(vendor|system/vendor)/manifest\.xml u:object_r:vendor_configs_file:s0 +/(vendor|system/vendor)/compatibility_matrix\.xml u:object_r:vendor_configs_file:s0 +/(vendor|system/vendor)/etc/vintf(/.*)? u:object_r:vendor_configs_file:s0 +/(vendor|system/vendor)/app(/.*)? u:object_r:vendor_app_file:s0 +/(vendor|system/vendor)/priv-app(/.*)? u:object_r:vendor_app_file:s0 +/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 +/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0 + +/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0 +/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0 +/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0 + +# HAL location +/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 + +/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0 + +/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0 + +############################# +# OEM and ODM files +# +/(odm|vendor/odm)(/.*)? u:object_r:vendor_file:s0 +/(odm|vendor/odm)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0 +/(odm|vendor/odm)/lib(64)?/hw u:object_r:vendor_hal_file:s0 +/(odm|vendor/odm)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0 +/(odm|vendor/odm)/bin/sh u:object_r:vendor_shell_exec:s0 +/(odm|vendor/odm)/etc(/.*)? u:object_r:vendor_configs_file:s0 +/(odm|vendor/odm)/app(/.*)? u:object_r:vendor_app_file:s0 +/(odm|vendor/odm)/priv-app(/.*)? u:object_r:vendor_app_file:s0 +/(odm|vendor/odm)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 +/(odm|vendor/odm)/framework(/.*)? u:object_r:vendor_framework_file:s0 + +# Input configuration +/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl u:object_r:vendor_keylayout_file:s0 +/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm u:object_r:vendor_keychars_file:s0 +/(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?\.idc u:object_r:vendor_idc_file:s0 + +/oem(/.*)? u:object_r:oemfs:s0 +/oem/overlay(/.*)? u:object_r:vendor_overlay_file:s0 + +# The precompiled monolithic sepolicy will be under /odm only when +# BOARD_USES_ODMIMAGE is true: a separate odm.img is built. +/odm/etc/selinux/precompiled_sepolicy u:object_r:sepolicy_file:s0 +/odm/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0 + +/(odm|vendor/odm)/etc/selinux/odm_sepolicy\.cil u:object_r:sepolicy_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_file_contexts u:object_r:file_contexts_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_seapp_contexts u:object_r:seapp_contexts_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_property_contexts u:object_r:property_contexts_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_mac_permissions\.xml u:object_r:mac_perms_file:s0 + +############################# +# Product files +# +/(product|system/product)(/.*)? u:object_r:system_file:s0 +/(product|system/product)/etc/group u:object_r:system_group_file:s0 +/(product|system/product)/etc/passwd u:object_r:system_passwd_file:s0 +/(product|system/product)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 + +/(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0 +/(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0 +/(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0 +/(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0 +/(product|system/product)/etc/selinux/product_mac_permissions\.xml u:object_r:mac_perms_file:s0 + +/(product|system/product)/lib(64)?(/.*)? u:object_r:system_lib_file:s0 + +############################# +# SystemExt files +# +/(system_ext|system/system_ext)(/.*)? u:object_r:system_file:s0 +/(system_ext|system/system_ext)/etc/group u:object_r:system_group_file:s0 +/(system_ext|system/system_ext)/etc/passwd u:object_r:system_passwd_file:s0 +/(system_ext|system/system_ext)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 + +/(system_ext|system/system_ext)/etc/selinux/system_ext_file_contexts u:object_r:file_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_property_contexts u:object_r:property_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_seapp_contexts u:object_r:seapp_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_service_contexts u:object_r:service_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_mac_permissions\.xml u:object_r:mac_perms_file:s0 + +/(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0 +/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0 + +############################# +# Vendor files from /(product|system/product)/vendor_overlay +# +# NOTE: For additional vendor file contexts for vendor overlay files, +# use device specific file_contexts. +# +/(product|system/product)/vendor_overlay/[0-9]+/.* u:object_r:vendor_file:s0 + +############################# +# Data files +# +# NOTE: When modifying existing label rules, changes may also need to +# propagate to the "Expanded data files" section. +# +/data u:object_r:system_data_root_file:s0 +/data/(.*)? u:object_r:system_data_file:s0 +/data/system/packages\.list u:object_r:packages_list_file:s0 +/data/unencrypted(/.*)? u:object_r:unencrypted_data_file:s0 +/data/backup(/.*)? u:object_r:backup_data_file:s0 +/data/secure/backup(/.*)? u:object_r:backup_data_file:s0 +/data/system/ndebugsocket u:object_r:system_ndebug_socket:s0 +/data/system/unsolzygotesocket u:object_r:system_unsolzygote_socket:s0 +/data/drm(/.*)? u:object_r:drm_data_file:s0 +/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0 +/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0 +/data/ota(/.*)? u:object_r:ota_data_file:s0 +/data/ota_package(/.*)? u:object_r:ota_package_file:s0 +/data/adb(/.*)? u:object_r:adb_data_file:s0 +/data/anr(/.*)? u:object_r:anr_data_file:s0 +/data/apex(/.*)? u:object_r:apex_data_file:s0 +/data/apex/active/(.*)? u:object_r:staging_data_file:s0 +/data/apex/backup/(.*)? u:object_r:staging_data_file:s0 +/data/app(/.*)? u:object_r:apk_data_file:s0 +# Traditional /data/app/[packageName]-[randomString]/base.apk location +/data/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +# /data/app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout +/data/app/[^/]+/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/data/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0 +/data/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/data/app-private(/.*)? u:object_r:apk_private_data_file:s0 +/data/app-private/vmdl.*\.tmp(/.*)? u:object_r:apk_private_tmp_file:s0 +/data/gsi(/.*)? u:object_r:gsi_data_file:s0 +/data/gsi/ota(/.*)? u:object_r:ota_image_data_file:s0 +/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0 +/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0 +/data/local/tmp(/.*)? u:object_r:shell_data_file:s0 +/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0 +/data/local/traces(/.*)? u:object_r:trace_data_file:s0 +/data/media(/.*)? u:object_r:media_rw_data_file:s0 +/data/mediadrm(/.*)? u:object_r:media_data_file:s0 +/data/nativetest(/.*)? u:object_r:nativetest_data_file:s0 +/data/nativetest64(/.*)? u:object_r:nativetest_data_file:s0 +# This directory was removed after Q Beta 2, but we need to preserve labels for upgrading devices. +/data/pkg_staging(/.*)? u:object_r:staging_data_file:s0 +/data/property(/.*)? u:object_r:property_data_file:s0 +/data/preloads(/.*)? u:object_r:preloads_data_file:s0 +/data/preloads/media(/.*)? u:object_r:preloads_media_file:s0 +/data/preloads/demo(/.*)? u:object_r:preloads_media_file:s0 +/data/server_configurable_flags(/.*)? u:object_r:server_configurable_flags_data_file:s0 +/data/app-staging(/.*)? u:object_r:staging_data_file:s0 + +# Misc data +/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0 +/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0 +/data/misc/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 +/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 +/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0 +/data/misc/apns(/.*)? u:object_r:radio_data_file:s0 +/data/misc/audio(/.*)? u:object_r:audio_data_file:s0 +/data/misc/audioserver(/.*)? u:object_r:audioserver_data_file:s0 +/data/misc/audiohal(/.*)? u:object_r:audiohal_data_file:s0 +/data/misc/bootstat(/.*)? u:object_r:bootstat_data_file:s0 +/data/misc/boottrace(/.*)? u:object_r:boottrace_data_file:s0 +/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0 +/data/misc/bluetooth/logs(/.*)? u:object_r:bluetooth_logs_data_file:s0 +/data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0 +/data/misc/bluedroid/\.a2dp_ctrl u:object_r:bluetooth_socket:s0 +/data/misc/bluedroid/\.a2dp_data u:object_r:bluetooth_socket:s0 +/data/misc/camera(/.*)? u:object_r:camera_data_file:s0 +/data/misc/carrierid(/.*)? u:object_r:radio_data_file:s0 +/data/misc/dhcp(/.*)? u:object_r:dhcp_data_file:s0 +/data/misc/dhcp-6\.8\.2(/.*)? u:object_r:dhcp_data_file:s0 +/data/misc/emergencynumberdb(/.*)? u:object_r:emergency_data_file:s0 +/data/misc/gatekeeper(/.*)? u:object_r:gatekeeper_data_file:s0 +/data/misc/incidents(/.*)? u:object_r:incident_data_file:s0 +/data/misc/installd(/.*)? u:object_r:install_data_file:s0 +/data/misc/keychain(/.*)? u:object_r:keychain_data_file:s0 +/data/misc/credstore(/.*)? u:object_r:credstore_data_file:s0 +/data/misc/keystore(/.*)? u:object_r:keystore_data_file:s0 +/data/misc/logd(/.*)? u:object_r:misc_logd_file:s0 +/data/misc/media(/.*)? u:object_r:media_data_file:s0 +/data/misc/net(/.*)? u:object_r:net_data_file:s0 +/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0 +/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0 +/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0 +/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0 +/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0 +/data/misc/sms(/.*)? u:object_r:radio_data_file:s0 +/data/misc/snapshotctl_log(/.*)? u:object_r:snapshotctl_log_data_file:s0 +/data/misc/stats-active-metric(/.*)? u:object_r:stats_data_file:s0 +/data/misc/stats-data(/.*)? u:object_r:stats_data_file:s0 +/data/misc/stats-service(/.*)? u:object_r:stats_data_file:s0 +/data/misc/stats-metadata(/.*)? u:object_r:stats_data_file:s0 +/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0 +/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0 +/data/misc/train-info(/.*)? u:object_r:stats_data_file:s0 +/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0 +/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0 +/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0 +/data/misc_ce/[0-9]+/wifi(/.*)? u:object_r:wifi_data_file:s0 +/data/misc/wifi/sockets(/.*)? u:object_r:wpa_socket:s0 +/data/misc/wifi/sockets/wpa_ctrl.* u:object_r:system_wpa_socket:s0 +/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0 +/data/misc/vold(/.*)? u:object_r:vold_data_file:s0 +/data/misc/iorapd(/.*)? u:object_r:iorapd_data_file:s0 +/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0 +/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0 +/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0 +/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0 +/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0 +/data/misc/wmtrace(/.*)? u:object_r:wm_trace_data_file:s0 +# TODO(calin) label profile reference differently so that only +# profman run as a special user can write to them +/data/misc/profiles/cur(/.*)? u:object_r:user_profile_data_file:s0 +/data/misc/profiles/ref(/.*)? u:object_r:user_profile_data_file:s0 +/data/misc/profman(/.*)? u:object_r:profman_dump_data_file:s0 +/data/vendor(/.*)? u:object_r:vendor_data_file:s0 +/data/vendor_ce(/.*)? u:object_r:vendor_data_file:s0 +/data/vendor_de(/.*)? u:object_r:vendor_data_file:s0 + +# storaged proto files +/data/misc_de/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0 +/data/misc_ce/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0 + +# Fingerprint data +/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0 + +# Fingerprint vendor data file +/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0 + +# Face vendor data file +/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0 +/data/vendor_ce/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0 + +# Iris vendor data file +/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0 + +# Bootchart data +/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0 + +# App data snapshots (managed by installd). +/data/misc_de/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0 +/data/misc_ce/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0 + +# Apex data directories +/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0 +/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0 +/data/misc_de/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 +/data/misc_ce/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 +/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 +/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 + +# Apex rollback directories +/data/misc_de/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0 +/data/misc_ce/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0 + +# Incremental directories +/data/incremental(/.*)? u:object_r:apk_data_file:s0 +/data/incremental/MT_[^/]+/mount/.pending_reads u:object_r:incremental_control_file:s0 +/data/incremental/MT_[^/]+/mount/.log u:object_r:incremental_control_file:s0 + +############################# +# Expanded data files +# +/mnt/expand(/.*)? u:object_r:mnt_expand_file:s0 +/mnt/expand/[^/]+(/.*)? u:object_r:system_data_file:s0 +/mnt/expand/[^/]+/app(/.*)? u:object_r:apk_data_file:s0 +/mnt/expand/[^/]+/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +# /mnt/expand/..../app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout +/mnt/expand/[^/]+/app/[^/]+/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0 +/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/mnt/expand/[^/]+/local/tmp(/.*)? u:object_r:shell_data_file:s0 +/mnt/expand/[^/]+/media(/.*)? u:object_r:media_rw_data_file:s0 +/mnt/expand/[^/]+/misc/vold(/.*)? u:object_r:vold_data_file:s0 + +# coredump directory for userdebug/eng devices +/cores(/.*)? u:object_r:coredump_file:s0 + +# Wallpaper files +/data/system/users/[0-9]+/wallpaper_lock_orig u:object_r:wallpaper_file:s0 +/data/system/users/[0-9]+/wallpaper_lock u:object_r:wallpaper_file:s0 +/data/system/users/[0-9]+/wallpaper_orig u:object_r:wallpaper_file:s0 +/data/system/users/[0-9]+/wallpaper u:object_r:wallpaper_file:s0 + +# Ringtone files +/data/system_de/[0-9]+/ringtones(/.*)? u:object_r:ringtone_file:s0 + +# ShortcutManager icons, e.g. +# /data/system_ce/0/shortcut_service/bitmaps/com.example.app/1457472879282.png +/data/system_ce/[0-9]+/shortcut_service/bitmaps(/.*)? u:object_r:shortcut_manager_icons:s0 + +# User icon files +/data/system/users/[0-9]+/photo\.png u:object_r:icon_file:s0 + +# vold per-user data +/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0 +/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0 + +# iorapd per-user data +/data/misc_ce/[0-9]+/iorapd(/.*)? u:object_r:iorapd_data_file:s0 + +# Backup service persistent per-user bookkeeping +/data/system_ce/[0-9]+/backup(/.*)? u:object_r:backup_data_file:s0 +# Backup service temporary per-user data for inter-change with apps +/data/system_ce/[0-9]+/backup_stage(/.*)? u:object_r:backup_data_file:s0 + +############################# +# efs files +# +/efs(/.*)? u:object_r:efs_file:s0 + +############################# +# Cache files +# +/cache(/.*)? u:object_r:cache_file:s0 +/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0 +# General backup/restore interchange with apps +/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0 +# LocalTransport (backup) uses this subtree +/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0 + +############################# +# Overlayfs support directories +# +/cache/overlay(/.*)? u:object_r:overlayfs_file:s0 +/mnt/scratch(/.*)? u:object_r:overlayfs_file:s0 + +/data/cache(/.*)? u:object_r:cache_file:s0 +/data/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0 +# General backup/restore interchange with apps +/data/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0 +# LocalTransport (backup) uses this subtree +/data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0 + +############################# +# Metadata files +# +/metadata(/.*)? u:object_r:metadata_file:s0 +/metadata/apex(/.*)? u:object_r:apex_metadata_file:s0 +/metadata/vold(/.*)? u:object_r:vold_metadata_file:s0 +/metadata/gsi(/.*)? u:object_r:gsi_metadata_file:s0 +/metadata/gsi/ota(/.*)? u:object_r:ota_metadata_file:s0 +/metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0 +/metadata/ota(/.*)? u:object_r:ota_metadata_file:s0 +/metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0 + +############################# +# asec containers +/mnt/asec(/.*)? u:object_r:asec_apk_file:s0 +/mnt/asec/[^/]+/[^/]+\.zip u:object_r:asec_public_file:s0 +/mnt/asec/[^/]+/lib(/.*)? u:object_r:asec_public_file:s0 +/data/app-asec(/.*)? u:object_r:asec_image_file:s0 + +############################# +# external storage +/mnt/media_rw(/.*)? u:object_r:mnt_media_rw_file:s0 +/mnt/user(/.*)? u:object_r:mnt_user_file:s0 +/mnt/pass_through(/.*)? u:object_r:mnt_pass_through_file:s0 +/mnt/sdcard u:object_r:mnt_sdcard_file:s0 +/mnt/runtime(/.*)? u:object_r:storage_file:s0 +/storage(/.*)? u:object_r:storage_file:s0 + +############################# +# mount point for read-write vendor partitions +/mnt/vendor(/.*)? u:object_r:mnt_vendor_file:s0 + +############################# +# mount point for read-write product partitions +/mnt/product(/.*)? u:object_r:mnt_product_file:s0 diff --git a/prebuilts/api/30.0/private/file_contexts_asan b/prebuilts/api/30.0/private/file_contexts_asan new file mode 100644 index 000000000..b37f08633 --- /dev/null +++ b/prebuilts/api/30.0/private/file_contexts_asan @@ -0,0 +1,14 @@ +/data/asan/system/lib(/.*)? u:object_r:system_lib_file:s0 +/data/asan/system/lib64(/.*)? u:object_r:system_lib_file:s0 +/data/asan/vendor/lib(/.*)? u:object_r:system_lib_file:s0 +/data/asan/vendor/lib64(/.*)? u:object_r:system_lib_file:s0 +/data/asan/odm/lib(/.*)? u:object_r:system_lib_file:s0 +/data/asan/odm/lib64(/.*)? u:object_r:system_lib_file:s0 +/data/asan/product/lib(/.*)? u:object_r:system_lib_file:s0 +/data/asan/product/lib64(/.*)? u:object_r:system_lib_file:s0 +/system/asan.options u:object_r:system_asan_options_file:s0 +/system/bin/asan_extract u:object_r:asan_extract_exec:s0 +/system/bin/asanwrapper u:object_r:asanwrapper_exec:s0 +/system/bin/asan/app_process u:object_r:zygote_exec:s0 +/system/bin/asan/app_process32 u:object_r:zygote_exec:s0 +/system/bin/asan/app_process64 u:object_r:zygote_exec:s0 diff --git a/prebuilts/api/30.0/private/file_contexts_overlayfs b/prebuilts/api/30.0/private/file_contexts_overlayfs new file mode 100644 index 000000000..e472fade5 --- /dev/null +++ b/prebuilts/api/30.0/private/file_contexts_overlayfs @@ -0,0 +1,9 @@ +############################# +# Overlayfs support directories for userdebug/eng devices +# +/cache/overlay/(system|product)/upper u:object_r:system_file:s0 +/cache/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0 +/cache/overlay/oem/upper u:object_r:vendor_file:s0 +/mnt/scratch/overlay/(system|product)/upper u:object_r:system_file:s0 +/mnt/scratch/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0 +/mnt/scratch/overlay/oem/upper u:object_r:vendor_file:s0 diff --git a/prebuilts/api/30.0/private/fingerprintd.te b/prebuilts/api/30.0/private/fingerprintd.te new file mode 100644 index 000000000..eb73ef8cc --- /dev/null +++ b/prebuilts/api/30.0/private/fingerprintd.te @@ -0,0 +1,3 @@ +typeattribute fingerprintd coredomain; + +init_daemon_domain(fingerprintd) diff --git a/prebuilts/api/30.0/private/flags_health_check.te b/prebuilts/api/30.0/private/flags_health_check.te new file mode 100644 index 000000000..fb41aff79 --- /dev/null +++ b/prebuilts/api/30.0/private/flags_health_check.te @@ -0,0 +1,3 @@ +typeattribute flags_health_check coredomain; + +init_daemon_domain(flags_health_check) diff --git a/prebuilts/api/30.0/private/fs_use b/prebuilts/api/30.0/private/fs_use new file mode 100644 index 000000000..6fcc2ccb8 --- /dev/null +++ b/prebuilts/api/30.0/private/fs_use @@ -0,0 +1,26 @@ +# Label inodes via getxattr. +fs_use_xattr yaffs2 u:object_r:labeledfs:s0; +fs_use_xattr jffs2 u:object_r:labeledfs:s0; +fs_use_xattr ext2 u:object_r:labeledfs:s0; +fs_use_xattr ext3 u:object_r:labeledfs:s0; +fs_use_xattr ext4 u:object_r:labeledfs:s0; +fs_use_xattr xfs u:object_r:labeledfs:s0; +fs_use_xattr btrfs u:object_r:labeledfs:s0; +fs_use_xattr f2fs u:object_r:labeledfs:s0; +fs_use_xattr squashfs u:object_r:labeledfs:s0; +fs_use_xattr overlay u:object_r:labeledfs:s0; +fs_use_xattr erofs u:object_r:labeledfs:s0; +fs_use_xattr incremental-fs u:object_r:labeledfs:s0; + +# Label inodes from task label. +fs_use_task pipefs u:object_r:pipefs:s0; +fs_use_task sockfs u:object_r:sockfs:s0; + +# Label inodes from combination of task label and fs label. +# Define type_transition rules if you want per-domain types. +fs_use_trans devpts u:object_r:devpts:s0; +fs_use_trans tmpfs u:object_r:tmpfs:s0; +fs_use_trans devtmpfs u:object_r:device:s0; +fs_use_trans shm u:object_r:shm:s0; +fs_use_trans mqueue u:object_r:mqueue:s0; + diff --git a/prebuilts/api/30.0/private/fsck.te b/prebuilts/api/30.0/private/fsck.te new file mode 100644 index 000000000..f8e09b645 --- /dev/null +++ b/prebuilts/api/30.0/private/fsck.te @@ -0,0 +1,5 @@ +typeattribute fsck coredomain; + +init_daemon_domain(fsck) + +allow fsck metadata_block_device:blk_file rw_file_perms; diff --git a/prebuilts/api/30.0/private/fsck_untrusted.te b/prebuilts/api/30.0/private/fsck_untrusted.te new file mode 100644 index 000000000..9a57bf027 --- /dev/null +++ b/prebuilts/api/30.0/private/fsck_untrusted.te @@ -0,0 +1 @@ +typeattribute fsck_untrusted coredomain; diff --git a/prebuilts/api/30.0/private/fsverity_init.te b/prebuilts/api/30.0/private/fsverity_init.te new file mode 100644 index 000000000..25595254c --- /dev/null +++ b/prebuilts/api/30.0/private/fsverity_init.te @@ -0,0 +1,26 @@ +type fsverity_init, domain, coredomain; +type fsverity_init_exec, exec_type, file_type, system_file_type; + +init_daemon_domain(fsverity_init) + +# Allow to retrieve keys from keystore. +binder_use(fsverity_init) +use_keystore(fsverity_init) +allow fsverity_init keystore:keystore_key { list get }; + +# Allow to read /proc/keys for searching key id. +allow fsverity_init proc_keys:file r_file_perms; + +# Kernel only prints the keys that can be accessed and only kernel keyring is needed here. +dontaudit fsverity_init init:key view; +dontaudit fsverity_init vold:key view; +allow fsverity_init kernel:key { view search write setattr }; +allow fsverity_init fsverity_init:key { view search write }; + +# Allow init to write to /proc/sys/fs/verity/require_signatures +allow fsverity_init proc_fs_verity:file w_file_perms; + +# When kernel requests an algorithm, the crypto API first looks for an +# already registered algorithm with that name. If it fails, the kernel creates +# an implementation of the algorithm from templates. +dontaudit fsverity_init kernel:system module_request; diff --git a/prebuilts/api/30.0/private/fwk_bufferhub.te b/prebuilts/api/30.0/private/fwk_bufferhub.te new file mode 100644 index 000000000..6b69cca61 --- /dev/null +++ b/prebuilts/api/30.0/private/fwk_bufferhub.te @@ -0,0 +1,8 @@ +type fwk_bufferhub, domain, coredomain; +type fwk_bufferhub_exec, system_file_type, exec_type, file_type; + +hal_client_domain(fwk_bufferhub, hal_graphics_allocator) +allow fwk_bufferhub ion_device:chr_file r_file_perms; + +hal_server_domain(fwk_bufferhub, hal_bufferhub) +init_daemon_domain(fwk_bufferhub) diff --git a/prebuilts/api/30.0/private/gatekeeperd.te b/prebuilts/api/30.0/private/gatekeeperd.te new file mode 100644 index 000000000..5e4d0a2e9 --- /dev/null +++ b/prebuilts/api/30.0/private/gatekeeperd.te @@ -0,0 +1,3 @@ +typeattribute gatekeeperd coredomain; + +init_daemon_domain(gatekeeperd) diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts new file mode 100644 index 000000000..b423e64f3 --- /dev/null +++ b/prebuilts/api/30.0/private/genfs_contexts @@ -0,0 +1,319 @@ +# Label inodes with the fs label. +genfscon rootfs / u:object_r:rootfs:s0 +# proc labeling can be further refined (longest matching prefix). +genfscon proc / u:object_r:proc:s0 +genfscon proc /asound u:object_r:proc_asound:s0 +genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0 +genfscon proc /cmdline u:object_r:proc_cmdline:s0 +genfscon proc /config.gz u:object_r:config_gz:s0 +genfscon proc /diskstats u:object_r:proc_diskstats:s0 +genfscon proc /filesystems u:object_r:proc_filesystems:s0 +genfscon proc /interrupts u:object_r:proc_interrupts:s0 +genfscon proc /iomem u:object_r:proc_iomem:s0 +genfscon proc /keys u:object_r:proc_keys:s0 +genfscon proc /kmsg u:object_r:proc_kmsg:s0 +genfscon proc /loadavg u:object_r:proc_loadavg:s0 +genfscon proc /lowmemorykiller u:object_r:proc_lowmemorykiller:s0 +genfscon proc /meminfo u:object_r:proc_meminfo:s0 +genfscon proc /misc u:object_r:proc_misc:s0 +genfscon proc /modules u:object_r:proc_modules:s0 +genfscon proc /mounts u:object_r:proc_mounts:s0 +genfscon proc /net u:object_r:proc_net:s0 +genfscon proc /net/tcp u:object_r:proc_net_tcp_udp:s0 +genfscon proc /net/udp u:object_r:proc_net_tcp_udp:s0 +genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0 +genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0 +genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 +genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0 +genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0 +genfscon proc /pressure/io u:object_r:proc_pressure_io:s0 +genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0 +genfscon proc /slabinfo u:object_r:proc_slabinfo:s0 +genfscon proc /softirqs u:object_r:proc_timer:s0 +genfscon proc /stat u:object_r:proc_stat:s0 +genfscon proc /swaps u:object_r:proc_swaps:s0 +genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0 +genfscon proc /kpageflags u:object_r:proc_kpageflags:s0 +genfscon proc /sys/abi/swp u:object_r:proc_abi:s0 +genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0 +genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0 +genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0 +genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0 +genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0 +genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0 +genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0 +genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0 +genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/hung_task_ u:object_r:proc_hung_task:s0 +genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0 +genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0 +genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0 +genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0 +genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0 +genfscon proc /sys/kernel/perf_cpu_time_max_percent u:object_r:proc_perf:s0 +genfscon proc /sys/kernel/perf_event_mlock_kb u:object_r:proc_perf:s0 +genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0 +genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/random u:object_r:proc_random:s0 +genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0 +genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0 +genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0 +genfscon proc /sys/net u:object_r:proc_net:s0 +genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0 +genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0 +genfscon proc /sys/vm/extra_free_kbytes u:object_r:proc_extra_free_kbytes:s0 +genfscon proc /sys/vm/max_map_count u:object_r:proc_max_map_count:s0 +genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0 +genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0 +genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0 +genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0 +genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0 +genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0 +genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0 +genfscon proc /timer_list u:object_r:proc_timer:s0 +genfscon proc /timer_stats u:object_r:proc_timer:s0 +genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0 +genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0 +genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0 +genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0 +genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0 +genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0 +genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0 +genfscon proc /uid_concurrent_active_time u:object_r:proc_uid_concurrent_active_time:s0 +genfscon proc /uid_concurrent_policy_time u:object_r:proc_uid_concurrent_policy_time:s0 +genfscon proc /uid_cpupower/ u:object_r:proc_uid_cpupower:s0 +genfscon proc /uptime u:object_r:proc_uptime:s0 +genfscon proc /version u:object_r:proc_version:s0 +genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0 +genfscon proc /vmstat u:object_r:proc_vmstat:s0 +genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0 + +# selinuxfs booleans can be individually labeled. +genfscon selinuxfs / u:object_r:selinuxfs:s0 +genfscon cgroup / u:object_r:cgroup:s0 +genfscon cgroup2 / u:object_r:cgroup_bpf:s0 +# sysfs labels can be set by userspace. +genfscon sysfs / u:object_r:sysfs:s0 +genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0 +genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0 +genfscon sysfs /class/extcon u:object_r:sysfs_extcon:s0 +genfscon sysfs /class/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /class/net u:object_r:sysfs_net:s0 +genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /class/rfkill/rfkill1/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /class/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0 +genfscon sysfs /class/switch u:object_r:sysfs_switch:s0 +genfscon sysfs /class/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0 +genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0 +genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0 +genfscon sysfs /devices/virtual/block/loop u:object_r:sysfs_loop:s0 +genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0 +genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0 +genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0 +genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0 +genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0 +genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0 +genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0 +genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0 +genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0 +genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0 +genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0 +genfscon sysfs /power/state u:object_r:sysfs_power:s0 +genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0 +genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0 +genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0 +genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0 +genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0 +genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0 +genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0 +genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0 +genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0 +genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0 +genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0 +genfscon sysfs /module/dm_verity/parameters/prefetch_cluster u:object_r:sysfs_dm_verity:s0 +genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0 +genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0 +genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0 +genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0 + +genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0 +genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs / u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/tracing_on u:object_r:debugfs_tracing:s0 +genfscon tracefs /tracing_on u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/trace u:object_r:debugfs_tracing:s0 +genfscon tracefs /trace u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0 +genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0 + +genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0 +genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0 +genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0 +genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0 +genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0 +genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0 +genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0 + +genfscon debugfs /tracing/events/header_page u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0 + +genfscon tracefs /events/header_page u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0 + +genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0 +genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0 +genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0 +genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0 +genfscon tracefs /options/record-tgid u:object_r:debugfs_tracing:s0 +genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/cgroup/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/cpu_idle/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_locked/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/lowmemorykiller/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sync/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/fence/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/dma_fence/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0 + +genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/options/record-tgid u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/cgroup/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/cpu_idle/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_lock/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_locked/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/lowmemorykiller/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/fence/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/dma_fence/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ftrace/print/ u:object_r:debugfs_tracing:s0 + +genfscon debugfs /kcov u:object_r:debugfs_kcov:s0 + +genfscon securityfs / u:object_r:securityfs:s0 + +genfscon binder /binder u:object_r:binder_device:s0 +genfscon binder /hwbinder u:object_r:hwbinder_device:s0 +genfscon binder /vndbinder u:object_r:vndbinder_device:s0 +genfscon binder /binder_logs u:object_r:binderfs_logs:s0 +genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0 + +genfscon inotifyfs / u:object_r:inotify:s0 +genfscon vfat / u:object_r:vfat:s0 +genfscon binder / u:object_r:binderfs:s0 +genfscon exfat / u:object_r:exfat:s0 +genfscon debugfs / u:object_r:debugfs:s0 +genfscon fuse / u:object_r:fuse:s0 +genfscon configfs / u:object_r:configfs:s0 +genfscon sdcardfs / u:object_r:sdcardfs:s0 +genfscon esdfs / u:object_r:sdcardfs:s0 +genfscon pstore / u:object_r:pstorefs:s0 +genfscon functionfs / u:object_r:functionfs:s0 +genfscon usbfs / u:object_r:usbfs:s0 +genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0 +genfscon bpf / u:object_r:fs_bpf:s0 diff --git a/prebuilts/api/30.0/private/gmscore_app.te b/prebuilts/api/30.0/private/gmscore_app.te new file mode 100644 index 000000000..235532676 --- /dev/null +++ b/prebuilts/api/30.0/private/gmscore_app.te @@ -0,0 +1,129 @@ +### +### A domain for further sandboxing the PrebuiltGMSCore app. +### +typeattribute gmscore_app coredomain; + +app_domain(gmscore_app) + +allow gmscore_app sysfs_type:dir search; +# Read access to /sys/class/net/wlan*/address +r_dir_file(gmscore_app, sysfs_net) +# Read access to /sys/block/zram*/mm_stat +r_dir_file(gmscore_app, sysfs_zram) + +r_dir_file(gmscore_app, rootfs) + +# Allow GMS core to open kernel config for OTA matching through libvintf +allow gmscore_app config_gz:file { open read getattr }; + +# Allow GMS core to communicate with update_engine for A/B update. +binder_call(gmscore_app, update_engine) +allow gmscore_app update_engine_service:service_manager find; + +# Allow GMS core to communicate with dumpsys storaged. +binder_call(gmscore_app, storaged) +allow gmscore_app storaged_service:service_manager find; + +# Allow GMS core to access system_update_service (e.g. to publish pending +# system update info). +allow gmscore_app system_update_service:service_manager find; + +# Allow GMS core to communicate with statsd. +binder_call(gmscore_app, statsd) + +# Allow GMS core to generate unique hardware IDs +allow gmscore_app keystore:keystore_key gen_unique_id; + +# Allow GMS core to access /sys/fs/selinux/policyvers for compatibility check +allow gmscore_app selinuxfs:file r_file_perms; + +# suppress denials for non-API accesses. +dontaudit gmscore_app exec_type:file r_file_perms; +dontaudit gmscore_app device:dir r_dir_perms; +dontaudit gmscore_app fs_bpf:dir r_dir_perms; +dontaudit gmscore_app net_dns_prop:file r_file_perms; +dontaudit gmscore_app proc:file r_file_perms; +dontaudit gmscore_app proc_interrupts:file r_file_perms; +dontaudit gmscore_app proc_modules:file r_file_perms; +dontaudit gmscore_app proc_net:file r_file_perms; +dontaudit gmscore_app proc_stat:file r_file_perms; +dontaudit gmscore_app proc_version:file r_file_perms; +dontaudit gmscore_app sysfs:dir r_dir_perms; +dontaudit gmscore_app sysfs:file r_file_perms; +dontaudit gmscore_app sysfs_android_usb:file r_file_perms; +dontaudit gmscore_app sysfs_dm:file r_file_perms; +dontaudit gmscore_app sysfs_loop:file r_file_perms; +dontaudit gmscore_app wifi_prop:file r_file_perms; +dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms; +dontaudit gmscore_app mirror_data_file:dir search; +dontaudit gmscore_app mnt_vendor_file:dir search; + +# Access the network +net_domain(gmscore_app) + +# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7) +allow gmscore_app self:process ptrace; + +# Allow loading executable code from writable priv-app home +# directories. This is a W^X violation, however, it needs +# to be supported for now for the following reasons. +# * /data/user_*/0/*/code_cache/* POSSIBLE uses (b/117841367) +# 1) com.android.opengl.shaders_cache +# 2) com.android.skia.shaders_cache +# 3) com.android.renderscript.cache +# * /data/user_de/0/com.google.android.gms/app_chimera +# TODO: Tighten (b/112357170) +allow gmscore_app privapp_data_file:file execute; + +allow gmscore_app privapp_data_file:lnk_file create_file_perms; + +# /proc access +allow gmscore_app proc_vmstat:file r_file_perms; + +# Allow interaction with gpuservice +binder_call(gmscore_app, gpuservice) +allow gmscore_app gpu_service:service_manager find; + +# find services that expose both @SystemAPI and normal APIs. +allow gmscore_app app_api_service:service_manager find; +allow gmscore_app system_api_service:service_manager find; +allow gmscore_app audioserver_service:service_manager find; +allow gmscore_app cameraserver_service:service_manager find; +allow gmscore_app drmserver_service:service_manager find; +allow gmscore_app mediadrmserver_service:service_manager find; +allow gmscore_app mediaextractor_service:service_manager find; +allow gmscore_app mediametrics_service:service_manager find; +allow gmscore_app mediaserver_service:service_manager find; +allow gmscore_app network_watchlist_service:service_manager find; +allow gmscore_app nfc_service:service_manager find; +allow gmscore_app oem_lock_service:service_manager find; +allow gmscore_app persistent_data_block_service:service_manager find; +allow gmscore_app radio_service:service_manager find; +allow gmscore_app recovery_service:service_manager find; +allow gmscore_app stats_service:service_manager find; + +# Used by Finsky / Android "Verify Apps" functionality when +# running "adb install foo.apk". +allow gmscore_app shell_data_file:file r_file_perms; +allow gmscore_app shell_data_file:dir r_dir_perms; + +# Write to /cache. +allow gmscore_app { cache_file cache_recovery_file }:dir create_dir_perms; +allow gmscore_app { cache_file cache_recovery_file }:file create_file_perms; +# /cache is a symlink to /data/cache on some devices. Allow reading the link. +allow gmscore_app cache_file:lnk_file r_file_perms; + +# Write to /data/ota_package for OTA packages. +allow gmscore_app ota_package_file:dir rw_dir_perms; +allow gmscore_app ota_package_file:file create_file_perms; + +# Used by Finsky / Android "Verify Apps" functionality when +# running "adb install foo.apk". +allow gmscore_app shell_data_file:file r_file_perms; +allow gmscore_app shell_data_file:dir r_dir_perms; + +# b/18504118: Allow reads from /data/anr/traces.txt +allow gmscore_app anr_data_file:file r_file_perms; + +# b/148974132: com.android.vending needs this +allow gmscore_app priv_app:tcp_socket { read write }; diff --git a/prebuilts/api/30.0/private/gpuservice.te b/prebuilts/api/30.0/private/gpuservice.te new file mode 100644 index 000000000..a4d84ea9d --- /dev/null +++ b/prebuilts/api/30.0/private/gpuservice.te @@ -0,0 +1,48 @@ +# gpuservice - server for gpu stats and other gpu related services +typeattribute gpuservice coredomain; +type gpuservice_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(gpuservice) + +binder_call(gpuservice, adbd) +binder_call(gpuservice, shell) +binder_call(gpuservice, system_server) +binder_use(gpuservice) + +# Access the GPU. +allow gpuservice gpu_device:chr_file rw_file_perms; + +# GPU service will need to load GPU driver, for example Vulkan driver in order +# to get the capability of the driver. +allow gpuservice same_process_hal_file:file { open read getattr execute map }; +allow gpuservice ion_device:chr_file r_file_perms; +get_prop(gpuservice, hwservicemanager_prop) +hwbinder_use(gpuservice) + +# Access /dev/graphics/fb0. +allow gpuservice graphics_device:dir search; +allow gpuservice graphics_device:chr_file rw_file_perms; + +# Needed for dumpsys pipes. +allow gpuservice shell:fifo_file write; + +# Use socket supplied by adbd, for cmd gpu vkjson etc. +allow gpuservice adbd:unix_stream_socket { read write getattr }; + +# Needed for interactive shell +allow gpuservice devpts:chr_file { read write getattr }; + +# Needed for dumpstate to dumpsys gpu. +allow gpuservice dumpstate:fd use; +allow gpuservice dumpstate:fifo_file write; + +# Needed for stats callback registration to statsd. +allow gpuservice stats_service:service_manager find; +allow gpuservice statsmanager_service:service_manager find; +# TODO(b/146461633): remove this once native pullers talk to StatsManagerService +binder_call(gpuservice, statsd); + +add_service(gpuservice, gpu_service) + +# Only uncomment below line when in development +# userdebug_or_eng(`permissive gpuservice;') diff --git a/prebuilts/api/30.0/private/gsid.te b/prebuilts/api/30.0/private/gsid.te new file mode 100644 index 000000000..3ff9d678d --- /dev/null +++ b/prebuilts/api/30.0/private/gsid.te @@ -0,0 +1,180 @@ +# gsid - Manager for GSI Installation + +type gsid, domain; +type gsid_exec, exec_type, file_type, system_file_type; +typeattribute gsid coredomain; + +init_daemon_domain(gsid) + +binder_use(gsid) +binder_service(gsid) +add_service(gsid, gsi_service) +set_prop(gsid, gsid_prop) + +# Needed to create/delete device-mapper nodes, and read/write to them. +allow gsid dm_device:chr_file rw_file_perms; +allow gsid dm_device:blk_file rw_file_perms; +allow gsid self:global_capability_class_set sys_admin; +dontaudit gsid self:global_capability_class_set dac_override; + +# On FBE devices (not using dm-default-key), gsid will use loop devices to map +# images rather than device-mapper. +allow gsid loop_control_device:chr_file rw_file_perms; +allow gsid loop_device:blk_file rw_file_perms; +allowxperm gsid loop_device:blk_file ioctl { + LOOP_GET_STATUS64 + LOOP_SET_STATUS64 + LOOP_SET_FD + LOOP_SET_BLOCK_SIZE + LOOP_SET_DIRECT_IO + LOOP_CLR_FD + BLKFLSBUF +}; + +# libfiemap_writer uses sysfs to derive the bottom of a device-mapper stacking. +# This requires traversing /sys/block/dm-N/slaves/* and reading the list of +# file names. +r_dir_file(gsid, sysfs_dm) + +# libfiemap_writer needs to read /sys/fs/f2fs//features to determine +# whether pin_file support is enabled. +r_dir_file(gsid, sysfs_fs_f2fs) + +# Needed to read fstab, which is used to validate that system verity does not +# use check_once_at_most for sdcard installs. (Note: proc_cmdline is needed +# to get the A/B slot suffix). +allow gsid proc_cmdline:file r_file_perms; +allow gsid sysfs_dt_firmware_android:dir r_dir_perms; +allow gsid sysfs_dt_firmware_android:file r_file_perms; + +# Needed to stat /data/gsi/* and realpath on /dev/block/by-name/* +allow gsid block_device:dir r_dir_perms; + +# liblp queries these block alignment properties. +allowxperm gsid { userdata_block_device sdcard_block_device }:blk_file ioctl { + BLKIOMIN + BLKALIGNOFF +}; + +# When installing images to an sdcard, gsid needs to be able to stat() the +# block device. gsid also calls realpath() to remove symlinks. +allow gsid mnt_media_rw_file:dir r_dir_perms; + +# When installing images to an sdcard, gsid must bypass sdcardfs and install +# directly to vfat, which supports the FIBMAP ioctl. +allow gsid vfat:dir rw_dir_perms; +allow gsid vfat:file create_file_perms; +allow gsid sdcard_block_device:blk_file r_file_perms; +# This is needed for FIBMAP unfortunately. Oddly FIEMAP does not carry this +# requirement, but the kernel does not implement FIEMAP support for VFAT. +allow gsid self:global_capability_class_set sys_rawio; + +# gsi_tool passes the system image over the adb connection, via stdin. +allow gsid adbd:fd use; +# Needed when running gsi_tool through "su root" rather than adb root. +allow gsid adbd:unix_stream_socket rw_socket_perms; + +neverallow { + domain + -gsid + -init + -update_engine_common + -recovery + -fastbootd +} gsid_prop:property_service set; + +# gsid needs to store images on /data, but cannot use file I/O. If it did, the +# underlying blocks would be encrypted, and we couldn't mount the GSI image in +# first-stage init. So instead of directly writing to /data, we: +# +# 1. fallocate a file large enough to hold the signed GSI +# 2. extract its block layout with FIEMAP +# 3. create a dm-linear device using the FIEMAP, targeting /dev/block/by-name/userdata +# 4. write system_gsi into that dm device +# +# To make this process work, we need to unwrap the device-mapper stacking for +# userdata to reach the underlying block device. To verify the result we use +# stat(), which requires read access. +allow gsid userdata_block_device:blk_file r_file_perms; + +# gsid uses /metadata/gsi to communicate GSI boot information to first-stage +# init. It cannot use userdata since data cannot be decrypted during this +# stage. +# +# gsid uses /metadata/gsi to store three files: +# install_status - A short string indicating whether a GSI image is bootable. +# lp_metadata - LpMetadata blob describing the block ranges on userdata +# where system_gsi resides. +# booted - An empty file that, if exists, indicates that a GSI is +# currently running. +# +allow gsid metadata_file:dir { search getattr }; +allow gsid { + gsi_metadata_file +}:dir create_dir_perms; + +allow gsid { + ota_metadata_file +}:dir rw_dir_perms; + +allow gsid { + gsi_metadata_file + ota_metadata_file +}:file create_file_perms; + +allow gsid { + gsi_data_file + ota_image_data_file +}:dir rw_dir_perms; +allow gsid { + gsi_data_file + ota_image_data_file +}:file create_file_perms; +allowxperm gsid { + gsi_data_file + ota_image_data_file +}:file ioctl FS_IOC_FIEMAP; + +allow gsid system_server:binder call; + +neverallow { + domain + -init + -gsid + -fastbootd + -recovery + -vold +} gsi_metadata_file:dir *; + +neverallow { + domain + -init + -gsid + -fastbootd + -vold +} gsi_metadata_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { + domain + -init + -gsid + -fastbootd + -vold +} { gsi_data_file gsi_metadata_file }:notdevfile_class_set *; + +neverallow { + domain + -gsid + -init +} gsi_data_file:dir ~{ open create read getattr setattr search relabelto ioctl }; + +neverallow { + domain + -init + -gsid +} gsi_data_file:dir *; + +neverallow { + domain + -gsid +} gsi_data_file:notdevfile_class_set ~{ relabelto getattr }; diff --git a/prebuilts/api/30.0/private/hal_allocator_default.te b/prebuilts/api/30.0/private/hal_allocator_default.te new file mode 100644 index 000000000..7aa28aa29 --- /dev/null +++ b/prebuilts/api/30.0/private/hal_allocator_default.te @@ -0,0 +1,5 @@ +type hal_allocator_default, domain, coredomain; +hal_server_domain(hal_allocator_default, hal_allocator) + +type hal_allocator_default_exec, system_file_type, exec_type, file_type; +init_daemon_domain(hal_allocator_default) diff --git a/prebuilts/api/30.0/private/hal_lazy_test.te b/prebuilts/api/30.0/private/hal_lazy_test.te new file mode 100644 index 000000000..93cf2350b --- /dev/null +++ b/prebuilts/api/30.0/private/hal_lazy_test.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` + hal_attribute_hwservice(hal_lazy_test, hal_lazy_test_hwservice) +') diff --git a/prebuilts/api/30.0/private/halclientdomain.te b/prebuilts/api/30.0/private/halclientdomain.te new file mode 100644 index 000000000..9dcd3ee38 --- /dev/null +++ b/prebuilts/api/30.0/private/halclientdomain.te @@ -0,0 +1,13 @@ +### +### Rules for all domains which are clients of a HAL +### + +# Find out whether a HAL in passthrough/in-process mode or +# binderized/out-of-process mode +hwbinder_use(halclientdomain) + +# Used to wait for hwservicemanager +get_prop(halclientdomain, hwservicemanager_prop) + +# Wait for HAL server to be up (used by getService) +allow halclientdomain hidl_manager_hwservice:hwservice_manager find; diff --git a/prebuilts/api/30.0/private/halserverdomain.te b/prebuilts/api/30.0/private/halserverdomain.te new file mode 100644 index 000000000..f36e0e7d8 --- /dev/null +++ b/prebuilts/api/30.0/private/halserverdomain.te @@ -0,0 +1,12 @@ +### +### Rules for all domains which offer a HAL service over HwBinder +### + +# Register the HAL service with hwservicemanager +hwbinder_use(halserverdomain) + +# Find HAL implementations +allow halserverdomain system_file:dir r_dir_perms; + +# Used to wait for hwservicemanager +get_prop(halserverdomain, hwservicemanager_prop) diff --git a/prebuilts/api/30.0/private/healthd.te b/prebuilts/api/30.0/private/healthd.te new file mode 100644 index 000000000..20d079173 --- /dev/null +++ b/prebuilts/api/30.0/private/healthd.te @@ -0,0 +1,6 @@ +typeattribute healthd coredomain; + +init_daemon_domain(healthd) + +# Allow healthd to serve health HAL +hal_server_domain(healthd, hal_health) diff --git a/prebuilts/api/30.0/private/heapprofd.te b/prebuilts/api/30.0/private/heapprofd.te new file mode 100644 index 000000000..ec3e4d067 --- /dev/null +++ b/prebuilts/api/30.0/private/heapprofd.te @@ -0,0 +1,76 @@ +# Android heap profiling daemon. go/heapprofd. +# +# On user builds, this daemon is responsible for receiving the initial +# profiling configuration, finding matching target processes (if profiling by +# process name), and sending the activation signal to them (+ setting system +# properties for new processes to start profiling from startup). When profiling +# is triggered in a process, it spawns a private heapprofd subprocess (in its +# own SELinux domain), which will exclusively handle profiling of its parent. +# +# On debug builds, this central daemon performs profiling for all target +# processes (which talk directly to this daemon). +type heapprofd_exec, exec_type, file_type, system_file_type; +type heapprofd_tmpfs, file_type; + +init_daemon_domain(heapprofd) +tmpfs_domain(heapprofd) + +# Allow apps in other MLS contexts (for multi-user) to access +# shared memory buffers created by heapprofd. +typeattribute heapprofd_tmpfs mlstrustedobject; + +set_prop(heapprofd, heapprofd_prop); + +# Necessary for /proc/[pid]/cmdline access & sending signals. +typeattribute heapprofd mlstrustedsubject; + +# Allow sending signals to processes. This excludes SIGKILL, SIGSTOP and +# SIGCHLD, which are controlled by separate permissions. +allow heapprofd self:capability kill; + +# When scanning /proc/[pid]/cmdline to find matching processes for by-name +# profiling, only whitelisted domains will be allowed by SELinux. Avoid +# spamming logs with denials for entries that we can not access. +dontaudit heapprofd domain:dir { search open }; + +# Write trace data to the Perfetto traced daemon. This requires connecting to +# its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(heapprofd) + +# When handling profiling for all processes, heapprofd needs to read +# executables/libraries/etc to do stack unwinding. +userdebug_or_eng(` + r_dir_file(heapprofd, nativetest_data_file) + r_dir_file(heapprofd, system_file_type) + r_dir_file(heapprofd, apk_data_file) + r_dir_file(heapprofd, dalvikcache_data_file) + r_dir_file(heapprofd, vendor_file_type) + # Some dex files are not world-readable. + # We are still constrained by the SELinux rules above. + allow heapprofd self:global_capability_class_set dac_read_search; + + allow heapprofd proc_kpageflags:file r_file_perms; +') + +# This is going to happen on user but is benign because central heapprofd +# does not actually need these permission. +# If the dac_read_search capability check is rejected, the kernel then tries +# to perform a dac_override capability check, so we need to dontaudit that +# as well. +dontaudit heapprofd self:global_capability_class_set { dac_read_search dac_override }; + +never_profile_heap(`{ + bpfloader + init + kernel + keystore + llkd + logd + ueventd + vendor_init + vold +}') + +full_treble_only(` + neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms }; +') diff --git a/prebuilts/api/30.0/private/hidl_lazy_test_server.te b/prebuilts/api/30.0/private/hidl_lazy_test_server.te new file mode 100644 index 000000000..04e8c9fbe --- /dev/null +++ b/prebuilts/api/30.0/private/hidl_lazy_test_server.te @@ -0,0 +1,8 @@ +type hidl_lazy_test_server, domain; +type hidl_lazy_test_server_exec, exec_type, file_type, system_file_type; + +userdebug_or_eng(` + typeattribute hidl_lazy_test_server coredomain; + init_daemon_domain(hidl_lazy_test_server) + hal_server_domain(hidl_lazy_test_server, hal_lazy_test) +') diff --git a/prebuilts/api/30.0/private/hwservice.te b/prebuilts/api/30.0/private/hwservice.te new file mode 100644 index 000000000..b7ba4d7bf --- /dev/null +++ b/prebuilts/api/30.0/private/hwservice.te @@ -0,0 +1 @@ +type hal_lazy_test_hwservice, hwservice_manager_type, protected_hwservice; diff --git a/prebuilts/api/30.0/private/hwservice_contexts b/prebuilts/api/30.0/private/hwservice_contexts new file mode 100644 index 000000000..c45b0efdb --- /dev/null +++ b/prebuilts/api/30.0/private/hwservice_contexts @@ -0,0 +1,86 @@ +android.frameworks.automotive.display::IAutomotiveDisplayProxyService u:object_r:fwk_automotive_display_hwservice:s0 +android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0 +android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0 +android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0 +android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0 +android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0 +android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0 +android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0 +android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0 +android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0 +android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0 +android.hardware.automotive.audiocontrol::IAudioControl u:object_r:hal_audiocontrol_hwservice:s0 +android.hardware.automotive.can::ICanController u:object_r:hal_can_controller_hwservice:s0 +android.hardware.automotive.can::ICanBus u:object_r:hal_can_bus_hwservice:s0 +android.hardware.automotive.evs::IEvsEnumerator u:object_r:hal_evs_hwservice:s0 +android.hardware.automotive.vehicle::IVehicle u:object_r:hal_vehicle_hwservice:s0 +android.hardware.biometrics.face::IBiometricsFace u:object_r:hal_face_hwservice:s0 +android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0 +android.hardware.bluetooth::IBluetoothHci u:object_r:hal_bluetooth_hwservice:s0 +android.hardware.bluetooth.a2dp::IBluetoothAudioOffload u:object_r:hal_audio_hwservice:s0 +android.hardware.bluetooth.audio::IBluetoothAudioProvidersFactory u:object_r:hal_audio_hwservice:s0 +android.hardware.boot::IBootControl u:object_r:hal_bootctl_hwservice:s0 +android.hardware.broadcastradio::IBroadcastRadio u:object_r:hal_broadcastradio_hwservice:s0 +android.hardware.broadcastradio::IBroadcastRadioFactory u:object_r:hal_broadcastradio_hwservice:s0 +android.hardware.camera.provider::ICameraProvider u:object_r:hal_camera_hwservice:s0 +android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0 +android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0 +android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0 +android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0 +android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0 +android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0 +android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0 +android.hardware.gatekeeper::IGatekeeper u:object_r:hal_gatekeeper_hwservice:s0 +android.hardware.gnss::IGnss u:object_r:hal_gnss_hwservice:s0 +android.hardware.graphics.allocator::IAllocator u:object_r:hal_graphics_allocator_hwservice:s0 +android.hardware.graphics.composer::IComposer u:object_r:hal_graphics_composer_hwservice:s0 +android.hardware.graphics.mapper::IMapper u:object_r:hal_graphics_mapper_hwservice:s0 +android.hardware.health::IHealth u:object_r:hal_health_hwservice:s0 +android.hardware.health.storage::IStorage u:object_r:hal_health_storage_hwservice:s0 +android.hardware.input.classifier::IInputClassifier u:object_r:hal_input_classifier_hwservice:s0 +android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0 +android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0 +android.hardware.tests.lazy::ILazy u:object_r:hal_lazy_test_hwservice:s0 +android.hardware.light::ILight u:object_r:hal_light_hwservice:s0 +android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0 +android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0 +android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0 +android.hardware.media.c2::IComponentStore u:object_r:hal_codec2_hwservice:s0 +android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0 +android.hardware.neuralnetworks::IDevice u:object_r:hal_neuralnetworks_hwservice:s0 +android.hardware.nfc::INfc u:object_r:hal_nfc_hwservice:s0 +android.hardware.oemlock::IOemLock u:object_r:hal_oemlock_hwservice:s0 +android.hardware.power::IPower u:object_r:hal_power_hwservice:s0 +android.hardware.power.stats::IPowerStats u:object_r:hal_power_stats_hwservice:s0 +android.hardware.radio.config::IRadioConfig u:object_r:hal_telephony_hwservice:s0 +android.hardware.radio.deprecated::IOemHook u:object_r:hal_telephony_hwservice:s0 +android.hardware.radio::IRadio u:object_r:hal_telephony_hwservice:s0 +android.hardware.radio::ISap u:object_r:hal_telephony_hwservice:s0 +android.hardware.renderscript::IDevice u:object_r:hal_renderscript_hwservice:s0 +android.hardware.secure_element::ISecureElement u:object_r:hal_secure_element_hwservice:s0 +android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0 +android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0 +android.hardware.tetheroffload.config::IOffloadConfig u:object_r:hal_tetheroffload_hwservice:s0 +android.hardware.tetheroffload.control::IOffloadControl u:object_r:hal_tetheroffload_hwservice:s0 +android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0 +android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0 +android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0 +android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0 +android.hardware.tv.tuner::ITuner u:object_r:hal_tv_tuner_hwservice:s0 +android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0 +android.hardware.usb.gadget::IUsbGadget u:object_r:hal_usb_gadget_hwservice:s0 +android.hardware.vibrator::IVibrator u:object_r:hal_vibrator_hwservice:s0 +android.hardware.vr::IVr u:object_r:hal_vr_hwservice:s0 +android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0 +android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0 +android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0 +android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0 +android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0 +android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0 +android.hidl.manager::IServiceManager u:object_r:hidl_manager_hwservice:s0 +android.hidl.memory::IMapper u:object_r:hidl_memory_hwservice:s0 +android.hidl.token::ITokenManager u:object_r:hidl_token_hwservice:s0 +android.system.net.netd::INetd u:object_r:system_net_netd_hwservice:s0 +android.system.suspend::ISystemSuspend u:object_r:system_suspend_hwservice:s0 +android.system.wifi.keystore::IKeystore u:object_r:system_wifi_keystore_hwservice:s0 +* u:object_r:default_android_hwservice:s0 diff --git a/prebuilts/api/30.0/private/hwservicemanager.te b/prebuilts/api/30.0/private/hwservicemanager.te new file mode 100644 index 000000000..0705cc711 --- /dev/null +++ b/prebuilts/api/30.0/private/hwservicemanager.te @@ -0,0 +1,8 @@ +typeattribute hwservicemanager coredomain; + +init_daemon_domain(hwservicemanager) + +add_hwservice(hwservicemanager, hidl_manager_hwservice) +add_hwservice(hwservicemanager, hidl_token_hwservice) + +set_prop(hwservicemanager, ctl_interface_start_prop) diff --git a/prebuilts/api/30.0/private/idmap.te b/prebuilts/api/30.0/private/idmap.te new file mode 100644 index 000000000..c982783b9 --- /dev/null +++ b/prebuilts/api/30.0/private/idmap.te @@ -0,0 +1,3 @@ +typeattribute idmap coredomain; + +init_daemon_domain(idmap) diff --git a/prebuilts/api/30.0/private/incident.te b/prebuilts/api/30.0/private/incident.te new file mode 100644 index 000000000..db9ae8638 --- /dev/null +++ b/prebuilts/api/30.0/private/incident.te @@ -0,0 +1,37 @@ +typeattribute incident coredomain; + +type incident_exec, system_file_type, exec_type, file_type; + +# switch to incident domain for incident command +domain_auto_trans(shell, incident_exec, incident) +domain_auto_trans(dumpstate, incident_exec, incident) + +# allow incident access to stdout from its parent shell. +allow incident shell:fd use; + +# allow incident to communicate with dumpstate, and write incident report to +# /data/data/com.android.shell/files/bugreports/tmp_incident_report +allow incident dumpstate:fd use; +allow incident dumpstate:unix_stream_socket { read write }; +allow incident shell_data_file:file write; + +# allow incident be able to output data for CTS to fetch. +allow incident devpts:chr_file { read write }; + +# allow incident to communicate use, read and write over the adb +# connection. +allow incident adbd:fd use; +allow incident adbd:unix_stream_socket { read write }; + +# allow adbd to reap incident +allow incident adbd:process { sigchld }; + +# Allow the incident command to talk to the incidentd over the binder, and get +# back the incident report data from a ParcelFileDescriptor. +binder_use(incident) +allow incident incident_service:service_manager find; +binder_call(incident, incidentd) +allow incident incidentd:fifo_file write; + +# only allow incident being called by shell or dumpstate +neverallow { domain -su -shell -incident -dumpstate} incident_exec:file { execute execute_no_trans }; diff --git a/prebuilts/api/30.0/private/incident_helper.te b/prebuilts/api/30.0/private/incident_helper.te new file mode 100644 index 000000000..b45385568 --- /dev/null +++ b/prebuilts/api/30.0/private/incident_helper.te @@ -0,0 +1,14 @@ +typeattribute incident_helper coredomain; + +type incident_helper_exec, system_file_type, exec_type, file_type; + +# switch to incident_helper domain for incident_helper command +domain_auto_trans(incidentd, incident_helper_exec, incident_helper) + +# use pipe to transmit data from/to incidentd/incident_helper for parsing +allow incident_helper { shell incident incidentd dumpstate }:fd use; +allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write }; +allow incident_helper incidentd:unix_stream_socket { read write }; + +# only allow incidentd and shell to call incident_helper +neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans }; diff --git a/prebuilts/api/30.0/private/incidentd.te b/prebuilts/api/30.0/private/incidentd.te new file mode 100644 index 000000000..405684ae6 --- /dev/null +++ b/prebuilts/api/30.0/private/incidentd.te @@ -0,0 +1,214 @@ +typeattribute incidentd coredomain; +typeattribute incidentd mlstrustedsubject; + +init_daemon_domain(incidentd) +type incidentd_exec, system_file_type, exec_type, file_type; +binder_use(incidentd) +wakelock_use(incidentd) + +# Allow incidentd to scan through /proc/pid for all processes +r_dir_file(incidentd, domain) + +# Allow incidentd to kill incident_helper when timeout +allow incidentd incident_helper:process sigkill; + +# Allow executing files on system, such as: +# /system/bin/toolbox +# /system/bin/logcat +# /system/bin/dumpsys +allow incidentd system_file:file execute_no_trans; +allow incidentd toolbox_exec:file rx_file_perms; + +# section id 1002, allow reading kernel version /proc/version +allow incidentd proc_version:file r_file_perms; + +# section id 2001, allow reading /proc/pagetypeinfo +allow incidentd proc_pagetypeinfo:file r_file_perms; + +# section id 2002, allow reading /d/wakeup_sources +allow incidentd debugfs_wakeup_sources:file r_file_perms; + +# section id 2003, allow executing top +allow incidentd proc_meminfo:file { open read }; + +# section id 2004, allow reading /sys/devices/system/cpu/cpufreq/all_time_in_state +allow incidentd sysfs_devices_system_cpu:file r_file_perms; + +# section id 2005, allow reading ps dump in full +allow incidentd domain:process getattr; + +# section id 2006, allow reading /sys/class/power_supply/bms/battery_type +allow incidentd sysfs_batteryinfo:dir { search }; +allow incidentd sysfs_batteryinfo:file r_file_perms; + +# section id 2007, allow reading LAST_KMSG /sys/fs/pstore/console-ramoops +userdebug_or_eng(`allow incidentd pstorefs:dir search'); +userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms'); + +# section id 3023, allow obtaining stats report +allow incidentd stats_service:service_manager find; +binder_call(incidentd, statsd) + +# section id 3026, allow reading /data/misc/perfetto-traces. +allow incidentd perfetto_traces_data_file:dir r_dir_perms; +allow incidentd perfetto_traces_data_file:file r_file_perms; + +# Create and write into /data/misc/incidents +allow incidentd incident_data_file:dir rw_dir_perms; +allow incidentd incident_data_file:file create_file_perms; + +# Enable incidentd to get stack traces. +binder_use(incidentd) +hwbinder_use(incidentd) +allow incidentd hwservicemanager:hwservice_manager { list }; +get_prop(incidentd, hwservicemanager_prop) +allow incidentd hidl_manager_hwservice:hwservice_manager { find }; + +# Read files in /proc +allow incidentd { + proc_cmdline + proc_pipe_conf + proc_stat +}:file r_file_perms; + +# Signal java processes to dump their stack and get the results +allow incidentd { appdomain ephemeral_app system_server }:process signal; + +# Signal native processes to dump their stack. +# This list comes from native_processes_to_dump in incidentd/utils.c +allow incidentd { + # This list comes from native_processes_to_dump in dumputils/dump_utils.cpp + audioserver + cameraserver + drmserver + inputflinger + mediadrmserver + mediaextractor + mediametrics + mediaserver + sdcardd + statsd + surfaceflinger + + # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp + hal_audio_server + hal_bluetooth_server + hal_camera_server + hal_codec2_server + hal_face_server + hal_graphics_allocator_server + hal_graphics_composer_server + hal_health_server + hal_omx_server + hal_sensors_server + hal_vr_server +}:process signal; + +# Allow incidentd to make binder calls to any binder service +binder_call(incidentd, system_server) +binder_call(incidentd, appdomain) + +# Reading /proc/PID/maps of other processes +userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }'); +# incidentd has capability sys_ptrace, but should only use that capability for +# accessing sensitive /proc/PID files, never for using ptrace attach. +neverallow incidentd *:process ptrace; + +allow incidentd self:global_capability_class_set { + # Send signals to processes + kill +}; + +# Connect to tombstoned to intercept dumps. +unix_socket_connect(incidentd, tombstoned_intercept, tombstoned) + +# Run a shell. +allow incidentd shell_exec:file rx_file_perms; + +# For running am, incident-helper-cmd and similar framework commands. +# Run /system/bin/app_process. +allow incidentd zygote_exec:file { rx_file_perms }; +# Access the runtime feature flag properties. +get_prop(incidentd, device_config_runtime_native_prop) +get_prop(incidentd, device_config_runtime_native_boot_prop) +# ART locks profile files. +allow incidentd system_file:file lock; +# Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected. +dontaudit incidentd dalvikcache_data_file:dir r_dir_perms; +dontaudit incidentd tmpfs:file rwx_file_perms; + +# logd access - work to be done is a PII safe log (possibly an event log?) +userdebug_or_eng(`read_logd(incidentd)') +# TODO control_logd(incidentd) + +# Access /data/misc/logd +r_dir_file(incidentd, misc_logd_file) + +# Allow incidentd to find these standard groups of services. +# Others can be whitelisted individually. +allow incidentd { + system_server_service + app_api_service + system_api_service +}:service_manager find; + +# Only incidentd can publish the binder service +add_service(incidentd, incident_service) + +# Allow pipes only from dumpstate and incident +allow incidentd { dumpstate incident }:fd use; +allow incidentd { dumpstate incident }:fifo_file write; + +# Allow incident to call back to incident with status updates. +binder_call(incidentd, incident) + +# Read device serial number from system properties +# This is used to track reports from lab testing devices +userdebug_or_eng(` + get_prop(incidentd, serialno_prop) +') + +# Read ro.boot.bootreason, persist.sys.boot.bootreason +# This is used to track reports from lab testing devices +userdebug_or_eng(` + get_prop(incidentd, bootloader_boot_reason_prop); + get_prop(incidentd, system_boot_reason_prop); + get_prop(incidentd, last_boot_reason_prop); +') + +### +### neverallow rules +### + +# only specific domains can find the incident service +neverallow { + domain + -dumpstate + -incident + -incidentd + -perfetto + -permissioncontroller_app + -priv_app + -statsd + -system_app + -system_server +} incident_service:service_manager find; + +# only incidentd and the other root services in limited circumstances +# can get to the files in /data/misc/incidents +# +# write, execute, append are forbidden almost everywhere +neverallow { domain -incidentd -init -vold } incident_data_file:file { + w_file_perms + x_file_perms + create + rename + setattr + unlink + append +}; +# read is also allowed by system_server, for when the file is handed to dropbox +neverallow { domain -incidentd -init -vold -system_server } incident_data_file:file r_file_perms; +# limited access to the directory itself +neverallow { domain -incidentd -init -vold } incident_data_file:dir create_dir_perms; + diff --git a/prebuilts/api/30.0/private/init.te b/prebuilts/api/30.0/private/init.te new file mode 100644 index 000000000..b0e7f809a --- /dev/null +++ b/prebuilts/api/30.0/private/init.te @@ -0,0 +1,60 @@ +typeattribute init coredomain; + +tmpfs_domain(init) + +# Transitions to seclabel processes in init.rc +domain_trans(init, rootfs, healthd) +domain_trans(init, rootfs, slideshow) +domain_auto_trans(init, charger_exec, charger) +domain_auto_trans(init, e2fs_exec, e2fs) +domain_auto_trans(init, bpfloader_exec, bpfloader) + +recovery_only(` + # Files in recovery image are labeled as rootfs. + domain_trans(init, rootfs, adbd) + domain_trans(init, rootfs, charger) + domain_trans(init, rootfs, fastbootd) + domain_trans(init, rootfs, recovery) + domain_trans(init, rootfs, linkerconfig) +') +domain_trans(init, shell_exec, shell) +domain_trans(init, init_exec, ueventd) +domain_trans(init, init_exec, vendor_init) +domain_trans(init, { rootfs toolbox_exec }, modprobe) +userdebug_or_eng(` + # case where logpersistd is actually logcat -f in logd context (nee: logcatd) + domain_auto_trans(init, logcat_exec, logpersist) + + # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng + allow init su:process transition; + dontaudit init su:process noatsecure; + allow init su:process { siginh rlimitinh }; +') + +# Allow init to figure out name of dm-device from it's /dev/block/dm-XX path. +# This is useful in case of remounting ext4 userdata into checkpointing mode, +# since it potentially requires tearing down dm-devices (e.g. dm-bow, dm-crypto) +# that userdata is mounted onto. +allow init sysfs_dm:file read; + +# Allow the BoringSSL self test to request a reboot upon failure +set_prop(init, powerctl_prop) + +# Only init is allowed to set userspace reboot related properties. +set_prop(init, userspace_reboot_exported_prop) +neverallow { domain -init } userspace_reboot_exported_prop:property_service set; + +# Second-stage init performs a test for whether the kernel has SELinux hooks +# for the perf_event_open() syscall. This is done by testing for the syscall +# outcomes corresponding to this policy. +# TODO(b/137092007): this can be removed once the platform stops supporting +# kernels that precede the perf_event_open hooks (Android common kernels 4.4 +# and 4.9). +allow init self:perf_event { open cpu }; +neverallow init self:perf_event { kernel tracepoint read write }; +dontaudit init self:perf_event { kernel tracepoint read write }; + +# Only init is allowed to set the sysprop indicating whether perf_event_open() +# SELinux hooks were detected. +set_prop(init, init_perf_lsm_hooks_prop) +neverallow { domain -init } init_perf_lsm_hooks_prop:property_service set; diff --git a/prebuilts/api/30.0/private/initial_sid_contexts b/prebuilts/api/30.0/private/initial_sid_contexts new file mode 100644 index 000000000..98190510f --- /dev/null +++ b/prebuilts/api/30.0/private/initial_sid_contexts @@ -0,0 +1,27 @@ +sid kernel u:r:kernel:s0 +sid security u:object_r:kernel:s0 +sid unlabeled u:object_r:unlabeled:s0 +sid fs u:object_r:labeledfs:s0 +sid file u:object_r:unlabeled:s0 +sid file_labels u:object_r:unlabeled:s0 +sid init u:object_r:unlabeled:s0 +sid any_socket u:object_r:unlabeled:s0 +sid port u:object_r:port:s0 +sid netif u:object_r:netif:s0 +sid netmsg u:object_r:unlabeled:s0 +sid node u:object_r:node:s0 +sid igmp_packet u:object_r:unlabeled:s0 +sid icmp_socket u:object_r:unlabeled:s0 +sid tcp_socket u:object_r:unlabeled:s0 +sid sysctl_modprobe u:object_r:unlabeled:s0 +sid sysctl u:object_r:proc:s0 +sid sysctl_fs u:object_r:unlabeled:s0 +sid sysctl_kernel u:object_r:unlabeled:s0 +sid sysctl_net u:object_r:unlabeled:s0 +sid sysctl_net_unix u:object_r:unlabeled:s0 +sid sysctl_vm u:object_r:unlabeled:s0 +sid sysctl_dev u:object_r:unlabeled:s0 +sid kmod u:object_r:unlabeled:s0 +sid policy u:object_r:unlabeled:s0 +sid scmp_packet u:object_r:unlabeled:s0 +sid devnull u:object_r:null_device:s0 diff --git a/prebuilts/api/30.0/private/initial_sids b/prebuilts/api/30.0/private/initial_sids new file mode 100644 index 000000000..91ac816ba --- /dev/null +++ b/prebuilts/api/30.0/private/initial_sids @@ -0,0 +1,35 @@ +# FLASK + +# +# Define initial security identifiers +# + +sid kernel +sid security +sid unlabeled +sid fs +sid file +sid file_labels +sid init +sid any_socket +sid port +sid netif +sid netmsg +sid node +sid igmp_packet +sid icmp_socket +sid tcp_socket +sid sysctl_modprobe +sid sysctl +sid sysctl_fs +sid sysctl_kernel +sid sysctl_net +sid sysctl_net_unix +sid sysctl_vm +sid sysctl_dev +sid kmod +sid policy +sid scmp_packet +sid devnull + +# FLASK diff --git a/prebuilts/api/30.0/private/inputflinger.te b/prebuilts/api/30.0/private/inputflinger.te new file mode 100644 index 000000000..9696b491b --- /dev/null +++ b/prebuilts/api/30.0/private/inputflinger.te @@ -0,0 +1,3 @@ +typeattribute inputflinger coredomain; + +init_daemon_domain(inputflinger) diff --git a/prebuilts/api/30.0/private/installd.te b/prebuilts/api/30.0/private/installd.te new file mode 100644 index 000000000..c89ba8bfa --- /dev/null +++ b/prebuilts/api/30.0/private/installd.te @@ -0,0 +1,45 @@ +typeattribute installd coredomain; + +init_daemon_domain(installd) + +# Run migrate_legacy_obb_data.sh in its own sandbox. +domain_auto_trans(installd, migrate_legacy_obb_data_exec, migrate_legacy_obb_data) +allow installd shell_exec:file rx_file_perms; + +# Run dex2oat in its own sandbox. +domain_auto_trans(installd, dex2oat_exec, dex2oat) + +# Run dexoptanalyzer in its own sandbox. +domain_auto_trans(installd, dexoptanalyzer_exec, dexoptanalyzer) + +# Run viewcompiler in its own sandbox. +domain_auto_trans(installd, viewcompiler_exec, viewcompiler) + +# Run profman in its own sandbox. +domain_auto_trans(installd, profman_exec, profman) + +# Run idmap in its own sandbox. +domain_auto_trans(installd, idmap_exec, idmap) + +# For collecting bugreports. +allow installd dumpstate:fd use; +allow installd dumpstate:fifo_file r_file_perms; + +# Delete /system/bin/bcc generated artifacts +allow installd app_exec_data_file:file unlink; + +# Capture userdata snapshots to /data/misc_[ce|de]/rollback and +# subsequently restore them. +allow installd rollback_data_file:dir create_dir_perms; +allow installd rollback_data_file:file create_file_perms; + +# Allow installd to access the runtime feature flag properties. +get_prop(installd, device_config_runtime_native_prop) +get_prop(installd, device_config_runtime_native_boot_prop) + +# Allow installd to access apk verity feature flag (for legacy case). +get_prop(installd, apk_verity_prop) + +# Allow installd to delete files in /data/staging +allow installd staging_data_file:file unlink; +allow installd staging_data_file:dir { open read remove_name rmdir search write }; diff --git a/prebuilts/api/30.0/private/iorap_inode2filename.te b/prebuilts/api/30.0/private/iorap_inode2filename.te new file mode 100644 index 000000000..96b7bc268 --- /dev/null +++ b/prebuilts/api/30.0/private/iorap_inode2filename.te @@ -0,0 +1,9 @@ +typeattribute iorap_inode2filename coredomain; + +# Grant access to open most of the files under / +allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search }; +allow iorap_inode2filename dalvikcache_data_file:file { getattr }; +allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read }; +allow iorap_inode2filename dexoptanalyzer_exec:file { getattr }; +allow iorap_inode2filename storaged_data_file:dir { getattr open read search }; +allow iorap_inode2filename storaged_data_file:file { getattr }; diff --git a/prebuilts/api/30.0/private/iorap_prefecherd.te b/prebuilts/api/30.0/private/iorap_prefecherd.te new file mode 100644 index 000000000..9ddb512c9 --- /dev/null +++ b/prebuilts/api/30.0/private/iorap_prefecherd.te @@ -0,0 +1,4 @@ +typeattribute iorap_prefetcherd coredomain; + +init_daemon_domain(iorap_prefetcherd) +tmpfs_domain(iorap_prefetcherd) diff --git a/prebuilts/api/30.0/private/iorapd.te b/prebuilts/api/30.0/private/iorapd.te new file mode 100644 index 000000000..73acec9c9 --- /dev/null +++ b/prebuilts/api/30.0/private/iorapd.te @@ -0,0 +1,10 @@ +typeattribute iorapd coredomain; + +init_daemon_domain(iorapd) +tmpfs_domain(iorapd) + +domain_auto_trans(iorapd, iorap_prefetcherd_exec, iorap_prefetcherd) +domain_auto_trans(iorapd, iorap_inode2filename_exec, iorap_inode2filename) + +# Allow iorapd to access the runtime native boot feature flag properties. +get_prop(iorapd, device_config_runtime_native_boot_prop) diff --git a/prebuilts/api/30.0/private/isolated_app.te b/prebuilts/api/30.0/private/isolated_app.te new file mode 100644 index 000000000..4c6c5aad9 --- /dev/null +++ b/prebuilts/api/30.0/private/isolated_app.te @@ -0,0 +1,152 @@ +### +### Services with isolatedProcess=true in their manifest. +### +### This file defines the rules for isolated apps. An "isolated +### app" is an APP with UID between AID_ISOLATED_START (99000) +### and AID_ISOLATED_END (99999). +### + +typeattribute isolated_app coredomain; + +app_domain(isolated_app) + +# Access already open app data files received over Binder or local socket IPC. +allow isolated_app { app_data_file privapp_data_file }:file { append read write getattr lock map }; + +# Allow access to network sockets received over IPC. New socket creation is not +# permitted. +allow isolated_app { ephemeral_app priv_app untrusted_app_all }:{ tcp_socket udp_socket } { rw_socket_perms_no_ioctl }; + +allow isolated_app activity_service:service_manager find; +allow isolated_app display_service:service_manager find; +allow isolated_app webviewupdate_service:service_manager find; + +# Google Breakpad (crash reporter for Chrome) relies on ptrace +# functionality. Without the ability to ptrace, the crash reporter +# tool is broken. +# b/20150694 +# https://code.google.com/p/chromium/issues/detail?id=475270 +allow isolated_app self:process ptrace; + +# b/32896414: Allow accessing sdcard file descriptors passed to isolated_apps +# by other processes. Open should never be allowed, and is blocked by +# neverallow rules below. +# media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs +# is modified to change the secontext when accessing the lower filesystem. +allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock map }; + +# For webviews, isolated_app processes can be forked from the webview_zygote +# in addition to the zygote. Allow access to resources inherited from the +# webview_zygote process. These rules are specialized copies of the ones in app.te. +# Inherit FDs from the webview_zygote. +allow isolated_app webview_zygote:fd use; +# Notify webview_zygote of child death. +allow isolated_app webview_zygote:process sigchld; +# Inherit logd write socket. +allow isolated_app webview_zygote:unix_dgram_socket write; +# Read system properties managed by webview_zygote. +allow isolated_app webview_zygote_tmpfs:file read; + +# Inherit FDs from the app_zygote. +allow isolated_app app_zygote:fd use; +# Notify app_zygote of child death. +allow isolated_app app_zygote:process sigchld; +# Inherit logd write socket. +allow isolated_app app_zygote:unix_dgram_socket write; + +# TODO (b/63631799) fix this access +# suppress denials to /data/local/tmp +dontaudit isolated_app shell_data_file:dir search; + +# Write app-specific trace data to the Perfetto traced damon. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(isolated_app) + +# Allow profiling if the main app has been marked as profileable or +# debuggable. +can_profile_heap(isolated_app) +can_profile_perf(isolated_app) + +##### +##### Neverallow +##### + +# Isolated apps should not directly open app data files themselves. +neverallow isolated_app { app_data_file privapp_data_file }:file open; + +# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553) +# TODO: are there situations where isolated_apps write to this file? +# TODO: should we tighten these restrictions further? +neverallow isolated_app anr_data_file:file ~{ open append }; +neverallow isolated_app anr_data_file:dir ~search; + +# Isolated apps must not be permitted to use HwBinder +neverallow isolated_app hwbinder_device:chr_file *; +neverallow isolated_app *:hwservice_manager *; + +# Isolated apps must not be permitted to use VndBinder +neverallow isolated_app vndbinder_device:chr_file *; + +# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager +# except the find actions for services whitelisted below. +neverallow isolated_app *:service_manager ~find; + +# b/17487348 +# Isolated apps can only access three services, +# activity_service, display_service, webviewupdate_service. +neverallow isolated_app { + service_manager_type + -activity_service + -display_service + -webviewupdate_service +}:service_manager find; + +# Isolated apps shouldn't be able to access the driver directly. +neverallow isolated_app gpu_device:chr_file { rw_file_perms execute }; + +# Do not allow isolated_app access to /cache +neverallow isolated_app cache_file:dir ~{ r_dir_perms }; +neverallow isolated_app cache_file:file ~{ read getattr }; + +# Do not allow isolated_app to access external storage, except for files passed +# via file descriptors (b/32896414). +neverallow isolated_app { storage_file mnt_user_file sdcard_type }:dir ~getattr; +neverallow isolated_app { storage_file mnt_user_file }:file_class_set *; +neverallow isolated_app sdcard_type:{ devfile_class_set lnk_file sock_file fifo_file } *; +neverallow isolated_app sdcard_type:file ~{ read write append getattr lock map }; + +# Do not allow USB access +neverallow isolated_app { usb_device usbaccessory_device }:chr_file *; + +# Restrict the webview_zygote control socket. +neverallow isolated_app webview_zygote:sock_file write; + +# Limit the /sys files which isolated_app can access. This is important +# for controlling isolated_app attack surface. +neverallow isolated_app { + sysfs_type + -sysfs_devices_system_cpu + -sysfs_transparent_hugepage + -sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852) +}:file no_rw_file_perms; + +# No creation of sockets families other than AF_UNIX sockets. +# List taken from system/sepolicy/public/global_macros - socket_class_set +# excluding unix_stream_socket and unix_dgram_socket. +# Many of these are socket families which have never and will never +# be compiled into the Android kernel. +neverallow isolated_app { self ephemeral_app priv_app untrusted_app_all }:{ + socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket + key_socket appletalk_socket netlink_route_socket + netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket + netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket + netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket + netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket + netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket + netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket + netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket + rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket + bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket + ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket + qipcrtr_socket smc_socket xdp_socket +} create; diff --git a/prebuilts/api/30.0/private/iw.te b/prebuilts/api/30.0/private/iw.te new file mode 100644 index 000000000..adc8c9632 --- /dev/null +++ b/prebuilts/api/30.0/private/iw.te @@ -0,0 +1,4 @@ +type iw, domain, coredomain; +type iw_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(iw) diff --git a/prebuilts/api/30.0/private/kernel.te b/prebuilts/api/30.0/private/kernel.te new file mode 100644 index 000000000..207800e08 --- /dev/null +++ b/prebuilts/api/30.0/private/kernel.te @@ -0,0 +1,8 @@ +typeattribute kernel coredomain; + +domain_auto_trans(kernel, init_exec, init) + +# Allow the kernel to read otapreopt_chroot's file descriptors and files under +# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex. +allow kernel otapreopt_chroot:fd use; +allow kernel postinstall_file:file read; diff --git a/prebuilts/api/30.0/private/keys.conf b/prebuilts/api/30.0/private/keys.conf new file mode 100644 index 000000000..362e73df7 --- /dev/null +++ b/prebuilts/api/30.0/private/keys.conf @@ -0,0 +1,28 @@ +# +# Maps an arbitrary tag [TAGNAME] with the string contents found in +# TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and +# name it after the base file name of the pem file. +# +# Each tag (section) then allows one to specify any string found in +# TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another +# option is to use ALL which will match ANY TARGET_BUILD_VARIANT string. +# + +[@PLATFORM] +ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem + +[@MEDIA] +ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem + +[@NETWORK_STACK] +ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem + +[@SHARED] +ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem + +# Example of ALL TARGET_BUILD_VARIANTS +[@RELEASE] +ENG : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem +USER : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem +USERDEBUG : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem + diff --git a/prebuilts/api/30.0/private/keystore.te b/prebuilts/api/30.0/private/keystore.te new file mode 100644 index 000000000..ee6dbdf2a --- /dev/null +++ b/prebuilts/api/30.0/private/keystore.te @@ -0,0 +1,15 @@ +typeattribute keystore coredomain; + +init_daemon_domain(keystore) + +# talk to keymaster +hal_client_domain(keystore, hal_keymaster) + +# talk to confirmationui +hal_client_domain(keystore, hal_confirmationui) + +# This is used for the ConfirmationUI async callback. +allow keystore platform_app:binder call; + +# Allow to check whether security logging is enabled. +get_prop(keystore, device_logging_prop) diff --git a/prebuilts/api/30.0/private/linkerconfig.te b/prebuilts/api/30.0/private/linkerconfig.te new file mode 100644 index 000000000..414b39f48 --- /dev/null +++ b/prebuilts/api/30.0/private/linkerconfig.te @@ -0,0 +1,19 @@ +type linkerconfig, domain, coredomain; +type linkerconfig_exec, exec_type, file_type, system_file_type; + +init_daemon_domain(linkerconfig) + +## Read and write linkerconfig subdirectory. +allow linkerconfig linkerconfig_file:dir create_dir_perms; +allow linkerconfig linkerconfig_file:file create_file_perms; + +# Allow linkerconfig to log to the kernel. +allow linkerconfig kmsg_device:chr_file w_file_perms; + +# Allow linkerconfig to be invoked with logwrapper from init. +allow linkerconfig devpts:chr_file { read write }; + +# Allow linkerconfig to scan for apex modules +allow linkerconfig apex_mnt_dir:dir r_dir_perms; + +neverallow { domain -init -linkerconfig } linkerconfig_exec:file no_x_file_perms; diff --git a/prebuilts/api/30.0/private/llkd.te b/prebuilts/api/30.0/private/llkd.te new file mode 100644 index 000000000..f218dec7c --- /dev/null +++ b/prebuilts/api/30.0/private/llkd.te @@ -0,0 +1,53 @@ +# llkd Live LocK Daemon +typeattribute llkd coredomain; + +init_daemon_domain(llkd) + +get_prop(llkd, llkd_prop) + +allow llkd self:global_capability_class_set kill; +userdebug_or_eng(` + allow llkd self:global_capability_class_set { sys_ptrace sys_admin }; + allow llkd self:global_capability_class_set { dac_override dac_read_search }; +') + +# llkd optionally locks itself in memory, to prevent it from being +# swapped out and unable to discover a kernel in live-lock state. +allow llkd self:global_capability_class_set ipc_lock; + +# Send kill signals to _anyone_ suffering from Live Lock +allow llkd domain:process sigkill; + +# read stack to check for Live Lock +userdebug_or_eng(` + allow llkd { + domain + -apexd + -kernel + -keystore + -init + -llkd + -ueventd + -vendor_init + }:process ptrace; +') + +# live lock watchdog process allowed to look through /proc/ +allow llkd domain:dir r_dir_perms; +allow llkd domain:file r_file_perms; +allow llkd domain:lnk_file read; +# Set /proc/sys/kernel/hung_task_* +allow llkd proc_hung_task:file rw_file_perms; + +# live lock watchdog process allowed to dump process trace and +# reboot because orderly shutdown may not be possible. +allow llkd proc_sysrq:file w_file_perms; +allow llkd kmsg_device:chr_file w_file_perms; + +### neverallow rules + +neverallow { domain -init } llkd:process { dyntransition transition }; +neverallow { domain userdebug_or_eng(`-crash_dump') } llkd:process ptrace; + +# never honor LD_PRELOAD +neverallow * llkd:process noatsecure; diff --git a/prebuilts/api/30.0/private/lmkd.te b/prebuilts/api/30.0/private/lmkd.te new file mode 100644 index 000000000..a07ce879c --- /dev/null +++ b/prebuilts/api/30.0/private/lmkd.te @@ -0,0 +1,3 @@ +typeattribute lmkd coredomain; + +init_daemon_domain(lmkd) diff --git a/prebuilts/api/30.0/private/logd.te b/prebuilts/api/30.0/private/logd.te new file mode 100644 index 000000000..ca92e2061 --- /dev/null +++ b/prebuilts/api/30.0/private/logd.te @@ -0,0 +1,38 @@ +typeattribute logd coredomain; + +init_daemon_domain(logd) + +# logd is not allowed to write anywhere other than /data/misc/logd, and then +# only on userdebug or eng builds +neverallow logd { + file_type + -runtime_event_log_tags_file + userdebug_or_eng(`-coredump_file -misc_logd_file') + with_native_coverage(`-method_trace_data_file') +}:file { create write append }; + +# protect the event-log-tags file +neverallow { + domain + -appdomain # covered below + -bootstat + -dumpstate + -init + -logd + userdebug_or_eng(`-logpersist') + -servicemanager + -system_server + -surfaceflinger + -zygote +} runtime_event_log_tags_file:file no_rw_file_perms; + +neverallow { + appdomain + -bluetooth + -platform_app + -priv_app + -radio + -shell + userdebug_or_eng(`-su') + -system_app +} runtime_event_log_tags_file:file no_rw_file_perms; diff --git a/prebuilts/api/30.0/private/logpersist.te b/prebuilts/api/30.0/private/logpersist.te new file mode 100644 index 000000000..ac324df88 --- /dev/null +++ b/prebuilts/api/30.0/private/logpersist.te @@ -0,0 +1,29 @@ +typeattribute logpersist coredomain; + +# android debug log storage in logpersist domains (eng and userdebug only) +userdebug_or_eng(` + + r_dir_file(logpersist, cgroup) + + allow logpersist misc_logd_file:file create_file_perms; + allow logpersist misc_logd_file:dir rw_dir_perms; + + allow logpersist self:global_capability_class_set sys_nice; + allow logpersist pstorefs:dir search; + allow logpersist pstorefs:file r_file_perms; + + control_logd(logpersist) + unix_socket_connect(logpersist, logdr, logd) + read_runtime_log_tags(logpersist) + +') + +# logpersist is allowed to write to /data/misc/log for userdebug and eng builds +neverallow logpersist { + file_type + userdebug_or_eng(`-misc_logd_file -coredump_file') + with_native_coverage(`-method_trace_data_file') +}:file { create write append }; +neverallow { domain -init -dumpstate -incidentd userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_rw_file_perms; +neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_w_file_perms; +neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write }; diff --git a/prebuilts/api/30.0/private/lpdumpd.te b/prebuilts/api/30.0/private/lpdumpd.te new file mode 100644 index 000000000..3bcd7612e --- /dev/null +++ b/prebuilts/api/30.0/private/lpdumpd.te @@ -0,0 +1,42 @@ +type lpdumpd, domain, coredomain; +type lpdumpd_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(lpdumpd) + +# Allow lpdumpd to register itself as a service. +binder_use(lpdumpd) +add_service(lpdumpd, lpdump_service) + +# Allow lpdumpd to find the super partition block device. +allow lpdumpd block_device:dir r_dir_perms; + +# Allow lpdumpd to read super partition metadata. +allow lpdumpd super_block_device_type:blk_file r_file_perms; + +# Allow lpdumpd to read fstab. +allow lpdumpd sysfs_dt_firmware_android:dir r_dir_perms; +allow lpdumpd sysfs_dt_firmware_android:file r_file_perms; + +# Triggered when lpdumpd tries to read default fstab. +dontaudit lpdumpd metadata_file:dir r_dir_perms; +dontaudit lpdumpd metadata_file:file r_file_perms; +dontaudit lpdumpd gsi_metadata_file:dir r_dir_perms; +dontaudit lpdumpd gsi_metadata_file:file r_file_perms; + +### Neverallow rules + +# Disallow other domains to get lpdump_service and call lpdumpd. +neverallow { + domain + -dumpstate + -lpdumpd + -shell +} lpdump_service:service_manager find; + +neverallow { + domain + -dumpstate + -lpdumpd + -shell + -servicemanager +} lpdumpd:binder call; diff --git a/prebuilts/api/30.0/private/mac_permissions.xml b/prebuilts/api/30.0/private/mac_permissions.xml new file mode 100644 index 000000000..7fc37c13e --- /dev/null +++ b/prebuilts/api/30.0/private/mac_permissions.xml @@ -0,0 +1,62 @@ + + + + + + + + + + + + + + + + + + + diff --git a/prebuilts/api/30.0/private/mdnsd.te b/prebuilts/api/30.0/private/mdnsd.te new file mode 100644 index 000000000..98e95dab3 --- /dev/null +++ b/prebuilts/api/30.0/private/mdnsd.te @@ -0,0 +1,12 @@ +# mdns daemon + +typeattribute mdnsd coredomain; +typeattribute mdnsd mlstrustedsubject; + +type mdnsd_exec, system_file_type, exec_type, file_type; +init_daemon_domain(mdnsd) + +net_domain(mdnsd) + +# Read from /proc/net +r_dir_file(mdnsd, proc_net_type) diff --git a/prebuilts/api/30.0/private/mediadrmserver.te b/prebuilts/api/30.0/private/mediadrmserver.te new file mode 100644 index 000000000..4e511a819 --- /dev/null +++ b/prebuilts/api/30.0/private/mediadrmserver.te @@ -0,0 +1,8 @@ +typeattribute mediadrmserver coredomain; + +init_daemon_domain(mediadrmserver) + +# allocate and use graphic buffers +hal_client_domain(mediadrmserver, hal_graphics_allocator) +auditallow mediadrmserver hal_graphics_allocator_server:binder call; + diff --git a/prebuilts/api/30.0/private/mediaextractor.te b/prebuilts/api/30.0/private/mediaextractor.te new file mode 100644 index 000000000..2e654d689 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaextractor.te @@ -0,0 +1,7 @@ +typeattribute mediaextractor coredomain; + +init_daemon_domain(mediaextractor) +tmpfs_domain(mediaextractor) +allow mediaextractor appdomain_tmpfs:file { getattr map read write }; +allow mediaextractor mediaserver_tmpfs:file { getattr map read write }; +allow mediaextractor system_server_tmpfs:file { getattr map read write }; diff --git a/prebuilts/api/30.0/private/mediametrics.te b/prebuilts/api/30.0/private/mediametrics.te new file mode 100644 index 000000000..f8b2fa5cd --- /dev/null +++ b/prebuilts/api/30.0/private/mediametrics.te @@ -0,0 +1,3 @@ +typeattribute mediametrics coredomain; + +init_daemon_domain(mediametrics) diff --git a/prebuilts/api/30.0/private/mediaprovider.te b/prebuilts/api/30.0/private/mediaprovider.te new file mode 100644 index 000000000..249fee179 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaprovider.te @@ -0,0 +1,44 @@ +### +### A domain for android.process.media, which contains both +### MediaProvider and DownloadProvider and associated services. +### + +typeattribute mediaprovider coredomain; +app_domain(mediaprovider) + +# DownloadProvider accesses the network. +net_domain(mediaprovider) + +# DownloadProvider uses /cache. +allow mediaprovider cache_file:dir create_dir_perms; +allow mediaprovider cache_file:file create_file_perms; +# /cache is a symlink to /data/cache on some devices. Allow reading the link. +allow mediaprovider cache_file:lnk_file r_file_perms; +# mediaprovider searches through /cache looking for orphans +# Ignore denials to /cache/recovery and /cache/backup. +dontaudit mediaprovider cache_private_backup_file:dir getattr; +dontaudit mediaprovider cache_recovery_file:dir getattr; + +# Access external sdcards through /mnt/media_rw +allow mediaprovider { mnt_media_rw_file }:dir search; + +allow mediaprovider app_api_service:service_manager find; +allow mediaprovider audioserver_service:service_manager find; +allow mediaprovider drmserver_service:service_manager find; +allow mediaprovider mediaextractor_service:service_manager find; +allow mediaprovider mediaserver_service:service_manager find; + +# Allow MediaProvider to read/write cached ringtones (opened by system). +allow mediaprovider ringtone_file:file { getattr read write }; + +# MtpServer uses /dev/mtp_usb +allow mediaprovider mtp_device:chr_file rw_file_perms; + +# MtpServer uses /dev/usb-ffs/mtp +allow mediaprovider functionfs:dir search; +allow mediaprovider functionfs:file rw_file_perms; +allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC; + +# MtpServer sets sys.usb.ffs.mtp.ready +set_prop(mediaprovider, ffs_prop) +set_prop(mediaprovider, exported_ffs_prop) diff --git a/prebuilts/api/30.0/private/mediaprovider_app.te b/prebuilts/api/30.0/private/mediaprovider_app.te new file mode 100644 index 000000000..0b1047ae8 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaprovider_app.te @@ -0,0 +1,42 @@ +### +### A domain for further sandboxing the MediaProvider mainline module. +### +type mediaprovider_app, domain, coredomain; + +app_domain(mediaprovider_app) + +# Access to /mnt/pass_through. +allow mediaprovider_app mnt_pass_through_file:dir r_dir_perms; + +# Allow MediaProvider to host a FUSE daemon for external storage +allow mediaprovider_app fuse_device:chr_file { read write ioctl getattr }; + +# Allow MediaProvider to read/write media_rw_data_file files and dirs +allow mediaprovider_app media_rw_data_file:file create_file_perms; +allow mediaprovider_app media_rw_data_file:dir create_dir_perms; + +# Talk to the DRM service +allow mediaprovider_app drmserver_service:service_manager find; + +# Talk to the MediaServer service +allow mediaprovider_app mediaserver_service:service_manager find; + +# Talk to regular app services +allow mediaprovider_app app_api_service:service_manager find; + +# Talk to the GPU service +binder_call(mediaprovider_app, gpuservice) + +# read pipe-max-size configuration +allow mediaprovider_app proc_pipe_conf:file r_file_perms; + +# Allow MediaProvider to set extended attributes (such as quota project ID) +# on media files. +allowxperm mediaprovider_app media_rw_data_file:{ dir file } ioctl { + FS_IOC_FSGETXATTR + FS_IOC_FSSETXATTR + FS_IOC_GETFLAGS + FS_IOC_SETFLAGS +}; + +allow mediaprovider_app proc_filesystems:file r_file_perms; diff --git a/prebuilts/api/30.0/private/mediaserver.te b/prebuilts/api/30.0/private/mediaserver.te new file mode 100644 index 000000000..c55e54a94 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaserver.te @@ -0,0 +1,14 @@ +typeattribute mediaserver coredomain; + +init_daemon_domain(mediaserver) +tmpfs_domain(mediaserver) +allow mediaserver appdomain_tmpfs:file { getattr map read write }; + +# allocate and use graphic buffers +hal_client_domain(mediaserver, hal_graphics_allocator) +hal_client_domain(mediaserver, hal_configstore) +hal_client_domain(mediaserver, hal_drm) +hal_client_domain(mediaserver, hal_omx) +hal_client_domain(mediaserver, hal_codec2) + +allow mediaserver mediatranscoding_service:service_manager find; diff --git a/prebuilts/api/30.0/private/mediaswcodec.te b/prebuilts/api/30.0/private/mediaswcodec.te new file mode 100644 index 000000000..50f569875 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaswcodec.te @@ -0,0 +1,4 @@ +typeattribute mediaswcodec coredomain; + +init_daemon_domain(mediaswcodec) + diff --git a/prebuilts/api/30.0/private/mediatranscoding.te b/prebuilts/api/30.0/private/mediatranscoding.te new file mode 100644 index 000000000..e0ad84c66 --- /dev/null +++ b/prebuilts/api/30.0/private/mediatranscoding.te @@ -0,0 +1,3 @@ +typeattribute mediatranscoding coredomain; + +init_daemon_domain(mediatranscoding) diff --git a/prebuilts/api/30.0/private/migrate_legacy_obb_data.te b/prebuilts/api/30.0/private/migrate_legacy_obb_data.te new file mode 100644 index 000000000..b2a1fb10a --- /dev/null +++ b/prebuilts/api/30.0/private/migrate_legacy_obb_data.te @@ -0,0 +1,28 @@ +type migrate_legacy_obb_data, domain, coredomain; +type migrate_legacy_obb_data_exec, system_file_type, exec_type, file_type; + +allow migrate_legacy_obb_data media_rw_data_file:dir create_dir_perms; +allow migrate_legacy_obb_data media_rw_data_file:file create_file_perms; + +allow migrate_legacy_obb_data shell_exec:file rx_file_perms; + +allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; + +allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; + +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + +# TODO: This should not be necessary. We don't deliberately hand over +# any open file descriptors to this domain, so anything that triggers this +# should be a candidate for O_CLOEXEC. +allow migrate_legacy_obb_data installd:fd use; + +# This rule is required to let this process read /proc/{parent_pid}/mount. +# TODO: Why is this required ? +allow migrate_legacy_obb_data installd:file read; diff --git a/prebuilts/api/30.0/private/mls b/prebuilts/api/30.0/private/mls new file mode 100644 index 000000000..9690440e8 --- /dev/null +++ b/prebuilts/api/30.0/private/mls @@ -0,0 +1,107 @@ +################################################# +# MLS policy constraints +# + +# +# Process constraints +# + +# Process transition: Require equivalence unless the subject is trusted. +mlsconstrain process { transition dyntransition } + ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject); + +# Process read operations: No read up unless trusted. +mlsconstrain process { getsched getsession getpgid getcap getattr ptrace share } + (l1 dom l2 or t1 == mlstrustedsubject); + +# Process write operations: Require equivalence unless trusted. +mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setrlimit ptrace share } + (l1 eq l2 or t1 == mlstrustedsubject); + +# +# Socket constraints +# + +# Create/relabel operations: Subject must be equivalent to object unless +# the subject is trusted. Sockets inherit the range of their creator. +mlsconstrain socket_class_set { create relabelfrom relabelto } + ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject); + +# Datagram send: Sender must be equivalent to the receiver unless one of them +# is trusted. +mlsconstrain unix_dgram_socket { sendto } + (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject); + +# Stream connect: Client must be equivalent to server unless one of them +# is trusted. +mlsconstrain unix_stream_socket { connectto } + (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject); + +# +# Directory/file constraints +# + +# Create/relabel operations: Subject must be equivalent to object unless +# the subject is trusted. Also, files should always be single-level. +# Do NOT exempt mlstrustedobject types from this constraint. +mlsconstrain dir_file_class_set { create relabelfrom relabelto } + (l2 eq h2 and (l1 eq l2 or t1 == mlstrustedsubject)); + +# +# Constraints for app data files only. +# + +# Only constrain open, not read/write. +# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc. +# Subject must dominate object unless the subject is trusted. +mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir } + ( (t2 != app_data_file and t2 != privapp_data_file ) or l1 dom l2 or t1 == mlstrustedsubject); +mlsconstrain { file sock_file } { open setattr unlink link rename } + ( (t2 != app_data_file and t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject); +# For symlinks in app_data_file, require equivalence in order to manipulate or follow (read). +mlsconstrain { lnk_file } { open setattr unlink link rename read } + ( (t2 != app_data_file) or l1 eq l2 or t1 == mlstrustedsubject); +# For priv_app_data_file, continue to use dominance for symlinks because dynamite relies on this. +# TODO: Migrate to equivalence when it's no longer needed. +mlsconstrain { lnk_file } { open setattr unlink link rename read } + ( (t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject); + +# +# Constraints for file types other than app data files. +# + +# Read operations: Subject must dominate object unless the subject +# or the object is trusted. +mlsconstrain dir { read getattr search } + (t2 == app_data_file or t2 == privapp_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); + +mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute } + (t2 == app_data_file or t2 == privapp_data_file or t2 == appdomain_tmpfs or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); + +# Write operations: Subject must be equivalent to the object unless the +# subject or the object is trusted. +mlsconstrain dir { write setattr rename add_name remove_name reparent rmdir } + (t2 == app_data_file or t2 == privapp_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); + +mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr append unlink link rename } + (t2 == app_data_file or t2 == privapp_data_file or t2 == appdomain_tmpfs or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); + +# Special case for FIFOs. +# These can be unnamed pipes, in which case they will be labeled with the +# creating process' label. Thus we also have an exemption when the "object" +# is a domain type, so that processes can communicate via unnamed pipes +# passed by binder or local socket IPC. +mlsconstrain fifo_file { read getattr } + (l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain); + +mlsconstrain fifo_file { write setattr append unlink link rename } + (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain); + +# +# Binder IPC constraints +# +# Presently commented out, as apps are expected to call one another. +# This would only make sense if apps were assigned categories +# based on allowable communications rather than per-app categories. +#mlsconstrain binder call +# (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject); diff --git a/prebuilts/api/30.0/private/mls_decl b/prebuilts/api/30.0/private/mls_decl new file mode 100644 index 000000000..dd53bea7e --- /dev/null +++ b/prebuilts/api/30.0/private/mls_decl @@ -0,0 +1,10 @@ +######################################### +# MLS declarations +# + +# Generate the desired number of sensitivities and categories. +gen_sens(mls_num_sens) +gen_cats(mls_num_cats) + +# Generate level definitions for each sensitivity and category. +gen_levels(mls_num_sens,mls_num_cats) diff --git a/prebuilts/api/30.0/private/mls_macros b/prebuilts/api/30.0/private/mls_macros new file mode 100644 index 000000000..83e05425b --- /dev/null +++ b/prebuilts/api/30.0/private/mls_macros @@ -0,0 +1,54 @@ +######################################## +# +# gen_cats(N) +# +# declares categores c0 to c(N-1) +# +define(`decl_cats',`dnl +category c$1; +ifelse(`$1',`$2',,`decl_cats(incr($1),$2)')dnl +') + +define(`gen_cats',`decl_cats(0,decr($1))') + +######################################## +# +# gen_sens(N) +# +# declares sensitivites s0 to s(N-1) with dominance +# in increasing numeric order with s0 lowest, s(N-1) highest +# +define(`decl_sens',`dnl +sensitivity s$1; +ifelse(`$1',`$2',,`decl_sens(incr($1),$2)')dnl +') + +define(`gen_dominance',`s$1 ifelse(`$1',`$2',,`gen_dominance(incr($1),$2)')') + +define(`gen_sens',` +# Each sensitivity has a name and zero or more aliases. +decl_sens(0,decr($1)) + +# Define the ordering of the sensitivity levels (least to greatest) +dominance { gen_dominance(0,decr($1)) } +') + +######################################## +# +# gen_levels(N,M) +# +# levels from s0 to (N-1) with categories c0 to (M-1) +# +define(`decl_levels',`dnl +level s$1:c0.c$3; +ifelse(`$1',`$2',,`decl_levels(incr($1),$2,$3)')dnl +') + +define(`gen_levels',`decl_levels(0,decr($1),decr($2))') + +######################################## +# +# Basic level names for system low and high +# +define(`mls_systemlow',`s0') +define(`mls_systemhigh',`s`'decr(mls_num_sens):c0.c`'decr(mls_num_cats)') diff --git a/prebuilts/api/30.0/private/modprobe.te b/prebuilts/api/30.0/private/modprobe.te new file mode 100644 index 000000000..98586756f --- /dev/null +++ b/prebuilts/api/30.0/private/modprobe.te @@ -0,0 +1 @@ +typeattribute modprobe coredomain; diff --git a/prebuilts/api/30.0/private/mtp.te b/prebuilts/api/30.0/private/mtp.te new file mode 100644 index 000000000..732e111ed --- /dev/null +++ b/prebuilts/api/30.0/private/mtp.te @@ -0,0 +1,3 @@ +typeattribute mtp coredomain; + +init_daemon_domain(mtp) diff --git a/prebuilts/api/30.0/private/netd.te b/prebuilts/api/30.0/private/netd.te new file mode 100644 index 000000000..41473b73d --- /dev/null +++ b/prebuilts/api/30.0/private/netd.te @@ -0,0 +1,30 @@ +typeattribute netd coredomain; + +init_daemon_domain(netd) + +# Allow netd to spawn dnsmasq in it's own domain +domain_auto_trans(netd, dnsmasq_exec, dnsmasq) + +# Allow netd to start clatd in its own domain and kill it +domain_auto_trans(netd, clatd_exec, clatd) +allow netd clatd:process signal; + +# give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write +# the map created by bpfloader +allow netd bpfloader:bpf { prog_run map_read map_write }; + +# in order to invoke side effect of close() on such a socket calling synchronize_rcu() +# TODO: Remove this permission when 4.9 kernel is deprecated. +allow netd self:key_socket create; + +get_prop(netd, bpf_progs_loaded_prop) + +# Allow netd to write to statsd. +unix_socket_send(netd, statsdw, statsd) + +# Allow netd to send callbacks to network_stack +binder_call(netd, network_stack) + +# Allow netd to send dump info to dumpstate +allow netd dumpstate:fd use; +allow netd dumpstate:fifo_file { getattr write }; diff --git a/prebuilts/api/30.0/private/netutils_wrapper.te b/prebuilts/api/30.0/private/netutils_wrapper.te new file mode 100644 index 000000000..ca3b51585 --- /dev/null +++ b/prebuilts/api/30.0/private/netutils_wrapper.te @@ -0,0 +1,44 @@ +typeattribute netutils_wrapper coredomain; + +r_dir_file(netutils_wrapper, system_file); + +# For netutils (ip, iptables, tc) +allow netutils_wrapper self:global_capability_class_set net_raw; + +allow netutils_wrapper system_file:file { execute execute_no_trans }; +allow netutils_wrapper proc_net_type:file { open read getattr }; +allow netutils_wrapper self:rawip_socket create_socket_perms; +allow netutils_wrapper self:udp_socket create_socket_perms; +allow netutils_wrapper self:global_capability_class_set net_admin; +# ip utils need everything but ioctl +allow netutils_wrapper self:netlink_route_socket ~ioctl; +allow netutils_wrapper self:netlink_xfrm_socket ~ioctl; + +# For netutils (ndc) to be able to talk to netd +allow netutils_wrapper netd_service:service_manager find; +allow netutils_wrapper dnsresolver_service:service_manager find; +binder_use(netutils_wrapper); +binder_call(netutils_wrapper, netd); + +# For vendor code that update the iptables rules at runtime. They need to reload +# the whole chain including the xt_bpf rules. They need to access to the pinned +# program when reloading the rule. +allow netutils_wrapper fs_bpf:dir search; +allow netutils_wrapper fs_bpf:file { read write }; +allow netutils_wrapper bpfloader:bpf prog_run; + +# For /data/misc/net access to ndc and ip +r_dir_file(netutils_wrapper, net_data_file) + +domain_auto_trans({ + domain + -coredomain + -appdomain +}, netutils_wrapper_exec, netutils_wrapper) + +# suppress spurious denials +dontaudit netutils_wrapper self:global_capability_class_set sys_resource; +dontaudit netutils_wrapper sysfs_type:file read; + +# netutils wrapper may only use the following capabilities. +neverallow netutils_wrapper self:global_capability_class_set ~{ net_admin net_raw }; diff --git a/prebuilts/api/30.0/private/network_stack.te b/prebuilts/api/30.0/private/network_stack.te new file mode 100644 index 000000000..1295a070f --- /dev/null +++ b/prebuilts/api/30.0/private/network_stack.te @@ -0,0 +1,38 @@ +# Networking service app +typeattribute network_stack coredomain; + +app_domain(network_stack); +net_domain(network_stack); + +allow network_stack self:global_capability_class_set { + net_admin + net_bind_service + net_broadcast + net_raw +}; + +# Allow access to net_admin ioctl, DHCP server uses SIOCSARP +allowxperm network_stack self:udp_socket ioctl priv_sock_ioctls; + +# The DhcpClient uses packet_sockets +allow network_stack self:packet_socket create_socket_perms_no_ioctl; + +# Monitor neighbors via netlink. +allow network_stack self:netlink_route_socket nlmsg_write; + +allow network_stack app_api_service:service_manager find; +allow network_stack dnsresolver_service:service_manager find; +allow network_stack netd_service:service_manager find; +allow network_stack radio_service:service_manager find; +allow network_stack radio_data_file:dir create_dir_perms; +allow network_stack radio_data_file:file create_file_perms; + +binder_call(network_stack, netd); + +# Create/use netlink_tcpdiag_socket to get tcp info +allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write }; +############### Tethering Service app - Tethering.apk ############## +hal_client_domain(network_stack, hal_tetheroffload) +# Create and share netlink_netfilter_sockets for tetheroffload. +allow network_stack self:netlink_netfilter_socket create_socket_perms_no_ioctl; +allow network_stack network_stack_service:service_manager find; diff --git a/prebuilts/api/30.0/private/nfc.te b/prebuilts/api/30.0/private/nfc.te new file mode 100644 index 000000000..2e48eef04 --- /dev/null +++ b/prebuilts/api/30.0/private/nfc.te @@ -0,0 +1,33 @@ +# nfc subsystem +typeattribute nfc coredomain; +app_domain(nfc) +net_domain(nfc) + +binder_service(nfc) +add_service(nfc, nfc_service) + +hal_client_domain(nfc, hal_nfc) + +# Data file accesses. +allow nfc nfc_data_file:dir create_dir_perms; +allow nfc nfc_data_file:notdevfile_class_set create_file_perms; + +# SoundPool loading and playback +allow nfc audioserver_service:service_manager find; +allow nfc drmserver_service:service_manager find; +allow nfc mediametrics_service:service_manager find; +allow nfc mediaextractor_service:service_manager find; +allow nfc mediaserver_service:service_manager find; + +allow nfc radio_service:service_manager find; +allow nfc app_api_service:service_manager find; +allow nfc system_api_service:service_manager find; +allow nfc vr_manager_service:service_manager find; +allow nfc secure_element_service:service_manager find; + +set_prop(nfc, nfc_prop); + +# already open bugreport file descriptors may be shared with +# the nfc process, from a file in +# /data/data/com.android.shell/files/bugreports/bugreport-*. +allow nfc shell_data_file:file read; diff --git a/prebuilts/api/30.0/private/notify_traceur.te b/prebuilts/api/30.0/private/notify_traceur.te new file mode 100644 index 000000000..ef1fd4f38 --- /dev/null +++ b/prebuilts/api/30.0/private/notify_traceur.te @@ -0,0 +1,12 @@ +type notify_traceur, domain, coredomain; +type notify_traceur_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(notify_traceur); +binder_use(notify_traceur); + +# This is to execute am +allow notify_traceur activity_service:service_manager find; +allow notify_traceur shell_exec:file rx_file_perms; +allow notify_traceur system_file:file rx_file_perms; + +binder_call(notify_traceur, system_server); diff --git a/prebuilts/api/30.0/private/otapreopt_chroot.te b/prebuilts/api/30.0/private/otapreopt_chroot.te new file mode 100644 index 000000000..e2bc33e3f --- /dev/null +++ b/prebuilts/api/30.0/private/otapreopt_chroot.te @@ -0,0 +1,74 @@ +# otapreopt_chroot executable +type otapreopt_chroot, domain, coredomain; +type otapreopt_chroot_exec, system_file_type, exec_type, file_type; + +# Chroot preparation and execution. +# We need to create an unshared mount namespace, and then mount /data. +allow otapreopt_chroot postinstall_file:dir { search mounton }; +allow otapreopt_chroot self:global_capability_class_set { sys_admin sys_chroot }; + +# This is required to mount /vendor and mount/unmount ext4 images from +# APEX packages in /postinstall/apex. +allow otapreopt_chroot block_device:dir search; +allow otapreopt_chroot labeledfs:filesystem { mount unmount }; +# This is required for dynamic partitions. +allow otapreopt_chroot dm_device:chr_file rw_file_perms; + +# This is required to unmount flattened APEX packages under +# /postinstall/system/apex (which are bind-mounted in /postinstall/apex). +allow otapreopt_chroot postinstall_file:filesystem unmount; +# Mounting /vendor can have this side-effect. Ignore denial. +dontaudit otapreopt_chroot kernel:process setsched; + +# Allow otapreopt_chroot to read SELinux policy files. +allow otapreopt_chroot file_contexts_file:file r_file_perms; + +# Allow otapreopt_chroot to open and read the contents of /postinstall/system/apex. +allow otapreopt_chroot postinstall_file:dir r_dir_perms; +# Allow otapreopt_chroot to read the persist.apexd.verity_on_system system property. +get_prop(otapreopt_chroot, apexd_prop) + +# Allow otapreopt to use file descriptors from update-engine. It will +# close them immediately. +allow otapreopt_chroot postinstall:fd use; +allow otapreopt_chroot update_engine:fd use; +allow otapreopt_chroot update_engine:fifo_file write; + +# Allow to transition to postinstall_dexopt, to run otapreopt in its own sandbox. +domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt) + +# Allow otapreopt_chroot to create loop devices with /dev/loop-control. +allow otapreopt_chroot loop_control_device:chr_file rw_file_perms; +# Allow otapreopt_chroot to access loop devices. +allow otapreopt_chroot loop_device:blk_file rw_file_perms; +allowxperm otapreopt_chroot loop_device:blk_file ioctl { + LOOP_GET_STATUS64 + LOOP_SET_STATUS64 + LOOP_SET_FD + LOOP_SET_BLOCK_SIZE + LOOP_SET_DIRECT_IO + LOOP_CLR_FD + BLKFLSBUF +}; + +# Allow otapreopt_chroot to configure read-ahead of loop devices. +allow otapreopt_chroot sysfs_loop:dir r_dir_perms; +allow otapreopt_chroot sysfs_loop:file rw_file_perms; + +# Allow otapreopt_chroot to mount a tmpfs filesystem in /postinstall/apex. +allow otapreopt_chroot tmpfs:filesystem mount; +# Allow otapreopt_chroot to restore the security context of /postinstall/apex. +allow otapreopt_chroot tmpfs:dir relabelfrom; +allow otapreopt_chroot postinstall_apex_mnt_dir:dir relabelto; + +# Allow otapreopt_chroot to manipulate directory /postinstall/apex. +allow otapreopt_chroot postinstall_apex_mnt_dir:dir create_dir_perms; +# Allow otapreopt_chroot to mount APEX packages in /postinstall/apex. +allow otapreopt_chroot postinstall_apex_mnt_dir:dir mounton; + +# Allow otapreopt_chroot to access /dev/block (needed to detach loop +# devices used by ext4 images from APEX packages). +allow otapreopt_chroot block_device:dir r_dir_perms; + +# Allow to access the linker through the symlink. +allow otapreopt_chroot postinstall_file:lnk_file r_file_perms; diff --git a/prebuilts/api/30.0/private/otapreopt_slot.te b/prebuilts/api/30.0/private/otapreopt_slot.te new file mode 100644 index 000000000..27a3b0e08 --- /dev/null +++ b/prebuilts/api/30.0/private/otapreopt_slot.te @@ -0,0 +1,28 @@ +# This command set moves the artifact corresponding to the current slot +# from /data/ota to /data/dalvik-cache. + +type otapreopt_slot, domain, mlstrustedsubject, coredomain; +type otapreopt_slot_exec, system_file_type, exec_type, file_type; + +# Technically not a daemon but we do want the transition from init domain to +# cppreopts to occur. +init_daemon_domain(otapreopt_slot) + +# The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up +# the directory afterwards. For logging of aggregate size, we need getattr. +allow otapreopt_slot ota_data_file:dir { rw_dir_perms rename reparent rmdir }; +allow otapreopt_slot ota_data_file:{ file lnk_file } getattr; +# (du follows symlinks) +allow otapreopt_slot ota_data_file:lnk_file read; + +# Delete old content of the dalvik-cache. +allow otapreopt_slot dalvikcache_data_file:dir { add_name getattr open read remove_name rmdir search write }; +allow otapreopt_slot dalvikcache_data_file:file { getattr unlink }; +allow otapreopt_slot dalvikcache_data_file:lnk_file { getattr read unlink }; + +# Allow cppreopts to execute itself using #!/system/bin/sh +allow otapreopt_slot shell_exec:file rx_file_perms; + +# Allow running the mv and rm/rmdir commands using otapreopt_slot permissions. +# Needed so we can move artifacts into /data/dalvik-cache/dalvik-cache. +allow otapreopt_slot toolbox_exec:file rx_file_perms; diff --git a/prebuilts/api/30.0/private/perfetto.te b/prebuilts/api/30.0/private/perfetto.te new file mode 100644 index 000000000..06e4ed116 --- /dev/null +++ b/prebuilts/api/30.0/private/perfetto.te @@ -0,0 +1,85 @@ +# Perfetto command-line client. Can be used only from the domains that are +# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto). +# This command line client accesses the privileged socket of the traced +# daemon. + +type perfetto_exec, system_file_type, exec_type, file_type; +type perfetto_tmpfs, file_type; + +tmpfs_domain(perfetto); + +# Allow to access traced's privileged consumer socket. +unix_socket_connect(perfetto, traced_consumer, traced) + +# Connect to the Perfetto traced daemon as a producer. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(perfetto) + +# Allow to write and unlink traces into /data/misc/perfetto-traces. +allow perfetto perfetto_traces_data_file:dir rw_dir_perms; +allow perfetto perfetto_traces_data_file:file create_file_perms; + +# Allow to access binder to pass the traces to Dropbox. +binder_use(perfetto) +binder_call(perfetto, system_server) +allow perfetto dropbox_service:service_manager find; + +# Allow perfetto to read the trace config from statsd and shell +# (both root and non-root) on stdin and also to write the resulting trace to +# stdout. +allow perfetto { statsd shell su }:fd use; +allow perfetto { statsd shell su }:fifo_file { getattr read write }; + +# Allow to communicate use, read and write over the adb connection. +allow perfetto adbd:fd use; +allow perfetto adbd:unix_stream_socket { read write }; + +# Allow adbd to reap perfetto. +allow perfetto adbd:process { sigchld }; + +# Allow perfetto to write to statsd. +unix_socket_send(perfetto, statsdw, statsd) + +# Allow to access /dev/pts when launched in an adb shell. +allow perfetto devpts:chr_file rw_file_perms; + +# Allow perfetto to ask incidentd to start a report. +allow perfetto incident_service:service_manager find; +binder_call(perfetto, incidentd) + +### +### Neverallow rules +### +### perfetto should NEVER do any of this + +# Disallow mapping executable memory (execstack and exec are already disallowed +# globally in domain.te). +neverallow perfetto self:process execmem; + +# Block device access. +neverallow perfetto dev_type:blk_file { read write }; + +# ptrace any other process +neverallow perfetto domain:process ptrace; + +# Disallows access to other /data files. +neverallow perfetto { + data_file_type + -system_data_file + -system_data_root_file + # TODO(b/72998741) Remove exemption. Further restricted in a subsequent + # neverallow. Currently only getattr and search are allowed. + -vendor_data_file + -zoneinfo_data_file + -perfetto_traces_data_file + with_native_coverage(`-method_trace_data_file') +}:dir *; +neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search }; +neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms; +neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *; +neverallow perfetto { + data_file_type + -zoneinfo_data_file + -perfetto_traces_data_file + with_native_coverage(`-method_trace_data_file') +}:file ~write; diff --git a/prebuilts/api/30.0/private/performanced.te b/prebuilts/api/30.0/private/performanced.te new file mode 100644 index 000000000..792826e02 --- /dev/null +++ b/prebuilts/api/30.0/private/performanced.te @@ -0,0 +1,3 @@ +typeattribute performanced coredomain; + +init_daemon_domain(performanced) diff --git a/prebuilts/api/30.0/private/permissioncontroller_app.te b/prebuilts/api/30.0/private/permissioncontroller_app.te new file mode 100644 index 000000000..8a6f6aa26 --- /dev/null +++ b/prebuilts/api/30.0/private/permissioncontroller_app.te @@ -0,0 +1,38 @@ +### +### A domain for further sandboxing the GooglePermissionController app. +### +type permissioncontroller_app, domain, coredomain; + +app_domain(permissioncontroller_app) + +# Allow interaction with gpuservice +binder_call(permissioncontroller_app, gpuservice) +allow permissioncontroller_app gpu_service:service_manager find; + +# Allow interaction with role_service +allow permissioncontroller_app role_service:service_manager find; + +# Allow interaction with usagestats_service +allow permissioncontroller_app usagestats_service:service_manager find; + +# Allow interaction with activity_service +allow permissioncontroller_app activity_service:service_manager find; + +allow permissioncontroller_app activity_task_service:service_manager find; +allow permissioncontroller_app audio_service:service_manager find; +allow permissioncontroller_app autofill_service:service_manager find; +allow permissioncontroller_app content_capture_service:service_manager find; +allow permissioncontroller_app device_policy_service:service_manager find; +allow permissioncontroller_app incidentcompanion_service:service_manager find; +allow permissioncontroller_app IProxyService_service:service_manager find; +allow permissioncontroller_app location_service:service_manager find; +allow permissioncontroller_app media_session_service:service_manager find; +allow permissioncontroller_app surfaceflinger_service:service_manager find; +allow permissioncontroller_app telecom_service:service_manager find; +allow permissioncontroller_app trust_service:service_manager find; + +# Allow the app to request and collect incident reports. +# (Also requires DUMP and PACKAGE_USAGE_STATS permissions) +allow permissioncontroller_app incident_service:service_manager find; +binder_call(permissioncontroller_app, incidentd) +allow permissioncontroller_app incidentd:fifo_file { read write }; diff --git a/prebuilts/api/30.0/private/platform_app.te b/prebuilts/api/30.0/private/platform_app.te new file mode 100644 index 000000000..3beec38e0 --- /dev/null +++ b/prebuilts/api/30.0/private/platform_app.te @@ -0,0 +1,102 @@ +### +### Apps signed with the platform key. +### + +typeattribute platform_app coredomain; + +app_domain(platform_app) + +# Access the network. +net_domain(platform_app) +# Access bluetooth. +bluetooth_domain(platform_app) +# Read from /data/local/tmp or /data/data/com.android.shell. +allow platform_app shell_data_file:dir search; +allow platform_app shell_data_file:file { open getattr read }; +allow platform_app icon_file:file { open getattr read }; +# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files +# created by system server. +allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms; +allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms; +allow platform_app apk_private_data_file:dir search; +# ASEC +allow platform_app asec_apk_file:dir create_dir_perms; +allow platform_app asec_apk_file:file create_file_perms; + +# Access to /data/media. +allow platform_app media_rw_data_file:dir create_dir_perms; +allow platform_app media_rw_data_file:file create_file_perms; + +# Write to /cache. +allow platform_app cache_file:dir create_dir_perms; +allow platform_app cache_file:file create_file_perms; + +# Direct access to vold-mounted storage under /mnt/media_rw +# This is a performance optimization that allows platform apps to bypass the FUSE layer +allow platform_app mnt_media_rw_file:dir r_dir_perms; +allow platform_app sdcard_type:dir create_dir_perms; +allow platform_app sdcard_type:file create_file_perms; + +# com.android.systemui +allow platform_app rootfs:dir getattr; + +# com.android.captiveportallogin reads /proc/vmstat +allow platform_app { + proc_vmstat +}:file r_file_perms; + +# /proc/net access. +# TODO(b/9496886) Audit access for removal. +r_dir_file(platform_app, proc_net_type) +userdebug_or_eng(` + auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read }; +') + +allow platform_app audioserver_service:service_manager find; +allow platform_app cameraserver_service:service_manager find; +allow platform_app drmserver_service:service_manager find; +allow platform_app mediaserver_service:service_manager find; +allow platform_app mediametrics_service:service_manager find; +allow platform_app mediaextractor_service:service_manager find; +allow platform_app mediadrmserver_service:service_manager find; +allow platform_app persistent_data_block_service:service_manager find; +allow platform_app radio_service:service_manager find; +allow platform_app thermal_service:service_manager find; +allow platform_app timezone_service:service_manager find; +allow platform_app app_api_service:service_manager find; +allow platform_app system_api_service:service_manager find; +allow platform_app vr_manager_service:service_manager find; +allow platform_app gpu_service:service_manager find; +allow platform_app stats_service:service_manager find; + +# Allow platform apps to interact with gpuservice +binder_call(platform_app, gpuservice) + +# Allow platform apps to log via statsd. +binder_call(platform_app, statsd) + +# Access to /data/preloads +allow platform_app preloads_data_file:file r_file_perms; +allow platform_app preloads_data_file:dir r_dir_perms; +allow platform_app preloads_media_file:file r_file_perms; +allow platform_app preloads_media_file:dir r_dir_perms; + +read_runtime_log_tags(platform_app) + +# allow platform apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow platform_app system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +# allow platform apps to connect to the property service +set_prop(platform_app, test_boot_reason_prop) + +# allow platform apps to create symbolic link +allow platform_app app_data_file:lnk_file create_file_perms; + +### +### Neverallow rules +### + +# app domains which access /dev/fuse should not run as platform_app +neverallow platform_app fuse_device:chr_file *; diff --git a/prebuilts/api/30.0/private/policy_capabilities b/prebuilts/api/30.0/private/policy_capabilities new file mode 100644 index 000000000..9290e3ab3 --- /dev/null +++ b/prebuilts/api/30.0/private/policy_capabilities @@ -0,0 +1,20 @@ +# Enable new networking controls. +policycap network_peer_controls; + +# Enable open permission check. +policycap open_perms; + +# Enable separate security classes for +# all network address families previously +# mapped to the socket class and for +# ICMP and SCTP sockets previously mapped +# to the rawip_socket class. +policycap extended_socket_class; + +# Enable NoNewPrivileges support. Requires libsepol 2.7+ +# and kernel 4.14 (estimated). +# +# Checks enabled; +# process2: nnp_transition, nosuid_transition +# +policycap nnp_nosuid_transition; diff --git a/prebuilts/api/30.0/private/port_contexts b/prebuilts/api/30.0/private/port_contexts new file mode 100644 index 000000000..b473c0c9b --- /dev/null +++ b/prebuilts/api/30.0/private/port_contexts @@ -0,0 +1,3 @@ +# portcon statements go here, e.g. +# portcon tcp 80 u:object_r:http_port:s0 + diff --git a/prebuilts/api/30.0/private/postinstall.te b/prebuilts/api/30.0/private/postinstall.te new file mode 100644 index 000000000..363e362dd --- /dev/null +++ b/prebuilts/api/30.0/private/postinstall.te @@ -0,0 +1,3 @@ +typeattribute postinstall coredomain; + +domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot) diff --git a/prebuilts/api/30.0/private/postinstall_dexopt.te b/prebuilts/api/30.0/private/postinstall_dexopt.te new file mode 100644 index 000000000..fd370c201 --- /dev/null +++ b/prebuilts/api/30.0/private/postinstall_dexopt.te @@ -0,0 +1,75 @@ +# Domain for the otapreopt executable, running under postinstall_dexopt +# +# Note: otapreopt is a driver for dex2oat, and reuses parts of installd. As such, +# this is derived and adapted from installd.te. + +type postinstall_dexopt, domain, coredomain; + +# Run dex2oat/patchoat in its own sandbox. +# We have to manually transition, as we don't have an entrypoint. +# - Case where dex2oat is in a non-flattened APEX, which has retained +# the correct type (`dex2oat_exec`). +domain_auto_trans(postinstall_dexopt, dex2oat_exec, dex2oat) +# - Case where dex2oat is in a flattened APEX, which has been tagged +# with the `postinstall_file` type by update_engine. +domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat) + +allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid }; + +allow postinstall_dexopt postinstall_file:filesystem getattr; +allow postinstall_dexopt postinstall_file:dir { getattr read search }; +allow postinstall_dexopt postinstall_file:lnk_file { getattr read }; +allow postinstall_dexopt proc_filesystems:file { getattr open read }; +allow postinstall_dexopt tmpfs:file read; + +# Allow access to /postinstall/apex. +allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search }; + +# Note: /data/ota is created by init (see system/core/rootdir/init.rc) to avoid giving access +# here and having to relabel the directory. + +# Read app data (APKs) as input to dex2oat. +r_dir_file(postinstall_dexopt, apk_data_file) +# Read vendor app data (APKs) as input to dex2oat. +r_dir_file(postinstall_dexopt, vendor_app_file) +# Read vendor overlay files (APKs) as input to dex2oat. +r_dir_file(postinstall_dexopt, vendor_overlay_file) +# Access to app oat directory. +r_dir_file(postinstall_dexopt, dalvikcache_data_file) + +# Read profile data. +allow postinstall_dexopt user_profile_data_file:dir { getattr search }; +allow postinstall_dexopt user_profile_data_file:file r_file_perms; +# Suppress deletion denial (we do not want to update the profile). +dontaudit postinstall_dexopt user_profile_data_file:file { write }; + +# Write to /data/ota(/*). Create symlinks in /data/ota(/*) +allow postinstall_dexopt ota_data_file:dir create_dir_perms; +allow postinstall_dexopt ota_data_file:file create_file_perms; +allow postinstall_dexopt ota_data_file:lnk_file create_file_perms; + +# Need to write .b files, which are dalvikcache_data_file, not ota_data_file. +# TODO: See whether we can apply ota_data_file? +allow postinstall_dexopt dalvikcache_data_file:dir rw_dir_perms; +allow postinstall_dexopt dalvikcache_data_file:file create_file_perms; + +# Allow labeling of files under /data/app/com.example/oat/ +# TODO: Restrict to .b suffix? +allow postinstall_dexopt dalvikcache_data_file:dir relabelto; +allow postinstall_dexopt dalvikcache_data_file:file { relabelto link }; + +# Check validity of SELinux context before use. +selinux_check_context(postinstall_dexopt) +selinux_check_access(postinstall_dexopt) + + +# Postinstall wants to know about our child. +allow postinstall_dexopt postinstall:process sigchld; + +# Allow otapreopt to use file descriptors from otapreopt_chroot. +# TODO: Probably we can actually close file descriptors... +allow postinstall_dexopt otapreopt_chroot:fd use; + +# Allow postinstall_dexopt to access the runtime feature flag properties. +get_prop(postinstall_dexopt, device_config_runtime_native_prop) +get_prop(postinstall_dexopt, device_config_runtime_native_boot_prop) diff --git a/prebuilts/api/30.0/private/ppp.te b/prebuilts/api/30.0/private/ppp.te new file mode 100644 index 000000000..968b221b6 --- /dev/null +++ b/prebuilts/api/30.0/private/ppp.te @@ -0,0 +1,3 @@ +typeattribute ppp coredomain; + +domain_auto_trans(mtp, ppp_exec, ppp) diff --git a/prebuilts/api/30.0/private/preloads_copy.te b/prebuilts/api/30.0/private/preloads_copy.te new file mode 100644 index 000000000..ba54b70ac --- /dev/null +++ b/prebuilts/api/30.0/private/preloads_copy.te @@ -0,0 +1,18 @@ +type preloads_copy, domain, coredomain; +type preloads_copy_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(preloads_copy) + +allow preloads_copy shell_exec:file rx_file_perms; +allow preloads_copy toolbox_exec:file rx_file_perms; +allow preloads_copy preloads_data_file:dir create_dir_perms; +allow preloads_copy preloads_data_file:file create_file_perms; +allow preloads_copy preloads_media_file:dir create_dir_perms; +allow preloads_copy preloads_media_file:file create_file_perms; + +# Allow to copy from /postinstall +allow preloads_copy system_file:dir r_dir_perms; + +# Silence the denial when /postinstall cannot be mounted, e.g., system_other +# is wiped, but preloads_copy.sh still runs. +dontaudit preloads_copy postinstall_mnt_dir:dir search; diff --git a/prebuilts/api/30.0/private/preopt2cachename.te b/prebuilts/api/30.0/private/preopt2cachename.te new file mode 100644 index 000000000..dcfba14d5 --- /dev/null +++ b/prebuilts/api/30.0/private/preopt2cachename.te @@ -0,0 +1,17 @@ +# preopt2cachename executable +# +# This executable translates names from the preopted versions the build system +# creates to the names the runtime expects in the data directory. + +type preopt2cachename, domain, coredomain; +type preopt2cachename_exec, system_file_type, exec_type, file_type; + +# Allow write to stdout. +allow preopt2cachename cppreopts:fd use; +allow preopt2cachename cppreopts:fifo_file { getattr read write }; + +# Allow write to logcat. +allow preopt2cachename proc_net_type:file r_file_perms; +userdebug_or_eng(` + auditallow preopt2cachename proc_net_type:{ dir file lnk_file } { getattr open read }; +') diff --git a/prebuilts/api/30.0/private/priv_app.te b/prebuilts/api/30.0/private/priv_app.te new file mode 100644 index 000000000..44c81ee80 --- /dev/null +++ b/prebuilts/api/30.0/private/priv_app.te @@ -0,0 +1,222 @@ +### +### A domain for further sandboxing privileged apps. +### + +typeattribute priv_app coredomain; +app_domain(priv_app) + +# Access the network. +net_domain(priv_app) +# Access bluetooth. +bluetooth_domain(priv_app) + +# Allow the allocation and use of ptys +# Used by: https://play.privileged.com/store/apps/details?id=jackpal.androidterm +create_pty(priv_app) + +# Allow loading executable code from writable priv-app home +# directories. This is a W^X violation, however, it needs +# to be supported for now for the following reasons. +# * /data/user_*/0/*/code_cache/* POSSIBLE uses (b/117841367) +# 1) com.android.opengl.shaders_cache +# 2) com.android.skia.shaders_cache +# 3) com.android.renderscript.cache +# * /data/user_de/0/com.google.android.gms/app_chimera +# TODO: Tighten (b/112357170) +allow priv_app privapp_data_file:file execute; + +allow priv_app privapp_data_file:lnk_file create_file_perms; + +# Priv apps can find services that expose both @SystemAPI and normal APIs. +allow priv_app app_api_service:service_manager find; +allow priv_app system_api_service:service_manager find; + +allow priv_app audioserver_service:service_manager find; +allow priv_app cameraserver_service:service_manager find; +allow priv_app drmserver_service:service_manager find; +allow priv_app mediadrmserver_service:service_manager find; +allow priv_app mediaextractor_service:service_manager find; +allow priv_app mediametrics_service:service_manager find; +allow priv_app mediaserver_service:service_manager find; +allow priv_app network_watchlist_service:service_manager find; +allow priv_app nfc_service:service_manager find; +allow priv_app oem_lock_service:service_manager find; +allow priv_app persistent_data_block_service:service_manager find; +allow priv_app radio_service:service_manager find; +allow priv_app recovery_service:service_manager find; +allow priv_app stats_service:service_manager find; + +# Allow privileged apps to interact with gpuservice +binder_call(priv_app, gpuservice) +allow priv_app gpu_service:service_manager find; + +# Write to /cache. +allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms; +allow priv_app { cache_file cache_recovery_file }:file create_file_perms; +# /cache is a symlink to /data/cache on some devices. Allow reading the link. +allow priv_app cache_file:lnk_file r_file_perms; + +# Access to /data/media. +allow priv_app media_rw_data_file:dir create_dir_perms; +allow priv_app media_rw_data_file:file create_file_perms; + +# Used by Finsky / Android "Verify Apps" functionality when +# running "adb install foo.apk". +allow priv_app shell_data_file:file r_file_perms; +allow priv_app shell_data_file:dir r_dir_perms; + +# Allow traceur to pass file descriptors through a content provider to betterbug +allow priv_app trace_data_file:file { getattr read }; + +# Allow verifier to access staged apks. +allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms; +allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms; + +# For AppFuse. +allow priv_app vold:fd use; +allow priv_app fuse_device:chr_file { read write }; + +# /proc access +allow priv_app { + proc_vmstat +}:file r_file_perms; + +allow priv_app sysfs_type:dir search; +# Read access to /sys/class/net/wlan*/address +r_dir_file(priv_app, sysfs_net) +# Read access to /sys/block/zram*/mm_stat +r_dir_file(priv_app, sysfs_zram) + +r_dir_file(priv_app, rootfs) + +# access the mac address +allowxperm priv_app self:udp_socket ioctl SIOCGIFHWADDR; + +# Allow com.android.vending to communicate with statsd. +binder_call(priv_app, statsd) + +# Allow Phone to read/write cached ringtones (opened by system). +allow priv_app ringtone_file:file { getattr read write }; + +# Access to /data/preloads +allow priv_app preloads_data_file:file r_file_perms; +allow priv_app preloads_data_file:dir r_dir_perms; +allow priv_app preloads_media_file:file r_file_perms; +allow priv_app preloads_media_file:dir r_dir_perms; + +read_runtime_log_tags(priv_app) + +# Write app-specific trace data to the Perfetto traced damon. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(priv_app) + +# Allow priv_apps to request and collect incident reports. +# (Also requires DUMP and PACKAGE_USAGE_STATS permissions) +allow priv_app incident_service:service_manager find; +binder_call(priv_app, incidentd) +allow priv_app incidentd:fifo_file { read write }; + +# Allow profiling if the app opts in by being marked profileable/debuggable. +can_profile_heap(priv_app) +can_profile_perf(priv_app) + +# Allow priv_apps to check whether Dynamic System Update is enabled +get_prop(priv_app, dynamic_system_prop) + +# suppress denials for non-API accesses. +dontaudit priv_app exec_type:file getattr; +dontaudit priv_app device:dir read; +dontaudit priv_app fs_bpf:dir search; +dontaudit priv_app net_dns_prop:file read; +dontaudit priv_app proc:file read; +dontaudit priv_app proc_interrupts:file read; +dontaudit priv_app proc_modules:file read; +dontaudit priv_app proc_net:file read; +dontaudit priv_app proc_stat:file read; +dontaudit priv_app proc_version:file read; +dontaudit priv_app sysfs:dir read; +dontaudit priv_app sysfs:file read; +dontaudit priv_app sysfs_android_usb:file read; +dontaudit priv_app sysfs_dm:file r_file_perms; +dontaudit priv_app wifi_prop:file read; +dontaudit priv_app { wifi_prop exported_wifi_prop }:file read; + +# allow privileged apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow priv_app system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +# allow apps like Phonesky to check the file signature of an apk installed on +# the Incremental File System, and fill missing blocks in the apk +allowxperm priv_app apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS }; + +# allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System +allow priv_app incremental_control_file:file { read getattr ioctl }; + +# allow apps like Phonesky to request permission to fill blocks of an apk file +# on the Incremental File System. +allowxperm priv_app incremental_control_file:file ioctl INCFS_IOCTL_PERMIT_FILL; + +# Required for Phonesky to be able to read APEX files under /data/apex/active/. +allow priv_app apex_data_file:dir search; +allow priv_app staging_data_file:file r_file_perms; + +### +### neverallow rules +### + +# Receive or send uevent messages. +neverallow priv_app domain:netlink_kobject_uevent_socket *; + +# Receive or send generic netlink messages +neverallow priv_app domain:netlink_socket *; + +# Too much leaky information in debugfs. It's a security +# best practice to ensure these files aren't readable. +neverallow priv_app debugfs:file read; + +# Do not allow privileged apps to register services. +# Only trusted components of Android should be registering +# services. +neverallow priv_app service_manager_type:service_manager add; + +# Do not allow privileged apps to connect to the property service +# or set properties. b/10243159 +neverallow priv_app property_socket:sock_file write; +neverallow priv_app init:unix_stream_socket connectto; +neverallow priv_app property_type:property_service set; + +# Do not allow priv_app to be assigned mlstrustedsubject. +# This would undermine the per-user isolation model being +# enforced via levelFrom=user in seapp_contexts and the mls +# constraints. As there is no direct way to specify a neverallow +# on attribute assignment, this relies on the fact that fork +# permission only makes sense within a domain (hence should +# never be granted to any other domain within mlstrustedsubject) +# and priv_app is allowed fork permission to itself. +neverallow priv_app mlstrustedsubject:process fork; + +# Do not allow priv_app to hard link to any files. +# In particular, if priv_app links to other app data +# files, installd will not be able to guarantee the deletion +# of the linked to file. Hard links also contribute to security +# bugs, so we want to ensure priv_app never has this +# capability. +neverallow priv_app file_type:file link; + +# priv apps should not be able to open trace data files, they should depend +# upon traceur to pass a file descriptor which they can then read +neverallow priv_app trace_data_file:dir *; +neverallow priv_app trace_data_file:file { no_w_file_perms open }; + +# Do not allow priv_app access to cgroups. +neverallow priv_app cgroup:file *; + +# Do not allow loading executable code from non-privileged +# application home directories. Code loading across a security boundary +# is dangerous and allows a full compromise of a privileged process +# by an unprivileged process. b/112357170 +neverallow priv_app app_data_file:file no_x_file_perms; + +# Do not follow untrusted app provided symlinks +neverallow priv_app app_data_file:lnk_file { open read getattr }; diff --git a/prebuilts/api/30.0/private/profman.te b/prebuilts/api/30.0/private/profman.te new file mode 100644 index 000000000..f61d05efe --- /dev/null +++ b/prebuilts/api/30.0/private/profman.te @@ -0,0 +1 @@ +typeattribute profman coredomain; diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts new file mode 100644 index 000000000..10f029f81 --- /dev/null +++ b/prebuilts/api/30.0/private/property_contexts @@ -0,0 +1,258 @@ +########################## +# property service keys +# +# +net.rmnet u:object_r:net_radio_prop:s0 +net.gprs u:object_r:net_radio_prop:s0 +net.ppp u:object_r:net_radio_prop:s0 +net.qmi u:object_r:net_radio_prop:s0 +net.lte u:object_r:net_radio_prop:s0 +net.cdma u:object_r:net_radio_prop:s0 +net.dns u:object_r:net_dns_prop:s0 +sys.usb.config u:object_r:system_radio_prop:s0 +ril. u:object_r:radio_prop:s0 +ro.ril. u:object_r:radio_prop:s0 +gsm. u:object_r:radio_prop:s0 +persist.radio u:object_r:radio_prop:s0 + +net. u:object_r:system_prop:s0 +dev. u:object_r:system_prop:s0 +ro.runtime. u:object_r:system_prop:s0 +ro.runtime.firstboot u:object_r:firstboot_prop:s0 +hw. u:object_r:system_prop:s0 +ro.hw. u:object_r:system_prop:s0 +sys. u:object_r:system_prop:s0 +sys.audio. u:object_r:audio_prop:s0 +sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0 +sys.cppreopt u:object_r:cppreopt_prop:s0 +sys.lpdumpd u:object_r:lpdumpd_prop:s0 +sys.powerctl u:object_r:powerctl_prop:s0 +sys.usb.ffs. u:object_r:ffs_prop:s0 +service. u:object_r:system_prop:s0 +dhcp. u:object_r:dhcp_prop:s0 +dhcp.bt-pan.result u:object_r:pan_result_prop:s0 +bluetooth. u:object_r:bluetooth_prop:s0 + +debug. u:object_r:debug_prop:s0 +debug.db. u:object_r:debuggerd_prop:s0 +dumpstate. u:object_r:dumpstate_prop:s0 +dumpstate.options u:object_r:dumpstate_options_prop:s0 +init.svc_debug_pid. u:object_r:init_svc_debug_prop:s0 +llk. u:object_r:llkd_prop:s0 +khungtask. u:object_r:llkd_prop:s0 +ro.llk. u:object_r:llkd_prop:s0 +ro.khungtask. u:object_r:llkd_prop:s0 +log. u:object_r:log_prop:s0 +log.tag u:object_r:log_tag_prop:s0 +log.tag.WifiHAL u:object_r:wifi_log_prop:s0 +security.perf_harden u:object_r:shell_prop:s0 +service.adb.root u:object_r:shell_prop:s0 +service.adb.tcp.port u:object_r:shell_prop:s0 +service.adb.tls.port u:object_r:adbd_prop:s0 +persist.adb.wifi. u:object_r:adbd_prop:s0 +persist.adb.tls_server.enable u:object_r:system_adbd_prop:s0 + +persist.audio. u:object_r:audio_prop:s0 +persist.bluetooth. u:object_r:bluetooth_prop:s0 +persist.nfc_cfg. u:object_r:nfc_prop:s0 +persist.debug. u:object_r:persist_debug_prop:s0 +persist.logd. u:object_r:logd_prop:s0 +ro.logd. u:object_r:logd_prop:s0 +persist.logd.security u:object_r:device_logging_prop:s0 +persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0 +logd.logpersistd u:object_r:logpersistd_logging_prop:s0 +persist.log.tag u:object_r:log_tag_prop:s0 +persist.mmc. u:object_r:mmc_prop:s0 +persist.netd.stable_secret u:object_r:netd_stable_secret_prop:s0 +persist.pm.mock-upgrade u:object_r:mock_ota_prop:s0 +persist.sys. u:object_r:system_prop:s0 +persist.sys.safemode u:object_r:safemode_prop:s0 +persist.sys.theme u:object_r:theme_prop:s0 +persist.sys.fflag.override.settings_dynamic_system u:object_r:dynamic_system_prop:s0 +ro.sys.safemode u:object_r:safemode_prop:s0 +persist.sys.audit_safemode u:object_r:safemode_prop:s0 +persist.sys.dalvik.jvmtiagent u:object_r:system_jvmti_agent_prop:s0 +persist.service. u:object_r:system_prop:s0 +persist.service.bdroid. u:object_r:bluetooth_prop:s0 +persist.security. u:object_r:system_prop:s0 +persist.traced.enable u:object_r:traced_enabled_prop:s0 +traced.lazy. u:object_r:traced_lazy_prop:s0 +persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0 +persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0 +persist.vendor.overlay. u:object_r:overlay_prop:s0 +ro.boot.vendor.overlay. u:object_r:overlay_prop:s0 +ro.boottime. u:object_r:boottime_prop:s0 +ro.serialno u:object_r:serialno_prop:s0 +ro.boot.btmacaddr u:object_r:bluetooth_prop:s0 +ro.boot.serialno u:object_r:serialno_prop:s0 +ro.bt. u:object_r:bluetooth_prop:s0 +ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0 +persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0 +sys.boot.reason u:object_r:system_boot_reason_prop:s0 +sys.boot.reason.last u:object_r:last_boot_reason_prop:s0 +pm. u:object_r:pm_prop:s0 +test.sys.boot.reason u:object_r:test_boot_reason_prop:s0 +test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0 +sys.lmk. u:object_r:system_lmk_prop:s0 +sys.trace. u:object_r:system_trace_prop:s0 + +# Boolean property set by system server upon boot indicating +# if device is fully owned by organization instead of being +# a personal device. +ro.organization_owned u:object_r:device_logging_prop:s0 + +# selinux non-persistent properties +selinux.restorecon_recursive u:object_r:restorecon_prop:s0 + +# default property context +* u:object_r:default_prop:s0 + +# data partition encryption properties +vold. u:object_r:vold_prop:s0 +ro.crypto. u:object_r:vold_prop:s0 + +# ro.build.fingerprint is either set in /system/build.prop, or is +# set at runtime by system_server. +ro.build.fingerprint u:object_r:fingerprint_prop:s0 + +ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0 + +# ctl properties +ctl.bootanim u:object_r:ctl_bootanim_prop:s0 +ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0 +ctl.fuse_ u:object_r:ctl_fuse_prop:s0 +ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0 +ctl.ril-daemon u:object_r:ctl_rildaemon_prop:s0 +ctl.bugreport u:object_r:ctl_bugreport_prop:s0 +ctl.console u:object_r:ctl_console_prop:s0 +ctl. u:object_r:ctl_default_prop:s0 + +# Don't allow blind access to all services +ctl.sigstop_on$ u:object_r:ctl_sigstop_prop:s0 +ctl.sigstop_off$ u:object_r:ctl_sigstop_prop:s0 +ctl.start$ u:object_r:ctl_start_prop:s0 +ctl.stop$ u:object_r:ctl_stop_prop:s0 +ctl.restart$ u:object_r:ctl_restart_prop:s0 +ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0 +ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0 +ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0 + + # Restrict access to starting/stopping adbd +ctl.start$adbd u:object_r:ctl_adbd_prop:s0 +ctl.stop$adbd u:object_r:ctl_adbd_prop:s0 +ctl.restart$adbd u:object_r:ctl_adbd_prop:s0 + +# Restrict access to starting/stopping gsid. +ctl.start$gsid u:object_r:ctl_gsid_prop:s0 +ctl.stop$gsid u:object_r:ctl_gsid_prop:s0 +ctl.restart$gsid u:object_r:ctl_gsid_prop:s0 + +# Restrict access to stopping apexd. +ctl.stop$apexd u:object_r:ctl_apexd_prop:s0 + +# Restrict access to restart dumpstate +ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0 + +# NFC properties +nfc. u:object_r:nfc_prop:s0 + +# These properties are not normally set by processes other than init. +# They are only distinguished here for setting by qemu-props on the +# emulator/goldfish. +config. u:object_r:config_prop:s0 +ro.config. u:object_r:config_prop:s0 +dalvik. u:object_r:dalvik_prop:s0 +ro.dalvik. u:object_r:dalvik_prop:s0 + +# Shared between system server and wificond +wifi. u:object_r:wifi_prop:s0 +wlan. u:object_r:wifi_prop:s0 + +# Lowpan properties +lowpan. u:object_r:lowpan_prop:s0 +ro.lowpan. u:object_r:lowpan_prop:s0 + +# heapprofd properties +heapprofd. u:object_r:heapprofd_prop:s0 + +# hwservicemanager properties +hwservicemanager. u:object_r:hwservicemanager_prop:s0 + +# Common default properties for vendor and odm. +init.svc.odm. u:object_r:vendor_default_prop:s0 +init.svc.vendor. u:object_r:vendor_default_prop:s0 +ro.hardware. u:object_r:vendor_default_prop:s0 +ro.odm. u:object_r:vendor_default_prop:s0 +ro.vendor. u:object_r:vendor_default_prop:s0 +odm. u:object_r:vendor_default_prop:s0 +persist.odm. u:object_r:vendor_default_prop:s0 +persist.vendor. u:object_r:vendor_default_prop:s0 +vendor. u:object_r:vendor_default_prop:s0 +# ro.boot. properties are set based on kernel commandline arguments, which are vendor owned. +ro.boot. u:object_r:exported2_default_prop:s0 + +# Properties that relate to time / time zone detection behavior. +persist.time. u:object_r:time_prop:s0 + +# Properties that relate to server configurable flags +device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0 +persist.device_config.activity_manager_native_boot. u:object_r:device_config_activity_manager_native_boot_prop:s0 +persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0 +persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0 +persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0 +persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0 +persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0 +persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0 +persist.device_config.storage_native_boot. u:object_r:device_config_storage_native_boot_prop:s0 +persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0 +persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0 + +# Properties that relate to legacy server configurable flags +persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0 + +apexd. u:object_r:apexd_prop:s0 +persist.apexd. u:object_r:apexd_prop:s0 + +bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0 + +gsid. u:object_r:gsid_prop:s0 +ro.gsid. u:object_r:gsid_prop:s0 + +# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image, +# which can't use NNAPI vendor extensions). +ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0 + +# Property that is set once ueventd finishes cold boot. +ro.cold_boot_done u:object_r:cold_boot_done_prop:s0 + +# Charger properties +ro.charger. u:object_r:charger_prop:s0 + +# Virtual A/B properties +ro.virtual_ab.enabled u:object_r:virtual_ab_prop:s0 +ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0 + +# Property to set/clear the warm reset flag after an OTA update. +ota.warm_reset u:object_r:ota_prop:s0 + +# Module properties +com.android.sdkext. u:object_r:module_sdkextensions_prop:s0 +persist.com.android.sdkext. u:object_r:module_sdkextensions_prop:s0 + +# Userspace reboot properties +sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 +persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 + +# Integer property which is used in libgui to configure the number of frames +# tracked by buffer queue's frame event timing history. The property is set +# by devices with video decoding pipelines long enough to overflow the default +# history size. +ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 + +# Properties to configure userspace reboot. +init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool +init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int diff --git a/prebuilts/api/30.0/private/racoon.te b/prebuilts/api/30.0/private/racoon.te new file mode 100644 index 000000000..42ea7c9e4 --- /dev/null +++ b/prebuilts/api/30.0/private/racoon.te @@ -0,0 +1,3 @@ +typeattribute racoon coredomain; + +init_daemon_domain(racoon) diff --git a/prebuilts/api/30.0/private/radio.te b/prebuilts/api/30.0/private/radio.te new file mode 100644 index 000000000..00a5cda36 --- /dev/null +++ b/prebuilts/api/30.0/private/radio.te @@ -0,0 +1,25 @@ +typeattribute radio coredomain; + +app_domain(radio) + +read_runtime_log_tags(radio) + +# Telephony code contains time / time zone detection logic so it reads the associated properties. +get_prop(radio, time_prop) + +# allow telephony to access platform compat to log permission denials +allow radio platform_compat_service:service_manager find; + +allow radio uce_service:service_manager find; + +# Manage /data/misc/emergencynumberdb +allow radio emergency_data_file:dir r_dir_perms; +allow radio emergency_data_file:file r_file_perms; + +# allow sending pulled atoms to statsd +binder_call(radio, statsd) + +# allow telephony to access related cache properties +set_prop(radio, binder_cache_telephony_server_prop); +neverallow { domain -radio -init } + binder_cache_telephony_server_prop:property_service set; diff --git a/prebuilts/api/30.0/private/recovery.te b/prebuilts/api/30.0/private/recovery.te new file mode 100644 index 000000000..2a7fdc7e1 --- /dev/null +++ b/prebuilts/api/30.0/private/recovery.te @@ -0,0 +1 @@ +typeattribute recovery coredomain; diff --git a/prebuilts/api/30.0/private/recovery_persist.te b/prebuilts/api/30.0/private/recovery_persist.te new file mode 100644 index 000000000..7cb2e675a --- /dev/null +++ b/prebuilts/api/30.0/private/recovery_persist.te @@ -0,0 +1,11 @@ +typeattribute recovery_persist coredomain; + +init_daemon_domain(recovery_persist) + +# recovery_persist is not allowed to write anywhere other than recovery_data_file +neverallow recovery_persist { + file_type + -recovery_data_file + userdebug_or_eng(`-coredump_file') + with_native_coverage(`-method_trace_data_file') +}:file write; diff --git a/prebuilts/api/30.0/private/recovery_refresh.te b/prebuilts/api/30.0/private/recovery_refresh.te new file mode 100644 index 000000000..3c095cc26 --- /dev/null +++ b/prebuilts/api/30.0/private/recovery_refresh.te @@ -0,0 +1,10 @@ +typeattribute recovery_refresh coredomain; + +init_daemon_domain(recovery_refresh) + +# recovery_refresh is not allowed to write anywhere +neverallow recovery_refresh { + file_type + userdebug_or_eng(`-coredump_file') + with_native_coverage(`-method_trace_data_file') +}:file write; diff --git a/prebuilts/api/30.0/private/roles_decl b/prebuilts/api/30.0/private/roles_decl new file mode 100644 index 000000000..c84fcba0f --- /dev/null +++ b/prebuilts/api/30.0/private/roles_decl @@ -0,0 +1 @@ +role r; diff --git a/prebuilts/api/30.0/private/rs.te b/prebuilts/api/30.0/private/rs.te new file mode 100644 index 000000000..bf10841cc --- /dev/null +++ b/prebuilts/api/30.0/private/rs.te @@ -0,0 +1,39 @@ +# Any files which would have been created as app_data_file +# will be created as app_exec_data_file instead. +allow rs app_data_file:dir ra_dir_perms; +allow rs app_exec_data_file:file create_file_perms; +type_transition rs app_data_file:file app_exec_data_file; + +# Follow /data/user/0 symlink +allow rs system_data_file:lnk_file read; + +# Read files from the app home directory. +allow rs app_data_file:file r_file_perms; +allow rs app_data_file:dir r_dir_perms; + +# Cleanup app_exec_data_file files in the app home directory. +allow rs app_data_file:dir remove_name; + +# Use vendor resources +allow rs vendor_file:dir r_dir_perms; +r_dir_file(rs, vendor_overlay_file) +r_dir_file(rs, vendor_app_file) + +# Read contents of app apks +r_dir_file(rs, apk_data_file) + +allow rs gpu_device:chr_file rw_file_perms; +allow rs ion_device:chr_file r_file_perms; +allow rs same_process_hal_file:file { r_file_perms execute }; + +# File descriptors passed from app to renderscript +allow rs { untrusted_app_all ephemeral_app }:fd use; + +# rs can access app data, so ensure it can only be entered via an app domain and cannot have +# CAP_DAC_OVERRIDE. +neverallow rs rs:capability_class_set *; +neverallow { domain -appdomain } rs:process { dyntransition transition }; +neverallow rs { domain -crash_dump }:process { dyntransition transition }; +neverallow rs app_data_file:file_class_set ~r_file_perms; +# rs should never use network sockets +neverallow rs *:network_socket_class_set *; diff --git a/prebuilts/api/30.0/private/rss_hwm_reset.te b/prebuilts/api/30.0/private/rss_hwm_reset.te new file mode 100644 index 000000000..30818c2fa --- /dev/null +++ b/prebuilts/api/30.0/private/rss_hwm_reset.te @@ -0,0 +1,14 @@ +type rss_hwm_reset_exec, system_file_type, exec_type, file_type; + +# Start rss_hwm_reset from init. +init_daemon_domain(rss_hwm_reset) + +# Search /proc/pid directories. +allow rss_hwm_reset domain:dir search; + +# Write to /proc/pid/clear_refs of other processes. +# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c +allow rss_hwm_reset self:global_capability_class_set { dac_override }; + +# Write to /prc/pid/clear_refs. +allow rss_hwm_reset domain:file w_file_perms; diff --git a/prebuilts/api/30.0/private/runas.te b/prebuilts/api/30.0/private/runas.te new file mode 100644 index 000000000..ef31aac34 --- /dev/null +++ b/prebuilts/api/30.0/private/runas.te @@ -0,0 +1,4 @@ +typeattribute runas coredomain; + +# ndk-gdb invokes adb shell run-as. +domain_auto_trans(shell, runas_exec, runas) diff --git a/prebuilts/api/30.0/private/runas_app.te b/prebuilts/api/30.0/private/runas_app.te new file mode 100644 index 000000000..c1b354a9a --- /dev/null +++ b/prebuilts/api/30.0/private/runas_app.te @@ -0,0 +1,32 @@ +typeattribute runas_app coredomain; + +app_domain(runas_app) +untrusted_app_domain(runas_app) +net_domain(runas_app) +bluetooth_domain(runas_app) + +# The ability to call exec() on files in the apps home directories +# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf, +# which are copied to the apps home directories. +allow runas_app app_data_file:file execute_no_trans; + +# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes. +r_dir_file(runas_app, untrusted_app_all) + +# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes. +allow runas_app untrusted_app_all:process { ptrace signal sigstop }; +allow runas_app untrusted_app_all:unix_stream_socket connectto; + +# Allow executing system image simpleperf without a domain transition. +allow runas_app simpleperf_exec:file rx_file_perms; + +# Suppress denial logspam when simpleperf is trying to find a matching process +# by scanning /proc//cmdline files. The /proc/ directories are within +# the same domain as their respective process, most of which this domain is not +# allowed to see. +dontaudit runas_app domain:dir search; + +# Allow runas_app to call perf_event_open for profiling debuggable app +# processes, but not the whole system. +allow runas_app self:perf_event { open read write kernel }; +neverallow runas_app self:perf_event ~{ open read write kernel }; diff --git a/prebuilts/api/30.0/private/sdcardd.te b/prebuilts/api/30.0/private/sdcardd.te new file mode 100644 index 000000000..126d64349 --- /dev/null +++ b/prebuilts/api/30.0/private/sdcardd.te @@ -0,0 +1,3 @@ +typeattribute sdcardd coredomain; + +type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; diff --git a/prebuilts/api/30.0/private/seapp_contexts b/prebuilts/api/30.0/private/seapp_contexts new file mode 100644 index 000000000..1bad9c11b --- /dev/null +++ b/prebuilts/api/30.0/private/seapp_contexts @@ -0,0 +1,175 @@ +# The entries in this file define how security contexts for apps are determined. +# Each entry lists input selectors, used to match the app, and outputs which are +# used to determine the security contexts for matching apps. +# +# Input selectors: +# isSystemServer (boolean) +# isEphemeralApp (boolean) +# isOwner (boolean) +# user (string) +# seinfo (string) +# name (string) +# path (string) +# isPrivApp (boolean) +# minTargetSdkVersion (unsigned integer) +# fromRunAs (boolean) +# +# All specified input selectors in an entry must match (i.e. logical AND). +# An unspecified string or boolean selector with no default will match any +# value. +# A user, name, or path string selector that ends in * will perform a prefix +# match. +# String matching is case-insensitive. +# See external/selinux/libselinux/src/android/android_platform.c, +# seapp_context_lookup(). +# +# isSystemServer=true only matches the system server. +# An unspecified isSystemServer defaults to false. +# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral +# isOwner=true will only match for the owner/primary user. +# user=_app will match any regular app process. +# user=_isolated will match any isolated service process. +# Other values of user are matched against the name associated with the process +# UID. +# seinfo= matches aginst the seinfo tag for the app, determined from +# mac_permissions.xml files. +# The ':' character is reserved and may not be used in seinfo. +# name= matches against the package name of the app. +# path= matches against the directory path when labeling app directories. +# isPrivApp=true will only match for applications preinstalled in +# /system/priv-app. +# minTargetSdkVersion will match applications with a targetSdkVersion +# greater than or equal to the specified value. If unspecified, +# it has a default value of 0. +# fromRunAs=true means the process being labeled is started by run-as. Default +# is false. +# +# Precedence: entries are compared using the following rules, in the order shown +# (see external/selinux/libselinux/src/android/android_platform.c, +# seapp_context_cmp()). +# (1) isSystemServer=true before isSystemServer=false. +# (2) Specified isEphemeralApp= before unspecified isEphemeralApp= +# boolean. +# (3) Specified isOwner= before unspecified isOwner= boolean. +# (4) Specified user= string before unspecified user= string; +# more specific user= string before less specific user= string. +# (5) Specified seinfo= string before unspecified seinfo= string. +# (6) Specified name= string before unspecified name= string; +# more specific name= string before less specific name= string. +# (7) Specified path= string before unspecified path= string. +# more specific name= string before less specific name= string. +# (8) Specified isPrivApp= before unspecified isPrivApp= boolean. +# (9) Higher value of minTargetSdkVersion= before lower value of +# minTargetSdkVersion= integer. Note that minTargetSdkVersion= +# defaults to 0 if unspecified. +# (10) fromRunAs=true before fromRunAs=false. +# (A fixed selector is more specific than a prefix, i.e. ending in *, and a +# longer prefix is more specific than a shorter prefix.) +# Apps are checked against entries in precedence order until the first match, +# regardless of their order in this file. +# +# Duplicate entries, i.e. with identical input selectors, are not allowed. +# +# Outputs: +# domain (string) +# type (string) +# levelFrom (string; one of none, all, app, or user) +# level (string) +# +# domain= determines the label to be used for the app process; entries +# without domain= are ignored for this purpose. +# type= specifies the label to be used for the app data directory; entries +# without type= are ignored for this purpose. +# levelFrom and level are used to determine the level (sensitivity + categories) +# for MLS/MCS. +# levelFrom=none omits the level. +# levelFrom=app determines the level from the process UID. +# levelFrom=user determines the level from the user ID. +# levelFrom=all determines the level from both UID and user ID. +# +# levelFrom=user is only supported for _app or _isolated UIDs. +# levelFrom=app or levelFrom=all is only supported for _app UIDs. +# level may be used to specify a fixed level for any UID. +# +# For backwards compatibility levelFromUid=true is equivalent to levelFrom=app +# and levelFromUid=false is equivalent to levelFrom=none. +# +# +# Neverallow Assertions +# Additional compile time assertion checks for the rules in this file can be +# added as well. The assertion +# rules are lines beginning with the keyword neverallow. Full support for PCRE +# regular expressions exists on all input and output selectors. Neverallow +# rules are never output to the built seapp_contexts file. Like all keywords, +# neverallows are case-insensitive. A neverallow is asserted when all key value +# inputs are matched on a key value rule line. +# + +# only the system server can be in system_server domain +neverallow isSystemServer=false domain=system_server +neverallow isSystemServer="" domain=system_server + +# system domains should never be assigned outside of system uid +neverallow user=((?!system).)* domain=system_app +neverallow user=((?!system).)* type=system_app_data_file + +# any non priv-app with a non-known uid with a specified name should have a specified +# seinfo +neverallow user=_app isPrivApp=false name=.* seinfo="" +neverallow user=_app isPrivApp=false name=.* seinfo=default + +# neverallow shared relro to any other domain +# and neverallow any other uid into shared_relro +neverallow user=shared_relro domain=((?!shared_relro).)* +neverallow user=((?!shared_relro).)* domain=shared_relro + +# neverallow non-isolated uids into isolated_app domain +# and vice versa +neverallow user=_isolated domain=((?!isolated_app).)* +neverallow user=((?!_isolated).)* domain=isolated_app + +# uid shell should always be in shell domain, however non-shell +# uid's can be in shell domain +neverallow user=shell domain=((?!shell).)* + +# only the package named com.android.shell can run in the shell domain +neverallow domain=shell name=((?!com\.android\.shell).)* +neverallow user=shell name=((?!com\.android\.shell).)* + +# Ephemeral Apps must run in the ephemeral_app domain +neverallow isEphemeralApp=true domain=((?!ephemeral_app).)* + +isSystemServer=true domain=system_server_startup + +user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all +user=system seinfo=platform domain=system_app type=system_app_data_file +user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file +user=network_stack seinfo=network_stack domain=network_stack levelFrom=all type=radio_data_file +user=nfc seinfo=platform domain=nfc type=nfc_data_file +user=secure_element seinfo=platform domain=secure_element levelFrom=all +user=radio seinfo=platform domain=radio type=radio_data_file +user=shared_relro domain=shared_relro +user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file +user=webview_zygote seinfo=webview_zygote domain=webview_zygote +user=_isolated domain=isolated_app levelFrom=all +user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user +user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user +user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all +user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all +user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all +user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all +user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user +user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user +user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all +user=_app fromRunAs=true domain=runas_app levelFrom=user diff --git a/prebuilts/api/30.0/private/secure_element.te b/prebuilts/api/30.0/private/secure_element.te new file mode 100644 index 000000000..57f512bbd --- /dev/null +++ b/prebuilts/api/30.0/private/secure_element.te @@ -0,0 +1,14 @@ +# secure element subsystem +typeattribute secure_element coredomain; +app_domain(secure_element) + +binder_service(secure_element) +add_service(secure_element, secure_element_service) + +allow secure_element app_api_service:service_manager find; +hal_client_domain(secure_element, hal_secure_element) + +# already open bugreport file descriptors may be shared with +# the secure element process, from a file in +# /data/data/com.android.shell/files/bugreports/bugreport-*. +allow secure_element shell_data_file:file read; diff --git a/prebuilts/api/30.0/private/security_classes b/prebuilts/api/30.0/private/security_classes new file mode 100644 index 000000000..04ed814ff --- /dev/null +++ b/prebuilts/api/30.0/private/security_classes @@ -0,0 +1,160 @@ +# FLASK + +# +# Define the security object classes +# + +# Classes marked as userspace are classes +# for userspace object managers + +class security +class process +class system +class capability + +# file-related classes +class filesystem +class file +class dir +class fd +class lnk_file +class chr_file +class blk_file +class sock_file +class fifo_file + +# network-related classes +class socket +class tcp_socket +class udp_socket +class rawip_socket +class node +class netif +class netlink_socket +class packet_socket +class key_socket +class unix_stream_socket +class unix_dgram_socket + +# sysv-ipc-related classes +class sem +class msg +class msgq +class shm +class ipc + +# extended netlink sockets +class netlink_route_socket +class netlink_tcpdiag_socket +class netlink_nflog_socket +class netlink_xfrm_socket +class netlink_selinux_socket +class netlink_audit_socket +class netlink_dnrt_socket + +# IPSec association +class association + +# Updated Netlink class for KOBJECT_UEVENT family. +class netlink_kobject_uevent_socket + +class appletalk_socket + +class packet + +# Kernel access key retention +class key + +class dccp_socket + +class memprotect + +# network peer labels +class peer + +# Capabilities >= 32 +class capability2 + +# kernel services that need to override task security, e.g. cachefiles +class kernel_service + +class tun_socket + +class binder + +# Updated netlink classes for more recent netlink protocols. +class netlink_iscsi_socket +class netlink_fib_lookup_socket +class netlink_connector_socket +class netlink_netfilter_socket +class netlink_generic_socket +class netlink_scsitransport_socket +class netlink_rdma_socket +class netlink_crypto_socket + +# Infiniband +class infiniband_pkey +class infiniband_endport + +# Capability checks when on a non-init user namespace +class cap_userns +class cap2_userns + +# New socket classes introduced by extended_socket_class policy capability. +# These two were previously mapped to rawip_socket. +class sctp_socket +class icmp_socket +# These were previously mapped to socket. +class ax25_socket +class ipx_socket +class netrom_socket +class atmpvc_socket +class x25_socket +class rose_socket +class decnet_socket +class atmsvc_socket +class rds_socket +class irda_socket +class pppox_socket +class llc_socket +class can_socket +class tipc_socket +class bluetooth_socket +class iucv_socket +class rxrpc_socket +class isdn_socket +class phonet_socket +class ieee802154_socket +class caif_socket +class alg_socket +class nfc_socket +class vsock_socket +class kcm_socket +class qipcrtr_socket +class smc_socket + +class process2 + +class bpf + +class xdp_socket + +class perf_event + +# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331 +class lockdown + +# Property service +class property_service # userspace + +# Service manager +class service_manager # userspace + +# hardware service manager # userspace +class hwservice_manager + +# Keystore Key +class keystore_key # userspace + +class drmservice # userspace +# FLASK diff --git a/prebuilts/api/30.0/private/service.te b/prebuilts/api/30.0/private/service.te new file mode 100644 index 000000000..6c17521ac --- /dev/null +++ b/prebuilts/api/30.0/private/service.te @@ -0,0 +1,8 @@ +type attention_service, system_server_service, service_manager_type; +type dynamic_system_service, system_api_service, system_server_service, service_manager_type; +type gsi_service, service_manager_type; +type incidentcompanion_service, system_api_service, system_server_service, service_manager_type; +type stats_service, service_manager_type; +type statscompanion_service, system_server_service, service_manager_type; +type statsmanager_service, system_api_service, system_server_service, service_manager_type; +type uce_service, service_manager_type; diff --git a/prebuilts/api/30.0/private/service_contexts b/prebuilts/api/30.0/private/service_contexts new file mode 100644 index 000000000..e01dcc1af --- /dev/null +++ b/prebuilts/api/30.0/private/service_contexts @@ -0,0 +1,249 @@ +android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0 +android.hardware.light.ILights/default u:object_r:hal_light_service:s0 +android.hardware.power.IPower/default u:object_r:hal_power_service:s0 +android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0 +android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0 + +accessibility u:object_r:accessibility_service:s0 +account u:object_r:account_service:s0 +activity u:object_r:activity_service:s0 +activity_task u:object_r:activity_task_service:s0 +adb u:object_r:adb_service:s0 +aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0 +aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0 +alarm u:object_r:alarm_service:s0 +android.os.UpdateEngineService u:object_r:update_engine_service:s0 +android.security.identity u:object_r:credstore_service:s0 +android.security.keystore u:object_r:keystore_service:s0 +android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0 +app_binding u:object_r:app_binding_service:s0 +app_integrity u:object_r:app_integrity_service:s0 +app_prediction u:object_r:app_prediction_service:s0 +app_search u:object_r:app_search_service:s0 +apexservice u:object_r:apex_service:s0 +blob_store u:object_r:blob_store_service:s0 +gsiservice u:object_r:gsi_service:s0 +appops u:object_r:appops_service:s0 +appwidget u:object_r:appwidget_service:s0 +assetatlas u:object_r:assetatlas_service:s0 +attention u:object_r:attention_service:s0 +audio u:object_r:audio_service:s0 +auth u:object_r:auth_service:s0 +autofill u:object_r:autofill_service:s0 +backup u:object_r:backup_service:s0 +batteryproperties u:object_r:batteryproperties_service:s0 +batterystats u:object_r:batterystats_service:s0 +battery u:object_r:battery_service:s0 +binder_calls_stats u:object_r:binder_calls_stats_service:s0 +biometric u:object_r:biometric_service:s0 +bluetooth_manager u:object_r:bluetooth_manager_service:s0 +bluetooth u:object_r:bluetooth_service:s0 +broadcastradio u:object_r:broadcastradio_service:s0 +bugreport u:object_r:bugreport_service:s0 +carrier_config u:object_r:radio_service:s0 +clipboard u:object_r:clipboard_service:s0 +com.android.net.IProxyService u:object_r:IProxyService_service:s0 +companiondevice u:object_r:companion_device_service:s0 +platform_compat u:object_r:platform_compat_service:s0 +platform_compat_native u:object_r:platform_compat_service:s0 +connectivity u:object_r:connectivity_service:s0 +connmetrics u:object_r:connmetrics_service:s0 +consumer_ir u:object_r:consumer_ir_service:s0 +content u:object_r:content_service:s0 +content_capture u:object_r:content_capture_service:s0 +content_suggestions u:object_r:content_suggestions_service:s0 +contexthub u:object_r:contexthub_service:s0 +country_detector u:object_r:country_detector_service:s0 +coverage u:object_r:coverage_service:s0 +cpuinfo u:object_r:cpuinfo_service:s0 +crossprofileapps u:object_r:crossprofileapps_service:s0 +dataloader_manager u:object_r:dataloader_manager_service:s0 +dbinfo u:object_r:dbinfo_service:s0 +device_config u:object_r:device_config_service:s0 +device_policy u:object_r:device_policy_service:s0 +device_identifiers u:object_r:device_identifiers_service:s0 +deviceidle u:object_r:deviceidle_service:s0 +devicestoragemonitor u:object_r:devicestoragemonitor_service:s0 +diskstats u:object_r:diskstats_service:s0 +display u:object_r:display_service:s0 +dnsresolver u:object_r:dnsresolver_service:s0 +color_display u:object_r:color_display_service:s0 +netd_listener u:object_r:netd_listener_service:s0 +network_watchlist u:object_r:network_watchlist_service:s0 +DockObserver u:object_r:DockObserver_service:s0 +dreams u:object_r:dreams_service:s0 +drm.drmManager u:object_r:drmserver_service:s0 +dropbox u:object_r:dropbox_service:s0 +dumpstate u:object_r:dumpstate_service:s0 +dynamic_system u:object_r:dynamic_system_service:s0 +econtroller u:object_r:radio_service:s0 +emergency_affordance u:object_r:emergency_affordance_service:s0 +euicc_card_controller u:object_r:radio_service:s0 +external_vibrator_service u:object_r:external_vibrator_service:s0 +lowpan u:object_r:lowpan_service:s0 +ethernet u:object_r:ethernet_service:s0 +face u:object_r:face_service:s0 +file_integrity u:object_r:file_integrity_service:s0 +fingerprint u:object_r:fingerprint_service:s0 +font u:object_r:font_service:s0 +android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0 +gfxinfo u:object_r:gfxinfo_service:s0 +graphicsstats u:object_r:graphicsstats_service:s0 +gpu u:object_r:gpu_service:s0 +hardware u:object_r:hardware_service:s0 +hardware_properties u:object_r:hardware_properties_service:s0 +hdmi_control u:object_r:hdmi_control_service:s0 +ions u:object_r:radio_service:s0 +idmap u:object_r:idmap_service:s0 +incident u:object_r:incident_service:s0 +incidentcompanion u:object_r:incidentcompanion_service:s0 +inputflinger u:object_r:inputflinger_service:s0 +input_method u:object_r:input_method_service:s0 +input u:object_r:input_service:s0 +installd u:object_r:installd_service:s0 +iorapd u:object_r:iorapd_service:s0 +iphonesubinfo_msim u:object_r:radio_service:s0 +iphonesubinfo2 u:object_r:radio_service:s0 +iphonesubinfo u:object_r:radio_service:s0 +ims u:object_r:radio_service:s0 +imms u:object_r:imms_service:s0 +incremental u:object_r:incremental_service:s0 +ipsec u:object_r:ipsec_service:s0 +ircsmessage u:object_r:radio_service:s0 +iris u:object_r:iris_service:s0 +isms_msim u:object_r:radio_service:s0 +isms2 u:object_r:radio_service:s0 +isms u:object_r:radio_service:s0 +isub u:object_r:radio_service:s0 +jobscheduler u:object_r:jobscheduler_service:s0 +launcherapps u:object_r:launcherapps_service:s0 +lights u:object_r:light_service:s0 +location u:object_r:location_service:s0 +lock_settings u:object_r:lock_settings_service:s0 +looper_stats u:object_r:looper_stats_service:s0 +lpdump_service u:object_r:lpdump_service:s0 +media.aaudio u:object_r:audioserver_service:s0 +media.audio_flinger u:object_r:audioserver_service:s0 +media.audio_policy u:object_r:audioserver_service:s0 +media.camera u:object_r:cameraserver_service:s0 +media.camera.proxy u:object_r:cameraproxy_service:s0 +media.log u:object_r:audioserver_service:s0 +media.player u:object_r:mediaserver_service:s0 +media.metrics u:object_r:mediametrics_service:s0 +media.extractor u:object_r:mediaextractor_service:s0 +media.transcoding u:object_r:mediatranscoding_service:s0 +media.resource_manager u:object_r:mediaserver_service:s0 +media.sound_trigger_hw u:object_r:audioserver_service:s0 +media.drm u:object_r:mediadrmserver_service:s0 +media_projection u:object_r:media_projection_service:s0 +media_resource_monitor u:object_r:media_session_service:s0 +media_router u:object_r:media_router_service:s0 +media_session u:object_r:media_session_service:s0 +meminfo u:object_r:meminfo_service:s0 +midi u:object_r:midi_service:s0 +mount u:object_r:mount_service:s0 +netd u:object_r:netd_service:s0 +netpolicy u:object_r:netpolicy_service:s0 +netstats u:object_r:netstats_service:s0 +network_stack u:object_r:network_stack_service:s0 +network_management u:object_r:network_management_service:s0 +network_score u:object_r:network_score_service:s0 +network_time_update_service u:object_r:network_time_update_service:s0 +nfc u:object_r:nfc_service:s0 +notification u:object_r:notification_service:s0 +oem_lock u:object_r:oem_lock_service:s0 +otadexopt u:object_r:otadexopt_service:s0 +overlay u:object_r:overlay_service:s0 +package u:object_r:package_service:s0 +package_native u:object_r:package_native_service:s0 +permission u:object_r:permission_service:s0 +permissionmgr u:object_r:permissionmgr_service:s0 +persistent_data_block u:object_r:persistent_data_block_service:s0 +phone_msim u:object_r:radio_service:s0 +phone1 u:object_r:radio_service:s0 +phone2 u:object_r:radio_service:s0 +phone u:object_r:radio_service:s0 +pinner u:object_r:pinner_service:s0 +power u:object_r:power_service:s0 +print u:object_r:print_service:s0 +processinfo u:object_r:processinfo_service:s0 +procstats u:object_r:procstats_service:s0 +radio.phonesubinfo u:object_r:radio_service:s0 +radio.phone u:object_r:radio_service:s0 +radio.sms u:object_r:radio_service:s0 +rcs u:object_r:radio_service:s0 +recovery u:object_r:recovery_service:s0 +restrictions u:object_r:restrictions_service:s0 +role u:object_r:role_service:s0 +rollback u:object_r:rollback_service:s0 +rttmanager u:object_r:rttmanager_service:s0 +runtime u:object_r:runtime_service:s0 +samplingprofiler u:object_r:samplingprofiler_service:s0 +scheduling_policy u:object_r:scheduling_policy_service:s0 +search u:object_r:search_service:s0 +secure_element u:object_r:secure_element_service:s0 +sec_key_att_app_id_provider u:object_r:sec_key_att_app_id_provider_service:s0 +sensorservice u:object_r:sensorservice_service:s0 +sensor_privacy u:object_r:sensor_privacy_service:s0 +serial u:object_r:serial_service:s0 +servicediscovery u:object_r:servicediscovery_service:s0 +manager u:object_r:service_manager_service:s0 +settings u:object_r:settings_service:s0 +shortcut u:object_r:shortcut_service:s0 +simphonebook_msim u:object_r:radio_service:s0 +simphonebook2 u:object_r:radio_service:s0 +simphonebook u:object_r:radio_service:s0 +sip u:object_r:radio_service:s0 +slice u:object_r:slice_service:s0 +stats u:object_r:stats_service:s0 +statscompanion u:object_r:statscompanion_service:s0 +statsmanager u:object_r:statsmanager_service:s0 +soundtrigger u:object_r:voiceinteraction_service:s0 +soundtrigger_middleware u:object_r:soundtrigger_middleware_service:s0 +statusbar u:object_r:statusbar_service:s0 +storaged u:object_r:storaged_service:s0 +storaged_pri u:object_r:storaged_service:s0 +storagestats u:object_r:storagestats_service:s0 +SurfaceFlinger u:object_r:surfaceflinger_service:s0 +suspend_control u:object_r:system_suspend_control_service:s0 +system_config u:object_r:system_config_service:s0 +system_update u:object_r:system_update_service:s0 +task u:object_r:task_service:s0 +telecom u:object_r:telecom_service:s0 +telephony.registry u:object_r:registry_service:s0 +telephony_ims u:object_r:radio_service:s0 +testharness u:object_r:testharness_service:s0 +tethering u:object_r:tethering_service:s0 +textclassification u:object_r:textclassification_service:s0 +textservices u:object_r:textservices_service:s0 +time_detector u:object_r:timedetector_service:s0 +time_zone_detector u:object_r:timezonedetector_service:s0 +timezone u:object_r:timezone_service:s0 +thermalservice u:object_r:thermal_service:s0 +trust u:object_r:trust_service:s0 +tv_input u:object_r:tv_input_service:s0 +tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0 +uce u:object_r:uce_service:s0 +uimode u:object_r:uimode_service:s0 +updatelock u:object_r:updatelock_service:s0 +uri_grants u:object_r:uri_grants_service:s0 +usagestats u:object_r:usagestats_service:s0 +usb u:object_r:usb_service:s0 +user u:object_r:user_service:s0 +vibrator u:object_r:vibrator_service:s0 +virtual_touchpad u:object_r:virtual_touchpad_service:s0 +voiceinteraction u:object_r:voiceinteraction_service:s0 +vold u:object_r:vold_service:s0 +vr_hwc u:object_r:vr_hwc_service:s0 +vrflinger_vsync u:object_r:vrflinger_vsync_service:s0 +vrmanager u:object_r:vr_manager_service:s0 +wallpaper u:object_r:wallpaper_service:s0 +webviewupdate u:object_r:webviewupdate_service:s0 +wifip2p u:object_r:wifip2p_service:s0 +wifiscanner u:object_r:wifiscanner_service:s0 +wifi u:object_r:wifi_service:s0 +wifinl80211 u:object_r:wifinl80211_service:s0 +wifiaware u:object_r:wifiaware_service:s0 +wifirtt u:object_r:rttmanager_service:s0 +window u:object_r:window_service:s0 +* u:object_r:default_android_service:s0 diff --git a/prebuilts/api/30.0/private/servicemanager.te b/prebuilts/api/30.0/private/servicemanager.te new file mode 100644 index 000000000..629445204 --- /dev/null +++ b/prebuilts/api/30.0/private/servicemanager.te @@ -0,0 +1,7 @@ +typeattribute servicemanager coredomain; + +init_daemon_domain(servicemanager) + +read_runtime_log_tags(servicemanager) + +set_prop(servicemanager, ctl_interface_start_prop) diff --git a/prebuilts/api/30.0/private/sgdisk.te b/prebuilts/api/30.0/private/sgdisk.te new file mode 100644 index 000000000..a17342e01 --- /dev/null +++ b/prebuilts/api/30.0/private/sgdisk.te @@ -0,0 +1 @@ +typeattribute sgdisk coredomain; diff --git a/prebuilts/api/30.0/private/shared_relro.te b/prebuilts/api/30.0/private/shared_relro.te new file mode 100644 index 000000000..02f720682 --- /dev/null +++ b/prebuilts/api/30.0/private/shared_relro.te @@ -0,0 +1,5 @@ +typeattribute shared_relro coredomain; + +# The shared relro process is a Java program forked from the zygote, so it +# inherits from app to get basic permissions it needs to run. +app_domain(shared_relro) diff --git a/prebuilts/api/30.0/private/shell.te b/prebuilts/api/30.0/private/shell.te new file mode 100644 index 000000000..76ff0734d --- /dev/null +++ b/prebuilts/api/30.0/private/shell.te @@ -0,0 +1,92 @@ +typeattribute shell coredomain; + +# allow shell input injection +allow shell uhid_device:chr_file rw_file_perms; + +# systrace support - allow atrace to run +allow shell debugfs_tracing_debug:dir r_dir_perms; +allow shell debugfs_tracing:dir r_dir_perms; +allow shell debugfs_tracing:file rw_file_perms; +allow shell debugfs_trace_marker:file getattr; +allow shell atrace_exec:file rx_file_perms; + +userdebug_or_eng(` + allow shell debugfs_tracing_debug:file rw_file_perms; +') + +# read config.gz for CTS purposes +allow shell config_gz:file r_file_perms; + +# Run app_process. +# XXX Transition into its own domain? +app_domain(shell) + +# allow shell to call dumpsys storaged +binder_call(shell, storaged) + +# Perform SELinux access checks, needed for CTS +selinux_check_access(shell) +selinux_check_context(shell) + +# Control Perfetto traced and obtain traces from it. +# Needed for Studio and debugging. +unix_socket_connect(shell, traced_consumer, traced) + +# Allow shell binaries to write trace data to Perfetto. Used for testing and +# cmdline utils. +perfetto_producer(shell) + +domain_auto_trans(shell, vendor_shell_exec, vendor_shell) + +# Allow shell binaries to exec the perfetto cmdline util and have that +# transition into its own domain, so that it behaves consistently to +# when exec()-d by statsd. +domain_auto_trans(shell, perfetto_exec, perfetto) +# Allow to send SIGINT to perfetto when daemonized. +allow shell perfetto:process signal; + +# Allow shell to run adb shell cmd stats commands. Needed for CTS. +binder_call(shell, statsd); + +# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces. +allow shell perfetto_traces_data_file:dir rw_dir_perms; +allow shell perfetto_traces_data_file:file { r_file_perms unlink }; + +# Allow shell to run adb shell cmd gpu commands. +binder_call(shell, gpuservice); + +# Allow shell to use atrace HAL +hal_client_domain(shell, hal_atrace) + +# For hostside tests such as CTS listening ports test. +allow shell proc_net_tcp_udp:file r_file_perms; + +# The dl.exec_linker* tests need to execute /system/bin/linker +# b/124789393 +allow shell system_linker_exec:file rx_file_perms; + +# Renderscript host side tests depend on being able to execute +# /system/bin/bcc (b/126388046) +allow shell rs_exec:file rx_file_perms; + +# Allow shell to start and comminicate with lpdumpd. +set_prop(shell, lpdumpd_prop); +binder_call(shell, lpdumpd) + +# Allow shell to set and read value of properties used for CTS tests of +# userspace reboot +set_prop(shell, userspace_reboot_test_prop) + +# Allow shell to get encryption policy of /data/local/tmp/, for CTS +allowxperm shell shell_data_file:dir ioctl { + FS_IOC_GET_ENCRYPTION_POLICY + FS_IOC_GET_ENCRYPTION_POLICY_EX +}; + +# Allow shell to execute simpleperf without a domain transition. +allow shell simpleperf_exec:file rx_file_perms; + +# Allow shell to call perf_event_open for profiling other shell processes, but +# not the whole system. +allow shell self:perf_event { open read write kernel }; +neverallow shell self:perf_event ~{ open read write kernel }; diff --git a/prebuilts/api/30.0/private/simpleperf.te b/prebuilts/api/30.0/private/simpleperf.te new file mode 100644 index 000000000..0639c1136 --- /dev/null +++ b/prebuilts/api/30.0/private/simpleperf.te @@ -0,0 +1,37 @@ +# Domain used when running /system/bin/simpleperf to profile a specific app. +# Entered either by the app itself exec-ing the binary, or through +# simpleperf_app_runner (with shell as its origin). Certain other domains +# (runas_app, shell) can also exec this binary without a domain transition. +typeattribute simpleperf coredomain; +type simpleperf_exec, system_file_type, exec_type, file_type; + +domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf) + +# When running in this domain, simpleperf is scoped to profiling an individual +# app. The necessary MAC permissions for profiling are more maintainable and +# consistent if simpleperf is marked as an app domain as well (as, for example, +# it will then see the same set of system libraries as the app). +app_domain(simpleperf) +untrusted_app_domain(simpleperf) + +# Allow ptrace attach to the target app, for reading JIT debug info (using +# process_vm_readv) during unwinding and symbolization. +allow simpleperf untrusted_app_all:process ptrace; + +# Allow using perf_event_open syscall for profiling the target app. +allow simpleperf self:perf_event { open read write kernel }; + +# Allow /proc/ access for the target app (for example, when trying to +# discover it by cmdline). +r_dir_file(simpleperf, untrusted_app_all) + +# Suppress denial logspam when simpleperf is trying to find a matching process +# by scanning /proc//cmdline files. The /proc/ directories are within +# the same domain as their respective processes, most of which this domain is +# not allowed to see. +dontaudit simpleperf domain:dir search; + +# Neverallows: + +# Profiling must be confined to the scope of an individual app. +neverallow simpleperf self:perf_event ~{ open read write kernel }; diff --git a/prebuilts/api/30.0/private/simpleperf_app_runner.te b/prebuilts/api/30.0/private/simpleperf_app_runner.te new file mode 100644 index 000000000..850182605 --- /dev/null +++ b/prebuilts/api/30.0/private/simpleperf_app_runner.te @@ -0,0 +1,3 @@ +typeattribute simpleperf_app_runner coredomain; + +domain_auto_trans(shell, simpleperf_app_runner_exec, simpleperf_app_runner) diff --git a/prebuilts/api/30.0/private/slideshow.te b/prebuilts/api/30.0/private/slideshow.te new file mode 100644 index 000000000..7dfa994ea --- /dev/null +++ b/prebuilts/api/30.0/private/slideshow.te @@ -0,0 +1 @@ +typeattribute slideshow coredomain; diff --git a/prebuilts/api/30.0/private/snapshotctl.te b/prebuilts/api/30.0/private/snapshotctl.te new file mode 100644 index 000000000..fb2bbcae7 --- /dev/null +++ b/prebuilts/api/30.0/private/snapshotctl.te @@ -0,0 +1,45 @@ +type snapshotctl, domain, coredomain; +type snapshotctl_exec, system_file_type, exec_type, file_type; + +# Allow init to run snapshotctl and do auto domain transfer. +init_daemon_domain(snapshotctl); + +# Allow to start gsid service. +set_prop(snapshotctl, ctl_gsid_prop) + +# Allow to talk to gsid. +binder_use(snapshotctl) +allow snapshotctl gsi_service:service_manager find; +binder_call(snapshotctl, gsid) + +# Allow to create/read/write/delete OTA metadata files for snapshot status and COW file status. +allow snapshotctl metadata_file:dir search; +allow snapshotctl ota_metadata_file:dir rw_dir_perms; +allow snapshotctl ota_metadata_file:file create_file_perms; + +# Allow to get A/B slot suffix from device tree or kernel cmdline. +r_dir_file(snapshotctl, sysfs_dt_firmware_android); +allow snapshotctl proc_cmdline:file r_file_perms; + +# Needed to (re-)map logical partitions. +allow snapshotctl block_device:dir r_dir_perms; +allow snapshotctl super_block_device:blk_file r_file_perms; + +# Interact with device-mapper to collapse snapshots. +allow snapshotctl dm_device:chr_file rw_file_perms; + +# Needed to mutate device-mapper nodes. +allow snapshotctl self:global_capability_class_set sys_admin; + +# Snapshotctl talk to boot control HAL to set merge status. +hwbinder_use(snapshotctl) +hal_client_domain(snapshotctl, hal_bootctl) + +# Allow snapshotctl to write to statsd socket. +unix_socket_send(snapshotctl, statsdw, statsd) + +# Logging +userdebug_or_eng(` + allow snapshotctl snapshotctl_log_data_file:dir rw_dir_perms; + allow snapshotctl snapshotctl_log_data_file:file create_file_perms; +') diff --git a/prebuilts/api/30.0/private/stats.te b/prebuilts/api/30.0/private/stats.te new file mode 100644 index 000000000..3e8a3d5fb --- /dev/null +++ b/prebuilts/api/30.0/private/stats.te @@ -0,0 +1,55 @@ +type stats, domain; +typeattribute stats coredomain; +type stats_exec, system_file_type, exec_type, file_type; + +# switch to stats domain for stats command +domain_auto_trans(shell, stats_exec, stats) + +# allow stats access to stdout from its parent shell. +allow stats shell:fd use; + +# allow stats to communicate use, read and write over the adb +# connection. +allow stats adbd:fd use; +allow stats adbd:unix_stream_socket { read write }; + +# allow adbd to reap stats +allow stats adbd:process { sigchld }; + +# Allow the stats command to talk to the statsd over the binder, and get +# back the stats report data from a ParcelFileDescriptor. +binder_use(stats) +allow stats stats_service:service_manager find; +binder_call(stats, statsd) +allow stats statsd:fifo_file write; + +# Only statsd can publish the binder service. +add_service(statsd, stats_service) + +# Allow pipes from (and only from) stats. +allow statsd stats:fd use; +allow statsd stats:fifo_file write; + +# Allow statsd to call back to stats with status updates. +binder_call(statsd, stats) + +### +### neverallow rules +### + +neverallow { + domain + -dumpstate + -gmscore_app + -gpuservice + -incidentd + -platform_app + -priv_app + -shell + -stats + -statsd + -surfaceflinger + -system_app + -system_server + -traceur_app +} stats_service:service_manager find; diff --git a/prebuilts/api/30.0/private/statsd.te b/prebuilts/api/30.0/private/statsd.te new file mode 100644 index 000000000..148315604 --- /dev/null +++ b/prebuilts/api/30.0/private/statsd.te @@ -0,0 +1,23 @@ +typeattribute statsd coredomain; + +init_daemon_domain(statsd) + +# Allow to exec the perfetto cmdline client and pass it the trace config on +# stdint through a pipe. It allows statsd to capture traces and hand them +# to Android dropbox. +allow statsd perfetto_exec:file rx_file_perms; +domain_auto_trans(statsd, perfetto_exec, perfetto) + +# Grant statsd with permissions to register the services. +allow statsd { + statscompanion_service +}:service_manager find; + +# Allow incidentd to obtain the statsd incident section. +allow statsd incidentd:fifo_file write; + +# Allow StatsCompanionService to pipe data to statsd. +allow statsd system_server:fifo_file { read getattr }; + +# Allow statsd to retrieve SF statistics over binder +binder_call(statsd, surfaceflinger); diff --git a/prebuilts/api/30.0/private/storaged.te b/prebuilts/api/30.0/private/storaged.te new file mode 100644 index 000000000..b7d4ae9ce --- /dev/null +++ b/prebuilts/api/30.0/private/storaged.te @@ -0,0 +1,67 @@ +# storaged daemon +type storaged, domain, coredomain, mlstrustedsubject; +type storaged_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(storaged) + +# Read access to pseudo filesystems +r_dir_file(storaged, domain) + +# Read /proc/uid_io/stats +allow storaged proc_uid_io_stats:file r_file_perms; + +# Read /data/system/packages.list +allow storaged system_data_file:file r_file_perms; +allow storaged packages_list_file:file r_file_perms; + +# Store storaged proto file +allow storaged storaged_data_file:dir rw_dir_perms; +allow storaged storaged_data_file:file create_file_perms; + +userdebug_or_eng(` + # Read access to debugfs + allow storaged debugfs_mmc:dir search; + allow storaged debugfs_mmc:file r_file_perms; +') + +# Needed to provide debug dump output via dumpsys pipes. +allow storaged shell:fd use; +allow storaged shell:fifo_file write; + +# Needed for GMScore to call dumpsys storaged +allow storaged priv_app:fd use; +# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain. +# Remove after no logs are seen for this rule. +userdebug_or_eng(` + auditallow storaged priv_app:fd use; +') +allow storaged gmscore_app:fd use; +allow storaged { privapp_data_file app_data_file }:file write; +allow storaged permission_service:service_manager find; + +# Binder permissions +add_service(storaged, storaged_service) + +binder_use(storaged) +binder_call(storaged, system_server) + +hal_client_domain(storaged, hal_health) + +# Implements a dumpsys interface. +allow storaged dumpstate:fd use; + +# use a subset of the package manager service +allow storaged package_native_service:service_manager find; + +# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is +# running as root. See b/35323867 #3. +dontaudit storaged self:global_capability_class_set { dac_override dac_read_search }; + +# For collecting bugreports. +allow storaged dumpstate:fifo_file write; + +### +### neverallow +### +neverallow storaged domain:process ptrace; +neverallow storaged self:capability_class_set *; diff --git a/prebuilts/api/30.0/private/su.te b/prebuilts/api/30.0/private/su.te new file mode 100644 index 000000000..16e47bbbf --- /dev/null +++ b/prebuilts/api/30.0/private/su.te @@ -0,0 +1,23 @@ +userdebug_or_eng(` + typeattribute su coredomain; + + domain_auto_trans(shell, su_exec, su) + # Allow dumpstate to call su on userdebug / eng builds to collect + # additional information. + domain_auto_trans(dumpstate, su_exec, su) + + # Make sure that dumpstate runs the same from the "su" domain as + # from the "init" domain. + domain_auto_trans(su, dumpstate_exec, dumpstate) + + # Put the incident command into its domain so it is the same on user, userdebug and eng. + domain_auto_trans(su, incident_exec, incident) + + # Put the perfetto command into its domain so it is the same on user, userdebug and eng. + domain_auto_trans(su, perfetto_exec, perfetto) + + # su is also permissive to permit setenforce. + permissive su; + + app_domain(su) +') diff --git a/prebuilts/api/30.0/private/surfaceflinger.te b/prebuilts/api/30.0/private/surfaceflinger.te new file mode 100644 index 000000000..cf709df31 --- /dev/null +++ b/prebuilts/api/30.0/private/surfaceflinger.te @@ -0,0 +1,142 @@ +# surfaceflinger - display compositor service + +typeattribute surfaceflinger coredomain; + +type surfaceflinger_exec, system_file_type, exec_type, file_type; +init_daemon_domain(surfaceflinger) +tmpfs_domain(surfaceflinger) + +typeattribute surfaceflinger mlstrustedsubject; +typeattribute surfaceflinger display_service_server; + +read_runtime_log_tags(surfaceflinger) + +# Perform HwBinder IPC. +hal_client_domain(surfaceflinger, hal_graphics_allocator) +hal_client_domain(surfaceflinger, hal_graphics_composer) +typeattribute surfaceflinger_tmpfs hal_graphics_composer_client_tmpfs; +hal_client_domain(surfaceflinger, hal_codec2) +hal_client_domain(surfaceflinger, hal_omx) +hal_client_domain(surfaceflinger, hal_configstore) +hal_client_domain(surfaceflinger, hal_power) +hal_client_domain(surfaceflinger, hal_bufferhub) +allow surfaceflinger hidl_token_hwservice:hwservice_manager find; + +# Perform Binder IPC. +binder_use(surfaceflinger) +binder_call(surfaceflinger, binderservicedomain) +binder_call(surfaceflinger, appdomain) +binder_call(surfaceflinger, bootanim) +binder_call(surfaceflinger, system_server); +binder_service(surfaceflinger) + +# Binder IPC to bu, presently runs in adbd domain. +binder_call(surfaceflinger, adbd) + +# Read /proc/pid files for Binder clients. +r_dir_file(surfaceflinger, binderservicedomain) +r_dir_file(surfaceflinger, appdomain) + +# Access the GPU. +allow surfaceflinger gpu_device:chr_file rw_file_perms; + +# Access /dev/graphics/fb0. +allow surfaceflinger graphics_device:dir search; +allow surfaceflinger graphics_device:chr_file rw_file_perms; + +# Access /dev/video1. +allow surfaceflinger video_device:dir r_dir_perms; +allow surfaceflinger video_device:chr_file rw_file_perms; + +# Create and use netlink kobject uevent sockets. +allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Set properties. +set_prop(surfaceflinger, system_prop) +set_prop(surfaceflinger, exported_system_prop) +set_prop(surfaceflinger, exported2_system_prop) +set_prop(surfaceflinger, exported3_system_prop) +set_prop(surfaceflinger, ctl_bootanim_prop) + +# Use open files supplied by an app. +allow surfaceflinger appdomain:fd use; +allow surfaceflinger { app_data_file privapp_data_file }:file { read write }; + +# Allow writing surface traces to /data/misc/wmtrace. +userdebug_or_eng(` + allow surfaceflinger wm_trace_data_file:dir rw_dir_perms; + allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms }; +') + +# Needed to register as a Perfetto producer. +perfetto_producer(surfaceflinger) + +# Use socket supplied by adbd, for cmd gpu vkjson etc. +allow surfaceflinger adbd:unix_stream_socket { read write getattr }; + +# Allow a dumpstate triggered screenshot +binder_call(surfaceflinger, dumpstate) +binder_call(surfaceflinger, shell) +r_dir_file(surfaceflinger, dumpstate) + +# media.player service + +# do not use add_service() as hal_graphics_composer_default may be the +# provider as well +#add_service(surfaceflinger, surfaceflinger_service) +allow surfaceflinger surfaceflinger_service:service_manager { add find }; + +add_service(surfaceflinger, vrflinger_vsync_service) + +allow surfaceflinger mediaserver_service:service_manager find; +allow surfaceflinger permission_service:service_manager find; +allow surfaceflinger power_service:service_manager find; +allow surfaceflinger vr_manager_service:service_manager find; +allow surfaceflinger window_service:service_manager find; +allow surfaceflinger inputflinger_service:service_manager find; + + +# allow self to set SCHED_FIFO +allow surfaceflinger self:global_capability_class_set sys_nice; +allow surfaceflinger proc_meminfo:file r_file_perms; +r_dir_file(surfaceflinger, cgroup) +r_dir_file(surfaceflinger, system_file) +allow surfaceflinger tmpfs:dir r_dir_perms; +allow surfaceflinger system_server:fd use; +allow surfaceflinger system_server:unix_stream_socket { read write }; +allow surfaceflinger ion_device:chr_file r_file_perms; + +# pdx IPC +pdx_server(surfaceflinger, display_client) +pdx_server(surfaceflinger, display_manager) +pdx_server(surfaceflinger, display_screenshot) +pdx_server(surfaceflinger, display_vsync) + +pdx_client(surfaceflinger, bufferhub_client) +pdx_client(surfaceflinger, performance_client) + +# Allow supplying timestats statistics to statsd +allow surfaceflinger stats_service:service_manager find; +allow surfaceflinger statsmanager_service:service_manager find; +# TODO(146461633): remove this once native pullers talk to StatsManagerService +binder_call(surfaceflinger, statsd); + +# Allow pushing jank event atoms to statsd +userdebug_or_eng(` + unix_socket_send(surfaceflinger, statsdw, statsd) +') + +# Surfaceflinger should not be reading default vendor-defined properties. +dontaudit surfaceflinger vendor_default_prop:file read; + +### +### Neverallow rules +### +### surfaceflinger should NEVER do any of this + +# Do not allow accessing SDcard files as unsafe ejection could +# cause the kernel to kill the process. +neverallow surfaceflinger sdcard_type:file rw_file_perms; + +# b/68864350 +dontaudit surfaceflinger unlabeled:dir search; diff --git a/prebuilts/api/30.0/private/system_app.te b/prebuilts/api/30.0/private/system_app.te new file mode 100644 index 000000000..0b77bb372 --- /dev/null +++ b/prebuilts/api/30.0/private/system_app.te @@ -0,0 +1,171 @@ +### +### Apps that run with the system UID, e.g. com.android.system.ui, +### com.android.settings. These are not as privileged as the system +### server. +### + +typeattribute system_app coredomain; + +app_domain(system_app) +net_domain(system_app) +binder_service(system_app) + +# android.ui and system.ui +allow system_app rootfs:dir getattr; + +# Read and write /data/data subdirectory. +allow system_app system_app_data_file:dir create_dir_perms; +allow system_app system_app_data_file:{ file lnk_file } create_file_perms; + +# Read and write to /data/misc/user. +allow system_app misc_user_data_file:dir create_dir_perms; +allow system_app misc_user_data_file:file create_file_perms; + +# Access to vold-mounted storage for measuring free space +allow system_app mnt_media_rw_file:dir search; + +# Access to apex files stored on /data (b/136063500) +# Needed so that Settings can access NOTICE files inside apex +# files located in the assets/ directory. +allow system_app apex_data_file:dir search; +allow system_app staging_data_file:file r_file_perms; + +# Read wallpaper file. +allow system_app wallpaper_file:file r_file_perms; + +# Read icon file. +allow system_app icon_file:file r_file_perms; + +# Write to properties +set_prop(system_app, bluetooth_a2dp_offload_prop) +set_prop(system_app, bluetooth_audio_hal_prop) +set_prop(system_app, bluetooth_prop) +set_prop(system_app, debug_prop) +set_prop(system_app, system_prop) +set_prop(system_app, exported_bluetooth_prop) +set_prop(system_app, exported_system_prop) +set_prop(system_app, exported2_system_prop) +set_prop(system_app, exported3_system_prop) +set_prop(system_app, logd_prop) +set_prop(system_app, net_radio_prop) +set_prop(system_app, system_radio_prop) +set_prop(system_app, exported_system_radio_prop) +set_prop(system_app, log_tag_prop) +userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)') +auditallow system_app net_radio_prop:property_service set; +auditallow system_app system_radio_prop:property_service set; +auditallow system_app exported_system_radio_prop:property_service set; +# Allow Settings to enable Dynamic System Update +set_prop(system_app, dynamic_system_prop) + +# ctl interface +set_prop(system_app, ctl_default_prop) +set_prop(system_app, ctl_bugreport_prop) + +# Allow developer settings to query gsid status +get_prop(system_app, gsid_prop) + +# Create /data/anr/traces.txt. +allow system_app anr_data_file:dir ra_dir_perms; +allow system_app anr_data_file:file create_file_perms; + +# Settings need to access app name and icon from asec +allow system_app asec_apk_file:file r_file_perms; + +# Allow system_app (adb data loader) to write data to /data/incremental +allow system_app apk_data_file:file write; + +# Allow system app (adb data loader) to read logs +allow system_app incremental_control_file:file r_file_perms; + +# Allow system apps (like Settings) to interact with statsd +binder_call(system_app, statsd) + +# Allow system apps to interact with incidentd +binder_call(system_app, incidentd) + +# Allow system apps to interact with gpuservice +binder_call(system_app, gpuservice) + +# Allow system app to interact with Dumpstate HAL +hal_client_domain(system_app, hal_dumpstate) + +allow system_app servicemanager:service_manager list; +# TODO: scope this down? Too broad? +allow system_app { + service_manager_type + -apex_service + -dnsresolver_service + -dumpstate_service + -installd_service + -iorapd_service + -lpdump_service + -netd_service + -system_suspend_control_service + -virtual_touchpad_service + -vold_service + -vr_hwc_service + -default_android_service +}:service_manager find; +# suppress denials for services system_app should not be accessing. +dontaudit system_app { + dnsresolver_service + dumpstate_service + installd_service + iorapd_service + netd_service + virtual_touchpad_service + vold_service + vr_hwc_service +}:service_manager find; + +allow system_app keystore:keystore_key { + get_state + get + insert + delete + exist + list + reset + password + lock + unlock + is_empty + sign + verify + grant + duplicate + clear_uid + user_changed +}; + +# settings app reads /proc/version +allow system_app { + proc_version +}:file r_file_perms; + +# Settings app writes to /dev/stune/foreground/tasks. +allow system_app cgroup:file w_file_perms; + +control_logd(system_app) +read_runtime_log_tags(system_app) +get_prop(system_app, device_logging_prop) + +# allow system apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow system_app system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +### +### Neverallow rules +### + +# app domains which access /dev/fuse should not run as system_app +neverallow system_app fuse_device:chr_file *; + +# Apps which run as UID=system should not rely on any attacker controlled +# filesystem locations, such as /data/local/tmp. For /data/local/tmp, we +# allow writes to files passed by file descriptor to support dumpstate and +# bug reports, but not reads. +neverallow system_app shell_data_file:dir { no_w_dir_perms open search read }; +neverallow system_app shell_data_file:file { open read ioctl lock }; diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te new file mode 100644 index 000000000..bfac1a6ec --- /dev/null +++ b/prebuilts/api/30.0/private/system_server.te @@ -0,0 +1,1164 @@ +# +# System Server aka system_server spawned by zygote. +# Most of the framework services run in this process. +# + +typeattribute system_server coredomain; +typeattribute system_server mlstrustedsubject; +typeattribute system_server scheduler_service_server; +typeattribute system_server sensor_service_server; +typeattribute system_server stats_service_server; + +# Define a type for tmpfs-backed ashmem regions. +tmpfs_domain(system_server) + +# Create a socket for connections from crash_dump. +type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket"; + +# Create a socket for connections from zygotes. +type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesocket"; + +allow system_server zygote_tmpfs:file read; +allow system_server appdomain_tmpfs:file { getattr map read write }; + +# For Incremental Service to check if incfs is available +allow system_server proc_filesystems:file r_file_perms; + +# To create files and get permission to fill blocks on Incremental File System +allow system_server incremental_control_file:file { ioctl r_file_perms }; +allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL }; + +# To get signature of an APK installed on Incremental File System and fill in data blocks +allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS }; + +# For art. +allow system_server dalvikcache_data_file:dir r_dir_perms; +allow system_server dalvikcache_data_file:file r_file_perms; + +# When running system server under --invoke-with, we'll try to load the boot image under the +# system server domain, following links to the system partition. +with_asan(`allow system_server dalvikcache_data_file:lnk_file r_file_perms;') + +# /data/resource-cache +allow system_server resourcecache_data_file:file r_file_perms; +allow system_server resourcecache_data_file:dir r_dir_perms; + +# ptrace to processes in the same domain for debugging crashes. +allow system_server self:process ptrace; + +# Child of the zygote. +allow system_server zygote:fd use; +allow system_server zygote:process sigchld; + +# May kill zygote on crashes. +allow system_server { + app_zygote + crash_dump + webview_zygote + zygote +}:process { sigkill signull }; + +# Read /system/bin/app_process. +allow system_server zygote_exec:file r_file_perms; + +# Needed to close the zygote socket, which involves getopt / getattr +allow system_server zygote:unix_stream_socket { getopt getattr }; + +# system server gets network and bluetooth permissions. +net_domain(system_server) +# in addition to ioctls whitelisted for all domains, also allow system_server +# to use privileged ioctls commands. Needed to set up VPNs. +allowxperm system_server self:udp_socket ioctl priv_sock_ioctls; +bluetooth_domain(system_server) + +# Allow setup of tcp keepalive offload. This gives system_server the permission to +# call ioctl on app domains' tcp sockets. Additional ioctl commands still need to +# be granted individually, except for a small set of safe values whitelisted in +# public/domain.te. +allow system_server appdomain:tcp_socket ioctl; + +# These are the capabilities assigned by the zygote to the +# system server. +allow system_server self:global_capability_class_set { + ipc_lock + kill + net_admin + net_bind_service + net_broadcast + net_raw + sys_boot + sys_nice + sys_ptrace + sys_time + sys_tty_config +}; + +# Trigger module auto-load. +allow system_server kernel:system module_request; + +# Allow alarmtimers to be set +allow system_server self:global_capability2_class_set wake_alarm; + +# Create and share netlink_netfilter_sockets for tetheroffload. +allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl; + +# Create/use netlink_tcpdiag_socket for looking up connection UIDs for VPN apps. +allow system_server self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read }; + +# Use netlink uevent sockets. +allow system_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Use generic netlink sockets. +allow system_server self:netlink_socket create_socket_perms_no_ioctl; +allow system_server self:netlink_generic_socket create_socket_perms_no_ioctl; + +# libvintf reads the kernel config to verify vendor interface compatibility. +allow system_server config_gz:file { read open }; + +# Use generic "sockets" where the address family is not known +# to the kernel. The ioctl permission is specifically omitted here, but may +# be added to device specific policy along with the ioctl commands to be +# whitelisted. +allow system_server self:socket create_socket_perms_no_ioctl; + +# Set and get routes directly via netlink. +allow system_server self:netlink_route_socket nlmsg_write; + +# Kill apps. +allow system_server appdomain:process { getpgid sigkill signal }; +# signull allowed for kill(pid, 0) existence test. +allow system_server appdomain:process { signull }; + +# Set scheduling info for apps. +allow system_server appdomain:process { getsched setsched }; +allow system_server audioserver:process { getsched setsched }; +allow system_server hal_audio:process { getsched setsched }; +allow system_server hal_bluetooth:process { getsched setsched }; +allow system_server hal_codec2_server:process { getsched setsched }; +allow system_server hal_omx_server:process { getsched setsched }; +allow system_server mediaswcodec:process { getsched setsched }; +allow system_server cameraserver:process { getsched setsched }; +allow system_server hal_camera:process { getsched setsched }; +allow system_server mediaserver:process { getsched setsched }; +allow system_server bootanim:process { getsched setsched }; + +# Set scheduling info for psi monitor thread. +# TODO: delete this line b/131761776 +allow system_server kernel:process { getsched setsched }; + +# Allow system_server to write to /proc//* +allow system_server domain:file w_file_perms; + +# Read /proc/pid data for all domains. This is used by ProcessCpuTracker +# within system_server to keep track of memory and CPU usage for +# all processes on the device. In addition, /proc/pid files access is needed +# for dumping stack traces of native processes. +r_dir_file(system_server, domain) + +# Write /proc/uid_cputime/remove_uid_range. +allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr }; + +# Write /proc/uid_procstat/set. +allow system_server proc_uid_procstat_set:file { w_file_perms getattr }; + +# Write to /proc/sysrq-trigger. +allow system_server proc_sysrq:file rw_file_perms; + +# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories. +allow system_server stats_data_file:dir { open read remove_name search write }; +allow system_server stats_data_file:file unlink; + +# Read /sys/kernel/debug/wakeup_sources. +allow system_server debugfs_wakeup_sources:file r_file_perms; + +# Read /sys/kernel/ion/*. +allow system_server sysfs_ion:file r_file_perms; + +# The DhcpClient and WifiWatchdog use packet_sockets +allow system_server self:packet_socket create_socket_perms_no_ioctl; + +# 3rd party VPN clients require a tun_socket to be created +allow system_server self:tun_socket create_socket_perms_no_ioctl; + +# Talk to init and various daemons via sockets. +unix_socket_connect(system_server, lmkd, lmkd) +unix_socket_connect(system_server, mtpd, mtp) +unix_socket_connect(system_server, zygote, zygote) +unix_socket_connect(system_server, racoon, racoon) +unix_socket_connect(system_server, uncrypt, uncrypt) + +# Allow system_server to write to statsd. +unix_socket_send(system_server, statsdw, statsd) + +# Communicate over a socket created by surfaceflinger. +allow system_server surfaceflinger:unix_stream_socket { read write setopt }; + +allow system_server gpuservice:unix_stream_socket { read write setopt }; + +# Communicate over a socket created by webview_zygote. +allow system_server webview_zygote:unix_stream_socket { read write connectto setopt }; + +# Communicate over a socket created by app_zygote. +allow system_server app_zygote:unix_stream_socket { read write connectto setopt }; + +# Perform Binder IPC. +binder_use(system_server) +binder_call(system_server, appdomain) +binder_call(system_server, binderservicedomain) +binder_call(system_server, dumpstate) +binder_call(system_server, fingerprintd) +binder_call(system_server, gatekeeperd) +binder_call(system_server, idmap) +binder_call(system_server, installd) +binder_call(system_server, incidentd) +binder_call(system_server, iorapd) +binder_call(system_server, netd) +binder_call(system_server, notify_traceur) +binder_call(system_server, statsd) +binder_call(system_server, storaged) +binder_call(system_server, update_engine) +binder_call(system_server, vold) +binder_call(system_server, wificond) +binder_call(system_server, wpantund) +binder_service(system_server) + +# Use HALs +hal_client_domain(system_server, hal_allocator) +hal_client_domain(system_server, hal_audio) +hal_client_domain(system_server, hal_authsecret) +hal_client_domain(system_server, hal_broadcastradio) +hal_client_domain(system_server, hal_codec2) +hal_client_domain(system_server, hal_configstore) +hal_client_domain(system_server, hal_contexthub) +hal_client_domain(system_server, hal_face) +hal_client_domain(system_server, hal_fingerprint) +hal_client_domain(system_server, hal_gnss) +hal_client_domain(system_server, hal_graphics_allocator) +hal_client_domain(system_server, hal_health) +hal_client_domain(system_server, hal_input_classifier) +hal_client_domain(system_server, hal_ir) +hal_client_domain(system_server, hal_light) +hal_client_domain(system_server, hal_memtrack) +hal_client_domain(system_server, hal_neuralnetworks) +hal_client_domain(system_server, hal_oemlock) +hal_client_domain(system_server, hal_omx) +hal_client_domain(system_server, hal_power) +hal_client_domain(system_server, hal_power_stats) +hal_client_domain(system_server, hal_rebootescrow) +hal_client_domain(system_server, hal_sensors) +hal_client_domain(system_server, hal_tetheroffload) +hal_client_domain(system_server, hal_thermal) +hal_client_domain(system_server, hal_tv_cec) +hal_client_domain(system_server, hal_tv_input) +hal_client_domain(system_server, hal_usb) +hal_client_domain(system_server, hal_usb_gadget) +hal_client_domain(system_server, hal_vibrator) +hal_client_domain(system_server, hal_vr) +hal_client_domain(system_server, hal_weaver) +hal_client_domain(system_server, hal_wifi) +hal_client_domain(system_server, hal_wifi_hostapd) +hal_client_domain(system_server, hal_wifi_supplicant) + +# Talk with graphics composer fences +allow system_server hal_graphics_composer:fd use; + +# Use RenderScript always-passthrough HAL +allow system_server hal_renderscript_hwservice:hwservice_manager find; +allow system_server same_process_hal_file:file { execute read open getattr map }; + +# Talk to tombstoned to get ANR traces. +unix_socket_connect(system_server, tombstoned_intercept, tombstoned) + +# List HAL interfaces to get ANR traces. +allow system_server hwservicemanager:hwservice_manager list; + +# Send signals to trigger ANR traces. +allow system_server { + # This is derived from the list that system server defines as interesting native processes + # to dump during ANRs or watchdog aborts, defined in NATIVE_STACKS_OF_INTEREST in + # frameworks/base/services/core/java/com/android/server/Watchdog.java. + audioserver + cameraserver + drmserver + gpuservice + inputflinger + mediadrmserver + mediaextractor + mediametrics + mediaserver + mediaswcodec + netd + sdcardd + statsd + surfaceflinger + vold + + # This list comes from HAL_INTERFACES_OF_INTEREST in + # frameworks/base/services/core/java/com/android/server/Watchdog.java. + hal_audio_server + hal_bluetooth_server + hal_camera_server + hal_codec2_server + hal_face_server + hal_fingerprint_server + hal_gnss_server + hal_graphics_allocator_server + hal_graphics_composer_server + hal_health_server + hal_neuralnetworks_server + hal_omx_server + hal_power_stats_server + hal_sensors_server + hal_vr_server + system_suspend_server +}:process { signal }; + +# Use sockets received over binder from various services. +allow system_server audioserver:tcp_socket rw_socket_perms; +allow system_server audioserver:udp_socket rw_socket_perms; +allow system_server mediaserver:tcp_socket rw_socket_perms; +allow system_server mediaserver:udp_socket rw_socket_perms; + +# Use sockets received over binder from various services. +allow system_server mediadrmserver:tcp_socket rw_socket_perms; +allow system_server mediadrmserver:udp_socket rw_socket_perms; + +userdebug_or_eng(`perfetto_producer({ system_server })') + +# Get file context +allow system_server file_contexts_file:file r_file_perms; +# access for mac_permissions +allow system_server mac_perms_file: file r_file_perms; +# Check SELinux permissions. +selinux_check_access(system_server) + +allow system_server sysfs_type:dir search; + +r_dir_file(system_server, sysfs_android_usb) +allow system_server sysfs_android_usb:file w_file_perms; + +allow system_server sysfs_extcon:dir r_dir_perms; + +r_dir_file(system_server, sysfs_ipv4) +allow system_server sysfs_ipv4:file w_file_perms; + +r_dir_file(system_server, sysfs_rtc) +r_dir_file(system_server, sysfs_switch) +r_dir_file(system_server, sysfs_wakeup_reasons) + +allow system_server sysfs_nfc_power_writable:file rw_file_perms; +allow system_server sysfs_power:dir search; +allow system_server sysfs_power:file rw_file_perms; +allow system_server sysfs_thermal:dir search; +allow system_server sysfs_thermal:file r_file_perms; + +# TODO: Remove when HALs are forced into separate processes +allow system_server sysfs_vibrator:file { write append }; + +# TODO: added to match above sysfs rule. Remove me? +allow system_server sysfs_usb:file w_file_perms; + +# Access devices. +allow system_server device:dir r_dir_perms; +allow system_server mdns_socket:sock_file rw_file_perms; +allow system_server gpu_device:chr_file rw_file_perms; +allow system_server input_device:dir r_dir_perms; +allow system_server input_device:chr_file rw_file_perms; +allow system_server tty_device:chr_file rw_file_perms; +allow system_server usbaccessory_device:chr_file rw_file_perms; +allow system_server video_device:dir r_dir_perms; +allow system_server video_device:chr_file rw_file_perms; +allow system_server adbd_socket:sock_file rw_file_perms; +allow system_server rtc_device:chr_file rw_file_perms; +allow system_server audio_device:dir r_dir_perms; + +# write access to ALSA interfaces (/dev/snd/*) needed for MIDI +allow system_server audio_device:chr_file rw_file_perms; + +# tun device used for 3rd party vpn apps +allow system_server tun_device:chr_file rw_file_perms; +allowxperm system_server tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF }; + +# Manage data/ota_package +allow system_server ota_package_file:dir rw_dir_perms; +allow system_server ota_package_file:file create_file_perms; + +# Manage system data files. +allow system_server system_data_file:dir create_dir_perms; +allow system_server system_data_file:notdevfile_class_set create_file_perms; +allow system_server packages_list_file:file create_file_perms; +allow system_server keychain_data_file:dir create_dir_perms; +allow system_server keychain_data_file:file create_file_perms; +allow system_server keychain_data_file:lnk_file create_file_perms; + +# Manage /data/app. +allow system_server apk_data_file:dir create_dir_perms; +allow system_server apk_data_file:{ file lnk_file } { create_file_perms link }; +allow system_server apk_tmp_file:dir create_dir_perms; +allow system_server apk_tmp_file:file create_file_perms; + +# Access input configuration files in the /vendor directory +r_dir_file(system_server, vendor_keylayout_file) +r_dir_file(system_server, vendor_keychars_file) +r_dir_file(system_server, vendor_idc_file) + +# Access /vendor/{app,framework,overlay} +r_dir_file(system_server, vendor_app_file) +r_dir_file(system_server, vendor_framework_file) +r_dir_file(system_server, vendor_overlay_file) + +# Manage /data/app-private. +allow system_server apk_private_data_file:dir create_dir_perms; +allow system_server apk_private_data_file:file create_file_perms; +allow system_server apk_private_tmp_file:dir create_dir_perms; +allow system_server apk_private_tmp_file:file create_file_perms; + +# Manage files within asec containers. +allow system_server asec_apk_file:dir create_dir_perms; +allow system_server asec_apk_file:file create_file_perms; +allow system_server asec_public_file:file create_file_perms; + +# Manage /data/anr. +# +# TODO: Some of these permissions can be withdrawn once we've switched to the +# new stack dumping mechanism, see b/32064548 and the rules below. In particular, +# the system_server should never need to create a new anr_data_file:file or write +# to one, but it will still need to read and append to existing files. +allow system_server anr_data_file:dir create_dir_perms; +allow system_server anr_data_file:file create_file_perms; + +# New stack dumping scheme : request an output FD from tombstoned via a unix +# domain socket. +# +# Allow system_server to connect and write to the tombstoned java trace socket in +# order to dump its traces. Also allow the system server to write its traces to +# dumpstate during bugreport capture and incidentd during incident collection. +unix_socket_connect(system_server, tombstoned_java_trace, tombstoned) +allow system_server tombstoned:fd use; +allow system_server dumpstate:fifo_file append; +allow system_server incidentd:fifo_file append; +# Write to a pipe created from `adb shell` (for debuggerd -j `pidof system_server`) +userdebug_or_eng(` + allow system_server su:fifo_file append; +') + +# Allow system_server to read pipes from incidentd (used to deliver incident reports +# to dropbox) +allow system_server incidentd:fifo_file read; + +# Read /data/misc/incidents - only read. The fd will be sent over binder, +# with no DAC access to it, for dropbox to read. +allow system_server incident_data_file:file read; + +# Manage /data/misc/prereboot. +allow system_server prereboot_data_file:dir rw_dir_perms; +allow system_server prereboot_data_file:file create_file_perms; + +# Allow dropbox to read /data/misc/perfetto-traces. Only the fd is sent over +# binder. +allow system_server perfetto_traces_data_file:file read; +allow system_server perfetto:fd use; + +# Manage /data/backup. +allow system_server backup_data_file:dir create_dir_perms; +allow system_server backup_data_file:file create_file_perms; + +# Write to /data/system/dropbox +allow system_server dropbox_data_file:dir create_dir_perms; +allow system_server dropbox_data_file:file create_file_perms; + +# Write to /data/system/heapdump +allow system_server heapdump_data_file:dir rw_dir_perms; +allow system_server heapdump_data_file:file create_file_perms; + +# Manage /data/misc/adb. +allow system_server adb_keys_file:dir create_dir_perms; +allow system_server adb_keys_file:file create_file_perms; + +# Manage /data/misc/emergencynumberdb +allow system_server emergency_data_file:dir create_dir_perms; +allow system_server emergency_data_file:file create_file_perms; + +# Manage /data/misc/network_watchlist +allow system_server network_watchlist_data_file:dir create_dir_perms; +allow system_server network_watchlist_data_file:file create_file_perms; + +# Manage /data/misc/sms. +# TODO: Split into a separate type? +allow system_server radio_data_file:dir create_dir_perms; +allow system_server radio_data_file:file create_file_perms; + +# Manage /data/misc/systemkeys. +allow system_server systemkeys_data_file:dir create_dir_perms; +allow system_server systemkeys_data_file:file create_file_perms; + +# Manage /data/misc/textclassifier. +allow system_server textclassifier_data_file:dir create_dir_perms; +allow system_server textclassifier_data_file:file create_file_perms; + +# Access /data/tombstones. +allow system_server tombstone_data_file:dir r_dir_perms; +allow system_server tombstone_data_file:file r_file_perms; + +# Manage /data/misc/vpn. +allow system_server vpn_data_file:dir create_dir_perms; +allow system_server vpn_data_file:file create_file_perms; + +# Manage /data/misc/wifi. +allow system_server wifi_data_file:dir create_dir_perms; +allow system_server wifi_data_file:file create_file_perms; + +# Manage /data/misc/zoneinfo. +allow system_server zoneinfo_data_file:dir create_dir_perms; +allow system_server zoneinfo_data_file:file create_file_perms; + +# Manage /data/app-staging. +allow system_server staging_data_file:dir create_dir_perms; +allow system_server staging_data_file:file create_file_perms; + +# Walk /data/data subdirectories. +# Types extracted from seapp_contexts type= fields. +allow system_server { + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file + app_data_file + privapp_data_file +}:dir { getattr read search }; + +# Also permit for unlabeled /data/data subdirectories and +# for unlabeled asec containers on upgrades from 4.2. +allow system_server unlabeled:dir r_dir_perms; +# Read pkg.apk file before it has been relabeled by vold. +allow system_server unlabeled:file r_file_perms; + +# Populate com.android.providers.settings/databases/settings.db. +allow system_server system_app_data_file:dir create_dir_perms; +allow system_server system_app_data_file:file create_file_perms; + +# Receive and use open app data files passed over binder IPC. +# Types extracted from seapp_contexts type= fields. +allow system_server { + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file + app_data_file + privapp_data_file +}:file { getattr read write append map }; + +# Access to /data/media for measuring disk usage. +allow system_server media_rw_data_file:dir { search getattr open read }; + +# Receive and use open /data/media files passed over binder IPC. +# Also used for measuring disk usage. +allow system_server media_rw_data_file:file { getattr read write append }; + +# System server needs to setfscreate to packages_list_file when writing +# /data/system/packages.list +allow system_server system_server:process setfscreate; + +# Relabel apk files. +allow system_server { apk_tmp_file apk_private_tmp_file }:{ dir file } { relabelfrom relabelto }; +allow system_server { apk_data_file apk_private_data_file }:{ dir file } { relabelfrom relabelto }; + +# Relabel wallpaper. +allow system_server system_data_file:file relabelfrom; +allow system_server wallpaper_file:file relabelto; +allow system_server wallpaper_file:file { rw_file_perms rename unlink }; + +# Backup of wallpaper imagery uses temporary hard links to avoid data churn +allow system_server { system_data_file wallpaper_file }:file link; + +# ShortcutManager icons +allow system_server system_data_file:dir relabelfrom; +allow system_server shortcut_manager_icons:dir { create_dir_perms relabelto }; +allow system_server shortcut_manager_icons:file create_file_perms; + +# Manage ringtones. +allow system_server ringtone_file:dir { create_dir_perms relabelto }; +allow system_server ringtone_file:file create_file_perms; + +# Relabel icon file. +allow system_server icon_file:file relabelto; +allow system_server icon_file:file { rw_file_perms unlink }; + +# FingerprintService.java does a restorecon of the directory /data/system/users/[0-9]+/fpdata(/.*)? +allow system_server system_data_file:dir relabelfrom; + +# server_configurable_flags_data_file is used for storing server configurable flags which +# have been reset during current booting. system_server needs to read the data to perform related +# disaster recovery actions. +allow system_server server_configurable_flags_data_file:dir r_dir_perms; +allow system_server server_configurable_flags_data_file:file r_file_perms; + +# Property Service write +set_prop(system_server, system_prop) +set_prop(system_server, exported_system_prop) +set_prop(system_server, exported2_system_prop) +set_prop(system_server, exported3_system_prop) +set_prop(system_server, safemode_prop) +set_prop(system_server, theme_prop) +set_prop(system_server, dhcp_prop) +set_prop(system_server, net_radio_prop) +set_prop(system_server, net_dns_prop) +set_prop(system_server, system_radio_prop) +set_prop(system_server, exported_system_radio_prop) +set_prop(system_server, debug_prop) +set_prop(system_server, powerctl_prop) +set_prop(system_server, fingerprint_prop) +set_prop(system_server, exported_fingerprint_prop) +set_prop(system_server, device_logging_prop) +set_prop(system_server, dumpstate_options_prop) +set_prop(system_server, overlay_prop) +set_prop(system_server, exported_overlay_prop) +set_prop(system_server, pm_prop) +set_prop(system_server, exported_pm_prop) +set_prop(system_server, socket_hook_prop) +set_prop(system_server, audio_prop) +userdebug_or_eng(`set_prop(system_server, wifi_log_prop)') + +# ctl interface +set_prop(system_server, ctl_default_prop) +set_prop(system_server, ctl_bugreport_prop) +set_prop(system_server, ctl_gsid_prop) + +# cppreopt property +set_prop(system_server, cppreopt_prop) + +# server configurable flags properties +set_prop(system_server, device_config_input_native_boot_prop) +set_prop(system_server, device_config_netd_native_prop) +set_prop(system_server, device_config_activity_manager_native_boot_prop) +set_prop(system_server, device_config_runtime_native_boot_prop) +set_prop(system_server, device_config_runtime_native_prop) +set_prop(system_server, device_config_media_native_prop) +set_prop(system_server, device_config_storage_native_boot_prop) +set_prop(system_server, device_config_sys_traced_prop) +set_prop(system_server, device_config_window_manager_native_boot_prop) +set_prop(system_server, device_config_configuration_prop) + +# BootReceiver to read ro.boot.bootreason +get_prop(system_server, bootloader_boot_reason_prop) +# PowerManager to read sys.boot.reason +get_prop(system_server, system_boot_reason_prop) + +# Collect metrics on boot time created by init +get_prop(system_server, boottime_prop) + +# Read device's serial number from system properties +get_prop(system_server, serialno_prop) + +# Read/write the property which keeps track of whether this is the first start of system_server +set_prop(system_server, firstboot_prop) + +# Audio service in system server can read exported audio properties, +# such as camera shutter enforcement +get_prop(system_server, exported_audio_prop) + +# system server reads this property to keep track of whether server configurable flags have been +# reset during current boot. +get_prop(system_server, device_config_reset_performed_prop) + +# Read/write the property that enables Test Harness Mode +set_prop(system_server, test_harness_prop) + +# Read gsid.image_running. +get_prop(system_server, gsid_prop) + +# Read the property that mocks an OTA +get_prop(system_server, mock_ota_prop) + +# Read the property as feature flag for protecting apks with fs-verity. +get_prop(system_server, apk_verity_prop) + +# Read wifi.interface +get_prop(system_server, wifi_prop) + +# Create a socket for connections from debuggerd. +allow system_server system_ndebug_socket:sock_file create_file_perms; + +# Create a socket for connections from zygotes. +allow system_server system_unsolzygote_socket:sock_file create_file_perms; + +# Manage cache files. +allow system_server cache_file:lnk_file r_file_perms; +allow system_server { cache_file cache_recovery_file }:dir { relabelfrom create_dir_perms }; +allow system_server { cache_file cache_recovery_file }:file { relabelfrom create_file_perms }; +allow system_server { cache_file cache_recovery_file }:fifo_file create_file_perms; + +allow system_server system_file:dir r_dir_perms; +allow system_server system_file:lnk_file r_file_perms; + +# ART locks profile files. +allow system_server system_file:file lock; + +# LocationManager(e.g, GPS) needs to read and write +# to uart driver and ctrl proc entry +allow system_server gps_control:file rw_file_perms; + +# Allow system_server to use app-created sockets and pipes. +allow system_server appdomain:{ tcp_socket udp_socket } { getattr getopt setopt read write shutdown }; +allow system_server appdomain:{ fifo_file unix_stream_socket } { getattr read write }; + +# BackupManagerService needs to manipulate backup data files +allow system_server cache_backup_file:dir rw_dir_perms; +allow system_server cache_backup_file:file create_file_perms; +# LocalTransport works inside /cache/backup +allow system_server cache_private_backup_file:dir create_dir_perms; +allow system_server cache_private_backup_file:file create_file_perms; + +# Allow system to talk to usb device +allow system_server usb_device:chr_file rw_file_perms; +allow system_server usb_device:dir r_dir_perms; + +# Read from HW RNG (needed by EntropyMixer). +allow system_server hw_random_device:chr_file r_file_perms; + +# Read and delete files under /dev/fscklogs. +r_dir_file(system_server, fscklogs) +allow system_server fscklogs:dir { write remove_name }; +allow system_server fscklogs:file unlink; + +# logd access, system_server inherit logd write socket +# (urge is to deprecate this long term) +allow system_server zygote:unix_dgram_socket write; + +# Read from log daemon. +read_logd(system_server) +read_runtime_log_tags(system_server) + +# Be consistent with DAC permissions. Allow system_server to write to +# /sys/module/lowmemorykiller/parameters/adj +# /sys/module/lowmemorykiller/parameters/minfree +allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms }; + +# Read /sys/fs/pstore/console-ramoops +# Don't worry about overly broad permissions for now, as there's +# only one file in /sys/fs/pstore +allow system_server pstorefs:dir r_dir_perms; +allow system_server pstorefs:file r_file_perms; + +# /sys access +allow system_server sysfs_zram:dir search; +allow system_server sysfs_zram:file rw_file_perms; + +add_service(system_server, system_server_service); +allow system_server audioserver_service:service_manager find; +allow system_server batteryproperties_service:service_manager find; +allow system_server cameraserver_service:service_manager find; +allow system_server dataloader_manager_service:service_manager find; +allow system_server dnsresolver_service:service_manager find; +allow system_server drmserver_service:service_manager find; +allow system_server dumpstate_service:service_manager find; +allow system_server fingerprintd_service:service_manager find; +allow system_server gatekeeper_service:service_manager find; +allow system_server gpu_service:service_manager find; +allow system_server gsi_service:service_manager find; +allow system_server hal_fingerprint_service:service_manager find; +allow system_server idmap_service:service_manager find; +allow system_server incident_service:service_manager find; +allow system_server incremental_service:service_manager find; +allow system_server installd_service:service_manager find; +allow system_server iorapd_service:service_manager find; +allow system_server keystore_service:service_manager find; +allow system_server mediaserver_service:service_manager find; +allow system_server mediametrics_service:service_manager find; +allow system_server mediaextractor_service:service_manager find; +allow system_server mediadrmserver_service:service_manager find; +allow system_server netd_service:service_manager find; +allow system_server nfc_service:service_manager find; +allow system_server radio_service:service_manager find; +allow system_server stats_service:service_manager find; +allow system_server storaged_service:service_manager find; +allow system_server surfaceflinger_service:service_manager find; +allow system_server update_engine_service:service_manager find; +allow system_server vold_service:service_manager find; +allow system_server wifinl80211_service:service_manager find; + +add_service(system_server, batteryproperties_service) + +allow system_server keystore:keystore_key { + get_state + get + insert + delete + exist + list + reset + password + lock + unlock + is_empty + sign + verify + grant + duplicate + clear_uid + add_auth + user_changed +}; + +# Allow system server to search and write to the persistent factory reset +# protection partition. This block device does not get wiped in a factory reset. +allow system_server block_device:dir search; +allow system_server frp_block_device:blk_file rw_file_perms; +allowxperm system_server frp_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; + +# Clean up old cgroups +allow system_server cgroup:dir { remove_name rmdir }; + +# /oem access +r_dir_file(system_server, oemfs) + +# Allow resolving per-user storage symlinks +allow system_server { mnt_user_file storage_file }:dir { getattr search }; +allow system_server { mnt_user_file storage_file }:lnk_file { getattr read }; + +# Allow statfs() on storage devices, which happens fast enough that +# we shouldn't be killed during unsafe removal +allow system_server sdcard_type:dir { getattr search }; + +# Traverse into expanded storage +allow system_server mnt_expand_file:dir r_dir_perms; + +# Allow system process to relabel the fingerprint directory after mkdir +# and delete the directory and files when no longer needed +allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write }; +allow system_server fingerprintd_data_file:file { getattr unlink }; + +userdebug_or_eng(` + # Allow system server to create and write method traces in /data/misc/trace. + allow system_server method_trace_data_file:dir w_dir_perms; + allow system_server method_trace_data_file:file { create w_file_perms }; + + # Allow system server to read dmesg + allow system_server kernel:system syslog_read; + + # Allow writing and removing window traces in /data/misc/wmtrace. + allow system_server wm_trace_data_file:dir rw_dir_perms; + allow system_server wm_trace_data_file:file { getattr setattr create unlink w_file_perms }; +') + +# For AppFuse. +allow system_server vold:fd use; +allow system_server fuse_device:chr_file { read write ioctl getattr }; +allow system_server app_fuse_file:file { read write getattr }; + +# For configuring sdcardfs +allow system_server configfs:dir { create_dir_perms }; +allow system_server configfs:file { getattr open create unlink write }; + +# Connect to adbd and use a socket transferred from it. +# Used for e.g. jdwp. +allow system_server adbd:unix_stream_socket connectto; +allow system_server adbd:fd use; +allow system_server adbd:unix_stream_socket { getattr getopt ioctl read write shutdown }; + +# Read service.adb.tls.port, persist.adb.wifi. properties +get_prop(system_server, adbd_prop) + +# Set persist.adb.tls_server.enable property +set_prop(system_server, system_adbd_prop) + +# Allow invoking tools like "timeout" +allow system_server toolbox_exec:file rx_file_perms; + +# Allow system process to setup and measure fs-verity +allowxperm system_server apk_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; + +# Postinstall +# +# For OTA dexopt, allow calls coming from postinstall. +binder_call(system_server, postinstall) + +allow system_server postinstall:fifo_file write; +allow system_server update_engine:fd use; +allow system_server update_engine:fifo_file write; + +# Access to /data/preloads +allow system_server preloads_data_file:file { r_file_perms unlink }; +allow system_server preloads_data_file:dir { r_dir_perms write remove_name rmdir }; +allow system_server preloads_media_file:file { r_file_perms unlink }; +allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdir }; + +r_dir_file(system_server, cgroup) +allow system_server ion_device:chr_file r_file_perms; + +r_dir_file(system_server, proc_asound) +r_dir_file(system_server, proc_net_type) +r_dir_file(system_server, proc_qtaguid_stat) +allow system_server { + proc_cmdline + proc_loadavg + proc_meminfo + proc_pagetypeinfo + proc_pipe_conf + proc_stat + proc_uid_cputime_showstat + proc_uid_io_stats + proc_uid_time_in_state + proc_uid_concurrent_active_time + proc_uid_concurrent_policy_time + proc_version + proc_vmallocinfo +}:file r_file_perms; + +allow system_server proc_uid_time_in_state:dir r_dir_perms; +allow system_server proc_uid_cpupower:file r_file_perms; + +r_dir_file(system_server, rootfs) + +# Allow WifiService to start, stop, and read wifi-specific trace events. +allow system_server debugfs_tracing_instances:dir search; +allow system_server debugfs_wifi_tracing:dir search; +allow system_server debugfs_wifi_tracing:file rw_file_perms; + +# Allow system_server to read tracepoint ids in order to attach BPF programs to them. +allow system_server debugfs_tracing:file r_file_perms; + +# allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run +# asanwrapper. +with_asan(` + allow system_server shell_exec:file rx_file_perms; + allow system_server asanwrapper_exec:file rx_file_perms; + allow system_server zygote_exec:file rx_file_perms; +') + +# allow system_server to read the eBPF maps that stores the traffic stats information and update +# the map after snapshot is recorded, and to read, update and run the maps and programs used for +# time in state accounting +allow system_server fs_bpf:dir search; +allow system_server fs_bpf:file { read write }; +allow system_server bpfloader:bpf { map_read map_write prog_run }; + +# ART Profiles. +# Allow system_server to open profile snapshots for read. +# System server never reads the actual content. It passes the descriptor to +# to privileged apps which acquire the permissions to inspect the profiles. +allow system_server user_profile_data_file:dir { getattr search }; +allow system_server user_profile_data_file:file { getattr open read }; + +# System server may dump profile data for debuggable apps in the /data/misc/profman. +# As such it needs to be able create files but it should never read from them. +allow system_server profman_dump_data_file:file { create getattr setattr w_file_perms}; +allow system_server profman_dump_data_file:dir w_dir_perms; + +# On userdebug build we may profile system server. Allow it to write and create its own profile. +userdebug_or_eng(` + allow system_server user_profile_data_file:file create_file_perms; +') +# Allow system server to load JVMTI agents under control of a property. +get_prop(system_server,system_jvmti_agent_prop) + +# UsbDeviceManager uses /dev/usb-ffs +allow system_server functionfs:dir search; +allow system_server functionfs:file rw_file_perms; + +# system_server contains time / time zone detection logic so reads the associated properties. +get_prop(system_server, time_prop) + +# system_server reads this property to know it should expect the lmkd sends notification to it +# on low memory kills. +get_prop(system_server, system_lmk_prop) + +### +### Neverallow rules +### +### system_server should NEVER do any of this + +# Do not allow opening files from external storage as unsafe ejection +# could cause the kernel to kill the system_server. +neverallow system_server sdcard_type:dir { open read write }; +neverallow system_server sdcard_type:file rw_file_perms; + +# system server should never be operating on zygote spawned app data +# files directly. Rather, they should always be passed via a +# file descriptor. +# Types extracted from seapp_contexts type= fields, excluding +# those types that system_server needs to open directly. +neverallow system_server { + bluetooth_data_file + nfc_data_file + shell_data_file + app_data_file + privapp_data_file +}:file { open create unlink link }; + +# Forking and execing is inherently dangerous and racy. See, for +# example, https://www.linuxprogrammingblog.com/threads-and-fork-think-twice-before-using-them +# Prevent the addition of new file execs to stop the problem from +# getting worse. b/28035297 +neverallow system_server { + file_type + -toolbox_exec + -logcat_exec + with_asan(`-shell_exec -asanwrapper_exec -zygote_exec') +}:file execute_no_trans; + +# Ensure that system_server doesn't perform any domain transitions other than +# transitioning to the crash_dump domain when a crash occurs. +neverallow system_server { domain -crash_dump }:process transition; +neverallow system_server *:process dyntransition; + +# Only allow crash_dump to connect to system_ndebug_socket. +neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write }; + +# Only allow zygotes to connect to system_unsolzygote_socket. +neverallow { + domain + -init + -system_server + -zygote + -app_zygote + -webview_zygote +} system_unsolzygote_socket:sock_file { open write }; + +# Only allow init, system_server, flags_health_check to set properties for server configurable flags +neverallow { + domain + -init + -system_server + -flags_health_check +} { + device_config_activity_manager_native_boot_prop + device_config_input_native_boot_prop + device_config_netd_native_prop + device_config_runtime_native_boot_prop + device_config_runtime_native_prop + device_config_media_native_prop + device_config_storage_native_boot_prop + device_config_sys_traced_prop + device_config_window_manager_native_boot_prop +}:property_service set; + +# system_server should never be executing dex2oat. This is either +# a bug (for example, bug 16317188), or represents an attempt by +# system server to dynamically load a dex file, something we do not +# want to allow. +neverallow system_server dex2oat_exec:file no_x_file_perms; + +# system_server should never execute or load executable shared libraries +# in /data. Executable files in /data are a persistence vector. +# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example. +neverallow system_server data_file_type:file no_x_file_perms; + +# The only block device system_server should be accessing is +# the frp_block_device. This helps avoid a system_server to root +# escalation by writing to raw block devices. +neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms; + +# system_server should never use JIT functionality +# See https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html +# in the section titled "A Short ROP Chain" for why. +# However, in emulator builds without OpenGL passthrough, we use software +# rendering via SwiftShader, which requires JIT support. These builds are +# never shipped to users. +ifelse(target_requires_insecure_execmem_for_swiftshader, `true', + `allow system_server self:process execmem;', + `neverallow system_server self:process execmem;') +neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute; + +# TODO: deal with tmpfs_domain pub/priv split properly +neverallow system_server system_server_tmpfs:file execute; + +# Resources handed off by system_server_startup +allow system_server system_server_startup:fd use; +allow system_server system_server_startup_tmpfs:file { read write map }; +allow system_server system_server_startup:unix_dgram_socket write; + +# Allow system server to communicate to apexd +allow system_server apex_service:service_manager find; +allow system_server apexd:binder call; + +# Allow system server to scan /apex for flattened APEXes +allow system_server apex_mnt_dir:dir r_dir_perms; + +# Allow system server to communicate to system-suspend's control interface +allow system_server system_suspend_control_service:service_manager find; +binder_call(system_server, system_suspend) +binder_call(system_suspend, system_server) + +# Allow system server to communicate to system-suspend's wakelock interface +wakelock_use(system_server) + +# Allow the system server to read files under /data/apex. The system_server +# needs these privileges to compare file signatures while processing installs. +# +# Only apexd is allowed to create new entries or write to any file under /data/apex. +allow system_server apex_data_file:dir { getattr search }; +allow system_server apex_data_file:file r_file_perms; + +# Allow the system server to read files under /vendor/apex. This is where +# vendor APEX packages might be installed and system_server needs to parse +# these packages to inspect the signatures and other metadata. +allow system_server vendor_apex_file:dir { getattr search }; +allow system_server vendor_apex_file:file r_file_perms; + +# Allow the system server to manage relevant apex module data files. +allow system_server apex_module_data_file:dir { getattr search }; +allow system_server apex_permission_data_file:dir create_dir_perms; +allow system_server apex_permission_data_file:file create_file_perms; +allow system_server apex_wifi_data_file:dir create_dir_perms; +allow system_server apex_wifi_data_file:file create_file_perms; + +# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can +# communicate which slots are available for use. +allow system_server metadata_file:dir search; +allow system_server password_slot_metadata_file:dir rw_dir_perms; +allow system_server password_slot_metadata_file:file create_file_perms; + +# Allow init to set sysprop used to compute stats about userspace reboot. +set_prop(system_server, userspace_reboot_log_prop) + +# JVMTI agent settings are only readable from the system server. +neverallow { + domain + -system_server + -dumpstate + -init + -vendor_init +} { + system_jvmti_agent_prop +}:file no_rw_file_perms; + +# Read/Write /proc/pressure/memory +allow system_server proc_pressure_mem:file rw_file_perms; + +# dexoptanalyzer is currently used only for secondary dex files which +# system_server should never access. +neverallow system_server dexoptanalyzer_exec:file no_x_file_perms; + +# No ptracing others +neverallow system_server { domain -system_server }:process ptrace; + +# CAP_SYS_RESOURCE was traditionally needed for sensitive /proc/PID +# file read access. However, that is now unnecessary (b/34951864) +neverallow system_server system_server:global_capability_class_set sys_resource; + +# Only system_server/init should access /metadata/password_slots. +neverallow { domain -init -system_server } password_slot_metadata_file:dir *; +neverallow { + domain + -init + -system_server +} password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr }; +neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *; + +# Allow systemserver to read/write the invalidation property +set_prop(system_server, binder_cache_system_server_prop) +neverallow { domain -system_server -init } + binder_cache_system_server_prop:property_service set; + +# Allow system server to attach BPF programs to tracepoints. Deny read permission so that +# system_server cannot use this access to read perf event data like process stacks. +allow system_server self:perf_event { open write cpu kernel }; +neverallow system_server self:perf_event ~{ open write cpu kernel }; + +# Do not allow any domain other than init or system server to set the property +neverallow { domain -init -system_server } socket_hook_prop:property_service set; diff --git a/prebuilts/api/30.0/private/system_server_startup.te b/prebuilts/api/30.0/private/system_server_startup.te new file mode 100644 index 000000000..902941ed4 --- /dev/null +++ b/prebuilts/api/30.0/private/system_server_startup.te @@ -0,0 +1,16 @@ +type system_server_startup, domain, coredomain; +type system_server_startup_tmpfs, file_type; + +tmpfs_domain(system_server_startup) + +# Create JIT memory +allow system_server_startup self:process execmem; +allow system_server_startup system_server_startup_tmpfs:file { execute read write open map }; + +# Allow system_server_startup to run setcon() and enter the +# system_server domain +allow system_server_startup self:process setcurrent; +allow system_server_startup system_server:process dyntransition; + +# Child of the zygote. +allow system_server_startup zygote:process sigchld; diff --git a/prebuilts/api/30.0/private/system_suspend.te b/prebuilts/api/30.0/private/system_suspend.te new file mode 100644 index 000000000..d33dc8e85 --- /dev/null +++ b/prebuilts/api/30.0/private/system_suspend.te @@ -0,0 +1,26 @@ +type system_suspend, domain, coredomain, system_suspend_server; + +type system_suspend_exec, system_file_type, exec_type, file_type; +init_daemon_domain(system_suspend) + +# To serve ISuspendControlService.aidl. +binder_use(system_suspend) +add_service(system_suspend, system_suspend_control_service) + +# Access to /sys/power/{ wakeup_count, state } suspend interface. +allow system_suspend sysfs_power:file rw_file_perms; + +# Access to wakeup and suspend stats. +r_dir_file(system_suspend, sysfs_suspend_stats) +r_dir_file(system_suspend, sysfs_wakeup) +# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks. +allow system_suspend sysfs_type:dir search; + +neverallow { + domain + -atrace # tracing + -dumpstate # bug reports + -system_suspend # implements system_suspend_control_service + -system_server # configures system_suspend via ISuspendControlService + -traceur_app # tracing +} system_suspend_control_service:service_manager find; diff --git a/prebuilts/api/30.0/private/technical_debt.cil b/prebuilts/api/30.0/private/technical_debt.cil new file mode 100644 index 000000000..fdcd0a332 --- /dev/null +++ b/prebuilts/api/30.0/private/technical_debt.cil @@ -0,0 +1,65 @@ +; THIS IS A WORKAROUND for the current limitations of the module policy language +; This should be used sparingly until we figure out a saner way to achieve the +; stuff below, for example, by improving typeattribute statement of module +; language. +; +; NOTE: This file has no effect on recovery policy. + +; Apps, except isolated apps, are clients of Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_allocator_client; +; typeattribute hal_allocator_client halclientdomain; +(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app)))))) +(typeattributeset halclientdomain (hal_allocator_client)) + +; Apps, except isolated apps, are clients of OMX-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Codec2-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Drm-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_drm_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Configstore HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_configstore_client; +(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Graphics Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client; +(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Cas HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_cas_client; +(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app)))))) + +; Domains hosting Camera HAL implementations are clients of Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute hal_camera hal_allocator_client; +(typeattributeset hal_allocator_client (hal_camera)) + +; Apps, except isolated apps, are clients of Neuralnetworks HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client; +(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app)))))) + +; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes. +; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators. +; Unfortunately, we can't currently express this in module policy language: +; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators; +; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators; +(typeattribute untrusted_app_visible_hwservice) +(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice)) +(typeattribute untrusted_app_visible_halserver) +(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver)) + +; Apps, except isolated apps, are clients of BufferHub HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_cas_client; +(typeattributeset hal_bufferhub_client ((and (appdomain) ((not (isolated_app)))))) diff --git a/prebuilts/api/30.0/private/tombstoned.te b/prebuilts/api/30.0/private/tombstoned.te new file mode 100644 index 000000000..305f9d006 --- /dev/null +++ b/prebuilts/api/30.0/private/tombstoned.te @@ -0,0 +1,3 @@ +typeattribute tombstoned coredomain; + +init_daemon_domain(tombstoned) diff --git a/prebuilts/api/30.0/private/toolbox.te b/prebuilts/api/30.0/private/toolbox.te new file mode 100644 index 000000000..a2b958dba --- /dev/null +++ b/prebuilts/api/30.0/private/toolbox.te @@ -0,0 +1,3 @@ +typeattribute toolbox coredomain; + +init_daemon_domain(toolbox) diff --git a/prebuilts/api/30.0/private/traced.te b/prebuilts/api/30.0/private/traced.te new file mode 100644 index 000000000..2410d7e30 --- /dev/null +++ b/prebuilts/api/30.0/private/traced.te @@ -0,0 +1,106 @@ +# Perfetto user-space tracing daemon (unprivileged) + +# type traced is defined under /public (because iorapd rules +# under public/ need to refer to it). +type traced_exec, system_file_type, exec_type, file_type; +type traced_tmpfs, file_type; + +# Allow init to exec the daemon. +init_daemon_domain(traced) +tmpfs_domain(traced) + +# Allow apps in other MLS contexts (for multi-user) to access +# share memory buffers created by traced. +typeattribute traced_tmpfs mlstrustedobject; + +# Allow traced to start with a lower scheduling class and change +# class accordingly to what defined in the config provided by +# the privileged process that controls it. +allow traced self:global_capability_class_set { sys_nice }; + +# Allow to pass a file descriptor for the output trace from "perfetto" (the +# cmdline client) and other shell binaries to traced and let traced write +# directly into that (rather than returning the trace contents over the socket). +allow traced perfetto:fd use; +allow traced shell:fd use; +allow traced shell:fifo_file { read write }; + +# Allow the service to create new files within /data/misc/perfetto-traces. +allow traced perfetto_traces_data_file:file create_file_perms; +allow traced perfetto_traces_data_file:dir rw_dir_perms; + +# Allow traceur to pass open file descriptors to traced, so traced can directly +# write into the output file without doing roundtrips over IPC. +allow traced traceur_app:fd use; +allow traced trace_data_file:file { read write }; + +# Allow iorapd to pass memfd descriptors to traced, so traced can directly +# write into the shmem buffer file without doing roundtrips over IPC. +allow traced iorapd:fd use; +allow traced iorapd_tmpfs:file { read write }; + +# Allow traced to use shared memory supplied by producers. Typically, traced +# (i.e. the tracing service) creates the shared memory used for data transfer +# from the producer. This rule allows an alternative scheme, where the producer +# creates the shared memory, that is then adopted by traced (after validating +# that it is appropriately sealed). +# This list has to replicate the tmpfs domains of all applicable domains that +# have perfetto_producer() macro applied to them. +# perfetto_tmpfs excluded as it should never need to use the producer-supplied +# shared memory scheme. +allow traced { + appdomain_tmpfs + heapprofd_tmpfs + surfaceflinger_tmpfs + traced_probes_tmpfs + userdebug_or_eng(`system_server_tmpfs') +}:file { getattr map read write }; + +# Allow traced to notify Traceur when a trace ends by setting the +# sys.trace.trace_end_signal property. +set_prop(traced, system_trace_prop) +# Allow to lazily start producers. +set_prop(traced, traced_lazy_prop) + +### +### Neverallow rules +### +### traced should NEVER do any of this + +# Disallow mapping executable memory (execstack and exec are already disallowed +# globally in domain.te). +neverallow traced self:process execmem; + +# Block device access. +neverallow traced dev_type:blk_file { read write }; + +# ptrace any other process +neverallow traced domain:process ptrace; + +# Disallows access to /data files, still allowing to write to file descriptors +# passed through the socket. +neverallow traced { + data_file_type + -perfetto_traces_data_file + -system_data_file + -system_data_root_file + # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a + # subsequent neverallow. Currently only getattr and search are allowed. + -vendor_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') +}:dir *; +neverallow traced { system_data_file }:dir ~{ getattr search }; +neverallow traced zoneinfo_data_file:dir ~r_dir_perms; +neverallow traced { data_file_type -zoneinfo_data_file }:lnk_file *; +neverallow traced { + data_file_type + -zoneinfo_data_file + -perfetto_traces_data_file + -trace_data_file + with_native_coverage(`-method_trace_data_file') +}:file ~write; + +# Only init is allowed to enter the traced domain via exec() +neverallow { domain -init } traced:process transition; +neverallow * traced:process dyntransition; diff --git a/prebuilts/api/30.0/private/traced_perf.te b/prebuilts/api/30.0/private/traced_perf.te new file mode 100644 index 000000000..9483e6cb4 --- /dev/null +++ b/prebuilts/api/30.0/private/traced_perf.te @@ -0,0 +1,58 @@ +# Performance profiler, backed by perf_event_open(2). +# See go/perfetto-perf-android. +typeattribute traced_perf coredomain; +typeattribute traced_perf mlstrustedsubject; + +type traced_perf_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(traced_perf) +perfetto_producer(traced_perf) + +# Allow traced_perf full use of perf_event_open(2). It will perform cpu-wide +# profiling, but retain samples only for profileable processes. +# Thread-specific profiling is still disallowed due to a PTRACE_MODE_ATTACH +# check (which would require a process:attach SELinux allow-rule). +allow traced_perf self:perf_event { open cpu kernel read write tracepoint }; + +# Allow CAP_KILL for delivery of dedicated signal to obtain proc-fds from a +# process. Allow CAP_DAC_READ_SEARCH for stack unwinding and symbolization of +# sampled stacks, which requires opening the backing libraries/executables (as +# symbols are usually not mapped into the process space). Not all such files +# are world-readable, e.g. odex files that included user profiles during +# profile-guided optimization. +allow traced_perf self:capability { kill dac_read_search }; + +# Allow reading /system/data/packages.list. +allow traced_perf packages_list_file:file r_file_perms; + +# Allow reading files for stack unwinding and symbolization. +r_dir_file(traced_perf, nativetest_data_file) +r_dir_file(traced_perf, system_file_type) +r_dir_file(traced_perf, apk_data_file) +r_dir_file(traced_perf, dalvikcache_data_file) +r_dir_file(traced_perf, vendor_file_type) + +# Do not audit the cases where traced_perf attempts to access /proc/[pid] for +# domains that it cannot read. +dontaudit traced_perf domain:dir { search getattr open }; + +# Do not audit failures to signal a process, as there are cases when this is +# expected (native processes on debug builds use the policy for enforcing which +# processes are profileable). +dontaudit traced_perf domain:process signal; + +# Never allow access to app data files +neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *; + +# Never allow profiling highly privileged processes. +never_profile_heap(`{ + bpfloader + init + kernel + keystore + llkd + logd + ueventd + vendor_init + vold +}') diff --git a/prebuilts/api/30.0/private/traced_probes.te b/prebuilts/api/30.0/private/traced_probes.te new file mode 100644 index 000000000..dd6ece0ed --- /dev/null +++ b/prebuilts/api/30.0/private/traced_probes.te @@ -0,0 +1,129 @@ +# Perfetto tracing probes, has tracefs access. +type traced_probes_exec, system_file_type, exec_type, file_type; +type traced_probes_tmpfs, file_type; + +# Allow init to exec the daemon. +init_daemon_domain(traced_probes) +tmpfs_domain(traced_probes) + +# Write trace data to the Perfetto traced damon. This requires connecting to its +# producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(traced_probes) + +# Allow traced_probes to access tracefs. +allow traced_probes debugfs_tracing:dir r_dir_perms; +allow traced_probes debugfs_tracing:file rw_file_perms; +allow traced_probes debugfs_trace_marker:file getattr; + +# TODO(primiano): temporarily I/O tracing categories are still +# userdebug only until we nail down the blacklist/whitelist. +userdebug_or_eng(` +allow traced_probes debugfs_tracing_debug:dir r_dir_perms; +allow traced_probes debugfs_tracing_debug:file rw_file_perms; +') + +# Allow traced_probes to start with a higher scheduling class and then downgrade +# itself. +allow traced_probes self:global_capability_class_set { sys_nice }; + +# Allow procfs access +r_dir_file(traced_probes, domain) + +# Allow to read packages.list file. +allow traced_probes packages_list_file:file r_file_perms; + +# Allow to log to kernel dmesg when starting / stopping ftrace. +allow traced_probes kmsg_device:chr_file write; + +# Allow traced_probes to list the system partition. +allow traced_probes system_file:dir { open read }; + +# Allow traced_probes to list some of the data partition. +allow traced_probes self:global_capability_class_set dac_read_search; + +allow traced_probes apk_data_file:dir { getattr open read search }; +allow traced_probes dalvikcache_data_file:dir { getattr open read search }; +userdebug_or_eng(` +# search and getattr are granted via domain and coredomain, respectively. +allow traced_probes system_data_file:dir { open read }; +') +allow traced_probes system_app_data_file:dir { getattr open read search }; +allow traced_probes backup_data_file:dir { getattr open read search }; +allow traced_probes bootstat_data_file:dir { getattr open read search }; +allow traced_probes update_engine_data_file:dir { getattr open read search }; +allow traced_probes update_engine_log_data_file:dir { getattr open read search }; +allow traced_probes user_profile_data_file:dir { getattr open read search }; + +# Allow traced_probes to run atrace. atrace pokes at system services to enable +# their userspace TRACE macros. +domain_auto_trans(traced_probes, atrace_exec, atrace); + +# Allow traced_probes to kill atrace on timeout. +allow traced_probes atrace:process sigkill; + +# Allow traced_probes to access /proc files for system stats. +# Note: trace data is NOT exposed to anything other than shell and privileged +# system apps that have access to the traced consumer socket. +allow traced_probes { + proc_meminfo + proc_vmstat + proc_stat +}:file r_file_perms; + +# Allow access to the IHealth and IPowerStats HAL service for tracing battery counters. +hal_client_domain(traced_probes, hal_health) +hal_client_domain(traced_probes, hal_power_stats) + +# Allow access to Atrace HAL for enabling vendor/device specific tracing categories. +hal_client_domain(traced_probes, hal_atrace) + +# On debug builds allow to ingest system logs into the trace. +userdebug_or_eng(`read_logd(traced_probes)') + +### +### Neverallow rules +### +### traced_probes should NEVER do any of this + +# Disallow mapping executable memory (execstack and exec are already disallowed +# globally in domain.te). +neverallow traced_probes self:process execmem; + +# Block device access. +neverallow traced_probes dev_type:blk_file { read write }; + +# ptrace any other app +neverallow traced_probes domain:process ptrace; + +# Disallows access to /data files. +neverallow traced_probes { + data_file_type + -apk_data_file + -dalvikcache_data_file + -system_data_file + -system_data_root_file + -system_app_data_file + -backup_data_file + -bootstat_data_file + -update_engine_data_file + -update_engine_log_data_file + -user_profile_data_file + # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a + # subsequent neverallow. Currently only getattr and search are allowed. + -vendor_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') +}:dir *; +neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search }; +neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms; +neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *; +neverallow traced_probes { + data_file_type + -zoneinfo_data_file + -packages_list_file + with_native_coverage(`-method_trace_data_file') +}:file *; + +# Only init is allowed to enter the traced_probes domain via exec() +neverallow { domain -init } traced_probes:process transition; +neverallow * traced_probes:process dyntransition; diff --git a/prebuilts/api/30.0/private/traceur_app.te b/prebuilts/api/30.0/private/traceur_app.te new file mode 100644 index 000000000..94841df10 --- /dev/null +++ b/prebuilts/api/30.0/private/traceur_app.te @@ -0,0 +1,22 @@ +typeattribute traceur_app coredomain; + +app_domain(traceur_app); +allow traceur_app debugfs_tracing:file rw_file_perms; +allow traceur_app debugfs_tracing_debug:dir r_dir_perms; + +userdebug_or_eng(` + allow traceur_app debugfs_tracing_debug:file rw_file_perms; +') + +allow traceur_app trace_data_file:file create_file_perms; +allow traceur_app trace_data_file:dir rw_dir_perms; +allow traceur_app atrace_exec:file rx_file_perms; + +# To exec the perfetto cmdline client and pass it the trace config on +# stdint through a pipe. +allow traceur_app perfetto_exec:file rx_file_perms; + +# Allow to access traced's privileged consumer socket. +unix_socket_connect(traceur_app, traced_consumer, traced) + +dontaudit traceur_app debugfs_tracing_debug:file audit_access; diff --git a/prebuilts/api/30.0/private/tzdatacheck.te b/prebuilts/api/30.0/private/tzdatacheck.te new file mode 100644 index 000000000..502735cad --- /dev/null +++ b/prebuilts/api/30.0/private/tzdatacheck.te @@ -0,0 +1,3 @@ +typeattribute tzdatacheck coredomain; + +init_daemon_domain(tzdatacheck) diff --git a/prebuilts/api/30.0/private/ueventd.te b/prebuilts/api/30.0/private/ueventd.te new file mode 100644 index 000000000..1bd67735e --- /dev/null +++ b/prebuilts/api/30.0/private/ueventd.te @@ -0,0 +1,3 @@ +typeattribute ueventd coredomain; + +tmpfs_domain(ueventd) diff --git a/prebuilts/api/30.0/private/uncrypt.te b/prebuilts/api/30.0/private/uncrypt.te new file mode 100644 index 000000000..e4e9224d9 --- /dev/null +++ b/prebuilts/api/30.0/private/uncrypt.te @@ -0,0 +1,3 @@ +typeattribute uncrypt coredomain; + +init_daemon_domain(uncrypt) diff --git a/prebuilts/api/30.0/private/untrusted_app.te b/prebuilts/api/30.0/private/untrusted_app.te new file mode 100644 index 000000000..6e7a99cd8 --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app.te @@ -0,0 +1,16 @@ +### +### Untrusted apps. +### +### This file defines the rules for untrusted apps running with +### targetSdkVersion >= 30. +### +### See public/untrusted_app.te for more information about which apps are +### placed in this selinux domain. +### + +typeattribute untrusted_app coredomain; + +app_domain(untrusted_app) +untrusted_app_domain(untrusted_app) +net_domain(untrusted_app) +bluetooth_domain(untrusted_app) diff --git a/prebuilts/api/30.0/private/untrusted_app_25.te b/prebuilts/api/30.0/private/untrusted_app_25.te new file mode 100644 index 000000000..a1abc416b --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app_25.te @@ -0,0 +1,53 @@ +### +### Untrusted_app_25 +### +### This file defines the rules for untrusted apps running with +### targetSdkVersion <= 25. +### +### See public/untrusted_app.te for more information about which apps are +### placed in this selinux domain. +### + +typeattribute untrusted_app_25 coredomain; + +app_domain(untrusted_app_25) +untrusted_app_domain(untrusted_app_25) +net_domain(untrusted_app_25) +bluetooth_domain(untrusted_app_25) + +# b/35917228 - /proc/misc access +# This will go away in a future Android release +allow untrusted_app_25 proc_misc:file r_file_perms; + +# Access to /proc/tty/drivers, to allow apps to determine if they +# are running in an emulated environment. +# b/33214085 b/33814662 b/33791054 b/33211769 +# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java +# This will go away in a future Android release +allow untrusted_app_25 proc_tty_drivers:file r_file_perms; + +# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q. +# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23 +allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod; + +# The ability to call exec() on files in the apps home directories +# for targetApi<=25. This is also allowed for targetAPIs 26, 27, +# and 28 in untrusted_app_27.te. +allow untrusted_app_25 app_data_file:file execute_no_trans; +auditallow untrusted_app_25 app_data_file:file { execute execute_no_trans }; + +# The ability to invoke dex2oat. Historically required by ART, now only +# allowed for targetApi<=28 for compat reasons. +allow untrusted_app_25 dex2oat_exec:file rx_file_perms; +userdebug_or_eng(`auditallow untrusted_app_25 dex2oat_exec:file rx_file_perms;') + +# The ability to talk to /dev/ashmem directly. targetApi>=29 must use +# ASharedMemory instead. +allow untrusted_app_25 ashmem_device:chr_file rw_file_perms; +auditallow untrusted_app_25 ashmem_device:chr_file open; + +# Read /mnt/sdcard symlink. +allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms; + +# allow binding to netlink route sockets and sending RTM_GETLINK messages. +allow untrusted_app_25 self:netlink_route_socket { bind nlmsg_readpriv }; diff --git a/prebuilts/api/30.0/private/untrusted_app_27.te b/prebuilts/api/30.0/private/untrusted_app_27.te new file mode 100644 index 000000000..b7b6d7213 --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app_27.te @@ -0,0 +1,41 @@ +### +### Untrusted_27. +### +### This file defines the rules for untrusted apps running with +### 25 < targetSdkVersion <= 28. +### +### See public/untrusted_app.te for more information about which apps are +### placed in this selinux domain. +### + +typeattribute untrusted_app_27 coredomain; + +app_domain(untrusted_app_27) +untrusted_app_domain(untrusted_app_27) +net_domain(untrusted_app_27) +bluetooth_domain(untrusted_app_27) + +# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q. +# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23 +allow untrusted_app_27 { apk_data_file app_data_file asec_public_file }:file execmod; + +# The ability to call exec() on files in the apps home directories +# for targetApi 26, 27, and 28. +allow untrusted_app_27 app_data_file:file execute_no_trans; +auditallow untrusted_app_27 app_data_file:file { execute execute_no_trans }; + +# The ability to invoke dex2oat. Historically required by ART, now only +# allowed for targetApi<=28 for compat reasons. +allow untrusted_app_27 dex2oat_exec:file rx_file_perms; +userdebug_or_eng(`auditallow untrusted_app_27 dex2oat_exec:file rx_file_perms;') + +# The ability to talk to /dev/ashmem directly. targetApi>=29 must use +# ASharedMemory instead. +allow untrusted_app_27 ashmem_device:chr_file rw_file_perms; +auditallow untrusted_app_27 ashmem_device:chr_file open; + +# Read /mnt/sdcard symlink. +allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms; + +# allow binding to netlink route sockets and sending RTM_GETLINK messages. +allow untrusted_app_27 self:netlink_route_socket { bind nlmsg_readpriv }; diff --git a/prebuilts/api/30.0/private/untrusted_app_29.te b/prebuilts/api/30.0/private/untrusted_app_29.te new file mode 100644 index 000000000..344ae89bd --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app_29.te @@ -0,0 +1,19 @@ +### +### Untrusted_29. +### +### This file defines the rules for untrusted apps running with +### targetSdkVersion = 29. +### +### See public/untrusted_app.te for more information about which apps are +### placed in this selinux domain. +### + +typeattribute untrusted_app_29 coredomain; + +app_domain(untrusted_app_29) +untrusted_app_domain(untrusted_app_29) +net_domain(untrusted_app_29) +bluetooth_domain(untrusted_app_29) + +# allow binding to netlink route sockets and sending RTM_GETLINK messages. +allow untrusted_app_29 self:netlink_route_socket { bind nlmsg_readpriv }; diff --git a/prebuilts/api/30.0/private/untrusted_app_all.te b/prebuilts/api/30.0/private/untrusted_app_all.te new file mode 100644 index 000000000..d9fd5a12e --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app_all.te @@ -0,0 +1,175 @@ +### +### Untrusted_app_all. +### +### This file defines the rules shared by all untrusted app domains except +### ephemeral_app for instant apps. +### Apps are labeled based on mac_permissions.xml (maps signer and +### optionally package name to seinfo value) and seapp_contexts (maps UID +### and optionally seinfo value to domain for process and type for data +### directory). The untrusted_app_all attribute is assigned to all default +### seapp_contexts for any app with UID between APP_AID (10000) +### and AID_ISOLATED_START (99000) if the app has no specific seinfo +### value as determined from mac_permissions.xml. In current AOSP, this +### attribute is assigned to all non-system apps as well as to any system apps +### that are not signed by the platform key. To move +### a system app into a specific domain, add a signer entry for it to +### mac_permissions.xml and assign it one of the pre-existing seinfo values +### or define and use a new seinfo value in both mac_permissions.xml and +### seapp_contexts. +### +### Note that rules that should apply to all untrusted apps must be in app.te or also +### added to ephemeral_app.te. + +# Some apps ship with shared libraries and binaries that they write out +# to their sandbox directory and then execute. +allow untrusted_app_all privapp_data_file:file { r_file_perms execute }; +allow untrusted_app_all app_data_file:file { r_file_perms execute }; +auditallow untrusted_app_all app_data_file:file execute; + +# Chrome Crashpad uses the the dynamic linker to load native executables +# from an APK (b/112050209, crbug.com/928422) +allow untrusted_app_all system_linker_exec:file execute_no_trans; + +# Follow priv-app symlinks. This is used for dynamite functionality. +allow untrusted_app_all privapp_data_file:lnk_file r_file_perms; + +# Allow handling of less common filesystem objects +allow untrusted_app_all app_data_file:{ lnk_file sock_file fifo_file } create_file_perms; + +# Allow loading and deleting executable shared libraries +# within an application home directory. Such shared libraries would be +# created by things like renderscript or via other mechanisms. +allow untrusted_app_all app_exec_data_file:file { r_file_perms execute unlink }; + +# ASEC +allow untrusted_app_all asec_apk_file:file r_file_perms; +allow untrusted_app_all asec_apk_file:dir r_dir_perms; +# Execute libs in asec containers. +allow untrusted_app_all asec_public_file:file { execute }; + +# Used by Finsky / Android "Verify Apps" functionality when +# running "adb install foo.apk". +# TODO: Long term, we don't want apps probing into shell data files. +# Figure out a way to remove these rules. +allow untrusted_app_all shell_data_file:file r_file_perms; +allow untrusted_app_all shell_data_file:dir r_dir_perms; + +# Allow traceur to pass file descriptors through a content provider to untrusted apps +# for the purpose of sharing files through e.g. gmail +allow untrusted_app_all trace_data_file:file { getattr read }; + +# untrusted apps should not be able to open trace data files, they should depend +# upon traceur to pass a file descriptor +neverallow untrusted_app_all trace_data_file:dir *; +neverallow untrusted_app_all trace_data_file:file { no_w_file_perms open }; + +# Allow to read staged apks. +allow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file {read getattr}; + +# Read and write system app data files passed over Binder. +# Motivating case was /data/data/com.android.settings/cache/*.jpg for +# cropping or taking user photos. +allow untrusted_app_all system_app_data_file:file { read write getattr }; + +# +# Rules migrated from old app domains coalesced into untrusted_app. +# This includes what used to be media_app, shared_app, and release_app. +# + +# Access to /data/media. +allow untrusted_app_all media_rw_data_file:dir create_dir_perms; +allow untrusted_app_all media_rw_data_file:file create_file_perms; + +# Traverse into /mnt/media_rw for bypassing FUSE daemon +# TODO: narrow this to just MediaProvider +allow untrusted_app_all mnt_media_rw_file:dir search; + +# allow cts to query all services +allow untrusted_app_all servicemanager:service_manager list; + +allow untrusted_app_all audioserver_service:service_manager find; +allow untrusted_app_all cameraserver_service:service_manager find; +allow untrusted_app_all drmserver_service:service_manager find; +allow untrusted_app_all mediaserver_service:service_manager find; +allow untrusted_app_all mediaextractor_service:service_manager find; +allow untrusted_app_all mediametrics_service:service_manager find; +allow untrusted_app_all mediadrmserver_service:service_manager find; +allow untrusted_app_all nfc_service:service_manager find; +allow untrusted_app_all radio_service:service_manager find; +allow untrusted_app_all app_api_service:service_manager find; +allow untrusted_app_all vr_manager_service:service_manager find; +allow untrusted_app_all gpu_service:service_manager find; + +# Allow untrusted apps to interact with gpuservice +binder_call(untrusted_app_all, gpuservice) + +# gdbserver for ndk-gdb ptrace attaches to app process. +allow untrusted_app_all self:process ptrace; + +# Android Studio Instant Run has the application connect to a +# runas_app socket listening in the abstract namespace. +# https://developer.android.com/studio/run/ +# b/123297648 +allow untrusted_app_all runas_app:unix_stream_socket connectto; + +# Untrusted apps need to be able to send a SIGCHLD to runas_app +# when running under a debugger (b/123612207) +allow untrusted_app_all runas_app:process sigchld; + +# Cts: HwRngTest +allow untrusted_app_all sysfs_hwrandom:dir search; +allow untrusted_app_all sysfs_hwrandom:file r_file_perms; + +# Allow apps to view preloaded media content +allow untrusted_app_all preloads_media_file:dir r_dir_perms; +allow untrusted_app_all preloads_media_file:file r_file_perms; +allow untrusted_app_all preloads_data_file:dir search; + +# Allow untrusted apps read / execute access to /vendor/app for there can +# be pre-installed vendor apps that package a library within themselves. +# TODO (b/37784178) Consider creating a special type for /vendor/app installed +# apps. +allow untrusted_app_all vendor_app_file:dir { open getattr read search }; +allow untrusted_app_all vendor_app_file:file { r_file_perms execute }; +allow untrusted_app_all vendor_app_file:lnk_file { open getattr read }; + +# Write app-specific trace data to the Perfetto traced damon. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(untrusted_app_all) + +# Allow profiling if the app opts in by being marked profileable/debuggable. +can_profile_heap(untrusted_app_all) +can_profile_perf(untrusted_app_all) + +# allow untrusted apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow untrusted_app_all system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +# Allow the renderscript compiler to be run. +domain_auto_trans(untrusted_app_all, rs_exec, rs) + +# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions. +dontaudit untrusted_app_all net_dns_prop:file read; + +# These have been disallowed since Android O. +# For P, we assume that apps are safely handling the denial. +dontaudit untrusted_app_all proc_stat:file read; +dontaudit untrusted_app_all proc_vmstat:file read; +dontaudit untrusted_app_all proc_uptime:file read; + +# Allow the allocation and use of ptys +# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm +create_pty(untrusted_app_all) + +# Allow access to kcov via its ioctl interface for coverage +# guided kernel fuzzing. +userdebug_or_eng(` + allow untrusted_app_all debugfs_kcov:file rw_file_perms; + allowxperm untrusted_app_all debugfs_kcov:file ioctl { KCOV_INIT_TRACE KCOV_ENABLE KCOV_DISABLE }; +') + +# Allow signalling simpleperf domain, which is the domain that the simpleperf +# profiler runs as when executed by the app. The signals are used to control +# the profiler (which would be profiling the app that is sending the signal). +allow untrusted_app_all simpleperf:process signal; diff --git a/prebuilts/api/30.0/private/update_engine.te b/prebuilts/api/30.0/private/update_engine.te new file mode 100644 index 000000000..e4e700919 --- /dev/null +++ b/prebuilts/api/30.0/private/update_engine.te @@ -0,0 +1,7 @@ +typeattribute update_engine coredomain; + +init_daemon_domain(update_engine); + +# Allow to talk to gsid. +allow update_engine gsi_service:service_manager find; +binder_call(update_engine, gsid) diff --git a/prebuilts/api/30.0/private/update_engine_common.te b/prebuilts/api/30.0/private/update_engine_common.te new file mode 100644 index 000000000..a7fb58471 --- /dev/null +++ b/prebuilts/api/30.0/private/update_engine_common.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# The postinstall program is run by update_engine_common and will always be tagged as a +# postinstall_file regardless of its attributes in the new system. +domain_auto_trans(update_engine_common, postinstall_file, postinstall) diff --git a/prebuilts/api/30.0/private/update_verifier.te b/prebuilts/api/30.0/private/update_verifier.te new file mode 100644 index 000000000..1b934d980 --- /dev/null +++ b/prebuilts/api/30.0/private/update_verifier.te @@ -0,0 +1,3 @@ +typeattribute update_verifier coredomain; + +init_daemon_domain(update_verifier) diff --git a/prebuilts/api/30.0/private/usbd.te b/prebuilts/api/30.0/private/usbd.te new file mode 100644 index 000000000..13a0ad7a6 --- /dev/null +++ b/prebuilts/api/30.0/private/usbd.te @@ -0,0 +1,12 @@ +typeattribute usbd coredomain; + +init_daemon_domain(usbd) + +# Access usb gadget hal +hal_client_domain(usbd, hal_usb_gadget) + +# Access persist.sys.usb.config +get_prop(usbd, system_prop) + +# start adbd during boot if adb is enabled +set_prop(usbd, ctl_default_prop) diff --git a/prebuilts/api/30.0/private/users b/prebuilts/api/30.0/private/users new file mode 100644 index 000000000..51b7b57e6 --- /dev/null +++ b/prebuilts/api/30.0/private/users @@ -0,0 +1 @@ +user u roles { r } level s0 range s0 - mls_systemhigh; diff --git a/prebuilts/api/30.0/private/vdc.te b/prebuilts/api/30.0/private/vdc.te new file mode 100644 index 000000000..bc7409eee --- /dev/null +++ b/prebuilts/api/30.0/private/vdc.te @@ -0,0 +1,3 @@ +typeattribute vdc coredomain; + +init_daemon_domain(vdc) diff --git a/prebuilts/api/30.0/private/vendor_init.te b/prebuilts/api/30.0/private/vendor_init.te new file mode 100644 index 000000000..6a68f1fed --- /dev/null +++ b/prebuilts/api/30.0/private/vendor_init.te @@ -0,0 +1,7 @@ +# Creating files on sysfs is impossible so this isn't a threat +# Sometimes we have to write to non-existent files to avoid conditional +# init behavior. See b/35303861 for an example. +dontaudit vendor_init sysfs:dir write; + +# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now +allow vendor_init system_data_root_file:dir rw_dir_perms; diff --git a/prebuilts/api/30.0/private/viewcompiler.te b/prebuilts/api/30.0/private/viewcompiler.te new file mode 100644 index 000000000..d1f096441 --- /dev/null +++ b/prebuilts/api/30.0/private/viewcompiler.te @@ -0,0 +1,25 @@ +# viewcompiler +type viewcompiler, domain, coredomain, mlstrustedsubject; +type viewcompiler_exec, system_file_type, exec_type, file_type; +type viewcompiler_tmpfs, file_type; + +# Reading an APK opens a ZipArchive, which unpack to tmpfs. +# Use tmpfs_domain() which will give tmpfs files created by viewcompiler their +# own label, which differs from other labels created by other processes. +# This allows to distinguish in policy files created by viewcompiler vs other +# processes. +tmpfs_domain(viewcompiler) + +allow viewcompiler installd:fd use; + +# Include write permission for app data files so viewcompiler can generate +# compiled layout dex files +allow viewcompiler app_data_file:file { getattr write }; + +# Allow the view compiler to read resources from the apps APK. +allow viewcompiler apk_data_file:file { read map }; + +# priv-apps are moving to a world where they can only execute +# signed code. Make sure viewcompiler never can write to privapp +# directories to avoid introducing unsigned executable code +neverallow viewcompiler privapp_data_file:file no_w_file_perms; diff --git a/prebuilts/api/30.0/private/virtual_touchpad.te b/prebuilts/api/30.0/private/virtual_touchpad.te new file mode 100644 index 000000000..e735172fe --- /dev/null +++ b/prebuilts/api/30.0/private/virtual_touchpad.te @@ -0,0 +1,3 @@ +typeattribute virtual_touchpad coredomain; + +init_daemon_domain(virtual_touchpad) diff --git a/prebuilts/api/30.0/private/vold.te b/prebuilts/api/30.0/private/vold.te new file mode 100644 index 000000000..dea24a576 --- /dev/null +++ b/prebuilts/api/30.0/private/vold.te @@ -0,0 +1,19 @@ +typeattribute vold coredomain; + +init_daemon_domain(vold) + +# Switch to more restrictive domains when executing common tools +domain_auto_trans(vold, sgdisk_exec, sgdisk); +domain_auto_trans(vold, sdcardd_exec, sdcardd); + +# For a handful of probing tools, we choose an even more restrictive +# domain when working with untrusted block devices +domain_trans(vold, blkid_exec, blkid); +domain_trans(vold, blkid_exec, blkid_untrusted); +domain_trans(vold, fsck_exec, fsck); +domain_trans(vold, fsck_exec, fsck_untrusted); + +# Newly created storage dirs are always treated as mount stubs to prevent us +# from accidentally writing when the mount point isn't present. +type_transition vold storage_file:dir storage_stub_file; +type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; diff --git a/prebuilts/api/30.0/private/vold_prepare_subdirs.te b/prebuilts/api/30.0/private/vold_prepare_subdirs.te new file mode 100644 index 000000000..f3ec05859 --- /dev/null +++ b/prebuilts/api/30.0/private/vold_prepare_subdirs.te @@ -0,0 +1,45 @@ +domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs) + +allow vold_prepare_subdirs system_file:file execute_no_trans; +allow vold_prepare_subdirs shell_exec:file rx_file_perms; +allow vold_prepare_subdirs toolbox_exec:file rx_file_perms; +allow vold_prepare_subdirs devpts:chr_file rw_file_perms; +allow vold_prepare_subdirs vold:fd use; +allow vold_prepare_subdirs vold:fifo_file { read write }; +allow vold_prepare_subdirs file_contexts_file:file r_file_perms; +allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner }; +allow vold_prepare_subdirs self:process setfscreate; +allow vold_prepare_subdirs { + system_data_file + vendor_data_file +}:dir { open read write add_name remove_name rmdir relabelfrom }; +allow vold_prepare_subdirs { + apex_module_data_file + apex_permission_data_file + apex_rollback_data_file + apex_wifi_data_file + backup_data_file + face_vendor_data_file + fingerprint_vendor_data_file + iris_vendor_data_file + rollback_data_file + storaged_data_file + vold_data_file +}:dir { create_dir_perms relabelto }; +allow vold_prepare_subdirs { + apex_module_data_file + apex_permission_data_file + apex_rollback_data_file + apex_wifi_data_file + backup_data_file + face_vendor_data_file + fingerprint_vendor_data_file + iris_vendor_data_file + rollback_data_file + storaged_data_file + system_data_file + vold_data_file +}:file { getattr unlink }; +allow vold_prepare_subdirs apex_mnt_dir:dir { open read }; + +dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms; diff --git a/prebuilts/api/30.0/private/vr_hwc.te b/prebuilts/api/30.0/private/vr_hwc.te new file mode 100644 index 000000000..053c03d98 --- /dev/null +++ b/prebuilts/api/30.0/private/vr_hwc.te @@ -0,0 +1,6 @@ +typeattribute vr_hwc coredomain; + +# Daemon started by init. +init_daemon_domain(vr_hwc) + +hal_server_domain(vr_hwc, hal_graphics_composer) diff --git a/prebuilts/api/30.0/private/vzwomatrigger_app.te b/prebuilts/api/30.0/private/vzwomatrigger_app.te new file mode 100644 index 000000000..8deb22bc8 --- /dev/null +++ b/prebuilts/api/30.0/private/vzwomatrigger_app.te @@ -0,0 +1,6 @@ +### +### A domain for further sandboxing the VzwOmaTrigger app. +### +type vzwomatrigger_app, domain; + +app_domain(vzwomatrigger_app) diff --git a/prebuilts/api/30.0/private/wait_for_keymaster.te b/prebuilts/api/30.0/private/wait_for_keymaster.te new file mode 100644 index 000000000..85a28da5f --- /dev/null +++ b/prebuilts/api/30.0/private/wait_for_keymaster.te @@ -0,0 +1,9 @@ +# wait_for_keymaster service +type wait_for_keymaster, domain, coredomain; +type wait_for_keymaster_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(wait_for_keymaster) + +hal_client_domain(wait_for_keymaster, hal_keymaster) + +allow wait_for_keymaster kmsg_device:chr_file w_file_perms; diff --git a/prebuilts/api/30.0/private/watchdogd.te b/prebuilts/api/30.0/private/watchdogd.te new file mode 100644 index 000000000..91ece7052 --- /dev/null +++ b/prebuilts/api/30.0/private/watchdogd.te @@ -0,0 +1,3 @@ +typeattribute watchdogd coredomain; + +init_daemon_domain(watchdogd) diff --git a/prebuilts/api/30.0/private/webview_zygote.te b/prebuilts/api/30.0/private/webview_zygote.te new file mode 100644 index 000000000..969ab9cc9 --- /dev/null +++ b/prebuilts/api/30.0/private/webview_zygote.te @@ -0,0 +1,153 @@ +# webview_zygote is an auxiliary zygote process that is used to spawn +# isolated_app processes for rendering untrusted web content. + +typeattribute webview_zygote coredomain; + +# The webview_zygote needs to be able to transition domains. +typeattribute webview_zygote mlstrustedsubject; + +# Allow access to temporary files, which is normally permitted through +# a domain macro. +tmpfs_domain(webview_zygote); + +# Allow reading/executing installed binaries to enable preloading the +# installed WebView implementation. +allow webview_zygote apk_data_file:dir r_dir_perms; +allow webview_zygote apk_data_file:file { r_file_perms execute }; + +# Access to the WebView relro file. +allow webview_zygote shared_relro_file:dir search; +allow webview_zygote shared_relro_file:file r_file_perms; + +# Set the UID/GID of the process. +allow webview_zygote self:global_capability_class_set { setgid setuid }; +# Drop capabilities from bounding set. +allow webview_zygote self:global_capability_class_set setpcap; +# Switch SELinux context to app domains. +allow webview_zygote self:process setcurrent; +allow webview_zygote isolated_app:process dyntransition; + +# For art. +allow webview_zygote dalvikcache_data_file:dir r_dir_perms; +allow webview_zygote dalvikcache_data_file:lnk_file r_file_perms; +allow webview_zygote dalvikcache_data_file:file { r_file_perms execute }; + +# Allow webview_zygote to create JIT memory. +allow webview_zygote self:process execmem; + +# Allow webview_zygote to stat the files that it opens. It must +# be able to inspect them so that it can reopen them on fork +# if necessary: b/30963384. +allow webview_zygote debugfs_trace_marker:file getattr; + +# Allow webview_zygote to manage the pgroup of its children. +allow webview_zygote system_server:process getpgid; + +# Interaction between the webview_zygote and its children. +allow webview_zygote isolated_app:process setpgid; + +# TODO (b/63631799) fix this access +# Suppress denials to storage. Webview zygote should not be accessing. +dontaudit webview_zygote mnt_expand_file:dir getattr; + +# TODO (b/72957399) remove this when webview_zygote is reparented to +# app_process zygote +dontaudit webview_zygote dex2oat_exec:file execute; + +# Get seapp_contexts +allow webview_zygote seapp_contexts_file:file r_file_perms; +# Check validity of SELinux context before use. +selinux_check_context(webview_zygote) +# Check SELinux permissions. +selinux_check_access(webview_zygote) + +# Directory listing in /system. +allow webview_zygote system_file:dir r_dir_perms; + +# Read and inspect temporary files (like system properties) managed by zygote. +allow webview_zygote zygote_tmpfs:file { read getattr }; +# Child of zygote. +allow webview_zygote zygote:fd use; +allow webview_zygote zygote:process sigchld; + +# Allow apps access to /vendor/overlay +r_dir_file(webview_zygote, vendor_overlay_file) + +allow webview_zygote same_process_hal_file:file { execute read open getattr map }; + +allow webview_zygote system_data_file:lnk_file r_file_perms; + +# Send unsolicited message to system_server +unix_socket_send(webview_zygote, system_unsolzygote, system_server) + +##### +##### Neverallow +##### + +# Only permit transition to isolated_app. +neverallow webview_zygote { domain -isolated_app }:process dyntransition; + +# Only setcon() transitions, no exec() based transitions, except for crash_dump. +neverallow webview_zygote { domain -crash_dump }:process transition; + +# Must not exec() a program without changing domains. +# Having said that, exec() above is not allowed. +neverallow webview_zygote *:file execute_no_trans; + +# The only way to enter this domain is for the zygote to fork a new +# webview_zygote child. +neverallow { domain -zygote } webview_zygote:process dyntransition; + +# Disallow write access to properties. +neverallow webview_zygote property_socket:sock_file write; +neverallow webview_zygote property_type:property_service set; + +# Should not have any access to app data files. +neverallow webview_zygote { + app_data_file + privapp_data_file + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file +}:file { rwx_file_perms }; + +neverallow webview_zygote { + service_manager_type + -activity_service + -webviewupdate_service +}:service_manager find; + +# Isolated apps shouldn't be able to access the driver directly. +neverallow webview_zygote gpu_device:chr_file { rwx_file_perms }; + +# Do not allow webview_zygote access to /cache. +neverallow webview_zygote cache_file:dir ~{ r_dir_perms }; +neverallow webview_zygote cache_file:file ~{ read getattr }; + +# Do not allow most socket access. This is socket_class_set, excluding unix_dgram_socket, +# unix_stream_socket, and netlink_selinux_socket. +neverallow webview_zygote domain:{ + socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket + appletalk_socket netlink_route_socket netlink_tcpdiag_socket + netlink_nflog_socket netlink_xfrm_socket netlink_audit_socket + netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket + netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket + netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket + sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket + x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket + pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket + rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket + alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket + xdp_socket +} *; + +# Do not allow access to Bluetooth-related system properties. +# neverallow rules for Bluetooth-related data files are listed above. +neverallow webview_zygote { + bluetooth_a2dp_offload_prop + bluetooth_audio_hal_prop + bluetooth_prop + exported_bluetooth_prop +}:file create_file_perms; diff --git a/prebuilts/api/30.0/private/wificond.te b/prebuilts/api/30.0/private/wificond.te new file mode 100644 index 000000000..5476e3385 --- /dev/null +++ b/prebuilts/api/30.0/private/wificond.te @@ -0,0 +1,3 @@ +typeattribute wificond coredomain; + +init_daemon_domain(wificond) diff --git a/prebuilts/api/30.0/private/wpantund.te b/prebuilts/api/30.0/private/wpantund.te new file mode 100644 index 000000000..e91662cb7 --- /dev/null +++ b/prebuilts/api/30.0/private/wpantund.te @@ -0,0 +1,3 @@ +typeattribute wpantund coredomain; + +init_daemon_domain(wpantund) diff --git a/prebuilts/api/30.0/private/zygote.te b/prebuilts/api/30.0/private/zygote.te new file mode 100644 index 000000000..5f08f8d6b --- /dev/null +++ b/prebuilts/api/30.0/private/zygote.te @@ -0,0 +1,239 @@ +# zygote +typeattribute zygote coredomain; +typeattribute zygote mlstrustedsubject; + +init_daemon_domain(zygote) +tmpfs_domain(zygote) + +read_runtime_log_tags(zygote) + +# Override DAC on files and switch uid/gid. +allow zygote self:global_capability_class_set { dac_override dac_read_search setgid setuid fowner chown }; + +# Drop capabilities from bounding set. +allow zygote self:global_capability_class_set setpcap; + +# Switch SELinux context to app domains. +allow zygote self:process setcurrent; +allow zygote system_server_startup:process dyntransition; +allow zygote appdomain:process dyntransition; +allow zygote webview_zygote:process dyntransition; +allow zygote app_zygote:process dyntransition; + +# Allow zygote to read app /proc/pid dirs (b/10455872). +allow zygote appdomain:dir { getattr search }; +allow zygote appdomain:file { r_file_perms }; + +# Move children into the peer process group. +allow zygote system_server:process { getpgid setpgid }; +allow zygote appdomain:process { getpgid setpgid }; +allow zygote webview_zygote:process { getpgid setpgid }; +allow zygote app_zygote:process { getpgid setpgid }; + +# Read system data. +allow zygote system_data_file:dir r_dir_perms; +allow zygote system_data_file:file r_file_perms; + +# Write to /data/dalvik-cache. +allow zygote dalvikcache_data_file:dir create_dir_perms; +allow zygote dalvikcache_data_file:file create_file_perms; + +# Create symlinks in /data/dalvik-cache. +allow zygote dalvikcache_data_file:lnk_file create_file_perms; + +# Write to /data/resource-cache. +allow zygote resourcecache_data_file:dir rw_dir_perms; +allow zygote resourcecache_data_file:file create_file_perms; + +# For updateability, the zygote may fetch the current boot +# classpath from the dalvik cache. Integrity of the files +# is ensured by fsverity protection (checked in art_apex_boot_integrity). +allow zygote dalvikcache_data_file:file execute; + +# Bind mount on /data/data and mounted volumes +allow zygote { system_data_file mnt_expand_file }:dir mounton; + +# Relabel /data/user /data/user_de and /data/data +allow zygote tmpfs:{ dir lnk_file } relabelfrom; +allow zygote system_data_file:{ dir lnk_file } relabelto; + +# Zygote opens /mnt/expand to mount CE DE storage on each vol +allow zygote mnt_expand_file:dir { open read search relabelto }; + +# Bind mount subdirectories on /data/misc/profiles/cur +allow zygote { user_profile_data_file }:dir { mounton search }; + +# Create and bind dirs on /data/data +allow zygote tmpfs:dir { create_dir_perms mounton }; + +# Goes into media directory and bind mount obb directory +allow zygote media_rw_data_file:dir { getattr search }; + +# Read if sdcardfs is supported +allow zygote proc_filesystems:file r_file_perms; + +# Create symlink for /data/user/0 +allow zygote tmpfs:lnk_file create; + +allow zygote mirror_data_file:dir r_dir_perms; + +# Get inode of data directories +allow zygote { + system_data_file + radio_data_file + app_data_file + shell_data_file + bluetooth_data_file + privapp_data_file + nfc_data_file + mnt_expand_file +}:dir getattr; + +# Allow zygote to create JIT memory. +allow zygote self:process execmem; +allow zygote zygote_tmpfs:file execute; +allow zygote ashmem_libcutils_device:chr_file execute; + +# Execute idmap and dex2oat within zygote's own domain. +# TODO: Should either of these be transitioned to the same domain +# used by installd or stay in-domain for zygote? +allow zygote idmap_exec:file rx_file_perms; +allow zygote dex2oat_exec:file rx_file_perms; + +# Allow apps access to /vendor/overlay +r_dir_file(zygote, vendor_overlay_file) + +# Control cgroups. +allow zygote cgroup:dir create_dir_perms; +allow zygote cgroup:{ file lnk_file } r_file_perms; +allow zygote self:global_capability_class_set sys_admin; + +# Allow zygote to stat the files that it opens. The zygote must +# be able to inspect them so that it can reopen them on fork +# if necessary: b/30963384. +allow zygote pmsg_device:chr_file getattr; +allow zygote debugfs_trace_marker:file getattr; + +# Get seapp_contexts +allow zygote seapp_contexts_file:file r_file_perms; +# Check validity of SELinux context before use. +selinux_check_context(zygote) +# Check SELinux permissions. +selinux_check_access(zygote) + +# Native bridge functionality requires that zygote replaces +# /proc/cpuinfo with /system/lib//cpuinfo using a bind mount +allow zygote proc_cpuinfo:file mounton; + +# Allow remounting rootfs as MS_SLAVE. +allow zygote rootfs:dir mounton; +allow zygote tmpfs:filesystem { mount unmount }; +allow zygote fuse:filesystem { unmount }; +allow zygote sdcardfs:filesystem { unmount }; + +# Allow creating user-specific storage source if started before vold. +allow zygote mnt_user_file:dir { create_dir_perms mounton }; +allow zygote mnt_user_file:lnk_file create_file_perms; +allow zygote mnt_user_file:file create_file_perms; + +# Allow mounting user-specific storage source if started before vold. +allow zygote mnt_pass_through_file:dir { create_dir_perms mounton }; + +# Allowed to mount user-specific storage into place +allow zygote storage_file:dir { search mounton }; + +# Allow mounting and creating files, dirs on sdcardfs. +allow zygote { sdcard_type }:dir { create_dir_perms mounton }; +allow zygote { sdcard_type }:file { create_file_perms }; + +# Handle --invoke-with command when launching Zygote with a wrapper command. +allow zygote zygote_exec:file rx_file_perms; + +# Allow zygote to write to statsd. +unix_socket_send(zygote, statsdw, statsd) + +# Root fs. +r_dir_file(zygote, rootfs) + +# System file accesses. +r_dir_file(zygote, system_file) + +# /oem accesses. +allow zygote oemfs:dir search; + +userdebug_or_eng(` + # Allow zygote to create and write method traces in /data/misc/trace. + allow zygote method_trace_data_file:dir w_dir_perms; + allow zygote method_trace_data_file:file { create w_file_perms }; +') + +allow zygote ion_device:chr_file r_file_perms; +allow zygote tmpfs:dir r_dir_perms; + +allow zygote same_process_hal_file:file { execute read open getattr map }; + +# Let the zygote access overlays so it can initialize the AssetManager. +get_prop(zygote, overlay_prop) +get_prop(zygote, exported_overlay_prop) + +# Allow the zygote to access the runtime feature flag properties. +get_prop(zygote, device_config_runtime_native_prop) +get_prop(zygote, device_config_runtime_native_boot_prop) + +# Allow the zygote to access window manager native boot feature flags +# to initialize WindowManager static properties. +get_prop(zygote, device_config_window_manager_native_boot_prop) + +# ingore spurious denials +dontaudit zygote self:global_capability_class_set sys_resource; + +# Ignore spurious denials calling access() on fuse +# TODO(b/151316657): avoid the denials +dontaudit zygote media_rw_data_file:dir setattr; + +# Allow zygote to use ashmem fds from system_server. +allow zygote system_server:fd use; + +# Send unsolicited message to system_server +unix_socket_send(zygote, system_unsolzygote, system_server) + +# Allow zygote to access media_variant_prop for static initialization +get_prop(zygote, media_variant_prop) + +### +### neverallow rules +### + +# Ensure that all types assigned to app processes are included +# in the appdomain attribute, so that all allow and neverallow rules +# written on appdomain are applied to all app processes. +# This is achieved by ensuring that it is impossible for zygote to +# setcon (dyntransition) to any types other than those associated +# with appdomain plus system_server_startup, webview_zygote and +# app_zygote. +neverallow zygote ~{ + appdomain + system_server_startup + webview_zygote + app_zygote +}:process dyntransition; + +# Zygote should never execute anything from /data except for /data/dalvik-cache files. +neverallow zygote { + data_file_type + -dalvikcache_data_file # map PROT_EXEC +}:file no_x_file_perms; + +# Do not allow access to Bluetooth-related system properties and files +neverallow zygote { + bluetooth_a2dp_offload_prop + bluetooth_audio_hal_prop + bluetooth_prop + exported_bluetooth_prop +}:file create_file_perms; + +# Zygote should not be able to access app private data. +neverallow zygote { + privapp_data_file + app_data_file +}:dir ~getattr; diff --git a/prebuilts/api/30.0/public/adbd.te b/prebuilts/api/30.0/public/adbd.te new file mode 100644 index 000000000..4a1f63388 --- /dev/null +++ b/prebuilts/api/30.0/public/adbd.te @@ -0,0 +1,11 @@ +# adbd seclabel is specified in init.rc since +# it lives in the rootfs and has no unique file type. +type adbd, domain; +type adbd_exec, exec_type, file_type, system_file_type; + +# Only init is allowed to enter the adbd domain via exec() +neverallow { domain -init } adbd:process transition; +neverallow * adbd:process dyntransition; + +# Allow adbd start/stop mdnsd via ctl.start +set_prop(adbd, ctl_mdnsd_prop) diff --git a/prebuilts/api/30.0/public/aidl_lazy_test_server.te b/prebuilts/api/30.0/public/aidl_lazy_test_server.te new file mode 100644 index 000000000..626d0088b --- /dev/null +++ b/prebuilts/api/30.0/public/aidl_lazy_test_server.te @@ -0,0 +1,9 @@ +type aidl_lazy_test_server, domain; +type aidl_lazy_test_server_exec, exec_type, file_type, system_file_type; + +userdebug_or_eng(` + binder_use(aidl_lazy_test_server) + binder_call(aidl_lazy_test_server, binderservicedomain) + + add_service(aidl_lazy_test_server, aidl_lazy_test_service) +') diff --git a/prebuilts/api/30.0/public/apexd.te b/prebuilts/api/30.0/public/apexd.te new file mode 100644 index 000000000..93c257f5f --- /dev/null +++ b/prebuilts/api/30.0/public/apexd.te @@ -0,0 +1,15 @@ +# apexd -- manager for APEX packages +type apexd, domain; +type apexd_exec, exec_type, file_type, system_file_type; + +binder_use(apexd) +add_service(apexd, apex_service) +set_prop(apexd, apexd_prop) + +neverallow { domain -init -apexd -system_server } apex_service:service_manager find; +neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call; + +neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace; + +# only apexd can set apexd sysprop +neverallow { domain -apexd -init } apexd_prop:property_service set; diff --git a/prebuilts/api/30.0/public/app.te b/prebuilts/api/30.0/public/app.te new file mode 100644 index 000000000..9c635aa82 --- /dev/null +++ b/prebuilts/api/30.0/public/app.te @@ -0,0 +1,598 @@ +### +### Domain for all zygote spawned apps +### +### This file is the base policy for all zygote spawned apps. +### Other policy files, such as isolated_app.te, untrusted_app.te, etc +### extend from this policy. Only policies which should apply to ALL +### zygote spawned apps should be added here. +### +type appdomain_tmpfs, file_type; + +# WebView and other application-specific JIT compilers +allow appdomain self:process execmem; + +allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute; + +# Receive and use open file descriptors inherited from zygote. +allow appdomain zygote:fd use; + +# gdbserver for ndk-gdb reads the zygote. +# valgrind needs mmap exec for zygote +allow appdomain zygote_exec:file rx_file_perms; + +# Notify zygote of death; +allow appdomain zygote:process sigchld; + +# Read /data/dalvik-cache. +allow appdomain dalvikcache_data_file:dir { search getattr }; +allow appdomain dalvikcache_data_file:file r_file_perms; + +# Read the /sdcard and /mnt/sdcard symlinks +allow { appdomain -isolated_app } rootfs:lnk_file r_file_perms; +allow { appdomain -isolated_app } tmpfs:lnk_file r_file_perms; + +# Search /storage/emulated tmpfs mount. +allow appdomain tmpfs:dir r_dir_perms; + +# Notify zygote of the wrapped process PID when using --invoke-with. +allow appdomain zygote:fifo_file write; + +userdebug_or_eng(` + # Allow apps to create and write method traces in /data/misc/trace. + allow appdomain method_trace_data_file:dir w_dir_perms; + allow appdomain method_trace_data_file:file { create w_file_perms }; +') + +# Notify shell and adbd of death when spawned via runas for ndk-gdb. +allow appdomain shell:process sigchld; +allow appdomain adbd:process sigchld; + +# child shell or gdbserver pty access for runas. +allow appdomain devpts:chr_file { getattr read write ioctl }; + +# Use pipes and sockets provided by system_server via binder or local socket. +allow appdomain system_server:fd use; +allow appdomain system_server:fifo_file rw_file_perms; +allow appdomain system_server:unix_stream_socket { read write setopt getattr getopt shutdown }; +allow appdomain system_server:tcp_socket { read write getattr getopt shutdown }; + +# For AppFuse. +allow appdomain vold:fd use; + +# Communication with other apps via fifos +allow appdomain appdomain:fifo_file rw_file_perms; + +# Communicate with surfaceflinger. +allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr getopt shutdown }; + +# App sandbox file accesses. +allow { appdomain -isolated_app } { app_data_file privapp_data_file }:dir create_dir_perms; +allow { appdomain -isolated_app } { app_data_file privapp_data_file }:file create_file_perms; + +# Traverse into expanded storage +allow appdomain mnt_expand_file:dir r_dir_perms; + +# Keychain and user-trusted credentials +r_dir_file(appdomain, keychain_data_file) +allow appdomain misc_user_data_file:dir r_dir_perms; +allow appdomain misc_user_data_file:file r_file_perms; + +# TextClassifier +r_dir_file({ appdomain -isolated_app }, textclassifier_data_file) + +# Access to OEM provided data and apps +allow appdomain oemfs:dir r_dir_perms; +allow appdomain oemfs:file rx_file_perms; + +# Execute the shell or other system executables. +allow { appdomain -ephemeral_app } shell_exec:file rx_file_perms; +allow { appdomain -ephemeral_app } toolbox_exec:file rx_file_perms; +allow appdomain system_file:file x_file_perms; +not_full_treble(`allow { appdomain -ephemeral_app } vendor_file:file x_file_perms;') + +# Renderscript needs the ability to read directories on /system +allow appdomain system_file:dir r_dir_perms; +allow appdomain system_file:lnk_file { getattr open read }; +# Renderscript specific permissions to open /system/vendor/lib64. +not_full_treble(` + allow appdomain vendor_file_type:dir r_dir_perms; + allow appdomain vendor_file_type:lnk_file { getattr open read }; +') + +full_treble_only(` + # For looking up Renderscript vendor drivers + allow { appdomain -isolated_app } vendor_file:dir { open read }; +') + +# Allow apps access to /vendor/app except for privileged +# apps which cannot be in /vendor. +r_dir_file({ appdomain -ephemeral_app }, vendor_app_file) +allow { appdomain -ephemeral_app } vendor_app_file:file execute; + +# Allow apps access to /vendor/overlay +r_dir_file(appdomain, vendor_overlay_file) + +# Allow apps access to /vendor/framework +# for vendor provided libraries. +r_dir_file(appdomain, vendor_framework_file) + +# Allow apps read / execute access to vendor public libraries. +allow appdomain vendor_public_lib_file:dir r_dir_perms; +allow appdomain vendor_public_lib_file:file { execute read open getattr map }; + +# Read/write wallpaper file (opened by system). +allow appdomain wallpaper_file:file { getattr read write map }; + +# Read/write cached ringtones (opened by system). +allow appdomain ringtone_file:file { getattr read write map }; + +# Read ShortcutManager icon files (opened by system). +allow appdomain shortcut_manager_icons:file { getattr read map }; + +# Read icon file (opened by system). +allow appdomain icon_file:file { getattr read map }; + +# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt). +# +# TODO: All of these permissions except for anr_data_file:file append can be +# withdrawn once we've switched to the new stack dumping mechanism, see b/32064548 +# and the rules below. +allow appdomain anr_data_file:dir search; +allow appdomain anr_data_file:file { open append }; + +# New stack dumping scheme : request an output FD from tombstoned via a unix +# domain socket. +# +# Allow apps to connect and write to the tombstoned java trace socket in +# order to dump their traces. Also allow them to append traces to pipes +# created by dumptrace. (Also see the rules below where they are given +# additional permissions to dumpstate pipes for other aspects of bug report +# creation). +unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned) +allow appdomain tombstoned:fd use; +allow appdomain dumpstate:fifo_file append; +allow appdomain incidentd:fifo_file append; + +# Allow apps to send dump information to dumpstate +allow appdomain dumpstate:fd use; +allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdown }; +allow appdomain dumpstate:fifo_file { write getattr }; +allow appdomain shell_data_file:file { write getattr }; + +# Allow apps to send dump information to incidentd +allow appdomain incidentd:fd use; +allow appdomain incidentd:fifo_file { write getattr }; + +# Allow apps to send information to statsd socket. +unix_socket_send(appdomain, statsdw, statsd) + +# Write profiles /data/misc/profiles +allow appdomain user_profile_data_file:dir { search write add_name }; +allow appdomain user_profile_data_file:file create_file_perms; + +# Send heap dumps to system_server via an already open file descriptor +# % adb shell am set-watch-heap com.android.systemui 1048576 +# % adb shell dumpsys procstats --start-testing +# debuggable builds only. +userdebug_or_eng(` + allow appdomain heapdump_data_file:file append; +') + +# /proc/net access. +# TODO(b/9496886) Audit access for removal. +# proc_net access for the negated domains below is granted (or not) in their +# individual .te files. +r_dir_file({ + appdomain + -ephemeral_app + -isolated_app + -platform_app + -priv_app + -shell + -system_app + -untrusted_app_all +}, proc_net_type) +# audit access for all these non-core app domains. +userdebug_or_eng(` + auditallow { + appdomain + -ephemeral_app + -isolated_app + -platform_app + -priv_app + -shell + -su + -system_app + -untrusted_app_all + } proc_net_type:{ dir file lnk_file } { getattr open read }; +') + +# Grant GPU access to all processes started by Zygote. +# They need that to render the standard UI. +allow { appdomain -isolated_app } gpu_device:chr_file rw_file_perms; + +# Use the Binder. +binder_use(appdomain) +# Perform binder IPC to binder services. +binder_call(appdomain, binderservicedomain) +# Perform binder IPC to other apps. +binder_call(appdomain, appdomain) +# Perform binder IPC to ephemeral apps. +binder_call(appdomain, ephemeral_app) + +# Talk with graphics composer fences +allow appdomain hal_graphics_composer:fd use; + +# Already connected, unnamed sockets being passed over some other IPC +# hence no sock_file or connectto permission. This appears to be how +# Chrome works, may need to be updated as more apps using isolated services +# are examined. +allow appdomain appdomain:unix_stream_socket { getopt getattr read write shutdown }; + +# Backup ability for every app. BMS opens and passes the fd +# to any app that has backup ability. Hence, no open permissions here. +allow appdomain backup_data_file:file { read write getattr map }; +allow appdomain cache_backup_file:file { read write getattr map }; +allow appdomain cache_backup_file:dir getattr; +# Backup ability using 'adb backup' +allow appdomain system_data_file:lnk_file r_file_perms; +allow appdomain system_data_file:file { getattr read map }; + +# Allow read/stat of /data/media files passed by Binder or local socket IPC. +allow { appdomain -isolated_app } media_rw_data_file:file { read getattr }; + +# Read and write /data/data/com.android.providers.telephony files passed over Binder. +allow { appdomain -isolated_app } radio_data_file:file { read write getattr }; + +# Allow access to external storage; we have several visible mount points under /storage +# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary +allow { appdomain -isolated_app -ephemeral_app } storage_file:dir r_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } storage_file:lnk_file r_file_perms; +allow { appdomain -isolated_app -ephemeral_app } mnt_user_file:dir r_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } mnt_user_file:lnk_file r_file_perms; + +# Read/write visible storage +allow { appdomain -isolated_app -ephemeral_app } sdcard_type:dir create_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } sdcard_type:file create_file_perms; +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:dir create_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:file create_file_perms; + +# Allow apps to use the USB Accessory interface. +# http://developer.android.com/guide/topics/connectivity/usb/accessory.html +# +# USB devices are first opened by the system server (USBDeviceManagerService) +# and the file descriptor is passed to the right Activity via binder. +allow { appdomain -isolated_app -ephemeral_app } usb_device:chr_file { read write getattr ioctl }; +allow { appdomain -isolated_app -ephemeral_app } usbaccessory_device:chr_file { read write getattr }; + +# For art. +allow appdomain dalvikcache_data_file:file execute; +allow appdomain dalvikcache_data_file:lnk_file r_file_perms; + +# Allow any app to read shared RELRO files. +allow appdomain shared_relro_file:dir search; +allow appdomain shared_relro_file:file r_file_perms; + +# Allow apps to read/execute installed binaries +allow appdomain apk_data_file:dir r_dir_perms; +allow appdomain apk_data_file:file rx_file_perms; + +# /data/resource-cache +allow appdomain resourcecache_data_file:file r_file_perms; +allow appdomain resourcecache_data_file:dir r_dir_perms; + +# logd access +read_logd(appdomain) +control_logd({ appdomain -ephemeral_app }) +# application inherit logd write socket (urge is to deprecate this long term) +allow appdomain zygote:unix_dgram_socket write; + +allow { appdomain -isolated_app -ephemeral_app } keystore:keystore_key { get_state get insert delete exist list sign verify }; + +use_keystore({ appdomain -isolated_app -ephemeral_app }) + +use_credstore({ appdomain -isolated_app -ephemeral_app }) + +allow appdomain console_device:chr_file { read write }; + +# only allow unprivileged socket ioctl commands +allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket } + ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; + +allow { appdomain -isolated_app } ion_device:chr_file r_file_perms; + +# Allow AAudio apps to use shared memory file descriptors from the HAL +allow { appdomain -isolated_app } hal_audio:fd use; + +# Allow app to access shared memory created by camera HAL1 +allow { appdomain -isolated_app } hal_camera:fd use; + +# RenderScript always-passthrough HAL +allow { appdomain -isolated_app } hal_renderscript_hwservice:hwservice_manager find; +allow appdomain same_process_hal_file:file { execute read open getattr map }; + +# TODO: switch to meminfo service +allow appdomain proc_meminfo:file r_file_perms; + +# For app fuse. +allow appdomain app_fuse_file:file { getattr read append write map }; + +pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client) +pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager) +pdx_client({ appdomain -isolated_app -ephemeral_app }, display_vsync) +pdx_client({ appdomain -isolated_app -ephemeral_app }, performance_client) +# Apps do not directly open the IPC socket for bufferhubd. +pdx_use({ appdomain -isolated_app -ephemeral_app }, bufferhub_client) + +### +### CTS-specific rules +### + +# For cts/tests/tests/permission/src/android/permission/cts/FileSystemPermissionTest.java. +# testRunAsHasCorrectCapabilities +allow appdomain runas_exec:file getattr; +# Others are either allowed elsewhere or not desired. + +# Apps receive an open tun fd from the framework for +# device traffic. Do not allow untrusted app to directly open tun_device +allow { appdomain -isolated_app -ephemeral_app } tun_device:chr_file { read write getattr append ioctl }; +allowxperm { appdomain -isolated_app -ephemeral_app } tun_device:chr_file ioctl TUNGETIFF; + +# Connect to adbd and use a socket transferred from it. +# This is used for e.g. adb backup/restore. +allow appdomain adbd:unix_stream_socket connectto; +allow appdomain adbd:fd use; +allow appdomain adbd:unix_stream_socket { getattr getopt ioctl read write shutdown }; + +allow appdomain cache_file:dir getattr; + +# Allow apps to run with asanwrapper. +with_asan(`allow appdomain asanwrapper_exec:file rx_file_perms;') + +# Read access to FDs from the DropboxManagerService. +allow appdomain dropbox_data_file:file { getattr read }; + +# Read tmpfs types from these processes. +allow appdomain audioserver_tmpfs:file { getattr map read write }; +allow appdomain system_server_tmpfs:file { getattr map read write }; +allow appdomain zygote_tmpfs:file { map read }; + +### +### Neverallow rules +### +### These are things that Android apps should NEVER be able to do +### + +# Superuser capabilities. +# bluetooth requires net_admin and wake_alarm. network stack app requires net_admin. +neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *; + +# Block device access. +neverallow appdomain dev_type:blk_file { read write }; + +# Access to any of the following character devices. +neverallow appdomain { + audio_device + camera_device + dm_device + radio_device + rpmsg_device + video_device +}:chr_file { read write }; + +# Note: Try expanding list of app domains in the future. +neverallow { untrusted_app isolated_app shell } graphics_device:chr_file { read write }; + +neverallow { appdomain -nfc } nfc_device:chr_file + { read write }; +neverallow { appdomain -bluetooth } hci_attach_dev:chr_file + { read write }; +neverallow appdomain tee_device:chr_file { read write }; + +# Privileged netlink socket interfaces. +neverallow { appdomain -network_stack } + domain:{ + netlink_tcpdiag_socket + netlink_nflog_socket + netlink_xfrm_socket + netlink_audit_socket + netlink_dnrt_socket + } *; + +# These messages are broadcast messages from the kernel to userspace. +# Do not allow the writing of netlink messages, which has been a source +# of rooting vulns in the past. +neverallow appdomain domain:netlink_kobject_uevent_socket { write append }; + +# Sockets under /dev/socket that are not specifically typed. +neverallow appdomain socket_device:sock_file write; + +# Unix domain sockets. +neverallow appdomain adbd_socket:sock_file write; +neverallow { appdomain -radio } rild_socket:sock_file write; + +# ptrace access to non-app domains. +neverallow appdomain { domain -appdomain }:process ptrace; + +# The Android security model guarantees the confidentiality and integrity +# of application data and execution state. Ptrace bypasses those +# confidentiality guarantees. Disallow ptrace access from system components +# to apps. Crash_dump is excluded, as it needs ptrace access to +# produce stack traces. llkd is excluded, as it needs ptrace access to +# inspect stack traces for live lock conditions. + +neverallow { + domain + -appdomain + -crash_dump + userdebug_or_eng(`-llkd') +} appdomain:process ptrace; + +# Read or write access to /proc/pid entries for any non-app domain. +# A different form of hidepid=2 like protections +neverallow appdomain { domain -appdomain }:file no_w_file_perms; +neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms; + +# signal access to non-app domains. +# sigchld allowed for parent death notification. +# signull allowed for kill(pid, 0) existence test. +# All others prohibited. +# -perfetto is to allow shell (which is an appdomain) to kill perfetto +# (see private/shell.te). +neverallow appdomain { domain -appdomain -perfetto }:process + { sigkill sigstop signal }; + +# Write to rootfs. +neverallow appdomain rootfs:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; + +# Write to /system. +neverallow appdomain system_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; + +# Write to entrypoint executables. +neverallow appdomain exec_type:file + { create write setattr relabelfrom relabelto append unlink link rename }; + +# Write to system-owned parts of /data. +# This is the default type for anything under /data not otherwise +# specified in file_contexts. Define a different type for portions +# that should be writable by apps. +neverallow appdomain system_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; + +# Write to various other parts of /data. +neverallow appdomain drm_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -platform_app -system_app } + apk_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -platform_app -system_app } + apk_tmp_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -platform_app } + apk_private_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -platform_app } + apk_private_tmp_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -shell } + shell_data_file:dir_file_class_set + { create setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -bluetooth } + bluetooth_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { domain -credstore -init } credstore_data_file:dir_file_class_set *; +neverallow appdomain + keystore_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow appdomain + systemkeys_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow appdomain + wifi_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow appdomain + dhcp_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; + +# access tmp apk files +neverallow { appdomain -untrusted_app_all -platform_app -priv_app } + { apk_tmp_file apk_private_tmp_file }:dir_file_class_set *; + +neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *; +neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read }; + +# Access to factory files. +neverallow appdomain efs_file:dir_file_class_set write; +neverallow { appdomain -shell } efs_file:dir_file_class_set read; + +# Write to various pseudo file systems. +neverallow { appdomain -bluetooth -nfc } + sysfs:dir_file_class_set write; +neverallow appdomain + proc:dir_file_class_set write; + +# Access to syslog(2) or /proc/kmsg. +neverallow appdomain kernel:system { syslog_read syslog_mod syslog_console }; + +# SELinux is not an API for apps to use +neverallow { appdomain -shell } *:security { compute_av check_context }; +neverallow { appdomain -shell } *:netlink_selinux_socket *; + +# Ability to perform any filesystem operation other than statfs(2). +# i.e. no mount(2), unmount(2), etc. +neverallow appdomain fs_type:filesystem ~getattr; + +# prevent creation/manipulation of globally readable symlinks +neverallow appdomain { + apk_data_file + cache_file + cache_recovery_file + dev_type + rootfs + system_file + tmpfs +}:lnk_file no_w_file_perms; + +# Blacklist app domains not allowed to execute from /data +neverallow { + bluetooth + isolated_app + nfc + radio + shared_relro + system_app +} { + data_file_type + -dalvikcache_data_file + -system_data_file # shared libs in apks + -apk_data_file +}:file no_x_file_perms; + +# Applications should use the activity model for receiving events +neverallow { + appdomain + -shell # bugreport +} input_device:chr_file ~getattr; + +# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains. +# neverallow rules for access to Bluetooth-related data files are above. +neverallow { + appdomain + -bluetooth + -system_app +} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms; + + +# Don't allow apps access to storage configuration properties. +neverallow appdomain storage_config_prop:file no_rw_file_perms; + +# Apps cannot access proc_uid_time_in_state +neverallow appdomain proc_uid_time_in_state:file *; + +# Apps cannot access proc_uid_concurrent_active_time +neverallow appdomain proc_uid_concurrent_active_time:file *; + +# Apps cannot access proc_uid_concurrent_policy_time +neverallow appdomain proc_uid_concurrent_policy_time:file *; + +# Apps cannot access proc_uid_cpupower +neverallow appdomain proc_uid_cpupower:file *; + +# Apps may not read /proc/net/{tcp,tcp6,udp,udp6}. These files leak information across the +# application boundary. VPN apps may use the ConnectivityManager.getConnectionOwnerUid() API to +# perform UID lookups. +neverallow { appdomain -shell } proc_net_tcp_udp:file *; + +# Apps cannot access bootstrap files. The bootstrap files are only for +# extremely early processes (like init, etc.) which are started before +# the runtime APEX is activated and Bionic libs are provided from there. +# If app process accesses (or even load/execute) the bootstrap files, +# it might cause problems such as ODR violation, etc. +neverallow appdomain system_bootstrap_lib_file:file + { open read write append execute execute_no_trans map }; +neverallow appdomain system_bootstrap_lib_file:dir + { open read getattr search }; diff --git a/prebuilts/api/30.0/public/app_zygote.te b/prebuilts/api/30.0/public/app_zygote.te new file mode 100644 index 000000000..4c1ec9652 --- /dev/null +++ b/prebuilts/api/30.0/public/app_zygote.te @@ -0,0 +1,6 @@ +# app_zygote is an auxiliary zygote process that is used to spawn +# isolated service processes for individual applications. It is +# spawned from the regular zygote process as a "child zygote". + +type app_zygote, domain; +type app_zygote_tmpfs, file_type; diff --git a/prebuilts/api/30.0/public/asan_extract.te b/prebuilts/api/30.0/public/asan_extract.te new file mode 100644 index 000000000..15c5a09fd --- /dev/null +++ b/prebuilts/api/30.0/public/asan_extract.te @@ -0,0 +1,36 @@ +# asan_extract +# +# This command set moves the artifact corresponding to the current slot +# from /data/ota to /data/dalvik-cache. + +with_asan(` + type asan_extract, domain, coredomain; + type asan_extract_exec, exec_type, file_type; + + # Allow asan_extract to execute itself using #!/system/bin/sh + allow asan_extract shell_exec:file rx_file_perms; + + # We execute log, rm, gzip and tar. + allow asan_extract toolbox_exec:file rx_file_perms; + allow asan_extract system_file:file execute_no_trans; + + # asan_extract deletes old /data/lib. + allow asan_extract system_file:dir { open read remove_name rmdir write }; + allow asan_extract system_file:file unlink; + + # asan_extract untars ASAN libraries into /data. + allow asan_extract system_data_file:dir create_dir_perms ; + allow asan_extract system_data_file:{ file lnk_file } create_file_perms ; + + # Relabel the libraries with restorecon. + allow asan_extract file_contexts_file:file r_file_perms; + allow asan_extract system_data_file:{ dir file } relabelfrom; + allow asan_extract system_file:dir { relabelto setattr }; + allow asan_extract system_file:file relabelto; + + # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser). + allow asan_extract system_data_file:file execute; + + # We need to signal a reboot when done. + set_prop(asan_extract, powerctl_prop) +') diff --git a/prebuilts/api/30.0/public/attributes b/prebuilts/api/30.0/public/attributes new file mode 100644 index 000000000..19623afd6 --- /dev/null +++ b/prebuilts/api/30.0/public/attributes @@ -0,0 +1,365 @@ +###################################### +# Attribute declarations +# + +# All types used for devices. +# On change, update CHECK_FC_ASSERT_ATTRS +# in tools/checkfc.c +attribute dev_type; + +# All types used for processes. +attribute domain; + +# All types used for filesystems. +# On change, update CHECK_FC_ASSERT_ATTRS +# definition in tools/checkfc.c. +attribute fs_type; + +# All types used for context= mounts. +attribute contextmount_type; + +# All types used for files that can exist on a labeled fs. +# Do not use for pseudo file types. +# On change, update CHECK_FC_ASSERT_ATTRS +# definition in tools/checkfc.c. +attribute file_type; + +# All types used for domain entry points. +attribute exec_type; + +# All types used for /data files. +attribute data_file_type; +expandattribute data_file_type false; +# All types in /data, not in /data/vendor +attribute core_data_file_type; +expandattribute core_data_file_type false; + +# All types in /system +attribute system_file_type; + +# All types in /vendor +attribute vendor_file_type; + +# All types used for procfs files. +attribute proc_type; +expandattribute proc_type false; + +# Types in /proc/net, excluding qtaguid types. +# TODO(b/9496886) Lock down access to /proc/net. +# This attribute is used to audit access to proc_net. it is temporary and will +# be removed. +attribute proc_net_type; +expandattribute proc_net_type true; + +# All types used for sysfs files. +attribute sysfs_type; + +# All types use for debugfs files. +attribute debugfs_type; + +# Attribute used for all sdcards +attribute sdcard_type; + +# All types used for nodes/hosts. +attribute node_type; + +# All types used for network interfaces. +attribute netif_type; + +# All types used for network ports. +attribute port_type; + +# All types used for property service +# On change, update CHECK_PC_ASSERT_ATTRS +# definition in tools/checkfc.c. +attribute property_type; + +# All properties defined in core SELinux policy. Should not be +# used by device specific properties +attribute core_property_type; + +# All properties used to configure log filtering. +attribute log_property_type; + +# All properties that are not specific to device but are added from +# outside of AOSP. (e.g. OEM-specific properties) +# These properties are not accessible from device-specific domains +attribute extended_core_property_type; + +# Properties used for representing ownership. All properties should have one +# of: system_property_type, product_property_type, or vendor_property_type. + +# All properties defined by /system. +attribute system_property_type; + +# All /system-defined properties used only in /system. +attribute system_internal_property_type; + +# All /system-defined properties which can't be written outside /system. +attribute system_restricted_property_type; + +# All /system-defined properties with no restrictions. +attribute system_public_property_type; + +# All properties defined by /product. +# Currently there are no enforcements between /system and /product, so for now +# /product attributes are just replaced to /system attributes. +define(`product_property_type', `system_property_type') +define(`product_internal_type', `system_internal_property_type') +define(`product_restricted_type', `system_restricted_property_type') +define(`product_public_type', `system_public_property_type') + +# All properties defined by /vendor. +attribute vendor_property_type; + +# All /vendor-defined properties used only in /vendor. +attribute vendor_internal_property_type; + +# All /vendor-defined properties which can't be written outside /vendor. +attribute vendor_restricted_property_type; + +# All /vendor-defined properties with no restrictions. +attribute vendor_public_property_type; + +# All service_manager types created by system_server +attribute system_server_service; + +# services which should be available to all but isolated apps +attribute app_api_service; + +# services which should be available to all ephemeral apps +attribute ephemeral_app_api_service; + +# services which export only system_api +attribute system_api_service; + +# services which served by vendor and also using the copy of libbinder on +# system (for instance via libbinder_ndk). services using a different copy +# of libbinder currently need their own context manager (e.g. +# vndservicemanager) +attribute vendor_service; + +# All types used for services managed by servicemanager. +# On change, update CHECK_SC_ASSERT_ATTRS +# definition in tools/checkfc.c. +attribute service_manager_type; + +# All types used for services managed by hwservicemanager +attribute hwservice_manager_type; + +# All HwBinder services guaranteed to be passthrough. These services always run +# in the process of their clients, and thus operate with the same access as +# their clients. +attribute same_process_hwservice; + +# All HwBinder services guaranteed to be offered only by core domain components +attribute coredomain_hwservice; + +# All HwBinder services that untrusted apps can't directly access +attribute protected_hwservice; + +# All types used for services managed by vndservicemanager +attribute vndservice_manager_type; + + +# All domains that can override MLS restrictions. +# i.e. processes that can read up and write down. +attribute mlstrustedsubject; + +# All types that can override MLS restrictions. +# i.e. files that can be read by lower and written by higher +attribute mlstrustedobject; + +# All domains used for apps. +attribute appdomain; + +# All third party apps. +attribute untrusted_app_all; + +# All domains used for apps with network access. +attribute netdomain; + +# All domains used for apps with bluetooth access. +attribute bluetoothdomain; + +# All domains used for binder service domains. +attribute binderservicedomain; + +# update_engine related domains that need to apply an update and run +# postinstall. This includes the background daemon and the sideload tool from +# recovery for A/B devices. +attribute update_engine_common; + +# All core domains (as opposed to vendor/device-specific domains) +attribute coredomain; + +# All socket devices owned by core domain components +attribute coredomain_socket; +expandattribute coredomain_socket false; + +# All vendor domains which violate the requirement of not using Binder +# TODO(b/35870313): Remove this once there are no violations +attribute binder_in_vendor_violators; +expandattribute binder_in_vendor_violators false; + +# All vendor domains which violate the requirement of not using sockets for +# communicating with core components +# TODO(b/36577153): Remove this once there are no violations +attribute socket_between_core_and_vendor_violators; +expandattribute socket_between_core_and_vendor_violators false; + +# All vendor domains which violate the requirement of not executing +# system processes +# TODO(b/36463595) +attribute vendor_executes_system_violators; +expandattribute vendor_executes_system_violators false; + +# All domains which violate the requirement of not sharing files by path +# between between vendor and core domains. +# TODO(b/34980020) +attribute data_between_core_and_vendor_violators; +expandattribute data_between_core_and_vendor_violators false; + +# All system domains which violate the requirement of not executing vendor +# binaries/libraries. +# TODO(b/62041836) +attribute system_executes_vendor_violators; +expandattribute system_executes_vendor_violators false; + +# All system domains which violate the requirement of not writing vendor +# properties. +# TODO(b/78598545): Remove this once there are no violations +attribute system_writes_vendor_properties_violators; +expandattribute system_writes_vendor_properties_violators false; + +# All system domains which violate the requirement of not writing to +# /mnt/vendor/*. Must not be used on devices launched with P or later. +attribute system_writes_mnt_vendor_violators; +expandattribute system_writes_mnt_vendor_violators false; + +# hwservices that are accessible from untrusted applications +# WARNING: Use of this attribute should be avoided unless +# absolutely necessary. It is a temporary allowance to aid the +# transition to treble and will be removed in a future platform +# version, requiring all hwservices that are labeled with this +# attribute to be submitted to AOSP in order to maintain their +# app-visibility. +attribute untrusted_app_visible_hwservice_violators; +expandattribute untrusted_app_visible_hwservice_violators false; + +# halserver domains that are accessible to untrusted applications. These +# domains are typically those hosting hwservices attributed by the +# untrusted_app_visible_hwservice_violators. +# WARNING: Use of this attribute should be avoided unless absolutely necessary. +# It is a temporary allowance to aid the transition to treble and will be +# removed in the future platform version, requiring all halserver domains that +# are labeled with this attribute to be submitted to AOSP in order to maintain +# their app-visibility. +attribute untrusted_app_visible_halserver_violators; +expandattribute untrusted_app_visible_halserver_violators false; + +# PDX services +attribute pdx_endpoint_dir_type; +attribute pdx_endpoint_socket_type; +expandattribute pdx_endpoint_socket_type false; +attribute pdx_channel_socket_type; +expandattribute pdx_channel_socket_type false; + +pdx_service_attributes(display_client) +pdx_service_attributes(display_manager) +pdx_service_attributes(display_screenshot) +pdx_service_attributes(display_vsync) +pdx_service_attributes(performance_client) +pdx_service_attributes(bufferhub_client) + +# All HAL servers +attribute halserverdomain; +# All HAL clients +attribute halclientdomain; +expandattribute halclientdomain true; + +# Exempt for halserverdomain to access sockets. Only builds for automotive +# device types are allowed to use this attribute (enforced by CTS). +# Unlike phone, in a car many modules are external from Android perspective and +# HALs should be able to communicate with those devices through sockets. +attribute hal_automotive_socket_exemption; + +# HALs +hal_attribute(allocator); +hal_attribute(atrace); +hal_attribute(audio); +hal_attribute(audiocontrol); +hal_attribute(authsecret); +hal_attribute(bluetooth); +hal_attribute(bootctl); +hal_attribute(bufferhub); +hal_attribute(broadcastradio); +hal_attribute(camera); +hal_attribute(can_bus); +hal_attribute(can_controller); +hal_attribute(cas); +hal_attribute(codec2); +hal_attribute(configstore); +hal_attribute(confirmationui); +hal_attribute(contexthub); +hal_attribute(drm); +hal_attribute(dumpstate); +hal_attribute(evs); +hal_attribute(face); +hal_attribute(fingerprint); +hal_attribute(gatekeeper); +hal_attribute(gnss); +hal_attribute(graphics_allocator); +hal_attribute(graphics_composer); +hal_attribute(health); +hal_attribute(health_storage); +hal_attribute(identity); +hal_attribute(input_classifier); +hal_attribute(ir); +hal_attribute(keymaster); +hal_attribute(light); +hal_attribute(lowpan); +hal_attribute(memtrack); +hal_attribute(neuralnetworks); +hal_attribute(nfc); +hal_attribute(oemlock); +hal_attribute(omx); +hal_attribute(power); +hal_attribute(power_stats); +hal_attribute(rebootescrow); +hal_attribute(secure_element); +hal_attribute(sensors); +hal_attribute(telephony); +hal_attribute(tetheroffload); +hal_attribute(thermal); +hal_attribute(tv_cec); +hal_attribute(tv_input); +hal_attribute(tv_tuner); +hal_attribute(usb); +hal_attribute(usb_gadget); +hal_attribute(vehicle); +hal_attribute(vibrator); +hal_attribute(vr); +hal_attribute(weaver); +hal_attribute(wifi); +hal_attribute(wifi_hostapd); +hal_attribute(wifi_supplicant); + +# HwBinder services offered across the core-vendor boundary +# +# We annotate server domains with x_server to loosen the coupling between +# system and vendor images. For example, it should be possible to move a service +# from one core domain to another, without having to update the vendor image +# which contains clients of this service. + +attribute automotive_display_service_server; +attribute camera_service_server; +attribute display_service_server; +attribute scheduler_service_server; +attribute sensor_service_server; +attribute stats_service_server; +attribute system_suspend_server; +attribute wifi_keystore_service_server; + +# All types used for super partition block devices. +attribute super_block_device_type; diff --git a/prebuilts/api/30.0/public/audioserver.te b/prebuilts/api/30.0/public/audioserver.te new file mode 100644 index 000000000..a8a33cc5a --- /dev/null +++ b/prebuilts/api/30.0/public/audioserver.te @@ -0,0 +1,6 @@ +# audioserver - audio services daemon +type audioserver, domain; +type audioserver_tmpfs, file_type; + +# Allow audioserver to signal audio HAL processes and dump their stacks. +allow audioserver hal_audio_server:process signal; diff --git a/prebuilts/api/30.0/public/blkid.te b/prebuilts/api/30.0/public/blkid.te new file mode 100644 index 000000000..dabe01452 --- /dev/null +++ b/prebuilts/api/30.0/public/blkid.te @@ -0,0 +1,2 @@ +# blkid called from vold +type blkid, domain; diff --git a/prebuilts/api/30.0/public/blkid_untrusted.te b/prebuilts/api/30.0/public/blkid_untrusted.te new file mode 100644 index 000000000..4be4c0cb2 --- /dev/null +++ b/prebuilts/api/30.0/public/blkid_untrusted.te @@ -0,0 +1,2 @@ +# blkid for untrusted block devices +type blkid_untrusted, domain; diff --git a/prebuilts/api/30.0/public/bluetooth.te b/prebuilts/api/30.0/public/bluetooth.te new file mode 100644 index 000000000..9b3442aa5 --- /dev/null +++ b/prebuilts/api/30.0/public/bluetooth.te @@ -0,0 +1,2 @@ +# bluetooth subsystem +type bluetooth, domain; diff --git a/prebuilts/api/30.0/public/bootanim.te b/prebuilts/api/30.0/public/bootanim.te new file mode 100644 index 000000000..e8cb98bbc --- /dev/null +++ b/prebuilts/api/30.0/public/bootanim.te @@ -0,0 +1,42 @@ +# bootanimation oneshot service +type bootanim, domain; +type bootanim_exec, system_file_type, exec_type, file_type; + +hal_client_domain(bootanim, hal_configstore) +hal_client_domain(bootanim, hal_graphics_allocator) +hal_client_domain(bootanim, hal_graphics_composer) + +binder_use(bootanim) +binder_call(bootanim, surfaceflinger) +binder_call(bootanim, audioserver) + +hwbinder_use(bootanim) + +allow bootanim gpu_device:chr_file rw_file_perms; + +# /oem access +allow bootanim oemfs:dir search; +allow bootanim oemfs:file r_file_perms; + +allow bootanim audio_device:dir r_dir_perms; +allow bootanim audio_device:chr_file rw_file_perms; + +allow bootanim audioserver_service:service_manager find; +allow bootanim surfaceflinger_service:service_manager find; + +# Allow access to ion memory allocation device +allow bootanim ion_device:chr_file rw_file_perms; +allow bootanim hal_graphics_allocator:fd use; + +# Fences +allow bootanim hal_graphics_composer:fd use; + +# Read access to pseudo filesystems. +allow bootanim proc_meminfo:file r_file_perms; + +# System file accesses. +allow bootanim system_file:dir r_dir_perms; + +# Read ro.boot.bootreason b/30654343 +get_prop(bootanim, bootloader_boot_reason_prop) + diff --git a/prebuilts/api/30.0/public/bootstat.te b/prebuilts/api/30.0/public/bootstat.te new file mode 100644 index 000000000..e91f2a5e5 --- /dev/null +++ b/prebuilts/api/30.0/public/bootstat.te @@ -0,0 +1,64 @@ +# bootstat command +type bootstat, domain; +type bootstat_exec, system_file_type, exec_type, file_type; + +read_runtime_log_tags(bootstat) + +# Allow persistent storage in /data/misc/bootstat. +allow bootstat bootstat_data_file:dir rw_dir_perms; +allow bootstat bootstat_data_file:file create_file_perms; + +# Collect metrics on boot time created by init +get_prop(bootstat, boottime_prop) + +# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) +set_prop(bootstat, bootloader_boot_reason_prop) +set_prop(bootstat, system_boot_reason_prop) +set_prop(bootstat, last_boot_reason_prop) +allow bootstat metadata_file:dir search; +allow bootstat metadata_bootstat_file:dir rw_dir_perms; +allow bootstat metadata_bootstat_file:file create_file_perms; + +# ToDo: TBI move access for the following to a system health HAL + +# Allow access to /sys/fs/pstore/ and syslog +allow bootstat pstorefs:dir search; +allow bootstat pstorefs:file r_file_perms; +allow bootstat kernel:system syslog_read; + +# Allow access to reading the logs to read aspects of system health +read_logd(bootstat) + +# Allow bootstat write to statsd. +unix_socket_send(bootstat, statsdw, statsd) + +# ToDo: end + +neverallow { + domain + -bootanim + -bootstat + -dumpstate + userdebug_or_eng(`-incidentd') + -init + -recovery + -shell + -system_server +} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; +# ... and refine, as these components should not set the last boot reason +neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; + +neverallow { + domain + -bootstat + -init + -system_server +} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; +# ... and refine ... for a ro propertly no less ... keep this _tight_ +neverallow system_server bootloader_boot_reason_prop:property_service set; + +neverallow { + domain + -bootstat + -init +} system_boot_reason_prop:property_service set; diff --git a/prebuilts/api/30.0/public/bufferhubd.te b/prebuilts/api/30.0/public/bufferhubd.te new file mode 100644 index 000000000..37edb5dce --- /dev/null +++ b/prebuilts/api/30.0/public/bufferhubd.te @@ -0,0 +1,25 @@ +# bufferhubd +type bufferhubd, domain, mlstrustedsubject; +type bufferhubd_exec, system_file_type, exec_type, file_type; + +hal_client_domain(bufferhubd, hal_graphics_allocator) + +# TODO(b/112338294): remove these after migrate to Binder +pdx_server(bufferhubd, bufferhub_client) +pdx_client(bufferhubd, performance_client) + +# Access the GPU. +allow bufferhubd gpu_device:chr_file rw_file_perms; + +# Access /dev/ion +allow bufferhubd ion_device:chr_file r_file_perms; + +# Receive sync fence FDs from hal_omx_server. Note that hal_omx_server never directly +# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between +# those two: it talks to hal_omx_server via Binder and talks to bufferhubd via PDX. +# Thus, there is no need to use pdx_client macro. +allow bufferhubd hal_omx_server:fd use; + +# Codec2 is similar to OMX +allow bufferhubd hal_codec2_server:fd use; + diff --git a/prebuilts/api/30.0/public/camera_service_server.te b/prebuilts/api/30.0/public/camera_service_server.te new file mode 100644 index 000000000..352e1b7aa --- /dev/null +++ b/prebuilts/api/30.0/public/camera_service_server.te @@ -0,0 +1 @@ +add_hwservice(camera_service_server, fwk_camera_hwservice) diff --git a/prebuilts/api/30.0/public/cameraserver.te b/prebuilts/api/30.0/public/cameraserver.te new file mode 100644 index 000000000..13ef1f738 --- /dev/null +++ b/prebuilts/api/30.0/public/cameraserver.te @@ -0,0 +1,74 @@ +# cameraserver - camera daemon +type cameraserver, domain; +type cameraserver_exec, system_file_type, exec_type, file_type; +type cameraserver_tmpfs, file_type; + +binder_use(cameraserver) +binder_call(cameraserver, binderservicedomain) +binder_call(cameraserver, appdomain) +binder_service(cameraserver) + +hal_client_domain(cameraserver, hal_camera) + +hal_client_domain(cameraserver, hal_graphics_allocator) + +allow cameraserver ion_device:chr_file rw_file_perms; + +# Talk with graphics composer fences +allow cameraserver hal_graphics_composer:fd use; + +add_service(cameraserver, cameraserver_service) +add_hwservice(cameraserver, fwk_camera_hwservice) + +allow cameraserver activity_service:service_manager find; +allow cameraserver appops_service:service_manager find; +allow cameraserver audioserver_service:service_manager find; +allow cameraserver batterystats_service:service_manager find; +allow cameraserver cameraproxy_service:service_manager find; +allow cameraserver mediaserver_service:service_manager find; +allow cameraserver processinfo_service:service_manager find; +allow cameraserver scheduling_policy_service:service_manager find; +allow cameraserver sensor_privacy_service:service_manager find; +allow cameraserver surfaceflinger_service:service_manager find; + +allow cameraserver hidl_token_hwservice:hwservice_manager find; + +### +### neverallow rules +### + +# cameraserver should never execute any executable without a +# domain transition +neverallow cameraserver { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow cameraserver domain:{ tcp_socket udp_socket rawip_socket } *; + +# Allow shell commands from ADB for CTS testing/dumping +allow cameraserver adbd:fd use; +allow cameraserver adbd:unix_stream_socket { read write }; +allow cameraserver shell:fd use; +allow cameraserver shell:unix_stream_socket { read write }; +allow cameraserver shell:fifo_file { read write }; + +# Allow to talk with media codec +allow cameraserver mediametrics_service:service_manager find; +hal_client_domain(cameraserver, hal_codec2) +hal_client_domain(cameraserver, hal_omx) +hal_client_domain(cameraserver, hal_allocator) + +# Allow shell commands from ADB for CTS testing/dumping +userdebug_or_eng(` + allow cameraserver su:fd use; + allow cameraserver su:fifo_file { read write }; + allow cameraserver su:unix_stream_socket { read write }; +') diff --git a/prebuilts/api/30.0/public/charger.te b/prebuilts/api/30.0/public/charger.te new file mode 100644 index 000000000..4b341ead3 --- /dev/null +++ b/prebuilts/api/30.0/public/charger.te @@ -0,0 +1,48 @@ +type charger, domain; +type charger_exec, system_file_type, exec_type, file_type; + +# Write to /dev/kmsg +allow charger kmsg_device:chr_file rw_file_perms; + +# Read access to pseudo filesystems. +r_dir_file(charger, rootfs) +r_dir_file(charger, cgroup) + +# Allow to read /sys/class/power_supply directory +allow charger sysfs_type:dir r_dir_perms; + +allow charger self:global_capability_class_set { sys_tty_config }; +allow charger self:global_capability_class_set sys_boot; + +wakelock_use(charger) + +allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Read/write to /sys/power/state +allow charger sysfs_power:file rw_file_perms; + +r_dir_file(charger, sysfs_batteryinfo) + +# Read /sys/fs/pstore/console-ramoops +# Don't worry about overly broad permissions for now, as there's +# only one file in /sys/fs/pstore +allow charger pstorefs:dir r_dir_perms; +allow charger pstorefs:file r_file_perms; + +allow charger graphics_device:dir r_dir_perms; +allow charger graphics_device:chr_file rw_file_perms; +allow charger input_device:dir r_dir_perms; +allow charger input_device:chr_file r_file_perms; +allow charger tty_device:chr_file rw_file_perms; +allow charger proc_sysrq:file rw_file_perms; + +# charger needs to tell init to continue the boot +# process when running in charger mode. +set_prop(charger, system_prop) +set_prop(charger, exported_system_prop) +set_prop(charger, exported2_system_prop) +set_prop(charger, exported3_system_prop) + +get_prop(charger, charger_prop) + +hal_client_domain(charger, hal_health) diff --git a/prebuilts/api/30.0/public/crash_dump.te b/prebuilts/api/30.0/public/crash_dump.te new file mode 100644 index 000000000..5188d1958 --- /dev/null +++ b/prebuilts/api/30.0/public/crash_dump.te @@ -0,0 +1,68 @@ +type crash_dump, domain; +type crash_dump_exec, system_file_type, exec_type, file_type; + +# crash_dump might inherit CAP_SYS_PTRACE from a privileged process, +# which will result in an audit log even when it's allowed to trace. +dontaudit crash_dump self:global_capability_class_set { sys_ptrace }; + +userdebug_or_eng(` + allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill }; + + # Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up. + allow crash_dump kmsg_debug_device:chr_file { open append }; +') + +# Use inherited file descriptors +allow crash_dump domain:fd use; + +# Read/write IPC pipes inherited from crashing processes. +allow crash_dump domain:fifo_file { read write }; + +# Append to pipes given to us by processes requesting dumps (e.g. dumpstate) +allow crash_dump domain:fifo_file { append }; + +r_dir_file(crash_dump, domain) +allow crash_dump exec_type:file r_file_perms; + +# Read /data/dalvik-cache. +allow crash_dump dalvikcache_data_file:dir { search getattr }; +allow crash_dump dalvikcache_data_file:file r_file_perms; + +# Read APK files. +r_dir_file(crash_dump, apk_data_file); + +# Read all /vendor +r_dir_file(crash_dump, { vendor_file same_process_hal_file }) + +# Talk to tombstoned +unix_socket_connect(crash_dump, tombstoned_crash, tombstoned) + +# Talk to ActivityManager. +unix_socket_connect(crash_dump, system_ndebug, system_server) + +# Append to ANR files. +allow crash_dump anr_data_file:file { append getattr }; + +# Append to tombstone files. +allow crash_dump tombstone_data_file:file { append getattr }; + +# crash_dump writes out logcat logs at the bottom of tombstones, +# which is super useful in some cases. +unix_socket_connect(crash_dump, logdr, logd) + +# Crash dump is not intended to access the following files. Since these +# are WAI, suppress the denials to clean up the logs. +dontaudit crash_dump { + core_data_file_type + vendor_file_type +}:dir search; +dontaudit crash_dump system_data_file:file read; +dontaudit crash_dump property_type:file read; + +### +### neverallow assertions +### + +# A domain transition must occur for crash_dump to get the privileges needed to trace the process. +# Do not allow the execution of crash_dump without a domain transition. +neverallow domain crash_dump_exec:file execute_no_trans; diff --git a/prebuilts/api/30.0/public/credstore.te b/prebuilts/api/30.0/public/credstore.te new file mode 100644 index 000000000..db16a8dcb --- /dev/null +++ b/prebuilts/api/30.0/public/credstore.te @@ -0,0 +1,16 @@ +type credstore, domain; +type credstore_exec, system_file_type, exec_type, file_type; + +# credstore daemon +binder_use(credstore) +binder_service(credstore) +binder_call(credstore, system_server) + +allow credstore credstore_data_file:dir create_dir_perms; +allow credstore credstore_data_file:file create_file_perms; + +add_service(credstore, credstore_service) +allow credstore sec_key_att_app_id_provider_service:service_manager find; +allow credstore dropbox_service:service_manager find; + +r_dir_file(credstore, cgroup) diff --git a/prebuilts/api/30.0/public/device.te b/prebuilts/api/30.0/public/device.te new file mode 100644 index 000000000..32563d67c --- /dev/null +++ b/prebuilts/api/30.0/public/device.te @@ -0,0 +1,114 @@ +# Device types +type device, dev_type, fs_type; +type ashmem_device, dev_type, mlstrustedobject; +type ashmem_libcutils_device, dev_type, mlstrustedobject; +type audio_device, dev_type; +type binder_device, dev_type, mlstrustedobject; +type hwbinder_device, dev_type, mlstrustedobject; +type vndbinder_device, dev_type; +type block_device, dev_type; +type camera_device, dev_type; +type dm_device, dev_type; +type keychord_device, dev_type; +type loop_control_device, dev_type; +type loop_device, dev_type; +type pmsg_device, dev_type, mlstrustedobject; +type radio_device, dev_type; +type ram_device, dev_type; +type rtc_device, dev_type; +type vold_device, dev_type; +type console_device, dev_type; +type fscklogs, dev_type; +# GPU (used by most UI apps) +type gpu_device, dev_type, mlstrustedobject; +type graphics_device, dev_type; +type hw_random_device, dev_type; +type input_device, dev_type; +type port_device, dev_type; +type lowpan_device, dev_type; +type mtp_device, dev_type, mlstrustedobject; +type nfc_device, dev_type; +type ptmx_device, dev_type, mlstrustedobject; +type kmsg_device, dev_type; +type kmsg_debug_device, dev_type; +type null_device, dev_type, mlstrustedobject; +type random_device, dev_type, mlstrustedobject; +type secure_element_device, dev_type; +type sensors_device, dev_type; +type serial_device, dev_type; +type socket_device, dev_type; +type owntty_device, dev_type, mlstrustedobject; +type tty_device, dev_type; +type video_device, dev_type; +type zero_device, dev_type, mlstrustedobject; +type fuse_device, dev_type, mlstrustedobject; +type iio_device, dev_type; +type ion_device, dev_type, mlstrustedobject; +type qtaguid_device, dev_type; +type watchdog_device, dev_type; +type uhid_device, dev_type; +type uio_device, dev_type; +type tun_device, dev_type, mlstrustedobject; +type usbaccessory_device, dev_type, mlstrustedobject; +type usb_device, dev_type, mlstrustedobject; +type usb_serial_device, dev_type; +type properties_device, dev_type; +type properties_serial, dev_type; +type property_info, dev_type; + +# All devices have a uart for the hci +# attach service. The uart dev node +# varies per device. This type +# is used in per device policy +type hci_attach_dev, dev_type; + +# All devices have a rpmsg device for +# achieving remoteproc and rpmsg modules +type rpmsg_device, dev_type; + +# Partition layout block device +type root_block_device, dev_type; + +# factory reset protection block device +type frp_block_device, dev_type; + +# System block device mounted on /system. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type system_block_device, dev_type; + +# Recovery block device. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type recovery_block_device, dev_type; + +# boot block device. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type boot_block_device, dev_type; + +# Userdata block device mounted on /data. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type userdata_block_device, dev_type; + +# Cache block device mounted on /cache. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type cache_block_device, dev_type; + +# Block device for any swap partition. +type swap_block_device, dev_type; + +# Metadata block device used for encryption metadata. +# Assign this type to the partition specified by the encryptable= +# mount option in your fstab file in the entry for userdata. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type metadata_block_device, dev_type; + +# The 'misc' partition used by recovery and A/B. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type misc_block_device, dev_type; + +# 'super' partition to be used for logical partitioning. +type super_block_device, super_block_device_type, dev_type; + +# sdcard devices; normally vold uses the vold_block_device label and creates a +# separate device node. gsid, however, accesses the original devide node +# created through uevents, so we use a separate label. +type sdcard_block_device, dev_type; diff --git a/prebuilts/api/30.0/public/dhcp.te b/prebuilts/api/30.0/public/dhcp.te new file mode 100644 index 000000000..4f2369d2d --- /dev/null +++ b/prebuilts/api/30.0/public/dhcp.te @@ -0,0 +1,30 @@ +type dhcp, domain; +type dhcp_exec, system_file_type, exec_type, file_type; + +net_domain(dhcp) + +allow dhcp cgroup:dir { create write add_name }; +allow dhcp self:global_capability_class_set { setgid setuid net_admin net_raw net_bind_service }; +allow dhcp self:packet_socket create_socket_perms_no_ioctl; +allow dhcp self:netlink_route_socket nlmsg_write; +allow dhcp shell_exec:file rx_file_perms; +allow dhcp system_file:file rx_file_perms; +not_full_treble(`allow dhcp vendor_file:file rx_file_perms;') + +# dhcpcd runs dhcpcd-hooks/*, which runs getprop / setprop (toolbox_exec) +allow dhcp toolbox_exec:file rx_file_perms; + +# For /proc/sys/net/ipv4/conf/*/promote_secondaries +allow dhcp proc_net_type:file write; + +set_prop(dhcp, dhcp_prop) +set_prop(dhcp, pan_result_prop) + +allow dhcp dhcp_data_file:dir create_dir_perms; +allow dhcp dhcp_data_file:file create_file_perms; + +# PAN connections +allow dhcp netd:fd use; +allow dhcp netd:fifo_file rw_file_perms; +allow dhcp netd:{ dgram_socket_class_set unix_stream_socket } { read write }; +allow dhcp netd:{ netlink_kobject_uevent_socket netlink_route_socket netlink_nflog_socket } { read write }; diff --git a/prebuilts/api/30.0/public/display_service_server.te b/prebuilts/api/30.0/public/display_service_server.te new file mode 100644 index 000000000..c5839fa54 --- /dev/null +++ b/prebuilts/api/30.0/public/display_service_server.te @@ -0,0 +1 @@ +add_hwservice(display_service_server, fwk_display_hwservice) diff --git a/prebuilts/api/30.0/public/dnsmasq.te b/prebuilts/api/30.0/public/dnsmasq.te new file mode 100644 index 000000000..86f1eb1c9 --- /dev/null +++ b/prebuilts/api/30.0/public/dnsmasq.te @@ -0,0 +1,28 @@ +# DNS, DHCP services +type dnsmasq, domain; +type dnsmasq_exec, system_file_type, exec_type, file_type; + +net_domain(dnsmasq) +allowxperm dnsmasq self:udp_socket ioctl priv_sock_ioctls; + +# TODO: Run with dhcp group to avoid need for dac_override. +allow dnsmasq self:global_capability_class_set { dac_override dac_read_search }; + +allow dnsmasq self:global_capability_class_set { net_admin net_raw net_bind_service setgid setuid }; + +allow dnsmasq dhcp_data_file:dir w_dir_perms; +allow dnsmasq dhcp_data_file:file create_file_perms; + +# Inherit and use open files from netd. +allow dnsmasq netd:fd use; +allow dnsmasq netd:fifo_file { getattr read write }; +# TODO: Investigate whether these inherited sockets should be closed on exec. +allow dnsmasq netd:netlink_kobject_uevent_socket { read write }; +allow dnsmasq netd:netlink_nflog_socket { read write }; +allow dnsmasq netd:netlink_route_socket { read write }; +allow dnsmasq netd:unix_stream_socket { getattr read write }; +allow dnsmasq netd:unix_dgram_socket { read write }; +allow dnsmasq netd:udp_socket { read write }; + +# sometimes a network device vanishes and we try to load module netdev-{devicename} +dontaudit dnsmasq kernel:system module_request; diff --git a/prebuilts/api/30.0/public/domain.te b/prebuilts/api/30.0/public/domain.te new file mode 100644 index 000000000..265489647 --- /dev/null +++ b/prebuilts/api/30.0/public/domain.te @@ -0,0 +1,1416 @@ +# Rules for all domains. + +# Allow reaping by init. +allow domain init:process sigchld; + +# Intra-domain accesses. +allow domain self:process { + fork + sigchld + sigkill + sigstop + signull + signal + getsched + setsched + getsession + getpgid + setpgid + getcap + setcap + getattr + setrlimit +}; +allow domain self:fd use; +allow domain proc:dir r_dir_perms; +allow domain proc_net_type:dir search; +r_dir_file(domain, self) +allow domain self:{ fifo_file file } rw_file_perms; +allow domain self:unix_dgram_socket { create_socket_perms sendto }; +allow domain self:unix_stream_socket { create_stream_socket_perms connectto }; + +# Inherit or receive open files from others. +allow domain init:fd use; + +userdebug_or_eng(` + allow domain su:fd use; + allow domain su:unix_stream_socket { connectto getattr getopt read write shutdown }; + allow domain su:unix_dgram_socket sendto; + + allow { domain -init } su:binder { call transfer }; + + # Running something like "pm dump com.android.bluetooth" requires + # fifo writes + allow domain su:fifo_file { write getattr }; + + # allow "gdbserver --attach" to work for su. + allow domain su:process sigchld; + + # Allow writing coredumps to /cores/* + allow domain coredump_file:file create_file_perms; + allow domain coredump_file:dir ra_dir_perms; +') + +with_native_coverage(` + # Allow writing coverage information to /data/misc/trace + allow domain method_trace_data_file:dir create_dir_perms; + allow domain method_trace_data_file:file create_file_perms; +') + +# Root fs. +allow domain tmpfs:dir { getattr search }; +allow domain rootfs:dir search; +allow domain rootfs:lnk_file { read getattr }; + +# Device accesses. +allow domain device:dir search; +allow domain dev_type:lnk_file r_file_perms; +allow domain devpts:dir search; +allow domain socket_device:dir r_dir_perms; +allow domain owntty_device:chr_file rw_file_perms; +allow domain null_device:chr_file rw_file_perms; +allow domain zero_device:chr_file rw_file_perms; + +# /dev/ashmem is being deprecated by means of constraining and eventually +# removing all "open" permissions. We preserve the other permissions. +allow domain ashmem_device:chr_file { getattr read ioctl lock map append write }; +# This device is used by libcutils, which is accessible to everyone. +allow domain ashmem_libcutils_device:chr_file rw_file_perms; + +# /dev/binder can be accessed by ... everyone! :) +allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms; + +# /dev/binderfs needs to be accessed by everyone too! +allow domain binderfs:dir { getattr search }; +allow domain binderfs_logs_proc:dir search; + +allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms; +allow domain ptmx_device:chr_file rw_file_perms; +allow domain random_device:chr_file rw_file_perms; +allow domain proc_random:dir r_dir_perms; +allow domain proc_random:file r_file_perms; +allow domain properties_device:dir { search getattr }; +allow domain properties_serial:file r_file_perms; +allow domain property_info:file r_file_perms; + +# Public readable properties +get_prop(domain, debug_prop) +get_prop(domain, exported_config_prop) +get_prop(domain, exported_default_prop) +get_prop(domain, exported_dumpstate_prop) +get_prop(domain, exported_fingerprint_prop) +get_prop(domain, exported_radio_prop) +get_prop(domain, exported_secure_prop) +get_prop(domain, exported_system_prop) +get_prop(domain, exported_vold_prop) +get_prop(domain, exported2_default_prop) +get_prop(domain, logd_prop) +get_prop(domain, socket_hook_prop) +get_prop(domain, vendor_socket_hook_prop) +get_prop(domain, vndk_prop) + +# Binder cache properties are world-readable +get_prop(domain, binder_cache_bluetooth_server_prop) +get_prop(domain, binder_cache_system_server_prop) +get_prop(domain, binder_cache_telephony_server_prop) + +# Let everyone read log properties, so that liblog can avoid sending unloggable +# messages to logd. +get_prop(domain, log_property_type) +dontaudit domain property_type:file audit_access; +allow domain property_contexts_file:file r_file_perms; + +allow domain init:key search; +allow domain vold:key search; + +# logd access +write_logd(domain) + +# Directory/link file access for path resolution. +allow domain { + system_file + system_lib_file + system_seccomp_policy_file + system_security_cacerts_file +}:dir r_dir_perms; +allow domain system_file:lnk_file { getattr read }; + +# Global access to /system/etc/security/cacerts/*, /system/etc/seccomp_policy/*, /system/lib[64]/*, +# /(system|product|system_ext)/etc/(group|passwd), linker and its config. +allow domain system_seccomp_policy_file:file r_file_perms; +# cacerts are accessible from public Java API. +allow domain system_security_cacerts_file:file r_file_perms; +allow domain system_group_file:file r_file_perms; +allow domain system_passwd_file:file r_file_perms; +allow domain system_linker_exec:file { execute read open getattr map }; +allow domain system_linker_config_file:file r_file_perms; +allow domain system_lib_file:file { execute read open getattr map }; +# To allow following symlinks at /system/bin/linker, /system/lib/libc.so, etc. +allow domain system_linker_exec:lnk_file { read open getattr }; +allow domain system_lib_file:lnk_file { read open getattr }; + +allow domain system_event_log_tags_file:file r_file_perms; + +allow { appdomain coredomain } system_file:file { execute read open getattr map }; + +# Make sure system/vendor split doesn not affect non-treble +# devices +not_full_treble(` + allow domain system_file:file { execute read open getattr map }; + allow domain vendor_file_type:dir { search getattr }; + allow domain vendor_file_type:file { execute read open getattr map }; + allow domain vendor_file_type:lnk_file { getattr read }; +') + +# All domains are allowed to open and read directories +# that contain HAL implementations (e.g. passthrough +# HALs require clients to have these permissions) +allow domain vendor_hal_file:dir r_dir_perms; + +# Everyone can read and execute all same process HALs +allow domain same_process_hal_file:dir r_dir_perms; +allow { + domain + -coredomain # access is explicitly granted to individual coredomains +} same_process_hal_file:file { execute read open getattr map }; + +# Any process can load vndk-sp libraries, which are system libraries +# used by same process HALs +allow domain vndk_sp_file:dir r_dir_perms; +allow domain vndk_sp_file:file { execute read open getattr map }; + +# All domains get access to /vendor/etc +allow domain vendor_configs_file:dir r_dir_perms; +allow domain vendor_configs_file:file { read open getattr map }; + +full_treble_only(` + # Allow all domains to be able to follow /system/vendor and/or + # /vendor/odm symlinks. + allow domain vendor_file_type:lnk_file { getattr open read }; + + # This is required to be able to search & read /vendor/lib64 + # in order to lookup vendor libraries. The execute permission + # for coredomains is granted *only* for same process HALs + allow domain vendor_file:dir { getattr search }; + + # Allow reading and executing out of /vendor to all vendor domains + allow { domain -coredomain } vendor_file_type:dir r_dir_perms; + allow { domain -coredomain } vendor_file_type:file { read open getattr execute map }; + allow { domain -coredomain } vendor_file_type:lnk_file { getattr read }; +') + +# read and stat any sysfs symlinks +allow domain sysfs:lnk_file { getattr read }; + +# libc references /data/misc/zoneinfo and /system/usr/share/zoneinfo for +# timezone related information. +# This directory is considered to be a VNDK-stable +allow domain { system_zoneinfo_file zoneinfo_data_file }:file r_file_perms; +allow domain { system_zoneinfo_file zoneinfo_data_file }:dir r_dir_perms; + +# Lots of processes access current CPU information +r_dir_file(domain, sysfs_devices_system_cpu) + +r_dir_file(domain, sysfs_usb); + +# If kernel CONFIG_TRANSPARENT_HUGEPAGE is enabled, libjemalloc5 (statically +# included by libc) reads /sys/kernel/mm/transparent_hugepage/enabled. +allow domain sysfs_transparent_hugepage:dir search; +allow domain sysfs_transparent_hugepage:file r_file_perms; + +# files under /data. +not_full_treble(` + allow domain system_data_file:dir getattr; +') +allow { coredomain appdomain } system_data_file:dir getattr; +# /data has the label system_data_root_file. Vendor components need the search +# permission on system_data_root_file for path traversal to /data/vendor. +allow domain system_data_root_file:dir { search getattr } ; +allow domain system_data_file:dir search; +# TODO restrict this to non-coredomain +allow domain vendor_data_file:dir { getattr search }; + +# required by the dynamic linker +allow domain proc:lnk_file { getattr read }; + +# /proc/cpuinfo +allow domain proc_cpuinfo:file r_file_perms; + +# /dev/cpu_variant:.* +allow domain dev_cpu_variant:file r_file_perms; + +# profiling needs to read /proc/sys/kernel/perf_event_max_sample_rate +allow domain proc_perf:file r_file_perms; + +# toybox loads libselinux which stats /sys/fs/selinux/ +allow domain selinuxfs:dir search; +allow domain selinuxfs:file getattr; +allow domain sysfs:dir search; +allow domain selinuxfs:filesystem getattr; + +# Almost all processes log tracing information to +# /sys/kernel/debug/tracing/trace_marker +# The reason behind this is documented in b/6513400 +allow domain debugfs:dir search; +allow domain debugfs_tracing:dir search; +allow domain debugfs_tracing_debug:dir search; +allow domain debugfs_trace_marker:file w_file_perms; + +# Filesystem access. +allow domain fs_type:filesystem getattr; +allow domain fs_type:dir getattr; + +# Restrict all domains to a whitelist for common socket types. Additional +# ioctl commands may be added to individual domains, but this sets safe +# defaults for all processes. Note that granting this whitelist to domain does +# not grant the ioctl permission on these socket types. That must be granted +# separately. +allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket } + ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; +# default whitelist for unix sockets. +allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket } + ioctl unpriv_unix_sock_ioctls; + +# Restrict PTYs to only whitelisted ioctls. +# Note that granting this whitelist to domain does +# not grant the wider ioctl permission. That must be granted +# separately. +allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls; + +# All domains must clearly enumerate what ioctls they use +# on filesystem objects (plain files, directories, symbolic links, +# named pipes, and named sockets). We start off with a safe set. +allowxperm domain { file_type fs_type domain dev_type }:{ dir notdevfile_class_set blk_file } ioctl { FIOCLEX FIONCLEX }; + +# If a domain has ioctl access to tun_device, it must clearly enumerate the +# ioctls used. Safe defaults are listed below. +allowxperm domain tun_device:chr_file ioctl { FIOCLEX FIONCLEX }; + +# Allow a process to make a determination whether a file descriptor +# for a plain file or pipe (fifo_file) is a tty. Note that granting +# this whitelist to domain does not grant the ioctl permission to +# these files. That must be granted separately. +allowxperm domain { file_type fs_type }:file ioctl { TCGETS }; +allowxperm domain domain:fifo_file ioctl { TCGETS }; + +# If a domain has access to perform an ioctl on a block device, allow these +# very common, benign ioctls +allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET }; + +# Support sqlite F2FS specific optimizations +# ioctl permission on the specific file type is still required +# TODO: consider only compiling these rules if we know the +# /data partition is F2FS +allowxperm domain { file_type sdcard_type }:file ioctl { + F2FS_IOC_ABORT_VOLATILE_WRITE + F2FS_IOC_COMMIT_ATOMIC_WRITE + F2FS_IOC_GET_FEATURES + F2FS_IOC_GET_PIN_FILE + F2FS_IOC_SET_PIN_FILE + F2FS_IOC_START_ATOMIC_WRITE +}; + +# Workaround for policy compiler being too aggressive and removing hwservice_manager_type +# when it's not explicitly used in allow rules +allow { domain -domain } hwservice_manager_type:hwservice_manager { add find }; +# Workaround for policy compiler being too aggressive and removing vndservice_manager_type +# when it's not explicitly used in allow rules +allow { domain -domain } vndservice_manager_type:service_manager { add find }; + +# Under ASAN, processes will try to read /data, as the sanitized libraries are there. +with_asan(`allow domain system_data_file:dir getattr;') +# Under ASAN, /system/asan.options needs to be globally accessible. +with_asan(`allow domain system_asan_options_file:file r_file_perms;') + +# read APEX dir and stat any symlink pointing to APEXs. +allow domain apex_mnt_dir:dir { getattr search }; +allow domain apex_mnt_dir:lnk_file r_file_perms; + +### +### neverallow rules +### + +# All ioctls on file-like objects (except chr_file and blk_file) and +# sockets must be restricted to a whitelist. +neverallowxperm * *:{ dir notdevfile_class_set socket_class_set blk_file } ioctl { 0 }; + +# b/68014825 and https://android-review.googlesource.com/516535 +# rfc6093 says that processes should not use the TCP urgent mechanism +neverallowxperm domain domain:socket_class_set ioctl { SIOCATMARK }; + +# TIOCSTI is only ever used for exploits. Block it. +# b/33073072, b/7530569 +# http://www.openwall.com/lists/oss-security/2016/09/26/14 +neverallowxperm * devpts:chr_file ioctl TIOCSTI; + +# Do not allow any domain other than init to create unlabeled files. +neverallow { domain -init -recovery } unlabeled:dir_file_class_set create; + +# Limit device node creation to these whitelisted domains. +neverallow { + domain + -kernel + -init + -ueventd + -vold +} self:global_capability_class_set mknod; + +# No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR). +neverallow * self:memprotect mmap_zero; + +# No domain needs mac_override as it is unused by SELinux. +neverallow * self:global_capability2_class_set mac_override; + +# Disallow attempts to set contexts not defined in current policy +# This helps guarantee that unknown or dangerous contents will not ever +# be set. +neverallow * self:global_capability2_class_set mac_admin; + +# Once the policy has been loaded there shall be none to modify the policy. +# It is sealed. +neverallow * kernel:security load_policy; + +# Only init prior to switching context should be able to set enforcing mode. +# init starts in kernel domain and switches to init domain via setcon in +# the init.rc, so the setenforce occurs while still in kernel. After +# switching domains, there is never any need to setenforce again by init. +neverallow * kernel:security setenforce; +neverallow { domain -kernel } kernel:security setcheckreqprot; + +# No booleans in AOSP policy, so no need to ever set them. +neverallow * kernel:security setbool; + +# Adjusting the AVC cache threshold. +# Not presently allowed to anything in policy, but possibly something +# that could be set from init.rc. +neverallow { domain -init } kernel:security setsecparam; + +# Only init, ueventd, shell and system_server should be able to access HW RNG +neverallow { + domain + -init + -shell # For CTS and is restricted to getattr in shell.te + -system_server + -ueventd +} hw_random_device:chr_file *; +# b/78174219 b/64114943 +neverallow { + domain + -shell # stat of /dev, getattr only + -ueventd +} keychord_device:chr_file *; + +# Ensure that all entrypoint executables are in exec_type or postinstall_file. +neverallow * { file_type -exec_type -postinstall_file }:file entrypoint; + +# The dynamic linker always calls access(2) on the path. Don't generate SElinux +# denials since the linker does not actually access the path in case the path +# does not exist or isn't accessible for the process. +dontaudit domain postinstall_mnt_dir:dir audit_access; + +#Ensure that nothing in userspace can access /dev/port +neverallow { + domain + -shell # Shell user should not have any abilities outside of getattr + -ueventd +} port_device:chr_file *; +neverallow * port_device:chr_file ~{ create relabelto unlink setattr getattr }; +# Only init should be able to configure kernel usermodehelpers or +# security-sensitive proc settings. +neverallow { domain -init } usermodehelper:file { append write }; +neverallow { domain -init -ueventd } sysfs_usermodehelper:file { append write }; +neverallow { domain -init -vendor_init } proc_security:file { append open read write }; + +# Init can't do anything with binder calls. If this neverallow rule is being +# triggered, it's probably due to a service with no SELinux domain. +neverallow * init:binder *; +neverallow * vendor_init:binder *; + +# Don't allow raw read/write/open access to block_device +# Rather force a relabel to a more specific type +neverallow { domain -kernel -init -recovery } block_device:blk_file { open read write }; + +# Do not allow renaming of block files or character files +# Ability to do so can lead to possible use in an exploit chain +# e.g. https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html +neverallow * *:{ blk_file chr_file } rename; + +# Don't allow raw read/write/open access to generic devices. +# Rather force a relabel to a more specific type. +neverallow domain device:chr_file { open read write }; + +# Files from cache should never be executed +neverallow domain { cache_file cache_backup_file cache_private_backup_file cache_recovery_file }:file execute; + +# Protect most domains from executing arbitrary content from /data. +neverallow { + domain + -appdomain +} { + data_file_type + -dalvikcache_data_file + -system_data_file # shared libs in apks + -apk_data_file +}:file no_x_file_perms; + +# The test files and executables MUST not be accessible to any domain +neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_perms; +neverallow domain nativetest_data_file:dir no_w_dir_perms; +neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms; + +# Only the init property service should write to /data/property and /dev/__properties__ +neverallow { domain -init } property_data_file:dir no_w_dir_perms; +neverallow { domain -init } property_data_file:file { no_w_file_perms no_x_file_perms }; +neverallow { domain -init } property_type:file { no_w_file_perms no_x_file_perms }; +neverallow { domain -init } properties_device:file { no_w_file_perms no_x_file_perms }; +neverallow { domain -init } properties_serial:file { no_w_file_perms no_x_file_perms }; + +# Nobody should be doing writes to /system & /vendor +# These partitions are intended to be read-only and must never be +# modified. Doing so would violate important Android security guarantees +# and invalidate dm-verity signatures. +neverallow { + domain + with_asan(`-asan_extract') + recovery_only(`userdebug_or_eng(`-fastbootd')') +} { + system_file_type + vendor_file_type + exec_type +}:dir_file_class_set { create write setattr relabelfrom append unlink link rename }; + +neverallow { domain -kernel with_asan(`-asan_extract') } { system_file_type vendor_file_type exec_type }:dir_file_class_set relabelto; + +# Don't allow mounting on top of /system files or directories +neverallow * exec_type:dir_file_class_set mounton; +neverallow { domain -init } { system_file_type vendor_file_type }:dir_file_class_set mounton; + +# Nothing should be writing to files in the rootfs. +neverallow * rootfs:file { create write setattr relabelto append unlink link rename }; + +# Restrict context mounts to specific types marked with +# the contextmount_type attribute. +neverallow * {fs_type -contextmount_type}:filesystem relabelto; + +# Ensure that context mount types are not writable, to ensure that +# the write to /system restriction above is not bypassed via context= +# mount to another type. +neverallow * contextmount_type:dir_file_class_set + { create setattr relabelfrom relabelto append link rename }; +neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } contextmount_type:dir_file_class_set { write unlink }; + +# Do not allow service_manager add for default service labels. +# Instead domains should use a more specific type such as +# system_app_service rather than the generic type. +# New service_types are defined in {,hw,vnd}service.te and new mappings +# from service name to service_type are defined in {,hw,vnd}service_contexts. +neverallow * default_android_service:service_manager *; +neverallow * default_android_vndservice:service_manager *; +neverallow * default_android_hwservice:hwservice_manager *; + +# Looking up the base class/interface of all HwBinder services is a bad idea. +# hwservicemanager currently offer such lookups only to make it so that security +# decisions are expressed in SELinux policy. However, it's unclear whether this +# lookup has security implications. If it doesn't, hwservicemanager should be +# modified to not offer this lookup. +# This rule can be removed if hwservicemanager is modified to not permit these +# lookups. +neverallow * hidl_base_hwservice:hwservice_manager find; + +# Require that domains explicitly label unknown properties, and do not allow +# anyone but init to modify unknown properties. +neverallow { domain -init -vendor_init } default_prop:property_service set; +neverallow { domain -init -vendor_init } mmc_prop:property_service set; +neverallow { domain -init -vendor_init } vndk_prop:property_service set; + +compatible_property_only(` + neverallow { domain -init } default_prop:property_service set; + neverallow { domain -init } mmc_prop:property_service set; + neverallow { domain -init -vendor_init } exported_default_prop:property_service set; + neverallow { domain -init } exported_secure_prop:property_service set; + neverallow { domain -init } exported2_default_prop:property_service set; + neverallow { domain -init -vendor_init } exported3_default_prop:property_service set; + neverallow { domain -init -vendor_init } vendor_default_prop:property_service set; + neverallow { domain -init -vendor_init } storage_config_prop:property_service set; +') + +# Only core domains are allowed to access package_manager properties +neverallow { domain -init -system_server } pm_prop:property_service set; +neverallow { domain -coredomain } pm_prop:file no_rw_file_perms; + +compatible_property_only(` + neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set; + neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms; +') + +# Do not allow reading device's serial number from system properties except form +# a few whitelisted domains. +neverallow { + domain + -adbd + -dumpstate + -fastbootd + -hal_camera_server + -hal_cas_server + -hal_drm_server + userdebug_or_eng(`-incidentd') + -init + -mediadrmserver + -mediaserver + -recovery + -shell + -system_server + -vendor_init +} serialno_prop:file r_file_perms; + +# Do not allow reading the last boot timestamp from system properties +neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms; + +neverallow { + domain + -init + -recovery + -system_server + -shell # Shell is further restricted in shell.te + -ueventd # Further restricted in ueventd.te +} frp_block_device:blk_file no_rw_file_perms; + +# The metadata block device is set aside for device encryption and +# verified boot metadata. It may be reset at will and should not +# be used by other domains. +neverallow { + domain + -init + -recovery + -vold + -e2fs + -fsck + -fastbootd +} metadata_block_device:blk_file { append link rename write open read ioctl lock }; + +# No domain other than recovery, update_engine and fastbootd can write to system partition(s). +neverallow { + domain + -fastbootd + userdebug_or_eng(`-fsck') + userdebug_or_eng(`-init') + -recovery + -update_engine +} system_block_device:blk_file { write append }; + +# No domains other than a select few can access the misc_block_device. This +# block device is reserved for OTA use. +# Do not assert this rule on userdebug/eng builds, due to some devices using +# this partition for testing purposes. +neverallow { + domain + userdebug_or_eng(`-domain') # exclude debuggable builds + -fastbootd + -hal_bootctl_server + -init + -uncrypt + -update_engine + -vendor_init + -vendor_misc_writer + -vold + -recovery + -ueventd +} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock }; + +# Only (hw|vnd|)servicemanager should be able to register with binder as the context manager +neverallow { domain -servicemanager -hwservicemanager -vndservicemanager } *:binder set_context_mgr; +# The service managers are only allowed to access their own device node +neverallow servicemanager hwbinder_device:chr_file no_rw_file_perms; +neverallow servicemanager vndbinder_device:chr_file no_rw_file_perms; +neverallow hwservicemanager binder_device:chr_file no_rw_file_perms; +neverallow hwservicemanager vndbinder_device:chr_file no_rw_file_perms; +neverallow vndservicemanager binder_device:chr_file no_rw_file_perms; +neverallow vndservicemanager hwbinder_device:chr_file no_rw_file_perms; + +# system services cant add vendor services +neverallow { + coredomain +} vendor_service:service_manager add; + +full_treble_only(` + # vendor services cant add system services + neverallow { + domain + -coredomain + -binder_in_vendor_violators # TODO(b/131617943) remove once all violators are gone + } { + service_manager_type + -vendor_service + }:service_manager add; +') + +full_treble_only(` + # Vendor apps are permited to use only stable public services. If they were to use arbitrary + # services which can change any time framework/core is updated, breakage is likely. + neverallow { + appdomain + -coredomain + } { + service_manager_type + -app_api_service + -ephemeral_app_api_service + -audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed + -cameraserver_service + -drmserver_service + -hal_light_service # TODO(b/148154485) remove once all violators are gone + -credstore_service + -keystore_service + -mediadrmserver_service + -mediaextractor_service + -mediametrics_service + -mediaserver_service + -nfc_service + -radio_service + -virtual_touchpad_service + -vr_hwc_service + -vr_manager_service + }:service_manager find; +') + +# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder. +full_treble_only(` + neverallow { + coredomain + -shell + userdebug_or_eng(`-su') + -ueventd # uevent is granted create for this device, but we still neverallow I/O below + } vndbinder_device:chr_file rw_file_perms; +') +full_treble_only(` + neverallow ueventd vndbinder_device:chr_file { read write append ioctl }; +') +full_treble_only(` + neverallow { + coredomain + -shell + userdebug_or_eng(`-su') + } vndservice_manager_type:service_manager *; +') +full_treble_only(` + neverallow { + coredomain + -shell + userdebug_or_eng(`-su') + } vndservicemanager:binder *; +') + +# On full TREBLE devices, socket communications between core components and vendor components are +# not permitted. + # Most general rules first, more specific rules below. + + # Core domains are not permitted to initiate communications to vendor domain sockets. + # We are not restricting the use of already established sockets because it is fine for a process + # to obtain an already established socket via some public/official/stable API and then exchange + # data with its peer over that socket. The wire format in this scenario is dicatated by the API + # and thus does not break the core-vendor separation. +full_treble_only(` + neverallow_establish_socket_comms({ + coredomain + -init + -adbd + }, { + domain + -coredomain + -socket_between_core_and_vendor_violators + }); +') + # Vendor domains are not permitted to initiate communications to core domain sockets +full_treble_only(` + neverallow_establish_socket_comms({ + domain + -coredomain + -appdomain + -socket_between_core_and_vendor_violators + }, { + coredomain + -logd # Logging by writing to logd Unix domain socket is public API + -netd # netdomain needs this + -mdnsd # netdomain needs this + userdebug_or_eng(`-su') # communications with su are permitted only on userdebug or eng builds + -init + -tombstoned # linker to tombstoned + userdebug_or_eng(`-heapprofd') + userdebug_or_eng(`-traced_perf') + }); +') + + # Vendor domains are not permitted to initiate create/open sockets owned by core domains +full_treble_only(` + neverallow { + domain + -coredomain + -appdomain # appdomain restrictions below + -data_between_core_and_vendor_violators # b/70393317 + -socket_between_core_and_vendor_violators + -vendor_init + } { + coredomain_socket + core_data_file_type + unlabeled # used only by core domains + }:sock_file ~{ append getattr ioctl read write }; +') +full_treble_only(` + neverallow { + appdomain + -coredomain + } { + coredomain_socket + unlabeled # used only by core domains + core_data_file_type + -app_data_file + -privapp_data_file + -pdx_endpoint_socket_type # used by VR layer + -pdx_channel_socket_type # used by VR layer + }:sock_file ~{ append getattr ioctl read write }; +') + + # Core domains are not permitted to create/open sockets owned by vendor domains +full_treble_only(` + neverallow { + coredomain + -init + -ueventd + -socket_between_core_and_vendor_violators + } { + file_type + dev_type + -coredomain_socket + -core_data_file_type + -unlabeled + }:sock_file ~{ append getattr ioctl read write }; +') + +# On TREBLE devices, vendor and system components are only allowed to share +# files by passing open FDs over hwbinder. Ban all directory access and all file +# accesses other than what can be applied to an open FD such as +# ioctl/stat/read/write/append. This is enforced by segregating /data. +# Vendor domains may directly access file in /data/vendor by path, but may only +# access files outside of /data/vendor via an open FD passed over hwbinder. +# Likewise, core domains may only directly access files outside /data/vendor by +# path and files in /data/vendor by open FD. +full_treble_only(` + # only coredomains may only access core_data_file_type, particularly not + # /data/vendor + neverallow { + coredomain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -data_between_core_and_vendor_violators + -init + -vold_prepare_subdirs + } { + data_file_type + -core_data_file_type + }:file_class_set ~{ append getattr ioctl read write map }; +') +full_treble_only(` + neverallow { + coredomain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -data_between_core_and_vendor_violators + -init + -vold_prepare_subdirs + } { + data_file_type + -core_data_file_type + # TODO(b/72998741) Remove exemption. Further restricted in a subsequent + # neverallow. Currently only getattr and search are allowed. + -vendor_data_file + }:dir *; + +') +full_treble_only(` + # vendor domains may only access files in /data/vendor, never core_data_file_types + neverallow { + domain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -coredomain + -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up + -vendor_init + } { + core_data_file_type + # libc includes functions like mktime and localtime which attempt to access + # files in /data/misc/zoneinfo/tzdata and /system/usr/share/zoneinfo/tzdata. + # These functions are considered vndk-stable and thus must be allowed for + # all processes. + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') + }:file_class_set ~{ append getattr ioctl read write map }; + neverallow { + vendor_init + -data_between_core_and_vendor_violators + } { + core_data_file_type + -unencrypted_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') + }:file_class_set ~{ append getattr ioctl read write map }; + # vendor init needs to be able to read unencrypted_data_file to create directories with FBE. + # The vendor init binary lives on the system partition so there is not a concern with stability. + neverallow vendor_init unencrypted_data_file:file ~r_file_perms; +') +full_treble_only(` + # vendor domains may only access dirs in /data/vendor, never core_data_file_types + neverallow { + domain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -coredomain + -data_between_core_and_vendor_violators + -vendor_init + } { + core_data_file_type + -system_data_file # default label for files on /data. Covered below... + -system_data_root_file + -vendor_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') + }:dir *; + neverallow { + vendor_init + -data_between_core_and_vendor_violators + } { + core_data_file_type + -unencrypted_data_file + -system_data_file + -system_data_root_file + -vendor_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') + }:dir *; + # vendor init needs to be able to read unencrypted_data_file to create directories with FBE. + # The vendor init binary lives on the system partition so there is not a concern with stability. + neverallow vendor_init unencrypted_data_file:dir ~search; +') +full_treble_only(` + # vendor domains may only access dirs in /data/vendor, never core_data_file_types + neverallow { + domain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -coredomain + -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up + } { + system_data_file # default label for files on /data. Covered below + }:dir ~{ getattr search }; +') + +full_treble_only(` + # coredomains may not access dirs in /data/vendor. + neverallow { + coredomain + -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up + -init + -vold # vold creates per-user storage for both system and vendor + -vold_prepare_subdirs + } { + vendor_data_file # default label for files on /data. Covered below + }:dir ~{ getattr search }; +') + +full_treble_only(` + # coredomains may not access dirs in /data/vendor. + neverallow { + coredomain + -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up + -init + } { + vendor_data_file # default label for files on /data/vendor{,_ce,_de}. + }:file_class_set ~{ append getattr ioctl read write map }; +') + +full_treble_only(` + # Non-vendor domains are not allowed to file execute shell + # from vendor + neverallow { + coredomain + -init + -shell + -ueventd + } vendor_shell_exec:file { execute execute_no_trans }; +') + +full_treble_only(` + # Do not allow vendor components to execute files from system + # except for the ones whitelist here. + neverallow { + domain + -coredomain + -appdomain + -vendor_executes_system_violators + -vendor_init + } { + system_file_type + -system_lib_file + -system_linker_exec + -crash_dump_exec + -iorap_prefetcherd_exec + -iorap_inode2filename_exec + -netutils_wrapper_exec + userdebug_or_eng(`-tcpdump_exec') + }:file { entrypoint execute execute_no_trans }; +') + +full_treble_only(` + # Do not allow system components to execute files from vendor + # except for the ones whitelisted here. + neverallow { + coredomain + -init + -shell + -system_executes_vendor_violators + -ueventd + } { + vendor_file_type + -same_process_hal_file + -vndk_sp_file + -vendor_app_file + -vendor_public_lib_file + }:file execute; +') + +full_treble_only(` + neverallow { + coredomain + -shell + -system_executes_vendor_violators + } { + vendor_file_type + -same_process_hal_file + }:file execute_no_trans; +') + +full_treble_only(` + # Do not allow system components access to /vendor files except for the + # ones whitelisted here. + neverallow { + coredomain + # TODO(b/37168747): clean up fwk access to /vendor + -crash_dump + -init # starts vendor executables + -iorap_inode2filename + -iorap_prefetcherd + -kernel # loads /vendor/firmware + userdebug_or_eng(`-heapprofd') + -shell + -system_executes_vendor_violators + -traced_perf # library/binary access for symbolization + -ueventd # reads /vendor/ueventd.rc + -vold # loads incremental fs driver + } { + vendor_file_type + -same_process_hal_file + -vendor_app_file + -vendor_apex_file + -vendor_configs_file + -vendor_framework_file + -vendor_idc_file + -vendor_keychars_file + -vendor_keylayout_file + -vendor_overlay_file + -vendor_public_lib_file + -vendor_task_profiles_file + -vndk_sp_file + }:file *; +') + +full_treble_only(` + # Do not allow vendor components access to /system files except for the + # ones whitelisted here. + neverallow { + domain + -appdomain + -coredomain + -vendor_executes_system_violators + # vendor_init needs access to init_exec for domain transition. vendor_init + # neverallows are covered in public/vendor_init.te + -vendor_init + } { + system_file_type + -crash_dump_exec + -file_contexts_file + -iorap_inode2filename_exec + -netutils_wrapper_exec + -property_contexts_file + -system_event_log_tags_file + -system_group_file + -system_lib_file + with_asan(`-system_asan_options_file') + -system_linker_exec + -system_linker_config_file + -system_passwd_file + -system_seccomp_policy_file + -system_security_cacerts_file + -system_zoneinfo_file + -task_profiles_file + userdebug_or_eng(`-tcpdump_exec') + }:file *; +') + +# Only system_server should be able to send commands via the zygote socket +neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto; +neverallow { domain -system_server } zygote_socket:sock_file write; + +neverallow { domain -system_server -webview_zygote -app_zygote } webview_zygote:unix_stream_socket connectto; +neverallow { domain -system_server } webview_zygote:sock_file write; +neverallow { domain -system_server } app_zygote:sock_file write; + +neverallow { + domain + -tombstoned + -crash_dump + -dumpstate + -incidentd + -system_server + + # Processes that can't exec crash_dump + -hal_codec2_server + -hal_omx_server + -mediaextractor +} tombstoned_crash_socket:unix_stream_socket connectto; + +# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to +# the tombstoned intercept socket. +neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:sock_file write; +neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:unix_stream_socket connectto; + +# Android does not support System V IPCs. +# +# The reason for this is due to the fact that, by design, they lead to global +# kernel resource leakage. +# +# For example, there is no way to automatically release a SysV semaphore +# allocated in the kernel when: +# +# - a buggy or malicious process exits +# - a non-buggy and non-malicious process crashes or is explicitly killed. +# +# Killing processes automatically to make room for new ones is an +# important part of Android's application lifecycle implementation. This means +# that, even assuming only non-buggy and non-malicious code, it is very likely +# that over time, the kernel global tables used to implement SysV IPCs will fill +# up. +neverallow * *:{ shm sem msg msgq } *; + +# Do not mount on top of symlinks, fifos, or sockets. +# Feature parity with Chromium LSM. +neverallow * { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton; + +# Nobody should be able to execute su on user builds. +# On userdebug/eng builds, only dumpstate, shell, and +# su itself execute su. +neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_x_file_perms; + +# Do not allow the introduction of new execmod rules. Text relocations +# and modification of executable pages are unsafe. +# The only exceptions are for NDK text relocations associated with +# https://code.google.com/p/android/issues/detail?id=23203 +# which, long term, need to go away. +neverallow * { + file_type + -apk_data_file + -app_data_file + -asec_public_file +}:file execmod; + +# Do not allow making the stack or heap executable. +# We would also like to minimize execmem but it seems to be +# required by some device-specific service domains. +neverallow * self:process { execstack execheap }; + +# Do not allow the introduction of new execmod rules. Text relocations +# and modification of executable pages are unsafe. +neverallow { domain -untrusted_app_25 -untrusted_app_27 } file_type:file execmod; + +neverallow { domain -init } proc:{ file dir } mounton; + +# Ensure that all types assigned to processes are included +# in the domain attribute, so that all allow and neverallow rules +# written on domain are applied to all processes. +# This is achieved by ensuring that it is impossible to transition +# from a domain to a non-domain type and vice versa. +# TODO - rework this: neverallow domain ~domain:process { transition dyntransition }; +neverallow ~domain domain:process { transition dyntransition }; + +# +# Only system_app and system_server should be creating or writing +# their files. The proper way to share files is to setup +# type transitions to a more specific type or assigning a type +# to its parent directory via a file_contexts entry. +# Example type transition: +# mydomain.te:file_type_auto_trans(mydomain, system_data_file, new_file_type) +# +neverallow { + domain + -system_server + -system_app + -init + -toolbox # TODO(b/141108496) We want to remove toolbox + -installd # for relabelfrom and unlink, check for this in explicit neverallow + -vold_prepare_subdirs # For unlink + with_asan(`-asan_extract') +} system_data_file:file no_w_file_perms; +# do not grant anything greater than r_file_perms and relabelfrom unlink +# to installd +neverallow installd system_data_file:file ~{ r_file_perms relabelfrom unlink }; + +# respect system_app sandboxes +neverallow { + domain + -appdomain # finer-grained rules for appdomain are listed below + -system_server #populate com.android.providers.settings/databases/settings.db. + -installd # creation of app sandbox + -iorap_inode2filename + -traced_probes # resolve inodes for i/o tracing. + # only needs open and read, the rest is neverallow in + # traced_probes.te. +} system_app_data_file:dir_file_class_set { create unlink open }; +neverallow { + isolated_app + untrusted_app_all # finer-grained rules for appdomain are listed below + ephemeral_app + priv_app +} system_app_data_file:dir_file_class_set { create unlink open }; + +# +# Only these domains should transition to shell domain. This domain is +# permissible for the "shell user". If you need a process to exec a shell +# script with differing privilege, define a domain and set up a transition. +# +neverallow { + domain + -adbd + -init + -runas + -zygote +} shell:process { transition dyntransition }; + +# Only domains spawned from zygote, runas and simpleperf_app_runner may have +# the appdomain attribute. simpleperf is excluded as a domain transitioned to +# when running an app-scoped profiling session. +neverallow { domain -simpleperf_app_runner -runas -app_zygote -webview_zygote -zygote } { + appdomain -shell -simpleperf userdebug_or_eng(`-su') +}:process { transition dyntransition }; + +# Minimize read access to shell- or app-writable symlinks. +# This is to prevent malicious symlink attacks. +neverallow { + domain + -appdomain + -installd +} { app_data_file privapp_data_file }:lnk_file read; + +neverallow { + domain + -shell + userdebug_or_eng(`-uncrypt') + -installd +} shell_data_file:lnk_file read; + +# In addition to the symlink reading restrictions above, restrict +# write access to shell owned directories. The /data/local/tmp +# directory is untrustworthy, and non-whitelisted domains should +# not be trusting any content in those directories. +neverallow { + domain + -adbd + -dumpstate + -installd + -init + -shell + -vold +} shell_data_file:dir no_w_dir_perms; + +neverallow { + domain + -adbd + -appdomain + -dumpstate + -init + -installd + -simpleperf_app_runner + -system_server # why? + userdebug_or_eng(`-uncrypt') +} shell_data_file:dir { open search }; + +# Same as above for /data/local/tmp files. We allow shell files +# to be passed around by file descriptor, but not directly opened. +neverallow { + domain + -adbd + -appdomain + -dumpstate + -installd + userdebug_or_eng(`-uncrypt') +} shell_data_file:file open; + +# servicemanager and vndservicemanager are the only processes which handle the +# service_manager list request +neverallow * ~{ + servicemanager + vndservicemanager + }:service_manager list; + +# hwservicemanager is the only process which handles hw list requests +neverallow * ~{ + hwservicemanager + }:hwservice_manager list; + +# only service_manager_types can be added to service_manager +# TODO - rework this: neverallow * ~service_manager_type:service_manager { add find }; + +# Prevent assigning non property types to properties +# TODO - rework this: neverallow * ~property_type:property_service set; + +# Domain types should never be assigned to any files other +# than the /proc/pid files associated with a process. The +# executable file used to enter a domain should be labeled +# with its own _exec type, not with the domain type. +# Conventionally, this looks something like: +# $ cat mydaemon.te +# type mydaemon, domain; +# type mydaemon_exec, exec_type, file_type; +# init_daemon_domain(mydaemon) +# $ grep mydaemon file_contexts +# /system/bin/mydaemon -- u:object_r:mydaemon_exec:s0 +neverallow * domain:file { execute execute_no_trans entrypoint }; + +# Do not allow access to the generic debugfs label. This is too broad. +# Instead, if access to part of debugfs is desired, it should have a +# more specific label. +# TODO: fix dumpstate +neverallow { domain -init -vendor_init -dumpstate } debugfs:{ file lnk_file } no_rw_file_perms; + +# Do not allow executable files in debugfs. +neverallow domain debugfs_type:file { execute execute_no_trans }; + +# Profiles contain untrusted data and profman parses that. We should only run +# in from installd forked processes. +neverallow { + domain + -installd + -profman +} profman_exec:file no_x_file_perms; + +# Enforce restrictions on kernel module origin. +# Do not allow kernel module loading except from system, +# vendor, and boot partitions. +neverallow * ~{ system_file_type vendor_file_type rootfs }:system module_load; + +# Only allow filesystem caps to be set at build time. Runtime changes +# to filesystem capabilities are not permitted. +neverallow * self:global_capability_class_set setfcap; + +# Enforce AT_SECURE for executing crash_dump. +neverallow domain crash_dump:process noatsecure; + +# Do not permit non-core domains to register HwBinder services which are +# guaranteed to be provided by core domains only. +neverallow ~coredomain coredomain_hwservice:hwservice_manager add; + +# Do not permit the registeration of HwBinder services which are guaranteed to +# be passthrough only (i.e., run in the process of their clients instead of a +# separate server process). +neverallow * same_process_hwservice:hwservice_manager add; + +# On TREBLE devices, most coredomains should not access vendor_files. +# TODO(b/71553434): Remove exceptions here. +full_treble_only(` + neverallow { + coredomain + -appdomain + -bootanim + -crash_dump + -heapprofd + -init + -iorap_inode2filename + -iorap_prefetcherd + -kernel + -traced_perf + -ueventd + } vendor_file:file { no_w_file_perms no_x_file_perms open }; +') + +# If an already existing file is opened with O_CREAT, the kernel might generate +# a false report of a create denial. Silence these denials and make sure that +# inappropriate permissions are not granted. + +# These filesystems don't allow files or directories to be created, so the permission +# to do so should never be granted. +neverallow domain { + proc_type + sysfs_type +}:dir { add_name create link remove_name rename reparent rmdir write }; + +# cgroupfs directories can be created, but not files within them. +neverallow domain cgroup:file create; + +dontaudit domain proc_type:dir write; +dontaudit domain sysfs_type:dir write; +dontaudit domain cgroup:file create; + +# These are only needed in permissive mode - in enforcing mode the +# directory write check fails and so these are never attempted. +userdebug_or_eng(` + dontaudit domain proc_type:dir add_name; + dontaudit domain sysfs_type:dir add_name; + dontaudit domain proc_type:file create; + dontaudit domain sysfs_type:file create; +') + +# Platform must not have access to /mnt/vendor. +neverallow { + coredomain + -init + -ueventd + -vold + -system_writes_mnt_vendor_violators +} mnt_vendor_file:dir *; + +# Only apps are allowed access to vendor public libraries. +full_treble_only(` + neverallow { + coredomain + -appdomain + } vendor_public_lib_file:file { execute execute_no_trans }; +') + +# Vendor domian must not have access to /mnt/product. +neverallow { + domain + -coredomain +} mnt_product_file:dir *; + +# Platform must not have access to sysfs_batteryinfo, but should do it via health HAL and healthd +full_treble_only(` + neverallow { + coredomain + -healthd + -shell + # Generate uevents for health info + -ueventd + # Recovery uses health HAL passthrough implementation. + -recovery + # Charger uses health HAL passthrough implementation. + -charger + # TODO(b/110891300): remove this exception + -incidentd + } sysfs_batteryinfo:file { open read }; +') + +neverallow { + domain + -hal_codec2_server + -hal_omx_server +} hal_codec2_hwservice:hwservice_manager add; + +# Only apps targetting < Q are allowed to open /dev/ashmem directly. +# Apps must use ASharedMemory NDK API. Native code must use libcutils API. +neverallow { + domain + -ephemeral_app # We don't distinguish ephemeral apps based on target API. + -untrusted_app_25 + -untrusted_app_27 +} ashmem_device:chr_file open; diff --git a/prebuilts/api/30.0/public/drmserver.te b/prebuilts/api/30.0/public/drmserver.te new file mode 100644 index 000000000..12c080aeb --- /dev/null +++ b/prebuilts/api/30.0/public/drmserver.te @@ -0,0 +1,59 @@ +# drmserver - DRM service +type drmserver, domain; +type drmserver_exec, system_file_type, exec_type, file_type; + +typeattribute drmserver mlstrustedsubject; + +net_domain(drmserver) + +# Perform Binder IPC to system server. +binder_use(drmserver) +binder_call(drmserver, system_server) +binder_call(drmserver, appdomain) +binder_call(drmserver, mediametrics) +binder_service(drmserver) +# Inherit or receive open files from system_server. +allow drmserver system_server:fd use; + +# Perform Binder IPC to mediaserver +binder_call(drmserver, mediaserver) + +allow drmserver sdcard_type:dir search; +allow drmserver drm_data_file:dir create_dir_perms; +allow drmserver drm_data_file:file create_file_perms; +allow drmserver { app_data_file privapp_data_file }:file { read write getattr map }; +allow drmserver sdcard_type:file { read write getattr map }; +r_dir_file(drmserver, efs_file) + +type drmserver_socket, file_type; + +# /data/app/tlcd_sock socket file. +# Clearly, /data/app is the most logical place to create a socket. Not. +allow drmserver apk_data_file:dir rw_dir_perms; +allow drmserver drmserver_socket:sock_file create_file_perms; +# Delete old socket file if present. +allow drmserver apk_data_file:sock_file unlink; + +# After taking a video, drmserver looks at the video file. +r_dir_file(drmserver, media_rw_data_file) + +# Read resources from open apk files passed over Binder. +allow drmserver apk_data_file:file { read getattr map }; +allow drmserver asec_apk_file:file { read getattr map }; +allow drmserver ringtone_file:file { read getattr map }; + +# Read /data/data/com.android.providers.telephony files passed over Binder. +allow drmserver radio_data_file:file { read getattr map }; + +# /oem access +allow drmserver oemfs:dir search; +allow drmserver oemfs:file r_file_perms; + +add_service(drmserver, drmserver_service) +allow drmserver permission_service:service_manager find; +allow drmserver mediametrics_service:service_manager find; + +selinux_check_access(drmserver) + +r_dir_file(drmserver, cgroup) +r_dir_file(drmserver, system_file) diff --git a/prebuilts/api/30.0/public/dumpstate.te b/prebuilts/api/30.0/public/dumpstate.te new file mode 100644 index 000000000..55705a9b3 --- /dev/null +++ b/prebuilts/api/30.0/public/dumpstate.te @@ -0,0 +1,357 @@ +# dumpstate +type dumpstate, domain, mlstrustedsubject; +type dumpstate_exec, system_file_type, exec_type, file_type; + +net_domain(dumpstate) +binder_use(dumpstate) +wakelock_use(dumpstate) + +# Allow setting process priority, protect from OOM killer, and dropping +# privileges by switching UID / GID +allow dumpstate self:global_capability_class_set { setuid setgid sys_resource }; + +# Allow dumpstate to scan through /proc/pid for all processes +r_dir_file(dumpstate, domain) + +allow dumpstate self:global_capability_class_set { + # Send signals to processes + kill + # Run iptables + net_raw + net_admin +}; + +# Allow executing files on system, such as: +# /system/bin/toolbox +# /system/bin/logcat +# /system/bin/dumpsys +allow dumpstate system_file:file execute_no_trans; +not_full_treble(`allow dumpstate vendor_file:file execute_no_trans;') +allow dumpstate toolbox_exec:file rx_file_perms; + +# hidl searches for files in /system/lib(64)/hw/ +allow dumpstate system_file:dir r_dir_perms; + +# Create and write into /data/anr/ +allow dumpstate self:global_capability_class_set { dac_override dac_read_search chown fowner fsetid }; +allow dumpstate anr_data_file:dir rw_dir_perms; +allow dumpstate anr_data_file:file create_file_perms; + +# Allow reading /data/system/uiderrors.txt +# TODO: scope this down. +allow dumpstate system_data_file:file r_file_perms; + +# Allow dumpstate to append into privileged apps private files. +allow dumpstate privapp_data_file:file append; + +# Read dmesg +allow dumpstate self:global_capability2_class_set syslog; +allow dumpstate kernel:system syslog_read; + +# Read /sys/fs/pstore/console-ramoops +allow dumpstate pstorefs:dir r_dir_perms; +allow dumpstate pstorefs:file r_file_perms; + +# Get process attributes +allow dumpstate domain:process getattr; + +# Signal java processes to dump their stack +allow dumpstate { appdomain system_server zygote }:process signal; + +# Signal native processes to dump their stack. +allow dumpstate { + # This list comes from native_processes_to_dump in dumputils/dump_utils.c + audioserver + cameraserver + drmserver + inputflinger + mediadrmserver + mediaextractor + mediametrics + mediaserver + mediaswcodec + sdcardd + surfaceflinger + vold + + # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c + hal_audio_server + hal_bluetooth_server + hal_camera_server + hal_codec2_server + hal_drm_server + hal_face_server + hal_fingerprint_server + hal_graphics_allocator_server + hal_graphics_composer_server + hal_health_server + hal_omx_server + hal_power_server + hal_power_stats_server + hal_sensors_server + hal_thermal_server + hal_vr_server + system_suspend_server +}:process signal; + +# Connect to tombstoned to intercept dumps. +unix_socket_connect(dumpstate, tombstoned_intercept, tombstoned) + +# Access to /sys +allow dumpstate sysfs_type:dir r_dir_perms; + +allow dumpstate { + sysfs_devices_block + sysfs_dm + sysfs_loop + sysfs_usb + sysfs_zram +}:file r_file_perms; + +# Other random bits of data we want to collect +allow dumpstate debugfs:file r_file_perms; +auditallow dumpstate debugfs:file r_file_perms; + +allow dumpstate debugfs_mmc:file r_file_perms; + +# df for +allow dumpstate { + block_device + cache_file + metadata_file + rootfs + selinuxfs + storage_file + tmpfs +}:dir { search getattr }; +allow dumpstate fuse_device:chr_file getattr; +allow dumpstate { dm_device cache_block_device }:blk_file getattr; +allow dumpstate { cache_file rootfs }:lnk_file { getattr read }; + +# Read /dev/cpuctl and /dev/cpuset +r_dir_file(dumpstate, cgroup) + +# Allow dumpstate to make binder calls to any binder service +binder_call(dumpstate, binderservicedomain) +binder_call(dumpstate, { appdomain netd wificond }) + +hal_client_domain(dumpstate, hal_dumpstate) +hal_client_domain(dumpstate, hal_wifi) +hal_client_domain(dumpstate, hal_graphics_allocator) +# Vibrate the device after we are done collecting the bugreport +hal_client_domain(dumpstate, hal_vibrator) + +# Reading /proc/PID/maps of other processes +allow dumpstate self:global_capability_class_set sys_ptrace; + +# Allow the bugreport service to create a file in +# /data/data/com.android.shell/files/bugreports/bugreport +allow dumpstate shell_data_file:dir create_dir_perms; +allow dumpstate shell_data_file:file create_file_perms; + +# Run a shell. +allow dumpstate shell_exec:file rx_file_perms; + +# For running am and similar framework commands. +# Run /system/bin/app_process. +allow dumpstate zygote_exec:file rx_file_perms; + +# For Bluetooth +allow dumpstate bluetooth_data_file:dir search; +allow dumpstate bluetooth_logs_data_file:dir r_dir_perms; +allow dumpstate bluetooth_logs_data_file:file r_file_perms; + +# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access +allow dumpstate gpu_device:chr_file rw_file_perms; + +# logd access +read_logd(dumpstate) +control_logd(dumpstate) +read_runtime_log_tags(dumpstate) + +# Read files in /proc +allow dumpstate { + proc_buddyinfo + proc_cmdline + proc_meminfo + proc_modules + proc_net_type + proc_pipe_conf + proc_pagetypeinfo + proc_qtaguid_ctrl + proc_qtaguid_stat + proc_slabinfo + proc_version + proc_vmallocinfo + proc_vmstat +}:file r_file_perms; + +# Read network state info files. +allow dumpstate net_data_file:dir search; +allow dumpstate net_data_file:file r_file_perms; + +# List sockets via ss. +allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read }; + +# Access /data/tombstones. +allow dumpstate tombstone_data_file:dir r_dir_perms; +allow dumpstate tombstone_data_file:file r_file_perms; + +# Access /cache/recovery +allow dumpstate cache_recovery_file:dir r_dir_perms; +allow dumpstate cache_recovery_file:file r_file_perms; + +# Access /data/misc/recovery +allow dumpstate recovery_data_file:dir r_dir_perms; +allow dumpstate recovery_data_file:file r_file_perms; + +#Access /data/misc/update_engine_log +allow dumpstate update_engine_log_data_file:dir r_dir_perms; +allow dumpstate update_engine_log_data_file:file r_file_perms; + +# Access /data/misc/profiles/{cur,ref}/ +userdebug_or_eng(` + allow dumpstate user_profile_data_file:dir r_dir_perms; + allow dumpstate user_profile_data_file:file r_file_perms; +') + +# Access /data/misc/logd +allow dumpstate misc_logd_file:dir r_dir_perms; +allow dumpstate misc_logd_file:file r_file_perms; + +# Access /data/misc/prereboot +allow dumpstate prereboot_data_file:dir r_dir_perms; +allow dumpstate prereboot_data_file:file r_file_perms; + +allow dumpstate app_fuse_file:dir r_dir_perms; +allow dumpstate overlayfs_file:dir r_dir_perms; + +allow dumpstate { + service_manager_type + -apex_service + -dumpstate_service + -gatekeeper_service + -virtual_touchpad_service + -vold_service + -vr_hwc_service + -default_android_service +}:service_manager find; +# suppress denials for services dumpstate should not be accessing. +dontaudit dumpstate { + apex_service + dumpstate_service + gatekeeper_service + virtual_touchpad_service + vold_service + vr_hwc_service +}:service_manager find; + +# Most of these are neverallowed. +dontaudit dumpstate hwservice_manager_type:hwservice_manager find; + +allow dumpstate servicemanager:service_manager list; +allow dumpstate hwservicemanager:hwservice_manager list; + +allow dumpstate devpts:chr_file rw_file_perms; + +# Set properties. +# dumpstate_prop is used to share state with the Shell app. +set_prop(dumpstate, dumpstate_prop) +set_prop(dumpstate, exported_dumpstate_prop) +# dumpstate_options_prop is used to pass extra command-line args. +set_prop(dumpstate, dumpstate_options_prop) + +# Read any system properties +get_prop(dumpstate, property_type) + +# Access to /data/media. +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow dumpstate media_rw_data_file:dir getattr; +allow dumpstate proc_interrupts:file r_file_perms; +allow dumpstate proc_zoneinfo:file r_file_perms; + +# Create a service for talking back to system_server +add_service(dumpstate, dumpstate_service) + +# use /dev/ion for screen capture +allow dumpstate ion_device:chr_file r_file_perms; + +# Allow dumpstate to run top +allow dumpstate proc_stat:file r_file_perms; + +allow dumpstate proc_pressure_cpu:file r_file_perms; +allow dumpstate proc_pressure_mem:file r_file_perms; +allow dumpstate proc_pressure_io:file r_file_perms; + +# Allow dumpstate to talk to installd over binder +binder_call(dumpstate, installd); + +# Allow dumpstate to talk to iorapd over binder. +binder_call(dumpstate, iorapd) + +# Allow dumpstate to run ip xfrm policy +allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read }; + +# Allow dumpstate to run iotop +allow dumpstate self:netlink_socket create_socket_perms_no_ioctl; +# newer kernels (e.g. 4.4) have a new class for sockets +allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl; + +# Allow dumpstate to run ss +allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr; + +# Allow dumpstate to read linkerconfig directory +allow dumpstate linkerconfig_file:dir { read open }; + +# For when dumpstate runs df +dontaudit dumpstate { + mnt_vendor_file + mirror_data_file + mnt_user_file +}:dir search; +dontaudit dumpstate { + apex_mnt_dir + linkerconfig_file + mirror_data_file + mnt_user_file +}:dir getattr; + +# Allow dumpstate to talk to bufferhubd over binder +binder_call(dumpstate, bufferhubd); + +# Allow dumpstate to talk to mediaswcodec over binder +binder_call(dumpstate, mediaswcodec); + +# Allow dumpstate to talk to these stable AIDL services over binder +binder_call(dumpstate, hal_rebootescrow_server) +allow hal_rebootescrow_server dumpstate:fifo_file write; +allow hal_rebootescrow_server dumpstate:fd use; + +# Allow dumpstate to kill vendor dumpstate service by init +set_prop(dumpstate, ctl_dumpstate_prop) + +#Access /data/misc/snapshotctl_log +allow dumpstate snapshotctl_log_data_file:dir r_dir_perms; +allow dumpstate snapshotctl_log_data_file:file r_file_perms; + +#Allow access to /dev/binderfs/binder_logs +allow dumpstate binderfs_logs:dir r_dir_perms; +allow dumpstate binderfs_logs:file r_file_perms; + +### +### neverallow rules +### + +# dumpstate has capability sys_ptrace, but should only use that capability for +# accessing sensitive /proc/PID files, never for using ptrace attach. +neverallow dumpstate *:process ptrace; + +# only system_server, dumpstate, traceur_app and shell can find the dumpstate service +neverallow { + domain + -system_server + -shell + -traceur_app + -dumpstate +} dumpstate_service:service_manager find; diff --git a/prebuilts/api/30.0/public/e2fs.te b/prebuilts/api/30.0/public/e2fs.te new file mode 100644 index 000000000..dd5bd69de --- /dev/null +++ b/prebuilts/api/30.0/public/e2fs.te @@ -0,0 +1,26 @@ +type e2fs, domain, coredomain; +type e2fs_exec, system_file_type, exec_type, file_type; + +allow e2fs devpts:chr_file { read write getattr ioctl }; + +allow e2fs dev_type:blk_file getattr; +allow e2fs block_device:dir search; +allow e2fs userdata_block_device:blk_file rw_file_perms; +allow e2fs metadata_block_device:blk_file rw_file_perms; +allow e2fs dm_device:blk_file rw_file_perms; +allowxperm e2fs { userdata_block_device metadata_block_device dm_device }:blk_file ioctl { + BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET +}; + +allow e2fs { + proc_filesystems + proc_mounts + proc_swaps +}:file r_file_perms; + +# access /sys/fs/ext4/features +allow e2fs sysfs_fs_ext4_features:dir search; +allow e2fs sysfs_fs_ext4_features:file r_file_perms; + +# access SELinux context files +allow e2fs file_contexts_file:file r_file_perms; diff --git a/prebuilts/api/30.0/public/ephemeral_app.te b/prebuilts/api/30.0/public/ephemeral_app.te new file mode 100644 index 000000000..dc39a22b5 --- /dev/null +++ b/prebuilts/api/30.0/public/ephemeral_app.te @@ -0,0 +1,14 @@ +### +### Ephemeral apps. +### +### This file defines the security policy for apps with the ephemeral +### feature. +### +### The ephemeral_app domain is a reduced permissions sandbox allowing +### ephemeral applications to be safely installed and run. Non ephemeral +### applications may also opt-in to ephemeral to take advantage of the +### additional security features. +### +### PackageManager flags an app as ephemeral at install time. + +type ephemeral_app, domain; diff --git a/prebuilts/api/30.0/public/fastbootd.te b/prebuilts/api/30.0/public/fastbootd.te new file mode 100644 index 000000000..f10e6492d --- /dev/null +++ b/prebuilts/api/30.0/public/fastbootd.te @@ -0,0 +1,133 @@ +# fastbootd (used in recovery init.rc for /sbin/fastbootd) + +# Declare the domain unconditionally so we can always reference it +# in neverallow rules. +type fastbootd, domain; + +# But the allow rules are only included in the recovery policy. +# Otherwise fastbootd is only allowed the domain rules. +recovery_only(` + # fastbootd can only use HALs in passthrough mode + passthrough_hal_client_domain(fastbootd, hal_bootctl) + + # Access /dev/usb-ffs/fastbootd/ep0 + allow fastbootd functionfs:dir search; + allow fastbootd functionfs:file rw_file_perms; + + allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC }; + # Log to serial + allow fastbootd kmsg_device:chr_file { open getattr write }; + + # battery info + allow fastbootd sysfs_batteryinfo:file r_file_perms; + + allow fastbootd device:dir r_dir_perms; + + # Reboot the device + set_prop(fastbootd, powerctl_prop) + + # Read serial number of the device from system properties + get_prop(fastbootd, serialno_prop) + + # For dev/block/by-name dir + allow fastbootd block_device:dir r_dir_perms; + + # Needed for DM_DEV_CREATE ioctl call + allow fastbootd self:capability sys_admin; + + # Set sys.usb.ffs.ready. + set_prop(fastbootd, ffs_prop) + set_prop(fastbootd, exported_ffs_prop) + + unix_socket_connect(fastbootd, recovery, recovery) + + # Required for flashing + allow fastbootd dm_device:chr_file rw_file_perms; + allow fastbootd dm_device:blk_file rw_file_perms; + + allow fastbootd cache_block_device:blk_file rw_file_perms; + allow fastbootd super_block_device_type:blk_file rw_file_perms; + allow fastbootd { + boot_block_device + metadata_block_device + system_block_device + userdata_block_device + }:blk_file { w_file_perms getattr ioctl }; + + # For disabling/wiping GSI, and for modifying/deleting files created via + # libfiemap. + allow fastbootd metadata_block_device:blk_file r_file_perms; + allow fastbootd {rootfs tmpfs}:dir mounton; + allow fastbootd metadata_file:dir { search getattr }; + allow fastbootd gsi_metadata_file:dir rw_dir_perms; + allow fastbootd gsi_metadata_file:file create_file_perms; + + allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; + + allowxperm fastbootd { + metadata_block_device + userdata_block_device + dm_device + cache_block_device + }:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; + + allow fastbootd misc_block_device:blk_file rw_file_perms; + + allow fastbootd proc_cmdline:file r_file_perms; + allow fastbootd rootfs:dir r_dir_perms; + + # Needed to read fstab node from device tree. + allow fastbootd sysfs_dt_firmware_android:file r_file_perms; + allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms; + + # Needed because libdm reads sysfs to validate when a dm path is ready. + r_dir_file(fastbootd, sysfs_dm) + + # Needed for realpath() call to resolve symlinks. + allow fastbootd block_device:dir getattr; + userdebug_or_eng(` + # Refined manipulation of /mnt/scratch, without these perms resorts + # to deleting scratch partition when partition(s) are flashed. + allow fastbootd self:process setfscreate; + allow fastbootd cache_file:dir search; + allow fastbootd proc_filesystems:file { getattr open read }; + allow fastbootd self:capability sys_rawio; + dontaudit fastbootd kernel:system module_request; + allowxperm fastbootd dev_type:blk_file ioctl BLKROSET; + allow fastbootd overlayfs_file:dir { create_dir_perms mounton }; + allow fastbootd { + system_file_type + unlabeled + vendor_file_type + }:dir { remove_name rmdir search write }; + allow fastbootd { + overlayfs_file + system_file_type + unlabeled + vendor_file_type + }:{ file lnk_file } unlink; + allow fastbootd tmpfs:dir rw_dir_perms; + allow fastbootd labeledfs:filesystem { mount unmount }; + get_prop(fastbootd, persistent_properties_ready_prop) + ') + + # Allow using libfiemap/gsid directly (no binder in recovery). + set_prop(fastbootd, gsid_prop) + allow fastbootd gsi_metadata_file:dir search; + allow fastbootd ota_metadata_file:dir rw_dir_perms; + allow fastbootd ota_metadata_file:file create_file_perms; + + # Determine allocation scheme (whether B partitions needs to be + # at the second half of super. + get_prop(fastbootd, virtual_ab_prop) +') + +### +### neverallow rules +### + +# Write permission is required to wipe userdata +# until recovery supports vold. +neverallow fastbootd { + data_file_type +}:file { no_x_file_perms }; diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te new file mode 100644 index 000000000..462e71d21 --- /dev/null +++ b/prebuilts/api/30.0/public/file.te @@ -0,0 +1,543 @@ +# Filesystem types +type labeledfs, fs_type; +type pipefs, fs_type; +type sockfs, fs_type; +type rootfs, fs_type; +type proc, fs_type, proc_type; +type binderfs, fs_type; +type binderfs_logs, fs_type; +type binderfs_logs_proc, fs_type; +# Security-sensitive proc nodes that should not be writable to most. +type proc_security, fs_type, proc_type; +type proc_drop_caches, fs_type, proc_type; +type proc_overcommit_memory, fs_type, proc_type; +type proc_min_free_order_shift, fs_type, proc_type; +type proc_kpageflags, fs_type, proc_type; +# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. +type usermodehelper, fs_type, proc_type; +type sysfs_usermodehelper, fs_type, sysfs_type; +type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type; +type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type; +type proc_bluetooth_writable, fs_type, proc_type; +type proc_abi, fs_type, proc_type; +type proc_asound, fs_type, proc_type; +type proc_buddyinfo, fs_type, proc_type; +type proc_cmdline, fs_type, proc_type; +type proc_cpuinfo, fs_type, proc_type; +type proc_dirty, fs_type, proc_type; +type proc_diskstats, fs_type, proc_type; +type proc_extra_free_kbytes, fs_type, proc_type; +type proc_filesystems, fs_type, proc_type; +type proc_fs_verity, fs_type, proc_type; +type proc_hostname, fs_type, proc_type; +type proc_hung_task, fs_type, proc_type; +type proc_interrupts, fs_type, proc_type; +type proc_iomem, fs_type, proc_type; +type proc_keys, fs_type, proc_type; +type proc_kmsg, fs_type, proc_type; +type proc_loadavg, fs_type, proc_type; +type proc_lowmemorykiller, fs_type, proc_type; +type proc_max_map_count, fs_type, proc_type; +type proc_meminfo, fs_type, proc_type; +type proc_misc, fs_type, proc_type; +type proc_modules, fs_type, proc_type; +type proc_mounts, fs_type, proc_type; +type proc_net, fs_type, proc_type, proc_net_type; +type proc_net_tcp_udp, fs_type, proc_type; +type proc_page_cluster, fs_type, proc_type; +type proc_pagetypeinfo, fs_type, proc_type; +type proc_panic, fs_type, proc_type; +type proc_perf, fs_type, proc_type; +type proc_pid_max, fs_type, proc_type; +type proc_pipe_conf, fs_type, proc_type; +type proc_pressure_cpu, fs_type, proc_type; +type proc_pressure_io, fs_type, proc_type; +type proc_pressure_mem, fs_type, proc_type; +type proc_random, fs_type, proc_type; +type proc_sched, fs_type, proc_type; +type proc_slabinfo, fs_type, proc_type; +type proc_stat, fs_type, proc_type; +type proc_swaps, fs_type, proc_type; +type proc_sysrq, fs_type, proc_type; +type proc_timer, fs_type, proc_type; +type proc_tty_drivers, fs_type, proc_type; +type proc_uid_cputime_showstat, fs_type, proc_type; +type proc_uid_cputime_removeuid, fs_type, proc_type; +type proc_uid_io_stats, fs_type, proc_type; +type proc_uid_procstat_set, fs_type, proc_type; +type proc_uid_time_in_state, fs_type, proc_type; +type proc_uid_concurrent_active_time, fs_type, proc_type; +type proc_uid_concurrent_policy_time, fs_type, proc_type; +type proc_uid_cpupower, fs_type, proc_type; +type proc_uptime, fs_type, proc_type; +type proc_version, fs_type, proc_type; +type proc_vmallocinfo, fs_type, proc_type; +type proc_vmstat, fs_type, proc_type; +type proc_zoneinfo, fs_type, proc_type; +type selinuxfs, fs_type, mlstrustedobject; +type cgroup, fs_type, mlstrustedobject; +type cgroup_bpf, fs_type; +type sysfs, fs_type, sysfs_type, mlstrustedobject; +type sysfs_android_usb, fs_type, sysfs_type; +type sysfs_uio, sysfs_type, fs_type; +type sysfs_batteryinfo, fs_type, sysfs_type; +type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; +type sysfs_devices_block, fs_type, sysfs_type; +type sysfs_dm, fs_type, sysfs_type; +type sysfs_dm_verity, fs_type, sysfs_type; +type sysfs_dt_firmware_android, fs_type, sysfs_type; +type sysfs_extcon, fs_type, sysfs_type; +type sysfs_ion, fs_type, sysfs_type; +type sysfs_ipv4, fs_type, sysfs_type; +type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject; +type sysfs_leds, fs_type, sysfs_type; +type sysfs_loop, fs_type, sysfs_type; +type sysfs_hwrandom, fs_type, sysfs_type; +type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; +type sysfs_wake_lock, fs_type, sysfs_type; +type sysfs_net, fs_type, sysfs_type; +type sysfs_power, fs_type, sysfs_type; +type sysfs_rtc, fs_type, sysfs_type; +type sysfs_suspend_stats, fs_type, sysfs_type; +type sysfs_switch, fs_type, sysfs_type; +type sysfs_transparent_hugepage, fs_type, sysfs_type; +type sysfs_usb, fs_type, sysfs_type; +type sysfs_wakeup, fs_type, sysfs_type; +type sysfs_wakeup_reasons, fs_type, sysfs_type; +type sysfs_fs_ext4_features, sysfs_type, fs_type; +type sysfs_fs_f2fs, sysfs_type, fs_type; +type fs_bpf, fs_type; +type configfs, fs_type; +# /sys/devices/system/cpu +type sysfs_devices_system_cpu, fs_type, sysfs_type; +# /sys/module/lowmemorykiller +type sysfs_lowmemorykiller, fs_type, sysfs_type; +# /sys/module/wlan/parameters/fwpath +type sysfs_wlan_fwpath, fs_type, sysfs_type; +type sysfs_vibrator, fs_type, sysfs_type; + +type sysfs_thermal, sysfs_type, fs_type; + +type sysfs_zram, fs_type, sysfs_type; +type sysfs_zram_uevent, fs_type, sysfs_type; +type inotify, fs_type, mlstrustedobject; +type devpts, fs_type, mlstrustedobject; +type tmpfs, fs_type; +type shm, fs_type; +type mqueue, fs_type; +type fuse, sdcard_type, fs_type, mlstrustedobject; +type sdcardfs, sdcard_type, fs_type, mlstrustedobject; +type vfat, sdcard_type, fs_type, mlstrustedobject; +type exfat, sdcard_type, fs_type, mlstrustedobject; +type debugfs, fs_type, debugfs_type; +type debugfs_mmc, fs_type, debugfs_type; +type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject; +type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject; +type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject; +type debugfs_tracing_instances, fs_type, debugfs_type; +type debugfs_wakeup_sources, fs_type, debugfs_type; +type debugfs_wifi_tracing, fs_type, debugfs_type; +type securityfs, fs_type; + +type pstorefs, fs_type; +type functionfs, fs_type, mlstrustedobject; +type oemfs, fs_type, contextmount_type; +type usbfs, fs_type; +type binfmt_miscfs, fs_type; +type app_fusefs, fs_type, contextmount_type; + +# File types +type unlabeled, file_type; + +# Default type for anything under /system. +type system_file, system_file_type, file_type; +# Default type for /system/asan.options +type system_asan_options_file, system_file_type, file_type; +# Type for /system/etc/event-log-tags (liblog implementation detail) +type system_event_log_tags_file, system_file_type, file_type; +# Default type for anything under /system/lib[64]. +type system_lib_file, system_file_type, file_type; +# system libraries that are available only to bootstrap processes +type system_bootstrap_lib_file, system_file_type, file_type; +# Default type for the group file /system/etc/group. +type system_group_file, system_file_type, file_type; +# Default type for linker executable /system/bin/linker[64]. +type system_linker_exec, system_file_type, file_type; +# Default type for linker config /system/etc/ld.config.*. +type system_linker_config_file, system_file_type, file_type; +# Default type for the passwd file /system/etc/passwd. +type system_passwd_file, system_file_type, file_type; +# Default type for linker config /system/etc/seccomp_policy/*. +type system_seccomp_policy_file, system_file_type, file_type; +# Default type for cacerts in /system/etc/security/cacerts/*. +type system_security_cacerts_file, system_file_type, file_type; +# Default type for /system/bin/tcpdump. +type tcpdump_exec, system_file_type, exec_type, file_type; +# Default type for zoneinfo files in /system/usr/share/zoneinfo/*. +type system_zoneinfo_file, system_file_type, file_type; +# Cgroups description file under /system/etc/cgroups.json +type cgroup_desc_file, system_file_type, file_type; +# Vendor cgroups description file under /vendor/etc/cgroups.json +type vendor_cgroup_desc_file, vendor_file_type, file_type; +# Task profiles file under /system/etc/task_profiles.json +type task_profiles_file, system_file_type, file_type; +# Vendor task profiles file under /vendor/etc/task_profiles.json +type vendor_task_profiles_file, vendor_file_type, file_type; +# Type for /system/apex/com.android.art +type art_apex_dir, system_file_type, file_type; +# /linkerconfig(/.*)? +type linkerconfig_file, file_type; +# Control files under /data/incremental +type incremental_control_file, file_type, data_file_type, core_data_file_type; + +# Default type for directories search for +# HAL implementations +type vendor_hal_file, vendor_file_type, file_type; +# Default type for under /vendor or /system/vendor +type vendor_file, vendor_file_type, file_type; +# Default type for everything in /vendor/app +type vendor_app_file, vendor_file_type, file_type; +# Default type for everything under /vendor/etc/ +type vendor_configs_file, vendor_file_type, file_type; +# Default type for all *same process* HALs and their lib/bin dependencies. +# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so +type same_process_hal_file, vendor_file_type, file_type; +# Default type for vndk-sp libs. /vendor/lib/vndk-sp +type vndk_sp_file, vendor_file_type, file_type; +# Default type for everything in /vendor/framework +type vendor_framework_file, vendor_file_type, file_type; +# Default type for everything in /vendor/overlay +type vendor_overlay_file, vendor_file_type, file_type; +# Type for all vendor public libraries. These libs should only be exposed to +# apps. ABI stability of these libs is vendor's responsibility. +type vendor_public_lib_file, vendor_file_type, file_type; + +# Input configuration +type vendor_keylayout_file, vendor_file_type, file_type; +type vendor_keychars_file, vendor_file_type, file_type; +type vendor_idc_file, vendor_file_type, file_type; + +# /metadata partition itself +type metadata_file, file_type; +# Vold files within /metadata +type vold_metadata_file, file_type; +# GSI files within /metadata +type gsi_metadata_file, file_type; +# system_server shares Weaver slot information in /metadata +type password_slot_metadata_file, file_type; +# APEX files within /metadata +type apex_metadata_file, file_type; +# libsnapshot files within /metadata +type ota_metadata_file, file_type; +# property files within /metadata/bootstat +type metadata_bootstat_file, file_type; + +# Type for /dev/cpu_variant:.*. +type dev_cpu_variant, file_type; +# Speedup access for trusted applications to the runtime event tags +type runtime_event_log_tags_file, file_type; +# Type for /system/bin/logcat. +type logcat_exec, system_file_type, exec_type, file_type; +# Speedup access to cgroup map file +type cgroup_rc_file, file_type; +# /cores for coredumps on userdebug / eng builds +type coredump_file, file_type; +# Type of /data itself +type system_data_root_file, file_type, data_file_type, core_data_file_type; +# Default type for anything under /data. +type system_data_file, file_type, data_file_type, core_data_file_type; +# Type for /data/system/packages.list. +# TODO(b/129332765): Narrow down permissions to this. +# Find out users of system_data_file that should be granted only this. +type packages_list_file, file_type, data_file_type, core_data_file_type; +# Default type for anything under /data/vendor{_ce,_de}. +type vendor_data_file, file_type, data_file_type; +# Unencrypted data +type unencrypted_data_file, file_type, data_file_type, core_data_file_type; +# installd-create files in /data/misc/installd such as layout_version +type install_data_file, file_type, data_file_type, core_data_file_type; +# /data/drm - DRM plugin data +type drm_data_file, file_type, data_file_type, core_data_file_type; +# /data/adb - adb debugging files +type adb_data_file, file_type, data_file_type, core_data_file_type; +# /data/anr - ANR traces +type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/tombstones - core dumps +type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/vendor/tombstones/wifi - vendor wifi dumps +type tombstone_wifi_data_file, file_type, data_file_type; +# /data/apex - APEX data files +type apex_data_file, file_type, data_file_type, core_data_file_type; +# /data/app - user-installed apps +type apk_data_file, file_type, data_file_type, core_data_file_type; +type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/app-private - forward-locked apps +type apk_private_data_file, file_type, data_file_type, core_data_file_type; +type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/dalvik-cache +type dalvikcache_data_file, file_type, data_file_type, core_data_file_type; +# /data/ota +type ota_data_file, file_type, data_file_type, core_data_file_type; +# /data/ota_package +type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/misc/profiles +type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/misc/profman +type profman_dump_data_file, file_type, data_file_type, core_data_file_type; +# /data/misc/prereboot +type prereboot_data_file, file_type, data_file_type, core_data_file_type; +# /data/resource-cache +type resourcecache_data_file, file_type, data_file_type, core_data_file_type; +# /data/local - writable by shell +type shell_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/property +type property_data_file, file_type, data_file_type, core_data_file_type; +# /data/bootchart +type bootchart_data_file, file_type, data_file_type, core_data_file_type; +# /data/system/dropbox +type dropbox_data_file, file_type, data_file_type, core_data_file_type; +# /data/system/heapdump +type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/nativetest +type nativetest_data_file, file_type, data_file_type, core_data_file_type; +# /data/system_de/0/ringtones +type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/preloads +type preloads_data_file, file_type, data_file_type, core_data_file_type; +# /data/preloads/media +type preloads_media_file, file_type, data_file_type, core_data_file_type; +# /data/misc/dhcp and /data/misc/dhcp-6.8.2 +type dhcp_data_file, file_type, data_file_type, core_data_file_type; +# /data/server_configurable_flags +type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type; +# /data/app-staging +type staging_data_file, file_type, data_file_type, core_data_file_type; +# /vendor/apex +type vendor_apex_file, vendor_file_type, file_type; + +# Mount locations managed by vold +type mnt_media_rw_file, file_type; +type mnt_user_file, file_type; +type mnt_pass_through_file, file_type; +type mnt_expand_file, file_type; +type mnt_sdcard_file, file_type; +type storage_file, file_type; + +# Label for storage dirs which are just mount stubs +type mnt_media_rw_stub_file, file_type; +type storage_stub_file, file_type; + +# Mount location for read-write vendor partitions. +type mnt_vendor_file, file_type; + +# Mount location for read-write product partitions. +type mnt_product_file, file_type; + +# Mount point used for APEX images +type apex_mnt_dir, file_type; + +# /postinstall: Mount point used by update_engine to run postinstall. +type postinstall_mnt_dir, file_type; +# Files inside the /postinstall mountpoint are all labeled as postinstall_file. +type postinstall_file, file_type; +# /postinstall/apex: Mount point used for APEX images within /postinstall. +type postinstall_apex_mnt_dir, file_type; + +# /data_mirror: Contains mirror directory for storing all apps data. +type mirror_data_file, file_type, core_data_file_type; + +# /data/misc subdirectories +type adb_keys_file, file_type, data_file_type, core_data_file_type; +type apex_module_data_file, file_type, data_file_type, core_data_file_type; +type apex_permission_data_file, file_type, data_file_type, core_data_file_type; +type apex_rollback_data_file, file_type, data_file_type, core_data_file_type; +type apex_wifi_data_file, file_type, data_file_type, core_data_file_type; +type audio_data_file, file_type, data_file_type, core_data_file_type; +type audioserver_data_file, file_type, data_file_type, core_data_file_type; +type bluetooth_data_file, file_type, data_file_type, core_data_file_type; +type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type; +type bootstat_data_file, file_type, data_file_type, core_data_file_type; +type boottrace_data_file, file_type, data_file_type, core_data_file_type; +type camera_data_file, file_type, data_file_type, core_data_file_type; +type credstore_data_file, file_type, data_file_type, core_data_file_type; +type gatekeeper_data_file, file_type, data_file_type, core_data_file_type; +type incident_data_file, file_type, data_file_type, core_data_file_type; +type keychain_data_file, file_type, data_file_type, core_data_file_type; +type keystore_data_file, file_type, data_file_type, core_data_file_type; +type media_data_file, file_type, data_file_type, core_data_file_type; +type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +type misc_user_data_file, file_type, data_file_type, core_data_file_type; +type net_data_file, file_type, data_file_type, core_data_file_type; +type network_watchlist_data_file, file_type, data_file_type, core_data_file_type; +type nfc_data_file, file_type, data_file_type, core_data_file_type; +type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +type recovery_data_file, file_type, data_file_type, core_data_file_type; +type shared_relro_file, file_type, data_file_type, core_data_file_type; +type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type; +type stats_data_file, file_type, data_file_type, core_data_file_type; +type systemkeys_data_file, file_type, data_file_type, core_data_file_type; +type textclassifier_data_file, file_type, data_file_type, core_data_file_type; +type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +type vpn_data_file, file_type, data_file_type, core_data_file_type; +type wifi_data_file, file_type, data_file_type, core_data_file_type; +type zoneinfo_data_file, file_type, data_file_type, core_data_file_type; +type vold_data_file, file_type, data_file_type, core_data_file_type; +type iorapd_data_file, file_type, data_file_type, core_data_file_type; +type tee_data_file, file_type, data_file_type; +type update_engine_data_file, file_type, data_file_type, core_data_file_type; +type update_engine_log_data_file, file_type, data_file_type, core_data_file_type; +# /data/misc/trace for method traces on userdebug / eng builds +type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +type gsi_data_file, file_type, data_file_type, core_data_file_type; + +# /data/data subdirectories - app sandboxes +type app_data_file, file_type, data_file_type, core_data_file_type; +# /data/data subdirectories - priv-app sandboxes +type privapp_data_file, file_type, data_file_type, core_data_file_type; +# /data/data subdirectory for system UID apps. +type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Compatibility with type name used in Android 4.3 and 4.4. +# Default type for anything under /cache +type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Type for /cache/overlay /mnt/scratch/overlay +type overlayfs_file, file_type, data_file_type, core_data_file_type; +# Type for /cache/backup_stage/* (fd interchange with apps) +type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# type for anything under /cache/backup (local transport storage) +type cache_private_backup_file, file_type, data_file_type, core_data_file_type; +# Type for anything under /cache/recovery +type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Default type for anything under /efs +type efs_file, file_type; +# Type for wallpaper file. +type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Type for shortcut manager icon file. +type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Type for user icon file. +type icon_file, file_type, data_file_type, core_data_file_type; +# /mnt/asec +type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Elements of asec files (/mnt/asec) that are world readable +type asec_public_file, file_type, data_file_type, core_data_file_type; +# /data/app-asec +type asec_image_file, file_type, data_file_type, core_data_file_type; +# /data/backup and /data/secure/backup +type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# All devices have bluetooth efs files. But they +# vary per device, so this type is used in per +# device policy +type bluetooth_efs_file, file_type; +# Type for fingerprint template file +type fingerprintd_data_file, file_type, data_file_type, core_data_file_type; +# Type for _new_ fingerprint template file +type fingerprint_vendor_data_file, file_type, data_file_type; +# Type for appfuse file. +type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Type for face template file +type face_vendor_data_file, file_type, data_file_type; +# Type for iris template file +type iris_vendor_data_file, file_type, data_file_type; + +# Socket types +type adbd_socket, file_type, coredomain_socket; +type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; +type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject; +type dumpstate_socket, file_type, coredomain_socket; +type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject; +type lmkd_socket, file_type, coredomain_socket; +type logd_socket, file_type, coredomain_socket, mlstrustedobject; +type logdr_socket, file_type, coredomain_socket, mlstrustedobject; +type logdw_socket, file_type, coredomain_socket, mlstrustedobject; +type mdns_socket, file_type, coredomain_socket; +type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject; +type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type; +type mtpd_socket, file_type, coredomain_socket; +type property_socket, file_type, coredomain_socket, mlstrustedobject; +type racoon_socket, file_type, coredomain_socket; +type recovery_socket, file_type, coredomain_socket; +type rild_socket, file_type; +type rild_debug_socket, file_type; +type statsdw_socket, file_type, coredomain_socket, mlstrustedobject; +type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; +type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; +type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; +type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject; +type tombstoned_java_trace_socket, file_type, mlstrustedobject; +type tombstoned_intercept_socket, file_type, coredomain_socket; +type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject; +type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject; +type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject; +type uncrypt_socket, file_type, coredomain_socket; +type wpa_socket, file_type, data_file_type, core_data_file_type; +type zygote_socket, file_type, coredomain_socket; +type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject; +# UART (for GPS) control proc file +type gps_control, file_type; + +# PDX endpoint types +type pdx_display_dir, pdx_endpoint_dir_type, file_type; +type pdx_performance_dir, pdx_endpoint_dir_type, file_type; +type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type; + +pdx_service_socket_types(display_client, pdx_display_dir) +pdx_service_socket_types(display_manager, pdx_display_dir) +pdx_service_socket_types(display_screenshot, pdx_display_dir) +pdx_service_socket_types(display_vsync, pdx_display_dir) +pdx_service_socket_types(performance_client, pdx_performance_dir) +pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir) + +# file_contexts files +type file_contexts_file, system_file_type, file_type; + +# mac_permissions file +type mac_perms_file, system_file_type, file_type; + +# property_contexts file +type property_contexts_file, system_file_type, file_type; + +# seapp_contexts file +type seapp_contexts_file, system_file_type, file_type; + +# sepolicy files binary and others +type sepolicy_file, system_file_type, file_type; + +# service_contexts file +type service_contexts_file, system_file_type, file_type; + +# nonplat service_contexts file (only accessible on non full-treble devices) +type nonplat_service_contexts_file, vendor_file_type, file_type; + +# hwservice_contexts file +type hwservice_contexts_file, system_file_type, file_type; + +# vndservice_contexts file +type vndservice_contexts_file, file_type; + +# Allow files to be created in their appropriate filesystems. +allow fs_type self:filesystem associate; +allow cgroup tmpfs:filesystem associate; +allow cgroup_bpf tmpfs:filesystem associate; +allow cgroup_rc_file tmpfs:filesystem associate; +allow sysfs_type sysfs:filesystem associate; +allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate; +allow file_type labeledfs:filesystem associate; +allow file_type tmpfs:filesystem associate; +allow file_type rootfs:filesystem associate; +allow dev_type tmpfs:filesystem associate; +allow app_fuse_file app_fusefs:filesystem associate; +allow postinstall_file self:filesystem associate; + +# asanwrapper (run a sanitized app_process, to be used with wrap properties) +with_asan(`type asanwrapper_exec, exec_type, file_type;') + +# Deprecated in SDK version 28 +type audiohal_data_file, file_type, data_file_type, core_data_file_type; + +# It's a bug to assign the file_type attribute and fs_type attribute +# to any type. Do not allow it. +# +# For example, the following is a bug: +# type apk_data_file, file_type, data_file_type, fs_type; +# Should be: +# type apk_data_file, file_type, data_file_type; +neverallow fs_type file_type:filesystem associate; diff --git a/prebuilts/api/30.0/public/fingerprintd.te b/prebuilts/api/30.0/public/fingerprintd.te new file mode 100644 index 000000000..ff7a884e3 --- /dev/null +++ b/prebuilts/api/30.0/public/fingerprintd.te @@ -0,0 +1,26 @@ +type fingerprintd, domain; +type fingerprintd_exec, system_file_type, exec_type, file_type; + +binder_use(fingerprintd) + +# Scan through /system/lib64/hw looking for installed HALs +allow fingerprintd system_file:dir r_dir_perms; + +# need to find KeyStore and add self +add_service(fingerprintd, fingerprintd_service) + +# allow HAL module to read dir contents +allow fingerprintd fingerprintd_data_file:file { create_file_perms }; + +# allow HAL module to read/write/unlink contents of this dir +allow fingerprintd fingerprintd_data_file:dir rw_dir_perms; + +# Need to add auth tokens to KeyStore +use_keystore(fingerprintd) +allow fingerprintd keystore:keystore_key { add_auth }; + +# For permissions checking +binder_call(fingerprintd, system_server); +allow fingerprintd permission_service:service_manager find; + +allow fingerprintd ion_device:chr_file r_file_perms; diff --git a/prebuilts/api/30.0/public/flags_health_check.te b/prebuilts/api/30.0/public/flags_health_check.te new file mode 100644 index 000000000..6315d44e4 --- /dev/null +++ b/prebuilts/api/30.0/public/flags_health_check.te @@ -0,0 +1,35 @@ +# The flags_health_check command run by init. +type flags_health_check, domain, coredomain; +type flags_health_check_exec, system_file_type, exec_type, file_type; + +set_prop(flags_health_check, device_config_boot_count_prop) +set_prop(flags_health_check, device_config_reset_performed_prop) +set_prop(flags_health_check, device_config_runtime_native_boot_prop) +set_prop(flags_health_check, device_config_runtime_native_prop) +set_prop(flags_health_check, device_config_input_native_boot_prop) +set_prop(flags_health_check, device_config_netd_native_prop) +set_prop(flags_health_check, device_config_activity_manager_native_boot_prop) +set_prop(flags_health_check, device_config_media_native_prop) +set_prop(flags_health_check, device_config_storage_native_boot_prop) +set_prop(flags_health_check, device_config_sys_traced_prop) +set_prop(flags_health_check, device_config_window_manager_native_boot_prop) +set_prop(flags_health_check, device_config_configuration_prop) + +allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms; +allow flags_health_check server_configurable_flags_data_file:file create_file_perms; + +# system property device_config_boot_count_prop is used for deciding when to perform server +# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a +# wrong timing, trigger server configurable flag related disaster recovery, which will override +# server configured values of all flags with default values. +neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set; + +# system property device_config_reset_performed_prop is used for indicating whether server +# configurable flags have been reset during booting. Mistakenly modified by unrelated components can +# cause bad server configurable flags synced back to device. +neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set; + +# server_configurable_flags_data_file is used for storing whether server configurable flags which +# have been reset during current booting. Mistakenly modified by unrelated components can +# cause bad server configurable flags synced back to device. +neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms; diff --git a/prebuilts/api/30.0/public/fsck.te b/prebuilts/api/30.0/public/fsck.te new file mode 100644 index 000000000..7a9fbeef1 --- /dev/null +++ b/prebuilts/api/30.0/public/fsck.te @@ -0,0 +1,68 @@ +# Any fsck program run by init +type fsck, domain; +type fsck_exec, system_file_type, exec_type, file_type; + +# /dev/__null__ created by init prior to policy load, +# open fd inherited by fsck. +allow fsck tmpfs:chr_file { read write ioctl }; + +# Inherit and use pty created by android_fork_execvp_ext(). +allow fsck devpts:chr_file { read write ioctl getattr }; + +# Allow stdin/out back to vold +allow fsck vold:fd use; +allow fsck vold:fifo_file { read write getattr }; + +# Run fsck on certain block devices +allow fsck block_device:dir search; +allow fsck userdata_block_device:blk_file rw_file_perms; +allow fsck cache_block_device:blk_file rw_file_perms; +allow fsck dm_device:blk_file rw_file_perms; +userdebug_or_eng(` +allow fsck system_block_device:blk_file rw_file_perms; +') + +# For the block devices where we have ioctl access, +# allow at a minimum the following common fsck ioctls. +allowxperm fsck dev_type:blk_file ioctl { + BLKDISCARDZEROES + BLKROGET +}; + +# To determine if it is safe to run fsck on a filesystem, e2fsck +# must first determine if the filesystem is mounted. To do that, +# e2fsck scans through /proc/mounts and collects all the mounted +# block devices. With that information, it runs stat() on each block +# device, comparing the major and minor numbers to the filesystem +# passed in on the command line. If there is a match, then the filesystem +# is currently mounted and running fsck is dangerous. +# Allow stat access to all block devices so that fsck can compare +# major/minor values. +allow fsck dev_type:blk_file getattr; + +allow fsck { + proc_mounts + proc_swaps +}:file r_file_perms; +allow fsck rootfs:dir r_dir_perms; + +### +### neverallow rules +### + +# fsck should never be run on these block devices +neverallow fsck { + boot_block_device + frp_block_device + recovery_block_device + root_block_device + swap_block_device + system_block_device + userdebug_or_eng(`-system_block_device') + vold_device +}:blk_file no_rw_file_perms; + +# Only allow entry from init or vold via fsck binaries +neverallow { domain -init -vold } fsck:process transition; +neverallow * fsck:process dyntransition; +neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/public/fsck_untrusted.te b/prebuilts/api/30.0/public/fsck_untrusted.te new file mode 100644 index 000000000..8510c9424 --- /dev/null +++ b/prebuilts/api/30.0/public/fsck_untrusted.te @@ -0,0 +1,49 @@ +# Any fsck program run on untrusted block devices +type fsck_untrusted, domain; + +# Inherit and use pty created by android_fork_execvp_ext(). +allow fsck_untrusted devpts:chr_file { read write ioctl getattr }; + +# Allow stdin/out back to vold +allow fsck_untrusted vold:fd use; +allow fsck_untrusted vold:fifo_file { read write getattr }; + +# Run fsck on vold block devices +allow fsck_untrusted block_device:dir search; +allow fsck_untrusted vold_device:blk_file rw_file_perms; + +allow fsck_untrusted proc_mounts:file r_file_perms; + +# To determine if it is safe to run fsck on a filesystem, e2fsck +# must first determine if the filesystem is mounted. To do that, +# e2fsck scans through /proc/mounts and collects all the mounted +# block devices. With that information, it runs stat() on each block +# device, comparing the major and minor numbers to the filesystem +# passed in on the command line. If there is a match, then the filesystem +# is currently mounted and running fsck is dangerous. +# Allow stat access to all block devices so that fsck can compare +# major/minor values. +allow fsck_untrusted dev_type:blk_file getattr; + +### +### neverallow rules +### + +# Untrusted fsck should never be run on block devices holding sensitive data +neverallow fsck_untrusted { + boot_block_device + frp_block_device + metadata_block_device + recovery_block_device + root_block_device + swap_block_device + system_block_device + userdata_block_device + cache_block_device + dm_device +}:blk_file no_rw_file_perms; + +# Only allow entry from vold via fsck binaries +neverallow { domain -vold } fsck_untrusted:process transition; +neverallow * fsck_untrusted:process dyntransition; +neverallow fsck_untrusted { file_type fs_type -fsck_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/public/fwk_bufferhub.te b/prebuilts/api/30.0/public/fwk_bufferhub.te new file mode 100644 index 000000000..03486bd1e --- /dev/null +++ b/prebuilts/api/30.0/public/fwk_bufferhub.te @@ -0,0 +1,4 @@ +binder_call(hal_bufferhub_client, hal_bufferhub_server) +binder_call(hal_bufferhub_server, hal_bufferhub_client) + +hal_attribute_hwservice(hal_bufferhub, fwk_bufferhub_hwservice) diff --git a/prebuilts/api/30.0/public/gatekeeperd.te b/prebuilts/api/30.0/public/gatekeeperd.te new file mode 100644 index 000000000..dc46d0789 --- /dev/null +++ b/prebuilts/api/30.0/public/gatekeeperd.te @@ -0,0 +1,41 @@ +type gatekeeperd, domain; +type gatekeeperd_exec, system_file_type, exec_type, file_type; + +# gatekeeperd +binder_service(gatekeeperd) +binder_use(gatekeeperd) + +### Rules needed when Gatekeeper HAL runs inside gatekeeperd process. +### These rules should eventually be granted only when needed. +allow gatekeeperd ion_device:chr_file r_file_perms; +# Load HAL implementation +allow gatekeeperd system_file:dir r_dir_perms; +### + +### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process. +### These rules should eventually be granted only when needed. +hal_client_domain(gatekeeperd, hal_gatekeeper) +### + +# need to find KeyStore and add self +add_service(gatekeeperd, gatekeeper_service) + +# Need to add auth tokens to KeyStore +use_keystore(gatekeeperd) +allow gatekeeperd keystore:keystore_key { add_auth }; + +# For permissions checking +allow gatekeeperd system_server:binder call; +allow gatekeeperd permission_service:service_manager find; + +# for SID file access +allow gatekeeperd gatekeeper_data_file:dir rw_dir_perms; +allow gatekeeperd gatekeeper_data_file:file create_file_perms; + +# For hardware properties retrieval +allow gatekeeperd hardware_properties_service:service_manager find; + +# For checking whether GSI is running +get_prop(gatekeeperd, gsid_prop) + +r_dir_file(gatekeeperd, cgroup) diff --git a/prebuilts/api/30.0/public/global_macros b/prebuilts/api/30.0/public/global_macros new file mode 100644 index 000000000..2c87fde5e --- /dev/null +++ b/prebuilts/api/30.0/public/global_macros @@ -0,0 +1,51 @@ +##################################### +# Common groupings of object classes. +# +define(`capability_class_set', `{ capability capability2 cap_userns cap2_userns }') +define(`global_capability_class_set', `{ capability cap_userns }') +define(`global_capability2_class_set', `{ capability2 cap2_userns }') + +define(`devfile_class_set', `{ chr_file blk_file }') +define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }') +define(`file_class_set', `{ devfile_class_set notdevfile_class_set }') +define(`dir_file_class_set', `{ dir file_class_set }') + +define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket }') +define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }') +define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket sctp_socket }') +define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }') +define(`network_socket_class_set', `{ icmp_socket rawip_socket tcp_socket udp_socket }') + +define(`ipc_class_set', `{ sem msgq shm ipc }') + +##################################### +# Common groupings of permissions. +# +define(`x_file_perms', `{ getattr execute execute_no_trans map }') +define(`r_file_perms', `{ getattr open read ioctl lock map watch watch_reads }') +define(`w_file_perms', `{ open append write lock map }') +define(`rx_file_perms', `{ r_file_perms x_file_perms }') +define(`ra_file_perms', `{ r_file_perms append }') +define(`rw_file_perms', `{ r_file_perms w_file_perms }') +define(`rwx_file_perms', `{ rw_file_perms x_file_perms }') +define(`create_file_perms', `{ create rename setattr unlink rw_file_perms }') + +define(`r_dir_perms', `{ open getattr read search ioctl lock watch watch_reads }') +define(`w_dir_perms', `{ open search write add_name remove_name lock }') +define(`ra_dir_perms', `{ r_dir_perms add_name write }') +define(`rw_dir_perms', `{ r_dir_perms w_dir_perms }') +define(`create_dir_perms', `{ create reparent rename rmdir setattr rw_dir_perms }') + +define(`r_ipc_perms', `{ getattr read associate unix_read }') +define(`w_ipc_perms', `{ write unix_write }') +define(`rw_ipc_perms', `{ r_ipc_perms w_ipc_perms }') +define(`create_ipc_perms', `{ create setattr destroy rw_ipc_perms }') + +##################################### +# Common socket permission sets. +define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown map }') +define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown map }') +define(`create_socket_perms', `{ create rw_socket_perms }') +define(`create_socket_perms_no_ioctl', `{ create rw_socket_perms_no_ioctl }') +define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }') +define(`create_stream_socket_perms', `{ create rw_stream_socket_perms }') diff --git a/prebuilts/api/30.0/public/gmscore_app.te b/prebuilts/api/30.0/public/gmscore_app.te new file mode 100644 index 000000000..b574bf39c --- /dev/null +++ b/prebuilts/api/30.0/public/gmscore_app.te @@ -0,0 +1,5 @@ +### +### A domain for further sandboxing the PrebuiltGMSCore app. +### + +type gmscore_app, domain; diff --git a/prebuilts/api/30.0/public/gpuservice.te b/prebuilts/api/30.0/public/gpuservice.te new file mode 100644 index 000000000..c862d0b7f --- /dev/null +++ b/prebuilts/api/30.0/public/gpuservice.te @@ -0,0 +1,2 @@ +# gpuservice - server for gpu stats and other gpu related services +type gpuservice, domain; diff --git a/prebuilts/api/30.0/public/hal_allocator.te b/prebuilts/api/30.0/public/hal_allocator.te new file mode 100644 index 000000000..6417b6289 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_allocator.te @@ -0,0 +1,6 @@ +# HwBinder IPC from client to server +binder_call(hal_allocator_client, hal_allocator_server) + +hal_attribute_hwservice(hal_allocator, hidl_allocator_hwservice) +allow hal_allocator_client hidl_memory_hwservice:hwservice_manager find; +allow hal_allocator_client same_process_hal_file:file { execute read open getattr map }; diff --git a/prebuilts/api/30.0/public/hal_atrace.te b/prebuilts/api/30.0/public/hal_atrace.te new file mode 100644 index 000000000..51d9237f9 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_atrace.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_atrace_client, hal_atrace_server) + +hal_attribute_hwservice(hal_atrace, hal_atrace_hwservice) diff --git a/prebuilts/api/30.0/public/hal_audio.te b/prebuilts/api/30.0/public/hal_audio.te new file mode 100644 index 000000000..d54b2b250 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_audio.te @@ -0,0 +1,41 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_audio_client, hal_audio_server) +binder_call(hal_audio_server, hal_audio_client) + +hal_attribute_hwservice(hal_audio, hal_audio_hwservice) + +allow hal_audio ion_device:chr_file r_file_perms; + +r_dir_file(hal_audio, proc) +r_dir_file(hal_audio, proc_asound) +allow hal_audio_server audio_device:dir r_dir_perms; +allow hal_audio_server audio_device:chr_file rw_file_perms; + +# Needed to provide debug dump output via dumpsys' pipes. +allow hal_audio shell:fd use; +allow hal_audio shell:fifo_file write; +allow hal_audio dumpstate:fd use; +allow hal_audio dumpstate:fifo_file write; + +# Needed to allow sound trigger hal to access shared memory from apps. +allow hal_audio_server appdomain:fd use; + +# allow hal audio to use vnbinder +vndbinder_use(hal_audio) + +### +### neverallow rules +### + +# Should never execute any executable without a domain transition +neverallow hal_audio_server { file_type fs_type }:file execute_no_trans; + +# Should never need network access. +# Disallow network sockets. +neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *; + +# Only audio HAL may directly access the audio hardware +neverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *; + +get_prop(hal_audio, bluetooth_a2dp_offload_prop) +get_prop(hal_audio, bluetooth_audio_hal_prop) diff --git a/prebuilts/api/30.0/public/hal_audiocontrol.te b/prebuilts/api/30.0/public/hal_audiocontrol.te new file mode 100644 index 000000000..4a52b8954 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_audiocontrol.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_audiocontrol_client, hal_audiocontrol_server) +binder_call(hal_audiocontrol_server, hal_audiocontrol_client) + +hal_attribute_hwservice(hal_audiocontrol, hal_audiocontrol_hwservice) diff --git a/prebuilts/api/30.0/public/hal_authsecret.te b/prebuilts/api/30.0/public/hal_authsecret.te new file mode 100644 index 000000000..daf8d4877 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_authsecret.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_authsecret_client, hal_authsecret_server) + +hal_attribute_hwservice(hal_authsecret, hal_authsecret_hwservice) diff --git a/prebuilts/api/30.0/public/hal_bluetooth.te b/prebuilts/api/30.0/public/hal_bluetooth.te new file mode 100644 index 000000000..97177bad7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_bluetooth.te @@ -0,0 +1,32 @@ +# HwBinder IPC from clients into server, and callbacks +binder_call(hal_bluetooth_client, hal_bluetooth_server) +binder_call(hal_bluetooth_server, hal_bluetooth_client) + +hal_attribute_hwservice(hal_bluetooth, hal_bluetooth_hwservice) + +wakelock_use(hal_bluetooth); + +# The HAL toggles rfkill to power the chip off/on. +allow hal_bluetooth self:global_capability_class_set net_admin; + +# bluetooth factory file accesses. +r_dir_file(hal_bluetooth, bluetooth_efs_file) + +allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms; + +# sysfs access. +r_dir_file(hal_bluetooth, sysfs_type) +allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms; +allow hal_bluetooth self:global_capability2_class_set wake_alarm; + +# Allow write access to bluetooth-specific properties +set_prop(hal_bluetooth, bluetooth_a2dp_offload_prop) +set_prop(hal_bluetooth, bluetooth_audio_hal_prop) +set_prop(hal_bluetooth, bluetooth_prop) +set_prop(hal_bluetooth, exported_bluetooth_prop) + +# /proc access (bluesleep etc.). +allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms; + +# allow to run with real-time scheduling policy +allow hal_bluetooth self:global_capability_class_set sys_nice; diff --git a/prebuilts/api/30.0/public/hal_bootctl.te b/prebuilts/api/30.0/public/hal_bootctl.te new file mode 100644 index 000000000..be9975f89 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_bootctl.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_bootctl_client, hal_bootctl_server) +binder_call(hal_bootctl_server, hal_bootctl_client) + +hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice) diff --git a/prebuilts/api/30.0/public/hal_broadcastradio.te b/prebuilts/api/30.0/public/hal_broadcastradio.te new file mode 100644 index 000000000..84a25970f --- /dev/null +++ b/prebuilts/api/30.0/public/hal_broadcastradio.te @@ -0,0 +1,4 @@ +binder_call(hal_broadcastradio_client, hal_broadcastradio_server) +binder_call(hal_broadcastradio_server, hal_broadcastradio_client) + +hal_attribute_hwservice(hal_broadcastradio, hal_broadcastradio_hwservice) diff --git a/prebuilts/api/30.0/public/hal_camera.te b/prebuilts/api/30.0/public/hal_camera.te new file mode 100644 index 000000000..77216e4a3 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_camera.te @@ -0,0 +1,36 @@ +# HwBinder IPC from clients to server and callbacks +binder_call(hal_camera_client, hal_camera_server) +binder_call(hal_camera_server, hal_camera_client) + +hal_attribute_hwservice(hal_camera, hal_camera_hwservice) + +allow hal_camera device:dir r_dir_perms; +allow hal_camera video_device:dir r_dir_perms; +allow hal_camera video_device:chr_file rw_file_perms; +allow hal_camera camera_device:chr_file rw_file_perms; +allow hal_camera ion_device:chr_file rw_file_perms; +# Both the client and the server need to use the graphics allocator +allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use; + +# Allow hal_camera to use fd from app,gralloc,and ashmem HAL +allow hal_camera { appdomain -isolated_app }:fd use; +allow hal_camera surfaceflinger:fd use; +allow hal_camera hal_allocator_server:fd use; + +# Needed to provide debug dump output via dumpsys' pipes. +allow hal_camera shell:fd use; +allow hal_camera shell:fifo_file write; + +### +### neverallow rules +### + +# hal_camera should never execute any executable without a +# domain transition +neverallow hal_camera_server { file_type fs_type }:file execute_no_trans; + +# hal_camera should never need network access. Disallow network sockets. +neverallow hal_camera_server domain:{ tcp_socket udp_socket rawip_socket } *; + +# Only camera HAL may directly access the camera hardware +neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *; diff --git a/prebuilts/api/30.0/public/hal_can.te b/prebuilts/api/30.0/public/hal_can.te new file mode 100644 index 000000000..c75495b36 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_can.te @@ -0,0 +1,9 @@ +# CAN controller +binder_call(hal_can_controller_client, hal_can_controller_server) +add_hwservice(hal_can_controller_server, hal_can_controller_hwservice) +allow hal_can_controller_client hal_can_controller_hwservice:hwservice_manager find; + +# CAN bus +binder_call(hal_can_bus_client, hal_can_bus_server) +add_hwservice(hal_can_bus_server, hal_can_bus_hwservice) +allow hal_can_bus_client hal_can_bus_hwservice:hwservice_manager find; diff --git a/prebuilts/api/30.0/public/hal_cas.te b/prebuilts/api/30.0/public/hal_cas.te new file mode 100644 index 000000000..7de6a1353 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_cas.te @@ -0,0 +1,34 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_cas_client, hal_cas_server) +binder_call(hal_cas_server, hal_cas_client) + +hal_attribute_hwservice(hal_cas, hal_cas_hwservice) +allow hal_cas_server hidl_memory_hwservice:hwservice_manager find; + +# Permit reading device's serial number from system properties +get_prop(hal_cas_server, serialno_prop) + +# Read files already opened under /data +allow hal_cas system_data_file:file { getattr read }; + +# Read access to pseudo filesystems +r_dir_file(hal_cas, cgroup) +allow hal_cas cgroup:dir { search write }; +allow hal_cas cgroup:file w_file_perms; + +# Allow access to ion memory allocation device +allow hal_cas ion_device:chr_file rw_file_perms; +allow hal_cas hal_graphics_allocator:fd use; + +allow hal_cas tee_device:chr_file rw_file_perms; + +### +### neverallow rules +### + +# hal_cas should never execute any executable without a +# domain transition +neverallow hal_cas_server { file_type fs_type }:file execute_no_trans; + +# do not allow privileged socket ioctl commands +neverallowxperm hal_cas_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; diff --git a/prebuilts/api/30.0/public/hal_codec2.te b/prebuilts/api/30.0/public/hal_codec2.te new file mode 100644 index 000000000..8c7816a88 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_codec2.te @@ -0,0 +1,25 @@ +get_prop(hal_codec2_client, media_variant_prop) +get_prop(hal_codec2_server, media_variant_prop) + +binder_call(hal_codec2_client, hal_codec2_server) +binder_call(hal_codec2_server, hal_codec2_client) + +hal_attribute_hwservice(hal_codec2, hal_codec2_hwservice) + +# The following permissions are added to hal_codec2_server because vendor and +# vndk libraries provided for Codec2 implementation need them. + +# Allow server access to composer sync fences +allow hal_codec2_server hal_graphics_composer:fd use; + +# Allow both server and client access to ion +allow hal_codec2_server ion_device:chr_file r_file_perms; + +# Allow server access to camera HAL's fences +allow hal_codec2_server hal_camera:fd use; + +# Receive gralloc buffer FDs from bufferhubd. +allow hal_codec2_server bufferhubd:fd use; + +allow hal_codec2_client ion_device:chr_file r_file_perms; + diff --git a/prebuilts/api/30.0/public/hal_configstore.te b/prebuilts/api/30.0/public/hal_configstore.te new file mode 100644 index 000000000..069da4791 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_configstore.te @@ -0,0 +1,69 @@ +# HwBinder IPC from client to server +binder_call(hal_configstore_client, hal_configstore_server) + +hal_attribute_hwservice(hal_configstore, hal_configstore_ISurfaceFlingerConfigs) + +# hal_configstore runs with a strict seccomp filter. Use crash_dump's +# fallback path to collect crash data. +crash_dump_fallback(hal_configstore_server) + +### +### neverallow rules +### + +# Should never execute an executable without a domain transition +neverallow hal_configstore_server { file_type fs_type }:file execute_no_trans; + +# Should never need network access. Disallow sockets except for +# for unix stream/dgram sockets used for logging/debugging. +neverallow hal_configstore_server domain:{ + rawip_socket tcp_socket udp_socket + netlink_route_socket netlink_selinux_socket + socket netlink_socket packet_socket key_socket appletalk_socket + netlink_tcpdiag_socket netlink_nflog_socket + netlink_xfrm_socket netlink_audit_socket + netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket + netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket + netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket + netlink_rdma_socket netlink_crypto_socket +} *; +neverallow hal_configstore_server { + domain + -hal_configstore_server + -logd + userdebug_or_eng(`-su') + -tombstoned + userdebug_or_eng(`-heapprofd') + userdebug_or_eng(`-traced_perf') +}:{ unix_dgram_socket unix_stream_socket } *; + +# Should never need access to anything on /data +neverallow hal_configstore_server { + data_file_type + -anr_data_file # for crash dump collection + -tombstone_data_file # for crash dump collection + -zoneinfo_data_file # granted to domain + with_native_coverage(`-method_trace_data_file') +}:{ file fifo_file sock_file } *; + +# Should never need sdcard access +neverallow hal_configstore_server { + sdcard_type + fuse sdcardfs vfat exfat # manual expansion for completeness +}:dir ~getattr; +neverallow hal_configstore_server { + sdcard_type + fuse sdcardfs vfat exfat # manual expansion for completeness +}:file *; + +# Do not permit access to service_manager and vndservice_manager +neverallow hal_configstore_server *:service_manager *; + +# No privileged capabilities +neverallow hal_configstore_server self:capability_class_set *; + +# No ptracing other processes +neverallow hal_configstore_server *:process ptrace; + +# no relabeling +neverallow hal_configstore_server *:dir_file_class_set { relabelfrom relabelto }; diff --git a/prebuilts/api/30.0/public/hal_confirmationui.te b/prebuilts/api/30.0/public/hal_confirmationui.te new file mode 100644 index 000000000..5d2e4b7a1 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_confirmationui.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_confirmationui_client, hal_confirmationui_server) + +hal_attribute_hwservice(hal_confirmationui, hal_confirmationui_hwservice) diff --git a/prebuilts/api/30.0/public/hal_contexthub.te b/prebuilts/api/30.0/public/hal_contexthub.te new file mode 100644 index 000000000..34acb38d6 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_contexthub.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_contexthub_client, hal_contexthub_server) +binder_call(hal_contexthub_server, hal_contexthub_client) + +hal_attribute_hwservice(hal_contexthub, hal_contexthub_hwservice) diff --git a/prebuilts/api/30.0/public/hal_drm.te b/prebuilts/api/30.0/public/hal_drm.te new file mode 100644 index 000000000..598749134 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_drm.te @@ -0,0 +1,52 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_drm_client, hal_drm_server) +binder_call(hal_drm_server, hal_drm_client) + +hal_attribute_hwservice(hal_drm, hal_drm_hwservice) + +allow hal_drm hidl_memory_hwservice:hwservice_manager find; + +# Required by Widevine DRM (b/22990512) +allow hal_drm self:process execmem; + +# Permit reading device's serial number from system properties +get_prop(hal_drm, serialno_prop) + +# Read files already opened under /data +allow hal_drm system_data_file:file { getattr read }; + +# Read access to pseudo filesystems +r_dir_file(hal_drm, cgroup) +allow hal_drm cgroup:dir { search write }; +allow hal_drm cgroup:file w_file_perms; + +# Allow access to ion memory allocation device +allow hal_drm ion_device:chr_file rw_file_perms; +allow hal_drm hal_graphics_allocator:fd use; + +# Allow access to hidl_memory allocation service +allow hal_drm hal_allocator_server:fd use; + +# Allow access to fds allocated by mediaserver +allow hal_drm mediaserver:fd use; + +allow hal_drm sysfs:file r_file_perms; + +allow hal_drm tee_device:chr_file rw_file_perms; + +allow hal_drm_server { appdomain -isolated_app }:fd use; + +# only allow unprivileged socket ioctl commands +allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket } + ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; + +### +### neverallow rules +### + +# hal_drm should never execute any executable without a +# domain transition +neverallow hal_drm_server { file_type fs_type }:file execute_no_trans; + +# do not allow privileged socket ioctl commands +neverallowxperm hal_drm_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; diff --git a/prebuilts/api/30.0/public/hal_dumpstate.te b/prebuilts/api/30.0/public/hal_dumpstate.te new file mode 100644 index 000000000..b7676ed29 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_dumpstate.te @@ -0,0 +1,10 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_dumpstate_client, hal_dumpstate_server) +binder_call(hal_dumpstate_server, hal_dumpstate_client) + +hal_attribute_hwservice(hal_dumpstate, hal_dumpstate_hwservice) + +# write bug reports in /data/data/com.android.shell/files/bugreports/bugreport +allow hal_dumpstate shell_data_file:file write; +# allow reading /proc/interrupts for all hal impls +allow hal_dumpstate proc_interrupts:file r_file_perms; diff --git a/prebuilts/api/30.0/public/hal_evs.te b/prebuilts/api/30.0/public/hal_evs.te new file mode 100644 index 000000000..789333af7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_evs.te @@ -0,0 +1,5 @@ +hwbinder_use(hal_evs_client) +hwbinder_use(hal_evs_server) +binder_call(hal_evs_client, hal_evs_server) +binder_call(hal_evs_server, hal_evs_client) +hal_attribute_hwservice(hal_evs, hal_evs_hwservice) diff --git a/prebuilts/api/30.0/public/hal_face.te b/prebuilts/api/30.0/public/hal_face.te new file mode 100644 index 000000000..b25058642 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_face.te @@ -0,0 +1,12 @@ +# Allow HwBinder IPC from client to server, and vice versa for callbacks. +binder_call(hal_face_client, hal_face_server) +binder_call(hal_face_server, hal_face_client) + +hal_attribute_hwservice(hal_face, hal_face_hwservice) + +# Allow access to the ion memory allocation device. +allow hal_face ion_device:chr_file r_file_perms; + +# Allow read/write access to the face template directory. +allow hal_face face_vendor_data_file:file create_file_perms; +allow hal_face face_vendor_data_file:dir rw_dir_perms; diff --git a/prebuilts/api/30.0/public/hal_fingerprint.te b/prebuilts/api/30.0/public/hal_fingerprint.te new file mode 100644 index 000000000..b673e291b --- /dev/null +++ b/prebuilts/api/30.0/public/hal_fingerprint.te @@ -0,0 +1,16 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_fingerprint_client, hal_fingerprint_server) +binder_call(hal_fingerprint_server, hal_fingerprint_client) + +hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice) + +# For memory allocation +allow hal_fingerprint ion_device:chr_file r_file_perms; + +allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms }; +allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms; + +r_dir_file(hal_fingerprint, cgroup) +r_dir_file(hal_fingerprint, sysfs) + + diff --git a/prebuilts/api/30.0/public/hal_gatekeeper.te b/prebuilts/api/30.0/public/hal_gatekeeper.te new file mode 100644 index 000000000..b918f88a2 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_gatekeeper.te @@ -0,0 +1,7 @@ +binder_call(hal_gatekeeper_client, hal_gatekeeper_server) + +hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice) + +# TEE access. +allow hal_gatekeeper tee_device:chr_file rw_file_perms; +allow hal_gatekeeper ion_device:chr_file r_file_perms; diff --git a/prebuilts/api/30.0/public/hal_gnss.te b/prebuilts/api/30.0/public/hal_gnss.te new file mode 100644 index 000000000..9bfc4ec36 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_gnss.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_gnss_client, hal_gnss_server) +binder_call(hal_gnss_server, hal_gnss_client) + +hal_attribute_hwservice(hal_gnss, hal_gnss_hwservice) diff --git a/prebuilts/api/30.0/public/hal_graphics_allocator.te b/prebuilts/api/30.0/public/hal_graphics_allocator.te new file mode 100644 index 000000000..991e147c7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_graphics_allocator.te @@ -0,0 +1,13 @@ +# HwBinder IPC from client to server +binder_call(hal_graphics_allocator_client, hal_graphics_allocator_server) + +hal_attribute_hwservice(hal_graphics_allocator, hal_graphics_allocator_hwservice) +allow hal_graphics_allocator_client hal_graphics_mapper_hwservice:hwservice_manager find; +allow hal_graphics_allocator_client same_process_hal_file:file { execute read open getattr map }; + +# GPU device access +allow hal_graphics_allocator gpu_device:chr_file rw_file_perms; +allow hal_graphics_allocator ion_device:chr_file r_file_perms; + +# allow to run with real-time scheduling policy +allow hal_graphics_allocator self:global_capability_class_set sys_nice; diff --git a/prebuilts/api/30.0/public/hal_graphics_composer.te b/prebuilts/api/30.0/public/hal_graphics_composer.te new file mode 100644 index 000000000..cb4a1307f --- /dev/null +++ b/prebuilts/api/30.0/public/hal_graphics_composer.te @@ -0,0 +1,31 @@ +type hal_graphics_composer_server_tmpfs, file_type; +attribute hal_graphics_composer_client_tmpfs; +expandattribute hal_graphics_composer_client_tmpfs true; + +# HwBinder IPC from client to server, and callbacks +binder_call(hal_graphics_composer_client, hal_graphics_composer_server) +binder_call(hal_graphics_composer_server, hal_graphics_composer_client) +allow hal_graphics_composer_client hal_graphics_composer_server_tmpfs:file { getattr map read write }; +allow hal_graphics_composer_server hal_graphics_composer_client_tmpfs:file { getattr map read write }; + +hal_attribute_hwservice(hal_graphics_composer, hal_graphics_composer_hwservice) + +# Coordinate with hal_graphics_mapper +allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find; + +# GPU device access +allow hal_graphics_composer gpu_device:chr_file rw_file_perms; +allow hal_graphics_composer ion_device:chr_file r_file_perms; +allow hal_graphics_composer hal_graphics_allocator:fd use; + +# Access /dev/graphics/fb0. +allow hal_graphics_composer graphics_device:dir search; +allow hal_graphics_composer graphics_device:chr_file rw_file_perms; + +# Fences +allow hal_graphics_composer system_server:fd use; +allow hal_graphics_composer bootanim:fd use; +allow hal_graphics_composer appdomain:fd use; + +# allow self to set SCHED_FIFO +allow hal_graphics_composer self:global_capability_class_set sys_nice; diff --git a/prebuilts/api/30.0/public/hal_health.te b/prebuilts/api/30.0/public/hal_health.te new file mode 100644 index 000000000..dc7d0836e --- /dev/null +++ b/prebuilts/api/30.0/public/hal_health.te @@ -0,0 +1,27 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_health_client, hal_health_server) +binder_call(hal_health_server, hal_health_client) + +hal_attribute_hwservice(hal_health, hal_health_hwservice) + +# Common rules for a health service. + +# Allow to listen to uevents for updates +allow hal_health_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Allow to read /sys/class/power_supply directory +allow hal_health_server sysfs:dir r_dir_perms; + +# Allow to read files under /sys/class/power_supply. Implementations typically have symlinks +# to vendor specific files. Vendors should mark sysfs_batteryinfo on all files read by health +# HAL service. +r_dir_file(hal_health_server, sysfs_batteryinfo) + +# Allow to wake up to send periodic events +wakelock_use(hal_health_server) + +# Write to /dev/kmsg +allow hal_health_server kmsg_device:chr_file { getattr w_file_perms }; + +# Allow to use timerfd to wake itself up periodically to send health info. +allow hal_health_server self:capability2 wake_alarm; diff --git a/prebuilts/api/30.0/public/hal_health_storage.te b/prebuilts/api/30.0/public/hal_health_storage.te new file mode 100644 index 000000000..61e609b68 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_health_storage.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_health_storage_client, hal_health_storage_server) +binder_call(hal_health_storage_server, hal_health_storage_client) + +hal_attribute_hwservice(hal_health_storage, hal_health_storage_hwservice) diff --git a/prebuilts/api/30.0/public/hal_identity.te b/prebuilts/api/30.0/public/hal_identity.te new file mode 100644 index 000000000..3a95743c2 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_identity.te @@ -0,0 +1,7 @@ +# HwBinder IPC from client to server +binder_call(hal_identity_client, hal_identity_server) + +add_service(hal_identity_server, hal_identity_service) +binder_call(hal_identity_server, servicemanager) + +allow hal_identity_client hal_identity_service:service_manager find; diff --git a/prebuilts/api/30.0/public/hal_input_classifier.te b/prebuilts/api/30.0/public/hal_input_classifier.te new file mode 100644 index 000000000..70a4b7deb --- /dev/null +++ b/prebuilts/api/30.0/public/hal_input_classifier.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_input_classifier_client, hal_input_classifier_server) + +hal_attribute_hwservice(hal_input_classifier, hal_input_classifier_hwservice) diff --git a/prebuilts/api/30.0/public/hal_ir.te b/prebuilts/api/30.0/public/hal_ir.te new file mode 100644 index 000000000..29555f74c --- /dev/null +++ b/prebuilts/api/30.0/public/hal_ir.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_ir_client, hal_ir_server) +binder_call(hal_ir_server, hal_ir_client) + +hal_attribute_hwservice(hal_ir, hal_ir_hwservice) diff --git a/prebuilts/api/30.0/public/hal_keymaster.te b/prebuilts/api/30.0/public/hal_keymaster.te new file mode 100644 index 000000000..3e164ade9 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_keymaster.te @@ -0,0 +1,7 @@ +# HwBinder IPC from client to server +binder_call(hal_keymaster_client, hal_keymaster_server) + +hal_attribute_hwservice(hal_keymaster, hal_keymaster_hwservice) + +allow hal_keymaster tee_device:chr_file rw_file_perms; +allow hal_keymaster ion_device:chr_file r_file_perms; diff --git a/prebuilts/api/30.0/public/hal_light.te b/prebuilts/api/30.0/public/hal_light.te new file mode 100644 index 000000000..7054d7b32 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_light.te @@ -0,0 +1,19 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_light_client, hal_light_server) +binder_call(hal_light_server, hal_light_client) + +hal_attribute_hwservice(hal_light, hal_light_hwservice) + +# client finds and uses server via service_manager +allow hal_light_client hal_light_service:service_manager find; +binder_use(hal_light_client) + +# server adds itself via service_manager +add_service(hal_light_server, hal_light_service) +binder_call(hal_light_server, servicemanager) + +allow hal_light_server dumpstate:fifo_file write; + +allow hal_light sysfs_leds:lnk_file read; +allow hal_light sysfs_leds:file rw_file_perms; +allow hal_light sysfs_leds:dir r_dir_perms; diff --git a/prebuilts/api/30.0/public/hal_lowpan.te b/prebuilts/api/30.0/public/hal_lowpan.te new file mode 100644 index 000000000..6fb95e943 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_lowpan.te @@ -0,0 +1,20 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_lowpan_client, hal_lowpan_server) +binder_call(hal_lowpan_server, hal_lowpan_client) + + +# Allow hal_lowpan_client to be able to find the hal_lowpan_server +hal_attribute_hwservice(hal_lowpan, hal_lowpan_hwservice) + +# hal_lowpan domain can write/read to/from lowpan_prop +set_prop(hal_lowpan_server, lowpan_prop) + +# Allow hal_lowpan_server to open lowpan_devices +allow hal_lowpan_server lowpan_device:chr_file rw_file_perms; + +### +### neverallow rules +### + +# Only LoWPAN HAL may directly access LoWPAN hardware +neverallow { domain -hal_lowpan_server -init -ueventd } lowpan_device:chr_file ~getattr; diff --git a/prebuilts/api/30.0/public/hal_memtrack.te b/prebuilts/api/30.0/public/hal_memtrack.te new file mode 100644 index 000000000..ed93a29a4 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_memtrack.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_memtrack_client, hal_memtrack_server) + +hal_attribute_hwservice(hal_memtrack, hal_memtrack_hwservice) diff --git a/prebuilts/api/30.0/public/hal_neuralnetworks.te b/prebuilts/api/30.0/public/hal_neuralnetworks.te new file mode 100644 index 000000000..f8d6ff5a7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_neuralnetworks.te @@ -0,0 +1,27 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server) +binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client) + +hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice) +allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find; +allow hal_neuralnetworks hal_allocator:fd use; +allow hal_neuralnetworks hal_graphics_mapper_hwservice:hwservice_manager find; +allow hal_neuralnetworks hal_graphics_allocator:fd use; + +# Allow NN HAL service to use a client-provided fd residing in /data/data/. +allow hal_neuralnetworks_server app_data_file:file { read write getattr map }; +allow hal_neuralnetworks_server privapp_data_file:file { read write getattr map }; + +# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/. +allow hal_neuralnetworks_server shell_data_file:file { read write getattr map }; + +# Allow NN HAL service to read a client-provided ION memory fd. +allow hal_neuralnetworks_server ion_device:chr_file r_file_perms; + +# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product +# property to determine whether to deny NNAPI extensions use for apps +# on product partition (apps in GSI are not allowed to use NNAPI extensions). +get_prop(hal_neuralnetworks_client, nnapi_ext_deny_product_prop); +# This property is only expected to be found in /product/build.prop, +# allow to be set only by init. +neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set; diff --git a/prebuilts/api/30.0/public/hal_neverallows.te b/prebuilts/api/30.0/public/hal_neverallows.te new file mode 100644 index 000000000..411787826 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_neverallows.te @@ -0,0 +1,61 @@ +# only HALs responsible for network hardware should have privileged +# network capabilities +neverallow { + halserverdomain + -hal_bluetooth_server + -hal_can_controller_server + -hal_wifi_server + -hal_wifi_hostapd_server + -hal_wifi_supplicant_server + -hal_telephony_server +} self:global_capability_class_set { net_admin net_raw }; + +# Unless a HAL's job is to communicate over the network, or control network +# hardware, it should not be using network sockets. +# NOTE: HALs for automotive devices have an exemption from this rule because in +# a car it is common to have external modules and HALs need to communicate to +# those modules using network. Using this exemption for non-automotive builds +# will result in CTS failure. +neverallow { + halserverdomain + -hal_automotive_socket_exemption + -hal_can_controller_server + -hal_tetheroffload_server + -hal_wifi_server + -hal_wifi_hostapd_server + -hal_wifi_supplicant_server + -hal_telephony_server +} domain:{ tcp_socket udp_socket rawip_socket } *; + +### +# HALs are defined as an attribute and so a given domain could hypothetically +# have multiple HALs in it (or even all of them) with the subsequent policy of +# the domain comprised of the union of all the HALs. +# +# This is a problem because +# 1) Security sensitive components should only be accessed by specific HALs. +# 2) hwbinder_call and the restrictions it provides cannot be reasoned about in +# the platform. +# 3) The platform cannot reason about defense in depth if there are +# monolithic domains etc. +# +# As an example, hal_keymaster and hal_gatekeeper can access the TEE and while +# its OK for them to share a process its not OK with them to share processes +# with other hals. +# +# The following neverallow rules, in conjuntion with CTS tests, assert that +# these security principles are adhered to. +# +# Do not allow a hal to exec another process without a domain transition. +# TODO remove exemptions. +neverallow { + halserverdomain + -hal_dumpstate_server + -hal_telephony_server +} { file_type fs_type }:file execute_no_trans; +# Do not allow a process other than init to transition into a HAL domain. +neverallow { domain -init } halserverdomain:process transition; +# Only allow transitioning to a domain by running its executable. Do not +# allow transitioning into a HAL domain by use of seclabel in an +# init.*.rc script. +neverallow * halserverdomain:process dyntransition; diff --git a/prebuilts/api/30.0/public/hal_nfc.te b/prebuilts/api/30.0/public/hal_nfc.te new file mode 100644 index 000000000..7cef4a17d --- /dev/null +++ b/prebuilts/api/30.0/public/hal_nfc.te @@ -0,0 +1,11 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_nfc_client, hal_nfc_server) +binder_call(hal_nfc_server, hal_nfc_client) + +hal_attribute_hwservice(hal_nfc, hal_nfc_hwservice) + +# Set NFC properties (used by bcm2079x HAL). +set_prop(hal_nfc, nfc_prop) + +# NFC device access. +allow hal_nfc nfc_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/public/hal_oemlock.te b/prebuilts/api/30.0/public/hal_oemlock.te new file mode 100644 index 000000000..26b2b4265 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_oemlock.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_oemlock_client, hal_oemlock_server) + +hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice) diff --git a/prebuilts/api/30.0/public/hal_omx.te b/prebuilts/api/30.0/public/hal_omx.te new file mode 100644 index 000000000..8e74383d3 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_omx.te @@ -0,0 +1,49 @@ +# applies all permissions to hal_omx NOT hal_omx_server +# since OMX must always be in its own process. + +binder_call(hal_omx_server, binderservicedomain) +binder_call(hal_omx_server, { appdomain -isolated_app }) + +# Allow hal_omx_server access to composer sync fences +allow hal_omx_server hal_graphics_composer:fd use; + +allow hal_omx_server ion_device:chr_file rw_file_perms; +allow hal_omx_server hal_camera:fd use; + +crash_dump_fallback(hal_omx_server) + +# Recieve gralloc buffer FDs from bufferhubd. Note that hal_omx_server never +# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge +# between those two: it talks to hal_omx_server via Binder and talks to bufferhubd +# via PDX. Thus, there is no need to use pdx_client macro. +allow hal_omx_server bufferhubd:fd use; + +hal_attribute_hwservice(hal_omx, hal_omx_hwservice) + +allow hal_omx_client hidl_token_hwservice:hwservice_manager find; + +get_prop(hal_omx_client, media_variant_prop) +get_prop(hal_omx_server, media_variant_prop) + +binder_call(hal_omx_client, hal_omx_server) +binder_call(hal_omx_server, hal_omx_client) + +### +### neverallow rules +### + +# hal_omx_server should never execute any executable without a +# domain transition +neverallow hal_omx_server { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow hal_omx_server domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/hal_power.te b/prebuilts/api/30.0/public/hal_power.te new file mode 100644 index 000000000..c94771b57 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_power.te @@ -0,0 +1,10 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_power_client, hal_power_server) +binder_call(hal_power_server, hal_power_client) + +hal_attribute_hwservice(hal_power, hal_power_hwservice) + +add_service(hal_power_server, hal_power_service) +binder_call(hal_power_server, servicemanager) +binder_call(hal_power_client, servicemanager) +allow hal_power_client hal_power_service:service_manager find; diff --git a/prebuilts/api/30.0/public/hal_power_stats.te b/prebuilts/api/30.0/public/hal_power_stats.te new file mode 100644 index 000000000..2c04008bd --- /dev/null +++ b/prebuilts/api/30.0/public/hal_power_stats.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_power_stats_client, hal_power_stats_server) +binder_call(hal_power_stats_server, hal_power_stats_client) + +hal_attribute_hwservice(hal_power_stats, hal_power_stats_hwservice) diff --git a/prebuilts/api/30.0/public/hal_rebootescrow.te b/prebuilts/api/30.0/public/hal_rebootescrow.te new file mode 100644 index 000000000..4352630ba --- /dev/null +++ b/prebuilts/api/30.0/public/hal_rebootescrow.te @@ -0,0 +1,7 @@ +# HwBinder IPC from client to server +binder_call(hal_rebootescrow_client, hal_rebootescrow_server) + +add_service(hal_rebootescrow_server, hal_rebootescrow_service) +binder_use(hal_rebootescrow_server) + +allow hal_rebootescrow_client hal_rebootescrow_service:service_manager find; diff --git a/prebuilts/api/30.0/public/hal_secure_element.te b/prebuilts/api/30.0/public/hal_secure_element.te new file mode 100644 index 000000000..3724d35b0 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_secure_element.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_secure_element_client, hal_secure_element_server) +binder_call(hal_secure_element_server, hal_secure_element_client) + +hal_attribute_hwservice(hal_secure_element, hal_secure_element_hwservice) diff --git a/prebuilts/api/30.0/public/hal_sensors.te b/prebuilts/api/30.0/public/hal_sensors.te new file mode 100644 index 000000000..06e76f1e1 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_sensors.te @@ -0,0 +1,14 @@ +# HwBinder IPC from client to server +binder_call(hal_sensors_client, hal_sensors_server) + +hal_attribute_hwservice(hal_sensors, hal_sensors_hwservice) + +# Allow sensor hals to access ashmem memory allocated by apps +allow hal_sensors { appdomain -isolated_app }:fd use; + +# Allow sensor hals to access ashmem memory allocated by android.hidl.allocator +# fd is passed in from framework sensorservice HAL. +allow hal_sensors hal_allocator:fd use; + +# allow to run with real-time scheduling policy +allow hal_sensors self:global_capability_class_set sys_nice; diff --git a/prebuilts/api/30.0/public/hal_telephony.te b/prebuilts/api/30.0/public/hal_telephony.te new file mode 100644 index 000000000..3e4b65dfa --- /dev/null +++ b/prebuilts/api/30.0/public/hal_telephony.te @@ -0,0 +1,42 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_telephony_client, hal_telephony_server) +binder_call(hal_telephony_server, hal_telephony_client) + +hal_attribute_hwservice(hal_telephony, hal_telephony_hwservice) + +allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls; + +allow hal_telephony_server self:netlink_route_socket nlmsg_write; +allow hal_telephony_server kernel:system module_request; +allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw }; +allow hal_telephony_server cgroup:dir create_dir_perms; +allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms; +allow hal_telephony_server radio_device:chr_file rw_file_perms; +allow hal_telephony_server radio_device:blk_file r_file_perms; +allow hal_telephony_server efs_file:dir create_dir_perms; +allow hal_telephony_server efs_file:file create_file_perms; +allow hal_telephony_server vendor_shell_exec:file rx_file_perms; +allow hal_telephony_server bluetooth_efs_file:file r_file_perms; +allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms; + +# property service +set_prop(hal_telephony_server, radio_prop) +set_prop(hal_telephony_server, exported_radio_prop) +set_prop(hal_telephony_server, exported2_radio_prop) +set_prop(hal_telephony_server, exported3_radio_prop) + +allow hal_telephony_server tty_device:chr_file rw_file_perms; + +# Allow hal_telephony_server to create and use netlink sockets. +allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl; +allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl; +allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Access to wake locks +wakelock_use(hal_telephony_server) + +r_dir_file(hal_telephony_server, proc_net_type) +r_dir_file(hal_telephony_server, sysfs_type) + +# granting the ioctl permission for hal_telephony_server should be device specific +allow hal_telephony_server self:socket create_socket_perms_no_ioctl; diff --git a/prebuilts/api/30.0/public/hal_tetheroffload.te b/prebuilts/api/30.0/public/hal_tetheroffload.te new file mode 100644 index 000000000..cf5172366 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_tetheroffload.te @@ -0,0 +1,8 @@ +## HwBinder IPC from client to server, and callbacks +binder_call(hal_tetheroffload_client, hal_tetheroffload_server) +binder_call(hal_tetheroffload_server, hal_tetheroffload_client) + +hal_attribute_hwservice(hal_tetheroffload, hal_tetheroffload_hwservice) + +# allow the client to pass the server already open netlink sockets +allow hal_tetheroffload_server hal_tetheroffload_client:netlink_netfilter_socket { getattr read setopt write }; diff --git a/prebuilts/api/30.0/public/hal_thermal.te b/prebuilts/api/30.0/public/hal_thermal.te new file mode 100644 index 000000000..2115da1b9 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_thermal.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_thermal_client, hal_thermal_server) +binder_call(hal_thermal_server, hal_thermal_client) + +hal_attribute_hwservice(hal_thermal, hal_thermal_hwservice) diff --git a/prebuilts/api/30.0/public/hal_tv_cec.te b/prebuilts/api/30.0/public/hal_tv_cec.te new file mode 100644 index 000000000..658490474 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_tv_cec.te @@ -0,0 +1,5 @@ +# HwBinder IPC from clients into server, and callbacks +binder_call(hal_tv_cec_client, hal_tv_cec_server) +binder_call(hal_tv_cec_server, hal_tv_cec_client) + +hal_attribute_hwservice(hal_tv_cec, hal_tv_cec_hwservice) diff --git a/prebuilts/api/30.0/public/hal_tv_input.te b/prebuilts/api/30.0/public/hal_tv_input.te new file mode 100644 index 000000000..5a5bdda16 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_tv_input.te @@ -0,0 +1,5 @@ +# HwBinder IPC from clients into server, and callbacks +binder_call(hal_tv_input_client, hal_tv_input_server) +binder_call(hal_tv_input_server, hal_tv_input_client) + +hal_attribute_hwservice(hal_tv_input, hal_tv_input_hwservice) diff --git a/prebuilts/api/30.0/public/hal_tv_tuner.te b/prebuilts/api/30.0/public/hal_tv_tuner.te new file mode 100644 index 000000000..0da4ec704 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_tv_tuner.te @@ -0,0 +1,4 @@ +binder_call(hal_tv_tuner_client, hal_tv_tuner_server) +binder_call(hal_tv_tuner_server, hal_tv_tuner_client) + +hal_attribute_hwservice(hal_tv_tuner, hal_tv_tuner_hwservice) diff --git a/prebuilts/api/30.0/public/hal_usb.te b/prebuilts/api/30.0/public/hal_usb.te new file mode 100644 index 000000000..38bc49a21 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_usb.te @@ -0,0 +1,18 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_usb_client, hal_usb_server) +binder_call(hal_usb_server, hal_usb_client) + +hal_attribute_hwservice(hal_usb, hal_usb_hwservice) + +allow hal_usb self:netlink_kobject_uevent_socket create; +allow hal_usb self:netlink_kobject_uevent_socket setopt; +allow hal_usb self:netlink_kobject_uevent_socket getopt; +allow hal_usb self:netlink_kobject_uevent_socket bind; +allow hal_usb self:netlink_kobject_uevent_socket read; +allow hal_usb sysfs:dir open; +allow hal_usb sysfs:dir read; +allow hal_usb sysfs:file read; +allow hal_usb sysfs:file open; +allow hal_usb sysfs:file write; +allow hal_usb sysfs:file getattr; + diff --git a/prebuilts/api/30.0/public/hal_usb_gadget.te b/prebuilts/api/30.0/public/hal_usb_gadget.te new file mode 100644 index 000000000..a474652f7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_usb_gadget.te @@ -0,0 +1,13 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_usb_gadget_client, hal_usb_gadget_server) +binder_call(hal_usb_gadget_server, hal_usb_gadget_client) + +hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice) + +# Configuring usb gadget functions +allow hal_usb_gadget_server configfs:lnk_file { read create unlink}; +allow hal_usb_gadget_server configfs:dir rw_dir_perms; +allow hal_usb_gadget_server configfs:file create_file_perms; +allow hal_usb_gadget_server functionfs:dir { read search }; +allow hal_usb_gadget_server functionfs:file read; + diff --git a/prebuilts/api/30.0/public/hal_vehicle.te b/prebuilts/api/30.0/public/hal_vehicle.te new file mode 100644 index 000000000..6855d1469 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_vehicle.te @@ -0,0 +1,6 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_vehicle_client, hal_vehicle_server) +binder_call(hal_vehicle_server, hal_vehicle_client) + + +hal_attribute_hwservice(hal_vehicle, hal_vehicle_hwservice) diff --git a/prebuilts/api/30.0/public/hal_vibrator.te b/prebuilts/api/30.0/public/hal_vibrator.te new file mode 100644 index 000000000..a34621d37 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_vibrator.te @@ -0,0 +1,16 @@ +# HwBinder IPC client/server +binder_call(hal_vibrator_client, hal_vibrator_server) +binder_call(hal_vibrator_server, hal_vibrator_client); + +hal_attribute_hwservice(hal_vibrator, hal_vibrator_hwservice) + +add_service(hal_vibrator_server, hal_vibrator_service) +binder_call(hal_vibrator_server, servicemanager) + +allow hal_vibrator_client hal_vibrator_service:service_manager find; + +allow hal_vibrator_server dumpstate:fifo_file write; + +# vibrator sysfs rw access +allow hal_vibrator sysfs_vibrator:file rw_file_perms; +allow hal_vibrator sysfs_vibrator:dir search; diff --git a/prebuilts/api/30.0/public/hal_vr.te b/prebuilts/api/30.0/public/hal_vr.te new file mode 100644 index 000000000..e52c77fba --- /dev/null +++ b/prebuilts/api/30.0/public/hal_vr.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_vr_client, hal_vr_server) +binder_call(hal_vr_server, hal_vr_client) + +hal_attribute_hwservice(hal_vr, hal_vr_hwservice) diff --git a/prebuilts/api/30.0/public/hal_weaver.te b/prebuilts/api/30.0/public/hal_weaver.te new file mode 100644 index 000000000..36d1306e2 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_weaver.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_weaver_client, hal_weaver_server) + +hal_attribute_hwservice(hal_weaver, hal_weaver_hwservice) diff --git a/prebuilts/api/30.0/public/hal_wifi.te b/prebuilts/api/30.0/public/hal_wifi.te new file mode 100644 index 000000000..ecc13597a --- /dev/null +++ b/prebuilts/api/30.0/public/hal_wifi.te @@ -0,0 +1,31 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_wifi_client, hal_wifi_server) +binder_call(hal_wifi_server, hal_wifi_client) + +hal_attribute_hwservice(hal_wifi, hal_wifi_hwservice) + +r_dir_file(hal_wifi, proc_net_type) +r_dir_file(hal_wifi, sysfs_type) + +set_prop(hal_wifi, exported_wifi_prop) +set_prop(hal_wifi, wifi_prop) + +# allow hal wifi set interfaces up and down and get the factory MAC +allow hal_wifi self:udp_socket create_socket_perms; +allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL }; + +allow hal_wifi self:global_capability_class_set { net_admin net_raw }; +# allow hal_wifi to speak to nl80211 in the kernel +allow hal_wifi self:netlink_socket create_socket_perms_no_ioctl; +# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets +allow hal_wifi self:netlink_generic_socket create_socket_perms_no_ioctl; +# hal_wifi writes firmware paths to this file. +allow hal_wifi sysfs_wlan_fwpath:file { w_file_perms }; +# allow hal_wifi to access /proc/modules to check if Wi-Fi driver is loaded +allow hal_wifi proc_modules:file { getattr open read }; +# Allow hal_wifi to send dump info to dumpstate +allow hal_wifi dumpstate:fifo_file write; + +# allow hal_wifi to write into /data/vendor/tombstones/wifi +allow hal_wifi_server tombstone_wifi_data_file:dir rw_dir_perms; +allow hal_wifi_server tombstone_wifi_data_file:file create_file_perms; diff --git a/prebuilts/api/30.0/public/hal_wifi_hostapd.te b/prebuilts/api/30.0/public/hal_wifi_hostapd.te new file mode 100644 index 000000000..12d72b649 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_wifi_hostapd.te @@ -0,0 +1,27 @@ +# HwBinder IPC from client to server +binder_call(hal_wifi_hostapd_client, hal_wifi_hostapd_server) +binder_call(hal_wifi_hostapd_server, hal_wifi_hostapd_client) + +hal_attribute_hwservice(hal_wifi_hostapd, hal_wifi_hostapd_hwservice) + +allow hal_wifi_hostapd_server self:global_capability_class_set { net_admin net_raw }; + +allow hal_wifi_hostapd_server sysfs_net:dir search; + +# Allow hal_wifi_hostapd to access /proc/net/psched +allow hal_wifi_hostapd_server proc_net_type:file { getattr open read }; + +# Various socket permissions. +allowxperm hal_wifi_hostapd_server self:udp_socket ioctl priv_sock_ioctls; +allow hal_wifi_hostapd_server self:netlink_socket create_socket_perms_no_ioctl; +allow hal_wifi_hostapd_server self:netlink_generic_socket create_socket_perms_no_ioctl; +allow hal_wifi_hostapd_server self:packet_socket create_socket_perms_no_ioctl; +allow hal_wifi_hostapd_server self:netlink_route_socket nlmsg_write; + +### +### neverallow rules +### + +# hal_wifi_hostapd should not trust any data from sdcards +neverallow hal_wifi_hostapd_server sdcard_type:dir ~getattr; +neverallow hal_wifi_hostapd_server sdcard_type:file *; diff --git a/prebuilts/api/30.0/public/hal_wifi_supplicant.te b/prebuilts/api/30.0/public/hal_wifi_supplicant.te new file mode 100644 index 000000000..6004c3327 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_wifi_supplicant.te @@ -0,0 +1,28 @@ +# HwBinder IPC from client to server +binder_call(hal_wifi_supplicant_client, hal_wifi_supplicant_server) +binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client) + +hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice) + +# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls. +allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls; + +r_dir_file(hal_wifi_supplicant, sysfs_type) +r_dir_file(hal_wifi_supplicant, proc_net_type) + +allow hal_wifi_supplicant kernel:system module_request; +allow hal_wifi_supplicant self:global_capability_class_set { setuid net_admin setgid net_raw }; +allow hal_wifi_supplicant cgroup:dir create_dir_perms; +allow hal_wifi_supplicant self:netlink_route_socket nlmsg_write; +allow hal_wifi_supplicant self:netlink_socket create_socket_perms_no_ioctl; +allow hal_wifi_supplicant self:netlink_generic_socket create_socket_perms_no_ioctl; +allow hal_wifi_supplicant self:packet_socket create_socket_perms; +allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls }; + +### +### neverallow rules +### + +# wpa_supplicant should not trust any data from sdcards +neverallow hal_wifi_supplicant_server sdcard_type:dir ~getattr; +neverallow hal_wifi_supplicant_server sdcard_type:file *; diff --git a/prebuilts/api/30.0/public/healthd.te b/prebuilts/api/30.0/public/healthd.te new file mode 100644 index 000000000..7ea23e1c3 --- /dev/null +++ b/prebuilts/api/30.0/public/healthd.te @@ -0,0 +1,56 @@ +# healthd - battery/charger monitoring service daemon +type healthd, domain; +type healthd_exec, system_file_type, exec_type, file_type; + +# Write to /dev/kmsg +allow healthd kmsg_device:chr_file rw_file_perms; + +# Read access to pseudo filesystems. +allow healthd sysfs_type:dir search; +# Allow to read /sys/class/power_supply directory. +allow healthd sysfs:dir r_dir_perms; +r_dir_file(healthd, rootfs) +r_dir_file(healthd, cgroup) + +allow healthd self:global_capability_class_set { sys_tty_config }; +allow healthd self:global_capability_class_set sys_boot; +dontaudit healthd self:global_capability_class_set sys_resource; + +allow healthd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +wakelock_use(healthd) + +hal_client_domain(healthd, hal_health) + +# Read/write to /sys/power/state +allow healthd sysfs_power:file rw_file_perms; + +# TODO: added to match above sysfs rule. Remove me? +allow healthd sysfs_usb:file write; + +r_dir_file(healthd, sysfs_batteryinfo) + +### +### healthd: charger mode +### + +# Read /sys/fs/pstore/console-ramoops +# Don't worry about overly broad permissions for now, as there's +# only one file in /sys/fs/pstore +allow healthd pstorefs:dir r_dir_perms; +allow healthd pstorefs:file r_file_perms; + +allow healthd graphics_device:dir r_dir_perms; +allow healthd graphics_device:chr_file rw_file_perms; +allow healthd input_device:dir r_dir_perms; +allow healthd input_device:chr_file r_file_perms; +allow healthd tty_device:chr_file rw_file_perms; +allow healthd ashmem_device:chr_file execute; +allow healthd proc_sysrq:file rw_file_perms; + +# Healthd needs to tell init to continue the boot +# process when running in charger mode. +set_prop(healthd, system_prop) +set_prop(healthd, exported_system_prop) +set_prop(healthd, exported2_system_prop) +set_prop(healthd, exported3_system_prop) diff --git a/prebuilts/api/30.0/public/heapprofd.te b/prebuilts/api/30.0/public/heapprofd.te new file mode 100644 index 000000000..7ceb23feb --- /dev/null +++ b/prebuilts/api/30.0/public/heapprofd.te @@ -0,0 +1 @@ +type heapprofd, domain, coredomain; diff --git a/prebuilts/api/30.0/public/hwservice.te b/prebuilts/api/30.0/public/hwservice.te new file mode 100644 index 000000000..6f223ddc1 --- /dev/null +++ b/prebuilts/api/30.0/public/hwservice.te @@ -0,0 +1,102 @@ +# hwservice types. By default most of the HALs are protected_hwservice, which means +# access from untrusted apps is prohibited. +type default_android_hwservice, hwservice_manager_type, protected_hwservice; +type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_automotive_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type hal_atrace_hwservice, hwservice_manager_type, protected_hwservice; +type hal_audio_hwservice, hwservice_manager_type, protected_hwservice; +type hal_audiocontrol_hwservice, hwservice_manager_type, protected_hwservice; +type hal_authsecret_hwservice, hwservice_manager_type, protected_hwservice; +type hal_bluetooth_hwservice, hwservice_manager_type, protected_hwservice; +type hal_bootctl_hwservice, hwservice_manager_type, protected_hwservice; +type hal_broadcastradio_hwservice, hwservice_manager_type, protected_hwservice; +type hal_camera_hwservice, hwservice_manager_type, protected_hwservice; +type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice; +type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice; +type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice; +type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice; +type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice; +type hal_evs_hwservice, hwservice_manager_type, protected_hwservice; +type hal_face_hwservice, hwservice_manager_type, protected_hwservice; +type hal_fingerprint_hwservice, hwservice_manager_type, protected_hwservice; +type hal_gatekeeper_hwservice, hwservice_manager_type, protected_hwservice; +type hal_gnss_hwservice, hwservice_manager_type, protected_hwservice; +type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice; +type hal_health_hwservice, hwservice_manager_type, protected_hwservice; +type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice; +type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice; +type hal_ir_hwservice, hwservice_manager_type, protected_hwservice; +type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice; +type hal_light_hwservice, hwservice_manager_type, protected_hwservice; +type hal_lowpan_hwservice, hwservice_manager_type, protected_hwservice; +type hal_memtrack_hwservice, hwservice_manager_type, protected_hwservice; +type hal_nfc_hwservice, hwservice_manager_type, protected_hwservice; +type hal_oemlock_hwservice, hwservice_manager_type, protected_hwservice; +type hal_power_hwservice, hwservice_manager_type, protected_hwservice; +type hal_power_stats_hwservice, hwservice_manager_type, protected_hwservice; +type hal_secure_element_hwservice, hwservice_manager_type, protected_hwservice; +type hal_sensors_hwservice, hwservice_manager_type, protected_hwservice; +type hal_telephony_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tetheroffload_hwservice, hwservice_manager_type, protected_hwservice; +type hal_thermal_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_cec_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_input_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_tuner_hwservice, hwservice_manager_type, protected_hwservice; +type hal_usb_gadget_hwservice, hwservice_manager_type, protected_hwservice; +type hal_usb_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vehicle_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vibrator_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vr_hwservice, hwservice_manager_type, protected_hwservice; +type hal_weaver_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_hostapd_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_supplicant_hwservice, hwservice_manager_type, protected_hwservice; +type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type thermalcallback_hwservice, hwservice_manager_type, protected_hwservice; + +# Following is the hwservices that are explicitly not marked with protected_hwservice. +# These are directly accessible from untrusted apps. +# - same process services: because they by definition run in the process +# of the client and thus have the same access as the client domain in which +# the process runs +# - coredomain_hwservice: are considered safer than ordinary hwservices which +# are from vendor partition +# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been +# designed for use by any domain. +# - hal_graphics_allocator_hwservice: because these operations are also offered +# by surfaceflinger Binder service, which apps are permitted to access +# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec +# Binder service which apps were permitted to access. +# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice. +# - hal_drm_hwservice: versions > API 29 are designed specifically with +# untrusted app access in mind. +type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice; +type hal_cas_hwservice, hwservice_manager_type; +type hal_codec2_hwservice, hwservice_manager_type; +type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type; +type hal_drm_hwservice, hwservice_manager_type; +type hal_graphics_allocator_hwservice, hwservice_manager_type; +type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice; +type hal_neuralnetworks_hwservice, hwservice_manager_type; +type hal_omx_hwservice, hwservice_manager_type; +type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice; +type hidl_allocator_hwservice, hwservice_manager_type, coredomain_hwservice; +type hidl_base_hwservice, hwservice_manager_type; +type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice; +type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice; +type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice; + +### +### Neverallow rules +### + +# hwservicemanager handles registering or looking up named services. +# It does not make sense to register or lookup something which is not a +# hwservice. Trigger a compile error if this occurs. +neverallow domain ~hwservice_manager_type:hwservice_manager { add find }; diff --git a/prebuilts/api/30.0/public/hwservicemanager.te b/prebuilts/api/30.0/public/hwservicemanager.te new file mode 100644 index 000000000..7f0381564 --- /dev/null +++ b/prebuilts/api/30.0/public/hwservicemanager.te @@ -0,0 +1,22 @@ +# hwservicemanager - the Binder context manager for HAL services +type hwservicemanager, domain, mlstrustedsubject; +type hwservicemanager_exec, system_file_type, exec_type, file_type; + +# Note that we do not use the binder_* macros here. +# hwservicemanager provides name service (aka context manager) +# for hwbinder. +# Additionally, it initiates binder IPC calls to +# clients who request service notifications. The permission +# to do this is granted in the hwbinder_use macro. +allow hwservicemanager self:binder set_context_mgr; + +set_prop(hwservicemanager, hwservicemanager_prop) + +# Scan through /system/lib64/hw looking for installed HALs +allow hwservicemanager system_file:dir r_dir_perms; + +# Read hwservice_contexts +allow hwservicemanager hwservice_contexts_file:file r_file_perms; + +# Check SELinux permissions. +selinux_check_access(hwservicemanager) diff --git a/prebuilts/api/30.0/public/idmap.te b/prebuilts/api/30.0/public/idmap.te new file mode 100644 index 000000000..f41f573ea --- /dev/null +++ b/prebuilts/api/30.0/public/idmap.te @@ -0,0 +1,31 @@ +# idmap, when executed by installd +type idmap, domain; +type idmap_exec, system_file_type, exec_type, file_type; + +# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077) +# Use open file to /data/resource-cache file inherited from installd. +allow idmap installd:fd use; +allow idmap resourcecache_data_file:file create_file_perms; +allow idmap resourcecache_data_file:dir rw_dir_perms; + +# Ignore reading /proc//maps after a fork. +dontaudit idmap installd:file read; + +# Open and read from target and overlay apk files passed by argument. +allow idmap apk_data_file:file r_file_perms; +allow idmap apk_data_file:dir search; + +# Allow /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files +allow idmap { apk_tmp_file apk_private_tmp_file }:file r_file_perms; +allow idmap { apk_tmp_file apk_private_tmp_file }:dir search; + +# Allow apps access to /vendor/app +r_dir_file(idmap, vendor_app_file) + +# Allow apps access to /vendor/overlay +r_dir_file(idmap, vendor_overlay_file) + +# Allow the idmap2d binary to register as a service and communicate via AIDL +binder_use(idmap) +binder_service(idmap) +add_service(idmap, idmap_service) diff --git a/prebuilts/api/30.0/public/incident.te b/prebuilts/api/30.0/public/incident.te new file mode 100644 index 000000000..ce57bf650 --- /dev/null +++ b/prebuilts/api/30.0/public/incident.te @@ -0,0 +1,8 @@ +# The incident command is used to call into the incidentd service to +# take an incident report (binary, shared bugreport), download incident +# reports that have already been taken, and monitor for new ones. +# It doesn't do anything else. + +# incident +type incident, domain; + diff --git a/prebuilts/api/30.0/public/incident_helper.te b/prebuilts/api/30.0/public/incident_helper.te new file mode 100644 index 000000000..bca101869 --- /dev/null +++ b/prebuilts/api/30.0/public/incident_helper.te @@ -0,0 +1,5 @@ +# The incident_helper is called by incidentd and +# can only read/write data from/to incidentd + +# incident_helper +type incident_helper, domain; diff --git a/prebuilts/api/30.0/public/incidentd.te b/prebuilts/api/30.0/public/incidentd.te new file mode 100644 index 000000000..b03249c88 --- /dev/null +++ b/prebuilts/api/30.0/public/incidentd.te @@ -0,0 +1,3 @@ +# incidentd +type incidentd, domain; + diff --git a/prebuilts/api/30.0/public/init.te b/prebuilts/api/30.0/public/init.te new file mode 100644 index 000000000..403b4c5e6 --- /dev/null +++ b/prebuilts/api/30.0/public/init.te @@ -0,0 +1,634 @@ +# init is its own domain. +type init, domain, mlstrustedsubject; +type init_exec, system_file_type, exec_type, file_type; +type init_tmpfs, file_type; + +# /dev/__null__ node created by init. +allow init tmpfs:chr_file { create setattr unlink rw_file_perms }; + +# +# init direct restorecon calls. +# +# /dev/kmsg +allow init tmpfs:chr_file relabelfrom; +allow init kmsg_device:chr_file { getattr write relabelto }; +# /dev/kmsg_debug +userdebug_or_eng(` + allow init kmsg_debug_device:chr_file { open write relabelto }; +') +# /dev/__properties__ +allow init properties_device:dir relabelto; +allow init properties_serial:file { write relabelto }; +allow init property_type:file { append create getattr map open read relabelto rename setattr unlink write }; +# /dev/__properties__/property_info +allow init properties_device:file create_file_perms; +allow init property_info:file relabelto; +# /dev/event-log-tags +allow init device:file relabelfrom; +allow init runtime_event_log_tags_file:file { open write setattr relabelto create }; +# /dev/socket +allow init { device socket_device }:dir relabelto; +# allow init to establish connection and communicate with lmkd +unix_socket_connect(init, lmkd, lmkd) +# Relabel /dev nodes created in first stage init, /dev/null, /dev/ptmx, /dev/random, /dev/urandom +allow init { null_device ptmx_device random_device } : chr_file relabelto; +# /dev/device-mapper, /dev/block(/.*)? +allow init tmpfs:{ chr_file blk_file } relabelfrom; +allow init tmpfs:blk_file getattr; +allow init block_device:{ dir blk_file lnk_file } relabelto; +allow init dm_device:{ chr_file blk_file } relabelto; +allow init kernel:fd use; +# restorecon for early mount device symlinks +allow init tmpfs:lnk_file { getattr read relabelfrom }; +allow init { + metadata_block_device + misc_block_device + recovery_block_device + system_block_device + userdata_block_device +}:{ blk_file lnk_file } relabelto; + +allow init super_block_device:lnk_file relabelto; + +# Create /mnt/sdcard -> /storage/self/primary symlink. +allow init mnt_sdcard_file:lnk_file create; + +# setrlimit +allow init self:global_capability_class_set sys_resource; + +# Remove /dev/.booting and load /debug_ramdisk/* files +allow init tmpfs:file { getattr unlink }; + +# Access pty created for fsck. +allow init devpts:chr_file { read write open }; + +# Create /dev/fscklogs files. +allow init fscklogs:file create_file_perms; + +# Access /dev/__null__ node created prior to initial policy load. +allow init tmpfs:chr_file write; + +# Access /dev/console. +allow init console_device:chr_file rw_file_perms; + +# Access /dev/tty0. +allow init tty_device:chr_file rw_file_perms; + +# Call mount(2). +allow init self:global_capability_class_set sys_admin; + +# Call setns(2). +allow init self:global_capability_class_set sys_chroot; + +# Create and mount on directories in /. +allow init rootfs:dir create_dir_perms; +allow init { + rootfs + cache_file + cgroup + linkerconfig_file + storage_file + mnt_user_file + system_data_file + system_data_root_file + system_file + vendor_file + postinstall_mnt_dir + mirror_data_file +}:dir mounton; +allow init cgroup_bpf:dir { create mounton }; + +# Mount bpf fs on sys/fs/bpf +allow init fs_bpf:dir mounton; + +# Mount on /dev/usb-ffs/adb. +allow init device:dir mounton; + +# Mount tmpfs on /apex +allow init apex_mnt_dir:dir mounton; + +# Bind-mount on /system/apex/com.android.art +allow init art_apex_dir:dir mounton; + +# Create and remove symlinks in /. +allow init rootfs:lnk_file { create unlink }; + +# Mount debugfs on /sys/kernel/debug. +allow init sysfs:dir mounton; + +# Create cgroups mount points in tmpfs and mount cgroups on them. +allow init tmpfs:dir create_dir_perms; +allow init tmpfs:dir mounton; +allow init cgroup:dir create_dir_perms; +allow init cgroup:file rw_file_perms; +allow init cgroup_rc_file:file rw_file_perms; +allow init cgroup_desc_file:file r_file_perms; +allow init vendor_cgroup_desc_file:file r_file_perms; + +# /config +allow init configfs:dir mounton; +allow init configfs:dir create_dir_perms; +allow init configfs:{ file lnk_file } create_file_perms; + +# /metadata +allow init metadata_file:dir mounton; + +# Use tmpfs as /data, used for booting when /data is encrypted +allow init tmpfs:dir relabelfrom; + +# Create directories under /dev/cpuctl after chowning it to system. +allow init self:global_capability_class_set { dac_override dac_read_search }; + +# Set system clock. +allow init self:global_capability_class_set sys_time; + +allow init self:global_capability_class_set { sys_rawio mknod }; + +# Mounting filesystems from block devices. +allow init dev_type:blk_file r_file_perms; +allowxperm init dev_type:blk_file ioctl BLKROSET; + +# Mounting filesystems. +# Only allow relabelto for types used in context= mount options, +# which should all be assigned the contextmount_type attribute. +# This can be done in device-specific policy via type or typeattribute +# declarations. +allow init fs_type:filesystem ~relabelto; +allow init unlabeled:filesystem ~relabelto; +allow init contextmount_type:filesystem relabelto; + +# Allow read-only access to context= mounted filesystems. +allow init contextmount_type:dir r_dir_perms; +allow init contextmount_type:notdevfile_class_set r_file_perms; + +# restorecon /adb_keys or any other rootfs files and directories to a more +# specific type. +allow init rootfs:{ dir file } relabelfrom; + +# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files. +# chown/chmod require open+read+setattr required for open()+fchown/fchmod(). +# system/core/init.rc requires at least cache_file and data_file_type. +# init..rc files often include device-specific types, so +# we just allow all file types except /system files here. +allow init self:global_capability_class_set { chown fowner fsetid }; + +allow init { + file_type + -app_data_file + -exec_type + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -system_app_data_file + -system_file_type + -vendor_file_type +}:dir { create search getattr open read setattr ioctl }; + +allow init { + file_type + -app_data_file + -exec_type + -iorapd_data_file + -credstore_data_file + -keystore_data_file + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -shell_data_file + -system_app_data_file + -system_file_type + -vendor_file_type + -vold_data_file +}:dir { write add_name remove_name rmdir relabelfrom }; + +allow init { + file_type + -app_data_file + -exec_type + -gsi_data_file + -iorapd_data_file + -credstore_data_file + -keystore_data_file + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -runtime_event_log_tags_file + -shell_data_file + -system_app_data_file + -system_file_type + -vendor_file_type + -vold_data_file +}:file { create getattr open read write setattr relabelfrom unlink map }; + +allow init { + file_type + -app_data_file + -exec_type + -gsi_data_file + -iorapd_data_file + -credstore_data_file + -keystore_data_file + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -shell_data_file + -system_app_data_file + -system_file_type + -vendor_file_type + -vold_data_file +}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink }; + +allow init { + file_type + -apex_mnt_dir + -app_data_file + -exec_type + -gsi_data_file + -iorapd_data_file + -credstore_data_file + -keystore_data_file + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -shell_data_file + -system_app_data_file + -system_file_type + -vendor_file_type + -vold_data_file +}:lnk_file { create getattr setattr relabelfrom unlink }; + +allow init cache_file:lnk_file r_file_perms; + +allow init { + file_type + -system_file_type + -vendor_file_type + -exec_type + -app_data_file + -privapp_data_file +}:dir_file_class_set relabelto; + +allow init { sysfs debugfs debugfs_tracing debugfs_tracing_debug }:{ dir file lnk_file } { getattr relabelfrom }; +allow init { sysfs_type debugfs_type }:{ dir file lnk_file } { relabelto getattr }; +allow init dev_type:dir create_dir_perms; +allow init dev_type:lnk_file create; + +# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on +allow init debugfs_tracing:file w_file_perms; + +# Setup and control wifi event tracing (see wifi-events.rc) +allow init debugfs_tracing_instances:dir create_dir_perms; +allow init debugfs_tracing_instances:file w_file_perms; +allow init debugfs_wifi_tracing:file w_file_perms; + +# chown/chmod on pseudo files. +allow init { + fs_type + -contextmount_type + -keychord_device + -proc_type + -sdcard_type + -sysfs_type + -rootfs +}:file { open read setattr }; +allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir { open read setattr search }; + +allow init { + binder_device + console_device + devpts + dm_device + hwbinder_device + hw_random_device + input_device + kmsg_device + null_device + owntty_device + pmsg_device + ptmx_device + random_device + tty_device + zero_device +}:chr_file { read open }; + +# chown/chmod on devices. +allow init { + dev_type + -keychord_device + -port_device +}:chr_file setattr; + +# Unlabeled file access for upgrades from 4.2. +allow init unlabeled:dir { create_dir_perms relabelfrom }; +allow init unlabeled:notdevfile_class_set { create_file_perms relabelfrom }; + +# Any operation that can modify the kernel ring buffer, e.g. clear +# or a read that consumes the messages that were read. +allow init kernel:system syslog_mod; +allow init self:global_capability2_class_set syslog; + +# init access to /proc. +r_dir_file(init, proc_net_type) +allow init proc_filesystems:file r_file_perms; + +userdebug_or_eng(` + # Overlayfs workdir write access check during mount to permit remount,rw + allow init overlayfs_file:dir { relabelfrom mounton write }; + allow init overlayfs_file:file { append }; + allow init system_block_device:blk_file { write }; +') + +allow init { + proc # b/67049235 processes /proc//* files are mislabeled. + proc_cmdline + proc_diskstats + proc_kmsg # Open /proc/kmsg for logd service. + proc_meminfo + proc_stat # Read /proc/stat for bootchart. + proc_uptime + proc_version +}:file r_file_perms; + +allow init { + proc_abi + proc_dirty + proc_hostname + proc_hung_task + proc_extra_free_kbytes + proc_net_type + proc_max_map_count + proc_min_free_order_shift + proc_overcommit_memory # /proc/sys/vm/overcommit_memory + proc_panic + proc_page_cluster + proc_perf + proc_sched + proc_sysrq +}:file w_file_perms; + +allow init { + proc_security +}:file rw_file_perms; + +# init chmod/chown access to /proc files. +allow init { + proc_cmdline + proc_kmsg + proc_net + proc_qtaguid_stat + proc_slabinfo + proc_sysrq + proc_qtaguid_ctrl + proc_vmallocinfo +}:file setattr; + +# init access to /sys files. +allow init { + sysfs_android_usb + sysfs_dm_verity + sysfs_leds + sysfs_power + sysfs_fs_f2fs + sysfs_dm +}:file w_file_perms; + +allow init { + sysfs_dt_firmware_android + sysfs_fs_ext4_features +}:file r_file_perms; + +allow init { + sysfs_zram +}:file rw_file_perms; + +# allow init to create loop devices with /dev/loop-control +allow init loop_control_device:chr_file rw_file_perms; +allow init loop_device:blk_file rw_file_perms; +allowxperm init loop_device:blk_file ioctl { + LOOP_SET_FD + LOOP_CLR_FD + LOOP_CTL_GET_FREE + LOOP_SET_BLOCK_SIZE + LOOP_SET_DIRECT_IO +}; + +# Allow init to write to vibrator/trigger +allow init sysfs_vibrator:file w_file_perms; + +# init chmod/chown access to /sys files. +allow init { + sysfs_android_usb + sysfs_devices_system_cpu + sysfs_ipv4 + sysfs_leds + sysfs_lowmemorykiller + sysfs_power + sysfs_vibrator + sysfs_wake_lock + sysfs_zram +}:file setattr; + +# Set usermodehelpers. +allow init { usermodehelper sysfs_usermodehelper }:file rw_file_perms; + +allow init self:global_capability_class_set net_admin; + +# Reboot. +allow init self:global_capability_class_set sys_boot; + +# Init will create /data/misc/logd when the property persist.logd.logpersistd is "logcatd". +# Init will also walk through the directory as part of a recursive restorecon. +allow init misc_logd_file:dir { add_name open create read getattr setattr search write }; +allow init misc_logd_file:file { open create getattr setattr write }; + +# Support "adb shell stop" +allow init self:global_capability_class_set kill; +allow init domain:process { getpgid sigkill signal }; + +# Init creates credstore's directory on boot, and walks through +# the directory as part of a recursive restorecon. +allow init credstore_data_file:dir { open create read getattr setattr search }; +allow init credstore_data_file:file { getattr }; + +# Init creates keystore's directory on boot, and walks through +# the directory as part of a recursive restorecon. +allow init keystore_data_file:dir { open create read getattr setattr search }; +allow init keystore_data_file:file { getattr }; + +# Init creates vold's directory on boot, and walks through +# the directory as part of a recursive restorecon. +allow init vold_data_file:dir { open create read getattr setattr search }; +allow init vold_data_file:file { getattr }; + +# Init creates /data/local/tmp at boot +allow init shell_data_file:dir { open create read getattr setattr search }; +allow init shell_data_file:file { getattr }; + +# Set UID, GID, and adjust capability bounding set for services. +allow init self:global_capability_class_set { setuid setgid setpcap }; + +# For bootchart to read the /proc/$pid/cmdline file of each process, +# we need to have following line to allow init to have access +# to different domains. +r_dir_file(init, domain) + +# Use setexeccon(), setfscreatecon(), and setsockcreatecon(). +# setexec is for services with seclabel options. +# setfscreate is for labeling directories and socket files. +# setsockcreate is for labeling local/unix domain sockets. +allow init self:process { setexec setfscreate setsockcreate }; + +# Get file context +allow init file_contexts_file:file r_file_perms; + +# sepolicy access +allow init sepolicy_file:file r_file_perms; + +# Perform SELinux access checks on setting properties. +selinux_check_access(init) + +# Ask the kernel for the new context on services to label their sockets. +allow init kernel:security compute_create; + +# Create sockets for the services. +allow init domain:unix_stream_socket { create bind setopt }; +allow init domain:unix_dgram_socket { create bind setopt }; + +# Create /data/property and files within it. +allow init property_data_file:dir create_dir_perms; +allow init property_data_file:file create_file_perms; + +# Set any property. +allow init property_type:property_service set; + +# Send an SELinux userspace denial to the kernel audit subsystem, +# so it can be picked up and processed by logd. These denials are +# generated when an attempt to set a property is denied by policy. +allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay }; +allow init self:global_capability_class_set audit_write; + +# Run "ifup lo" to bring up the localhost interface +allow init self:udp_socket { create ioctl }; +# in addition to unpriv ioctls granted to all domains, init also needs: +allowxperm init self:udp_socket ioctl SIOCSIFFLAGS; +allow init self:global_capability_class_set net_raw; + +# Set scheduling info for psi monitor thread. +# TODO: delete or revise this line b/131761776 +allow init kernel:process { getsched setsched }; + +# swapon() needs write access to swap device +# system/core/fs_mgr/fs_mgr.c - fs_mgr_swapon_all +allow init swap_block_device:blk_file rw_file_perms; + +# Read from /dev/hw_random if present. +# system/core/init/init.c - mix_hwrng_into_linux_rng_action +allow init hw_random_device:chr_file r_file_perms; + +# Create and access /dev files without a specific type, +# e.g. /dev/.coldboot_done, /dev/.booting +# TODO: Move these files into their own type unless they are +# only ever accessed by init. +allow init device:file create_file_perms; + +# keychord retrieval from /dev/input/ devices +allow init input_device:dir r_dir_perms; +allow init input_device:chr_file rw_file_perms; + +# Access device mapper for setting up dm-verity +allow init dm_device:chr_file rw_file_perms; +allow init dm_device:blk_file rw_file_perms; + +# Access metadata block device for storing dm-verity state +allow init metadata_block_device:blk_file rw_file_perms; + +# Read /sys/fs/pstore/console-ramoops to detect restarts caused +# by dm-verity detecting corrupted blocks +allow init pstorefs:dir search; +allow init pstorefs:file r_file_perms; +allow init kernel:system syslog_read; + +# linux keyring configuration +allow init init:key { write search setattr }; + +# Allow init to create /data/unencrypted +allow init unencrypted_data_file:dir create_dir_perms; + +# Set encryption policy on dirs in /data +allowxperm init { data_file_type unlabeled }:dir ioctl { + FS_IOC_GET_ENCRYPTION_POLICY + FS_IOC_SET_ENCRYPTION_POLICY +}; + +# Raw writes to misc block device +allow init misc_block_device:blk_file w_file_perms; + +r_dir_file(init, system_file) +r_dir_file(init, vendor_file_type) + +allow init system_data_file:file { getattr read }; +allow init system_data_file:lnk_file r_file_perms; + +# For init to be able to run shell scripts from vendor +allow init vendor_shell_exec:file execute; + +# Metadata setup +allow init vold_metadata_file:dir create_dir_perms; +allow init vold_metadata_file:file getattr; +allow init metadata_bootstat_file:dir create_dir_perms; +allow init metadata_bootstat_file:file w_file_perms; + +# Allow init to touch PSI monitors +allow init proc_pressure_mem:file { rw_file_perms setattr }; + +# init is using bootstrap bionic +allow init system_bootstrap_lib_file:dir r_dir_perms; +allow init system_bootstrap_lib_file:file { execute read open getattr map }; + +# stat the root dir of fuse filesystems (for the mount handler) +allow init fuse:dir { search getattr }; + +### +### neverallow rules +### + +# The init domain is only entered via an exec based transition from the +# kernel domain, never via setcon(). +neverallow domain init:process dyntransition; +neverallow { domain -kernel } init:process transition; +neverallow init { file_type fs_type -init_exec }:file entrypoint; + +# Never read/follow symlinks created by shell or untrusted apps. +neverallow init shell_data_file:lnk_file read; +neverallow init { app_data_file privapp_data_file }:lnk_file read; + +# init should never execute a program without changing to another domain. +neverallow init { file_type fs_type }:file execute_no_trans; + +# The use of sensitive environment variables, such as LD_PRELOAD, is disallowed +# when init is executing other binaries. The use of LD_PRELOAD for init spawned +# services is generally considered a no-no, as it injects libraries which the +# binary was not expecting. This is especially problematic for APEXes. The use +# of LD_PRELOAD via APEXes is a layering violation, and inappropriately loads +# code into a process which wasn't expecting that code, with potentially +# unexpected side effects. (b/140789528) +neverallow init *:process noatsecure; + +# init can never add binder services +neverallow init service_manager_type:service_manager { add find }; +# init can never list binder services +neverallow init servicemanager:service_manager list; + +# Init should not be creating subdirectories in /data/local/tmp +neverallow init shell_data_file:dir { write add_name remove_name }; + +# Init should not access sysfs node that are not explicitly labeled. +neverallow init sysfs:file { open read write }; + +# No domain should be allowed to ptrace init. +neverallow * init:process ptrace; + +# init owns the root of /data +# TODO(b/140259336) We want to remove vendor_init +# TODO(b/141108496) We want to remove toolbox +neverallow { domain -init -toolbox -vendor_init -vold } system_data_root_file:dir { write add_name remove_name }; diff --git a/prebuilts/api/30.0/public/inputflinger.te b/prebuilts/api/30.0/public/inputflinger.te new file mode 100644 index 000000000..c3f4da858 --- /dev/null +++ b/prebuilts/api/30.0/public/inputflinger.te @@ -0,0 +1,15 @@ +# inputflinger +type inputflinger, domain; +type inputflinger_exec, system_file_type, exec_type, file_type; + +binder_use(inputflinger) +binder_service(inputflinger) + +binder_call(inputflinger, system_server) + +wakelock_use(inputflinger) + +allow inputflinger input_device:dir r_dir_perms; +allow inputflinger input_device:chr_file rw_file_perms; + +r_dir_file(inputflinger, cgroup) diff --git a/prebuilts/api/30.0/public/installd.te b/prebuilts/api/30.0/public/installd.te new file mode 100644 index 000000000..c8cc89d5d --- /dev/null +++ b/prebuilts/api/30.0/public/installd.te @@ -0,0 +1,190 @@ +# installer daemon +type installd, domain; +type installd_exec, system_file_type, exec_type, file_type; +typeattribute installd mlstrustedsubject; +allow installd self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid sys_admin }; + +# Allow labeling of files under /data/app/com.example/oat/ +allow installd dalvikcache_data_file:dir relabelto; +allow installd dalvikcache_data_file:file { relabelto link }; + +# Allow movement of APK files between volumes +allow installd apk_data_file:dir { create_dir_perms relabelfrom }; +allow installd apk_data_file:file { create_file_perms relabelfrom link }; +allow installd apk_data_file:lnk_file { create r_file_perms unlink }; + +# FS_IOC_ENABLE_VERITY and FS_IOC_MEASURE_VERITY (or in old implementation used in installd, +# FS_IOC_SET_VERITY_MEASUREMENT) ioctls on APKs in /data/app, to support fsverity. +# TODO(b/120629632): this path is deprecated, remove when possible. +allowxperm installd apk_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; + +allow installd asec_apk_file:file r_file_perms; +allow installd apk_tmp_file:file { r_file_perms unlink }; +allow installd apk_tmp_file:dir { relabelfrom create_dir_perms }; +allow installd oemfs:dir r_dir_perms; +allow installd oemfs:file r_file_perms; +allow installd cgroup:dir create_dir_perms; +allow installd mnt_expand_file:dir { search getattr }; +# Check validity of SELinux context before use. +selinux_check_context(installd) + +r_dir_file(installd, rootfs) +# Scan through APKs in /system/app and /system/priv-app +r_dir_file(installd, system_file) +# Scan through APKs in /vendor/app +r_dir_file(installd, vendor_app_file) +# Scan through JARs in /vendor/framework +r_dir_file(installd, vendor_framework_file) +# Scan through Runtime Resource Overlay APKs in /vendor/overlay +r_dir_file(installd, vendor_overlay_file) +# Get file context +allow installd file_contexts_file:file r_file_perms; +# Get seapp_context +allow installd seapp_contexts_file:file r_file_perms; + +# Search /data/app-asec and stat files in it. +allow installd asec_image_file:dir search; +allow installd asec_image_file:file getattr; + +# Create /data/user and /data/user/0 if necessary. +# Also required to initially create /data/data subdirectories +# and lib symlinks before the setfilecon call. May want to +# move symlink creation after setfilecon in installd. +allow installd system_data_file:dir create_dir_perms; +# Also, allow read for lnk_file so that we can process /data/user/0 links when +# optimizing application code. +allow installd system_data_file:lnk_file { create getattr read setattr unlink }; + +# Manage lower filesystem via pass_through mounts +allow installd mnt_pass_through_file:dir r_dir_perms; + +# Upgrade /data/media for multi-user if necessary. +allow installd media_rw_data_file:dir create_dir_perms; +allow installd media_rw_data_file:file { getattr unlink }; +# restorecon new /data/media directory. +allow installd system_data_file:dir relabelfrom; +allow installd media_rw_data_file:dir relabelto; + +# Delete /data/media files through sdcardfs, instead of going behind its back +allow installd tmpfs:dir r_dir_perms; +allow installd storage_file:dir search; +allow installd sdcard_type:dir { search open read write remove_name getattr rmdir }; +allow installd sdcard_type:file { getattr unlink }; + +# Create app's mirror data directory in /data_mirror, and bind mount the real directory to it +allow installd mirror_data_file:dir { create_dir_perms mounton }; + +# Upgrade /data/misc/keychain for multi-user if necessary. +allow installd misc_user_data_file:dir create_dir_perms; +allow installd misc_user_data_file:file create_file_perms; +allow installd keychain_data_file:dir create_dir_perms; +allow installd keychain_data_file:file {r_file_perms unlink}; + +# Create /data/misc/installd/layout_version.* file +allow installd install_data_file:file create_file_perms; +allow installd install_data_file:dir rw_dir_perms; + +# Create files under /data/dalvik-cache. +allow installd dalvikcache_data_file:dir create_dir_perms; +allow installd dalvikcache_data_file:file create_file_perms; +allow installd dalvikcache_data_file:lnk_file getattr; + +# Create files under /data/resource-cache. +allow installd resourcecache_data_file:dir rw_dir_perms; +allow installd resourcecache_data_file:file create_file_perms; + +# Upgrade from unlabeled userdata. +# Just need enough to remove and/or relabel it. +allow installd unlabeled:dir { getattr search relabelfrom rw_dir_perms rmdir }; +allow installd unlabeled:notdevfile_class_set { getattr relabelfrom rename unlink setattr }; +# Read pkg.apk file for input during dexopt. +allow installd unlabeled:file r_file_perms; + +# Upgrade from before system_app_data_file was used for system UID apps. +# Just need enough to relabel it and to unlink removed package files. +# Directory access covered by earlier rule above. +allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlink }; + +# Manage /data/data subdirectories, including initially labeling them +# upon creation via setfilecon or running restorecon_recursive, +# setting owner/mode, creating symlinks within them, and deleting them +# upon package uninstall. + +# Types extracted from seapp_contexts type= fields. +allow installd { + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file + app_data_file + privapp_data_file +}:dir { create_dir_perms relabelfrom relabelto }; + +allow installd { + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file + app_data_file + privapp_data_file +}:notdevfile_class_set { create_file_perms relabelfrom relabelto }; + +# Allow zygote to unmount mirror directories +allow installd labeledfs:filesystem unmount; + +# Similar for the files under /data/misc/profiles/ +allow installd user_profile_data_file:dir create_dir_perms; +allow installd user_profile_data_file:file create_file_perms; +allow installd user_profile_data_file:dir rmdir; +allow installd user_profile_data_file:file unlink; + +# Files created/updated by profman dumps. +allow installd profman_dump_data_file:dir { search add_name write }; +allow installd profman_dump_data_file:file { create setattr open write }; + +# Create and use pty created by android_fork_execvp(). +allow installd devpts:chr_file rw_file_perms; + +# execute toybox for app relocation +allow installd toolbox_exec:file rx_file_perms; + +# Allow installd to publish a binder service and make binder calls. +binder_use(installd) +add_service(installd, installd_service) +allow installd dumpstate:fifo_file { getattr write }; + +# Allow installd to call into the system server so it can check permissions. +binder_call(installd, system_server) +allow installd permission_service:service_manager find; + +# Allow installd to read and write quotas +allow installd block_device:dir { search }; +allow installd labeledfs:filesystem { quotaget quotamod }; + +# Allow installd to delete from /data/preloads when trimming data caches +# TODO b/34690396 Remove when time-based purge policy for preloads is implemented in system_server +allow installd preloads_data_file:file { r_file_perms unlink }; +allow installd preloads_data_file:dir { r_dir_perms write remove_name rmdir }; +allow installd preloads_media_file:file { r_file_perms unlink }; +allow installd preloads_media_file:dir { r_dir_perms write remove_name rmdir }; + +# Allow installd to read /proc/filesystems +allow installd proc_filesystems:file r_file_perms; + +### +### Neverallow rules +### + +# only system_server, installd, dumpstate, and servicemanager may interact with installd over binder +neverallow { domain -system_server -dumpstate -installd } installd_service:service_manager find; +neverallow { domain -system_server -dumpstate -servicemanager } installd:binder call; +neverallow installd { + domain + -system_server + -servicemanager + userdebug_or_eng(`-su') +}:binder call; diff --git a/prebuilts/api/30.0/public/ioctl_defines b/prebuilts/api/30.0/public/ioctl_defines new file mode 100644 index 000000000..4cc3bba51 --- /dev/null +++ b/prebuilts/api/30.0/public/ioctl_defines @@ -0,0 +1,2728 @@ +define(`ADD_NEW_DISK', `0x40140921') +define(`ADV7842_CMD_RAM_TEST', `0x000056c0') +define(`AGPIOC_ACQUIRE', `0x00004101') +define(`AGPIOC_ALLOCATE', `0xc0084106') +define(`AGPIOC_BIND', `0x40084108') +define(`AGPIOC_CHIPSET_FLUSH', `0x0000410a') +define(`AGPIOC_DEALLOCATE', `0x40044107') +define(`AGPIOC_INFO', `0x80084100') +define(`AGPIOC_PROTECT', `0x40084105') +define(`AGPIOC_RELEASE', `0x00004102') +define(`AGPIOC_RESERVE', `0x40084104') +define(`AGPIOC_SETUP', `0x40084103') +define(`AGPIOC_UNBIND', `0x40084109') +define(`AMDKFD_IOC_CREATE_QUEUE', `0xc0584b02') +define(`AMDKFD_IOC_DESTROY_QUEUE', `0xc0084b03') +define(`AMDKFD_IOC_GET_CLOCK_COUNTERS', `0xc0284b05') +define(`AMDKFD_IOC_GET_PROCESS_APERTURES', `0x81904b06') +define(`AMDKFD_IOC_GET_VERSION', `0x80084b01') +define(`AMDKFD_IOC_SET_MEMORY_POLICY', `0x40204b04') +define(`AMDKFD_IOC_UPDATE_QUEUE', `0x40184b07') +define(`ANDROID_ALARM_SET_RTC', `0x40106105') +define(`ANDROID_ALARM_WAIT', `0x00006101') +define(`APEI_ERST_CLEAR_RECORD', `0x40084501') +define(`APEI_ERST_GET_RECORD_COUNT', `0x80044502') +define(`APM_IOC_STANDBY', `0x00004101') +define(`APM_IOC_SUSPEND', `0x00004102') +define(`ASHMEM_GET_NAME', `0x81007702') +define(`ASHMEM_GET_PIN_STATUS', `0x00007709') +define(`ASHMEM_GET_PROT_MASK', `0x00007706') +define(`ASHMEM_GET_SIZE', `0x00007704') +define(`ASHMEM_PIN', `0x40087707') +define(`ASHMEM_PURGE_ALL_CACHES', `0x0000770a') +define(`ASHMEM_SET_NAME', `0x41007701') +define(`ASHMEM_SET_PROT_MASK', `0x40087705') +define(`ASHMEM_SET_SIZE', `0x40087703') +define(`ASHMEM_UNPIN', `0x40087708') +define(`ATM_ADDADDR', `0x40106188') +define(`ATM_ADDLECSADDR', `0x4010618e') +define(`ATM_ADDPARTY', `0x401061f4') +define(`ATMARPD_CTRL', `0x000061e1') +define(`ATMARP_ENCAP', `0x000061e5') +define(`ATMARP_MKIP', `0x000061e2') +define(`ATMARP_SETENTRY', `0x000061e3') +define(`ATM_DELADDR', `0x40106189') +define(`ATM_DELLECSADDR', `0x4010618f') +define(`ATM_DROPPARTY', `0x400461f5') +define(`ATM_GETADDR', `0x40106186') +define(`ATM_GETCIRANGE', `0x4010618a') +define(`ATM_GETESI', `0x40106185') +define(`ATM_GETLECSADDR', `0x40106190') +define(`ATM_GETLINKRATE', `0x40106181') +define(`ATM_GETLOOP', `0x40106152') +define(`ATM_GETNAMES', `0x40106183') +define(`ATM_GETSTAT', `0x40106150') +define(`ATM_GETSTATZ', `0x40106151') +define(`ATM_GETTYPE', `0x40106184') +define(`ATMLEC_CTRL', `0x000061d0') +define(`ATMLEC_DATA', `0x000061d1') +define(`ATMLEC_MCAST', `0x000061d2') +define(`ATMMPC_CTRL', `0x000061d8') +define(`ATMMPC_DATA', `0x000061d9') +define(`ATM_NEWBACKENDIF', `0x400261f3') +define(`ATM_QUERYLOOP', `0x40106154') +define(`ATM_RSTADDR', `0x40106187') +define(`ATM_SETBACKEND', `0x400261f2') +define(`ATM_SETCIRANGE', `0x4010618b') +define(`ATM_SETESI', `0x4010618c') +define(`ATM_SETESIF', `0x4010618d') +define(`ATM_SETLOOP', `0x40106153') +define(`ATM_SETSC', `0x400461f1') +define(`ATMSIGD_CTRL', `0x000061f0') +define(`ATMTCP_CREATE', `0x0000618e') +define(`ATMTCP_REMOVE', `0x0000618f') +define(`AUDIO_BILINGUAL_CHANNEL_SELECT', `0x00006f14') +define(`AUDIO_CHANNEL_SELECT', `0x00006f09') +define(`AUDIO_CLEAR_BUFFER', `0x00006f0c') +define(`AUDIO_CONTINUE', `0x00006f04') +define(`AUDIO_GET_CAPABILITIES', `0x80046f0b') +define(`AUDIO_GET_PTS', `0x80086f13') +define(`AUDIO_GET_STATUS', `0x80206f0a') +define(`AUDIO_PAUSE', `0x00006f03') +define(`AUDIO_PLAY', `0x00006f02') +define(`AUDIO_SELECT_SOURCE', `0x00006f05') +define(`AUDIO_SET_ATTRIBUTES', `0x40026f11') +define(`AUDIO_SET_AV_SYNC', `0x00006f07') +define(`AUDIO_SET_BYPASS_MODE', `0x00006f08') +define(`AUDIO_SET_EXT_ID', `0x00006f10') +define(`AUDIO_SET_ID', `0x00006f0d') +define(`AUDIO_SET_KARAOKE', `0x400c6f12') +define(`AUDIO_SET_MIXER', `0x40086f0e') +define(`AUDIO_SET_MUTE', `0x00006f06') +define(`AUDIO_SET_STREAMTYPE', `0x00006f0f') +define(`AUDIO_STOP', `0x00006f01') +define(`AUTOFS_DEV_IOCTL_ASKUMOUNT', `0xc018937d') +define(`AUTOFS_DEV_IOCTL_CATATONIC', `0xc0189379') +define(`AUTOFS_DEV_IOCTL_CLOSEMOUNT', `0xc0189375') +define(`AUTOFS_DEV_IOCTL_EXPIRE', `0xc018937c') +define(`AUTOFS_DEV_IOCTL_FAIL', `0xc0189377') +define(`AUTOFS_DEV_IOCTL_ISMOUNTPOINT', `0xc018937e') +define(`AUTOFS_DEV_IOCTL_OPENMOUNT', `0xc0189374') +define(`AUTOFS_DEV_IOCTL_PROTOSUBVER', `0xc0189373') +define(`AUTOFS_DEV_IOCTL_PROTOVER', `0xc0189372') +define(`AUTOFS_DEV_IOCTL_READY', `0xc0189376') +define(`AUTOFS_DEV_IOCTL_REQUESTER', `0xc018937b') +define(`AUTOFS_DEV_IOCTL_SETPIPEFD', `0xc0189378') +define(`AUTOFS_DEV_IOCTL_TIMEOUT', `0xc018937a') +define(`AUTOFS_DEV_IOCTL_VERSION', `0xc0189371') +define(`AUTOFS_IOC_ASKUMOUNT', `0x80049370') +define(`AUTOFS_IOC_CATATONIC', `0x00009362') +define(`AUTOFS_IOC_EXPIRE', `0x810c9365') +define(`AUTOFS_IOC_EXPIRE_MULTI', `0x40049366') +define(`AUTOFS_IOC_FAIL', `0x00009361') +define(`AUTOFS_IOC_PROTOSUBVER', `0x80049367') +define(`AUTOFS_IOC_PROTOVER', `0x80049363') +define(`AUTOFS_IOC_READY', `0x00009360') +define(`AUTOFS_IOC_SETTIMEOUT', `0xc0089364') +define(`AUTOFS_IOC_SETTIMEOUT32', `0xc0049364') +define(`BC_ACQUIRE', `0x40046305') +define(`BC_ACQUIRE_DONE', `0x40106309') +define(`BC_ACQUIRE_RESULT', `0x40046302') +define(`BC_ATTEMPT_ACQUIRE', `0x4008630a') +define(`BC_CLEAR_DEATH_NOTIFICATION', `0x400c630f') +define(`BC_DEAD_BINDER_DONE', `0x40086310') +define(`BC_DECREFS', `0x40046307') +define(`BC_ENTER_LOOPER', `0x0000630c') +define(`BC_EXIT_LOOPER', `0x0000630d') +define(`BC_FREE_BUFFER', `0x40086303') +define(`BC_INCREFS', `0x40046304') +define(`BC_INCREFS_DONE', `0x40106308') +define(`BC_REGISTER_LOOPER', `0x0000630b') +define(`BC_RELEASE', `0x40046306') +define(`BC_REPLY', `0x40406301') +define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e') +define(`BC_TRANSACTION', `0x40406300') +define(`BINDER_SET_CONTEXT_MGR', `0x40046207') +define(`BINDER_SET_IDLE_PRIORITY', `0x40046206') +define(`BINDER_SET_IDLE_TIMEOUT', `0x40086203') +define(`BINDER_SET_MAX_THREADS', `0x40046205') +define(`BINDER_THREAD_EXIT', `0x40046208') +define(`BINDER_VERSION', `0xc0046209') +define(`BINDER_WRITE_READ', `0xc0306201') +define(`BLKALIGNOFF', `0x0000127a') +define(`BLKBSZGET', `0x80081270') +define(`BLKBSZSET', `0x40081271') +define(`BLKDISCARD', `0x00001277') +define(`BLKDISCARDZEROES', `0x0000127c') +define(`BLKFLSBUF', `0x00001261') +define(`BLKFRAGET', `0x00001265') +define(`BLKFRASET', `0x00001264') +define(`BLKGETSIZE', `0x00001260') +define(`BLKGETSIZE64', `0x80081272') +define(`BLKI2OGRSTRAT', `0x80043201') +define(`BLKI2OGWSTRAT', `0x80043202') +define(`BLKI2OSRSTRAT', `0x40043203') +define(`BLKI2OSWSTRAT', `0x40043204') +define(`BLKIOMIN', `0x00001278') +define(`BLKIOOPT', `0x00001279') +define(`BLKPBSZGET', `0x0000127b') +define(`BLKPG', `0x00001269') +define(`BLKRAGET', `0x00001263') +define(`BLKRASET', `0x00001262') +define(`BLKROGET', `0x0000125e') +define(`BLKROSET', `0x0000125d') +define(`BLKROTATIONAL', `0x0000127e') +define(`BLKRRPART', `0x0000125f') +define(`BLKSECDISCARD', `0x0000127d') +define(`BLKSECTGET', `0x00001267') +define(`BLKSECTSET', `0x00001266') +define(`BLKSSZGET', `0x00001268') +define(`BLKTRACESETUP', `0xc0481273') +define(`BLKTRACESTART', `0x00001274') +define(`BLKTRACESTOP', `0x00001275') +define(`BLKTRACETEARDOWN', `0x00001276') +define(`BLKZEROOUT', `0x0000127f') +define(`BR2684_SETFILT', `0x401c6190') +define(`BR_ACQUIRE', `0x80107208') +define(`BR_ACQUIRE_RESULT', `0x80047204') +define(`BR_ATTEMPT_ACQUIRE', `0x8018720b') +define(`BR_CLEAR_DEATH_NOTIFICATION_DONE', `0x80087210') +define(`BR_DEAD_BINDER', `0x8008720f') +define(`BR_DEAD_REPLY', `0x00007205') +define(`BR_DECREFS', `0x8010720a') +define(`BR_ERROR', `0x80047200') +define(`BR_FAILED_REPLY', `0x00007211') +define(`BR_FINISHED', `0x0000720e') +define(`BR_INCREFS', `0x80107207') +define(`BR_NOOP', `0x0000720c') +define(`BR_OK', `0x00007201') +define(`BR_RELEASE', `0x80107209') +define(`BR_REPLY', `0x80407203') +define(`BR_SPAWN_LOOPER', `0x0000720d') +define(`BR_TRANSACTION', `0x80407202') +define(`BR_TRANSACTION_COMPLETE', `0x00007206') +define(`BT819_FIFO_RESET_HIGH', `0x00006201') +define(`BT819_FIFO_RESET_LOW', `0x00006200') +define(`BTRFS_IOC_ADD_DEV', `0x5000940a') +define(`BTRFS_IOC_BALANCE', `0x5000940c') +define(`BTRFS_IOC_BALANCE_CTL', `0x40049421') +define(`BTRFS_IOC_BALANCE_PROGRESS', `0x84009422') +define(`BTRFS_IOC_BALANCE_V2', `0xc4009420') +define(`BTRFS_IOC_CLONE', `0x40049409') +define(`BTRFS_IOC_CLONE_RANGE', `0x4020940d') +define(`BTRFS_IOC_DEFAULT_SUBVOL', `0x40089413') +define(`BTRFS_IOC_DEFRAG', `0x50009402') +define(`BTRFS_IOC_DEFRAG_RANGE', `0x40309410') +define(`BTRFS_IOC_DEVICES_READY', `0x90009427') +define(`BTRFS_IOC_DEV_INFO', `0xd000941e') +define(`BTRFS_IOC_DEV_REPLACE', `0xca289435') +define(`BTRFS_IOC_FILE_EXTENT_SAME', `0xc0189436') +define(`BTRFS_IOC_FS_INFO', `0x8400941f') +define(`BTRFS_IOC_GET_DEV_STATS', `0xc4089434') +define(`BTRFS_IOC_GET_FEATURES', `0x80189439') +define(`BTRFS_IOC_GET_FSLABEL', `0x81009431') +define(`BTRFS_IOC_GET_SUPPORTED_FEATURES', `0x80489439') +define(`BTRFS_IOC_INO_LOOKUP', `0xd0009412') +define(`BTRFS_IOC_INO_PATHS', `0xc0389423') +define(`BTRFS_IOC_LOGICAL_INO', `0xc0389424') +define(`BTRFS_IOC_QGROUP_ASSIGN', `0x40189429') +define(`BTRFS_IOC_QGROUP_CREATE', `0x4010942a') +define(`BTRFS_IOC_QGROUP_LIMIT', `0x8030942b') +define(`BTRFS_IOC_QUOTA_CTL', `0xc0109428') +define(`BTRFS_IOC_QUOTA_RESCAN', `0x4040942c') +define(`BTRFS_IOC_QUOTA_RESCAN_STATUS', `0x8040942d') +define(`BTRFS_IOC_QUOTA_RESCAN_WAIT', `0x0000942e') +define(`BTRFS_IOC_RESIZE', `0x50009403') +define(`BTRFS_IOC_RM_DEV', `0x5000940b') +define(`BTRFS_IOC_SCAN_DEV', `0x50009404') +define(`BTRFS_IOC_SCRUB', `0xc400941b') +define(`BTRFS_IOC_SCRUB_CANCEL', `0x0000941c') +define(`BTRFS_IOC_SCRUB_PROGRESS', `0xc400941d') +define(`BTRFS_IOC_SEND', `0x40489426') +define(`BTRFS_IOC_SET_FEATURES', `0x40309439') +define(`BTRFS_IOC_SET_FSLABEL', `0x41009432') +define(`BTRFS_IOC_SET_RECEIVED_SUBVOL', `0xc0c89425') +define(`BTRFS_IOC_SNAP_CREATE', `0x50009401') +define(`BTRFS_IOC_SNAP_CREATE_V2', `0x50009417') +define(`BTRFS_IOC_SNAP_DESTROY', `0x5000940f') +define(`BTRFS_IOC_SPACE_INFO', `0xc0109414') +define(`BTRFS_IOC_START_SYNC', `0x80089418') +define(`BTRFS_IOC_SUBVOL_CREATE', `0x5000940e') +define(`BTRFS_IOC_SUBVOL_CREATE_V2', `0x50009418') +define(`BTRFS_IOC_SUBVOL_GETFLAGS', `0x80089419') +define(`BTRFS_IOC_SUBVOL_SETFLAGS', `0x4008941a') +define(`BTRFS_IOC_SYNC', `0x00009408') +define(`BTRFS_IOC_TRANS_END', `0x00009407') +define(`BTRFS_IOC_TRANS_START', `0x00009406') +define(`BTRFS_IOC_TREE_SEARCH', `0xd0009411') +define(`BTRFS_IOC_TREE_SEARCH_V2', `0xc0709411') +define(`BTRFS_IOC_WAIT_SYNC', `0x40089416') +define(`CA_GET_CAP', `0x80106f81') +define(`CA_GET_DESCR_INFO', `0x80086f83') +define(`CA_GET_MSG', `0x810c6f84') +define(`CA_GET_SLOT_INFO', `0x800c6f82') +define(`CAPI_CLR_FLAGS', `0x80044325') +define(`CAPI_GET_ERRCODE', `0x80024321') +define(`CAPI_GET_FLAGS', `0x80044323') +define(`CAPI_GET_MANUFACTURER', `0xc0044306') +define(`CAPI_GET_PROFILE', `0xc0404309') +define(`CAPI_GET_SERIAL', `0xc0044308') +define(`CAPI_GET_VERSION', `0xc0104307') +define(`CAPI_INSTALLED', `0x80024322') +define(`CAPI_MANUFACTURER_CMD', `0xc0104320') +define(`CAPI_NCCI_GETUNIT', `0x80044327') +define(`CAPI_NCCI_OPENCOUNT', `0x80044326') +define(`CAPI_REGISTER', `0x400c4301') +define(`CAPI_SET_FLAGS', `0x80044324') +define(`CA_RESET', `0x00006f80') +define(`CA_SEND_MSG', `0x410c6f85') +define(`CA_SET_DESCR', `0x40106f86') +define(`CA_SET_PID', `0x40086f87') +define(`CCISS_BIG_PASSTHRU', `0xc0604212') +define(`CCISS_DEREGDISK', `0x0000420c') +define(`CCISS_GETBUSTYPES', `0x80044207') +define(`CCISS_GETDRIVVER', `0x80044209') +define(`CCISS_GETFIRMVER', `0x80044208') +define(`CCISS_GETHEARTBEAT', `0x80044206') +define(`CCISS_GETINTINFO', `0x80084202') +define(`CCISS_GETLUNINFO', `0x800c4211') +define(`CCISS_GETNODENAME', `0x80104204') +define(`CCISS_GETPCIINFO', `0x80084201') +define(`CCISS_PASSTHRU', `0xc058420b') +define(`CCISS_REGNEWD', `0x0000420e') +define(`CCISS_REGNEWDISK', `0x4004420d') +define(`CCISS_RESCANDISK', `0x00004210') +define(`CCISS_REVALIDVOLS', `0x0000420a') +define(`CCISS_SETINTINFO', `0x40084203') +define(`CCISS_SETNODENAME', `0x40104205') +define(`CDROMAUDIOBUFSIZ', `0x00005382') +define(`CDROM_CHANGER_NSLOTS', `0x00005328') +define(`CDROM_CLEAR_OPTIONS', `0x00005321') +define(`CDROMCLOSETRAY', `0x00005319') +define(`CDROM_DEBUG', `0x00005330') +define(`CDROM_DISC_STATUS', `0x00005327') +define(`CDROM_DRIVE_STATUS', `0x00005326') +define(`CDROMEJECT', `0x00005309') +define(`CDROMEJECT_SW', `0x0000530f') +define(`CDROM_GET_CAPABILITY', `0x00005331') +define(`CDROM_GET_MCN', `0x00005311') +define(`CDROMGETSPINDOWN', `0x0000531d') +define(`CDROM_LAST_WRITTEN', `0x00005395') +define(`CDROM_LOCKDOOR', `0x00005329') +define(`CDROM_MEDIA_CHANGED', `0x00005325') +define(`CDROMMULTISESSION', `0x00005310') +define(`CDROM_NEXT_WRITABLE', `0x00005394') +define(`CDROMPAUSE', `0x00005301') +define(`CDROMPLAYBLK', `0x00005317') +define(`CDROMPLAYMSF', `0x00005303') +define(`CDROMPLAYTRKIND', `0x00005304') +define(`CDROMREADALL', `0x00005318') +define(`CDROMREADAUDIO', `0x0000530e') +define(`CDROMREADCOOKED', `0x00005315') +define(`CDROMREADMODE1', `0x0000530d') +define(`CDROMREADMODE2', `0x0000530c') +define(`CDROMREADRAW', `0x00005314') +define(`CDROMREADTOCENTRY', `0x00005306') +define(`CDROMREADTOCHDR', `0x00005305') +define(`CDROMRESET', `0x00005312') +define(`CDROMRESUME', `0x00005302') +define(`CDROMSEEK', `0x00005316') +define(`CDROM_SELECT_DISC', `0x00005323') +define(`CDROM_SELECT_SPEED', `0x00005322') +define(`CDROM_SEND_PACKET', `0x00005393') +define(`CDROM_SET_OPTIONS', `0x00005320') +define(`CDROMSETSPINDOWN', `0x0000531e') +define(`CDROMSTART', `0x00005308') +define(`CDROMSTOP', `0x00005307') +define(`CDROMSUBCHNL', `0x0000530b') +define(`CDROMVOLCTRL', `0x0000530a') +define(`CDROMVOLREAD', `0x00005313') +define(`CHIOEXCHANGE', `0x401c6302') +define(`CHIOGELEM', `0x406c6310') +define(`CHIOGPARAMS', `0x80146306') +define(`CHIOGPICKER', `0x80046304') +define(`CHIOGSTATUS', `0x40106308') +define(`CHIOGVPARAMS', `0x80706313') +define(`CHIOINITELEM', `0x00006311') +define(`CHIOMOVE', `0x40146301') +define(`CHIOPOSITION', `0x400c6303') +define(`CHIOSPICKER', `0x40046305') +define(`CHIOSVOLTAG', `0x40306312') +define(`CIOC_KERNEL_VERSION', `0xc008630a') +define(`CLEAR_ARRAY', `0x00000920') +define(`CM_IOCARDOFF', `0x00006304') +define(`CM_IOCGATR', `0xc0086301') +define(`CM_IOCGSTATUS', `0x80086300') +define(`CM_IOCSPTS', `0x40086302') +define(`CM_IOCSRDR', `0x00006303') +define(`CM_IOSDBGLVL', `0x400863fa') +define(`CXL_IOCTL_GET_PROCESS_ELEMENT', `0x8004ca01') +define(`CXL_IOCTL_START_WORK', `0x4040ca00') +define(`DM_DEV_CREATE', `0xc138fd03') +define(`DM_DEV_REMOVE', `0xc138fd04') +define(`DM_DEV_RENAME', `0xc138fd05') +define(`DM_DEV_SET_GEOMETRY', `0xc138fd0f') +define(`DM_DEV_STATUS', `0xc138fd07') +define(`DM_DEV_SUSPEND', `0xc138fd06') +define(`DM_DEV_WAIT', `0xc138fd08') +define(`DM_LIST_DEVICES', `0xc138fd02') +define(`DM_LIST_VERSIONS', `0xc138fd0d') +define(`DM_REMOVE_ALL', `0xc138fd01') +define(`DM_TABLE_CLEAR', `0xc138fd0a') +define(`DM_TABLE_DEPS', `0xc138fd0b') +define(`DM_TABLE_LOAD', `0xc138fd09') +define(`DM_TABLE_STATUS', `0xc138fd0c') +define(`DM_TARGET_MSG', `0xc138fd0e') +define(`DM_VERSION', `0xc138fd00') +define(`DMX_ADD_PID', `0x40026f33') +define(`DMX_GET_CAPS', `0x80086f30') +define(`DMX_GET_PES_PIDS', `0x800a6f2f') +define(`DMX_GET_STC', `0xc0106f32') +define(`DMX_REMOVE_PID', `0x40026f34') +define(`DMX_SET_BUFFER_SIZE', `0x00006f2d') +define(`DMX_SET_FILTER', `0x403c6f2b') +define(`DMX_SET_PES_FILTER', `0x40146f2c') +define(`DMX_SET_SOURCE', `0x40046f31') +define(`DMX_START', `0x00006f29') +define(`DMX_STOP', `0x00006f2a') +define(`DRM_IOCTL_ADD_BUFS', `0xc0206416') +define(`DRM_IOCTL_ADD_CTX', `0xc0086420') +define(`DRM_IOCTL_ADD_DRAW', `0xc0046427') +define(`DRM_IOCTL_ADD_MAP', `0xc0286415') +define(`DRM_IOCTL_AGP_ACQUIRE', `0x00006430') +define(`DRM_IOCTL_AGP_ALLOC', `0xc0206434') +define(`DRM_IOCTL_AGP_BIND', `0x40106436') +define(`DRM_IOCTL_AGP_ENABLE', `0x40086432') +define(`DRM_IOCTL_AGP_FREE', `0x40206435') +define(`DRM_IOCTL_AGP_INFO', `0x80386433') +define(`DRM_IOCTL_AGP_RELEASE', `0x00006431') +define(`DRM_IOCTL_AGP_UNBIND', `0x40106437') +define(`DRM_IOCTL_AUTH_MAGIC', `0x40046411') +define(`DRM_IOCTL_BLOCK', `0xc0046412') +define(`DRM_IOCTL_CONTROL', `0x40086414') +define(`DRM_IOCTL_DMA', `0xc0406429') +define(`DRM_IOCTL_DROP_MASTER', `0x0000641f') +define(`DRM_IOCTL_EXYNOS_G2D_EXEC', `0xc0086462') +define(`DRM_IOCTL_EXYNOS_G2D_GET_VER', `0xc0086460') +define(`DRM_IOCTL_EXYNOS_G2D_SET_CMDLIST', `0xc0286461') +define(`DRM_IOCTL_EXYNOS_GEM_CREATE', `0xc0106440') +define(`DRM_IOCTL_EXYNOS_GEM_GET', `0xc0106444') +define(`DRM_IOCTL_EXYNOS_IPP_CMD_CTRL', `0xc0086473') +define(`DRM_IOCTL_EXYNOS_IPP_GET_PROPERTY', `0xc0506470') +define(`DRM_IOCTL_EXYNOS_IPP_QUEUE_BUF', `0xc0286472') +define(`DRM_IOCTL_EXYNOS_IPP_SET_PROPERTY', `0xc0606471') +define(`DRM_IOCTL_EXYNOS_VIDI_CONNECTION', `0xc0106447') +define(`DRM_IOCTL_FINISH', `0x4008642c') +define(`DRM_IOCTL_FREE_BUFS', `0x4010641a') +define(`DRM_IOCTL_GEM_CLOSE', `0x40086409') +define(`DRM_IOCTL_GEM_FLINK', `0xc008640a') +define(`DRM_IOCTL_GEM_OPEN', `0xc010640b') +define(`DRM_IOCTL_GET_CAP', `0xc010640c') +define(`DRM_IOCTL_GET_CLIENT', `0xc0286405') +define(`DRM_IOCTL_GET_CTX', `0xc0086423') +define(`DRM_IOCTL_GET_MAGIC', `0x80046402') +define(`DRM_IOCTL_GET_MAP', `0xc0286404') +define(`DRM_IOCTL_GET_SAREA_CTX', `0xc010641d') +define(`DRM_IOCTL_GET_STATS', `0x80f86406') +define(`DRM_IOCTL_GET_UNIQUE', `0xc0106401') +define(`DRM_IOCTL_I810_CLEAR', `0x400c6442') +define(`DRM_IOCTL_I810_COPY', `0x40106447') +define(`DRM_IOCTL_I810_DOCOPY', `0x00006448') +define(`DRM_IOCTL_I810_FLIP', `0x0000644e') +define(`DRM_IOCTL_I810_FLUSH', `0x00006443') +define(`DRM_IOCTL_I810_FSTATUS', `0x0000644a') +define(`DRM_IOCTL_I810_GETAGE', `0x00006444') +define(`DRM_IOCTL_I810_GETBUF', `0xc0186445') +define(`DRM_IOCTL_I810_INIT', `0x40406440') +define(`DRM_IOCTL_I810_MC', `0x4020644c') +define(`DRM_IOCTL_I810_OV0FLIP', `0x0000644b') +define(`DRM_IOCTL_I810_OV0INFO', `0x80086449') +define(`DRM_IOCTL_I810_RSTATUS', `0x0000644d') +define(`DRM_IOCTL_I810_SWAP', `0x00006446') +define(`DRM_IOCTL_I810_VERTEX', `0x400c6441') +define(`DRM_IOCTL_I915_ALLOC', `0xc0186448') +define(`DRM_IOCTL_I915_BATCHBUFFER', `0x40206443') +define(`DRM_IOCTL_I915_CMDBUFFER', `0x4020644b') +define(`DRM_IOCTL_I915_DESTROY_HEAP', `0x4004644c') +define(`DRM_IOCTL_I915_FLIP', `0x00006442') +define(`DRM_IOCTL_I915_FLUSH', `0x00006441') +define(`DRM_IOCTL_I915_FREE', `0x40086449') +define(`DRM_IOCTL_I915_GEM_BUSY', `0xc0086457') +define(`DRM_IOCTL_I915_GEM_CONTEXT_CREATE', `0xc008646d') +define(`DRM_IOCTL_I915_GEM_CONTEXT_DESTROY', `0x4008646e') +define(`DRM_IOCTL_I915_GEM_CREATE', `0xc010645b') +define(`DRM_IOCTL_I915_GEM_ENTERVT', `0x00006459') +define(`DRM_IOCTL_I915_GEM_EXECBUFFER', `0x40286454') +define(`DRM_IOCTL_I915_GEM_EXECBUFFER2', `0x40406469') +define(`DRM_IOCTL_I915_GEM_GET_APERTURE', `0x80106463') +define(`DRM_IOCTL_I915_GEM_GET_CACHING', `0xc0086470') +define(`DRM_IOCTL_I915_GEM_GET_TILING', `0xc0106462') +define(`DRM_IOCTL_I915_GEM_INIT', `0x40106453') +define(`DRM_IOCTL_I915_GEM_LEAVEVT', `0x0000645a') +define(`DRM_IOCTL_I915_GEM_MADVISE', `0xc00c6466') +define(`DRM_IOCTL_I915_GEM_MMAP', `0xc020645e') +define(`DRM_IOCTL_I915_GEM_MMAP_GTT', `0xc0106464') +define(`DRM_IOCTL_I915_GEM_PIN', `0xc0186455') +define(`DRM_IOCTL_I915_GEM_PREAD', `0x4020645c') +define(`DRM_IOCTL_I915_GEM_PWRITE', `0x4020645d') +define(`DRM_IOCTL_I915_GEM_SET_CACHING', `0x4008646f') +define(`DRM_IOCTL_I915_GEM_SET_DOMAIN', `0x400c645f') +define(`DRM_IOCTL_I915_GEM_SET_TILING', `0xc0106461') +define(`DRM_IOCTL_I915_GEM_SW_FINISH', `0x40046460') +define(`DRM_IOCTL_I915_GEM_THROTTLE', `0x00006458') +define(`DRM_IOCTL_I915_GEM_UNPIN', `0x40086456') +define(`DRM_IOCTL_I915_GEM_USERPTR', `0xc0186473') +define(`DRM_IOCTL_I915_GEM_WAIT', `0xc010646c') +define(`DRM_IOCTL_I915_GETPARAM', `0xc0106446') +define(`DRM_IOCTL_I915_GET_PIPE_FROM_CRTC_ID', `0xc0086465') +define(`DRM_IOCTL_I915_GET_RESET_STATS', `0xc0186472') +define(`DRM_IOCTL_I915_GET_SPRITE_COLORKEY', `0xc014646b') +define(`DRM_IOCTL_I915_GET_VBLANK_PIPE', `0x8004644e') +define(`DRM_IOCTL_I915_HWS_ADDR', `0x40106451') +define(`DRM_IOCTL_I915_INIT', `0x40446440') +define(`DRM_IOCTL_I915_INIT_HEAP', `0x400c644a') +define(`DRM_IOCTL_I915_IRQ_EMIT', `0xc0086444') +define(`DRM_IOCTL_I915_IRQ_WAIT', `0x40046445') +define(`DRM_IOCTL_I915_OVERLAY_ATTRS', `0xc02c6468') +define(`DRM_IOCTL_I915_OVERLAY_PUT_IMAGE', `0x402c6467') +define(`DRM_IOCTL_I915_REG_READ', `0xc0106471') +define(`DRM_IOCTL_I915_SETPARAM', `0x40086447') +define(`DRM_IOCTL_I915_SET_SPRITE_COLORKEY', `0xc014646b') +define(`DRM_IOCTL_I915_SET_VBLANK_PIPE', `0x4004644d') +define(`DRM_IOCTL_I915_VBLANK_SWAP', `0xc00c644f') +define(`DRM_IOCTL_INFO_BUFS', `0xc0106418') +define(`DRM_IOCTL_IRQ_BUSID', `0xc0106403') +define(`DRM_IOCTL_LOCK', `0x4008642a') +define(`DRM_IOCTL_MAP_BUFS', `0xc0186419') +define(`DRM_IOCTL_MARK_BUFS', `0x40206417') +define(`DRM_IOCTL_MGA_BLIT', `0x40346448') +define(`DRM_IOCTL_MGA_CLEAR', `0x40146444') +define(`DRM_IOCTL_MGA_DMA_BOOTSTRAP', `0xc020644c') +define(`DRM_IOCTL_MGA_FLUSH', `0x40086441') +define(`DRM_IOCTL_MGA_GETPARAM', `0xc0106449') +define(`DRM_IOCTL_MGA_ILOAD', `0x400c6447') +define(`DRM_IOCTL_MGA_INDICES', `0x40106446') +define(`DRM_IOCTL_MGA_INIT', `0x40806440') +define(`DRM_IOCTL_MGA_RESET', `0x00006442') +define(`DRM_IOCTL_MGA_SET_FENCE', `0x4004644a') +define(`DRM_IOCTL_MGA_SWAP', `0x00006443') +define(`DRM_IOCTL_MGA_VERTEX', `0x400c6445') +define(`DRM_IOCTL_MGA_WAIT_FENCE', `0xc004644b') +define(`DRM_IOCTL_MOD_CTX', `0x40086422') +define(`DRM_IOCTL_MODE_ADDFB', `0xc01c64ae') +define(`DRM_IOCTL_MODE_ADDFB2', `0xc04464b8') +define(`DRM_IOCTL_MODE_ATTACHMODE', `0xc04864a8') +define(`DRM_IOCTL_MODE_CREATE_DUMB', `0xc02064b2') +define(`DRM_IOCTL_MODE_CURSOR', `0xc01c64a3') +define(`DRM_IOCTL_MODE_CURSOR2', `0xc02464bb') +define(`DRM_IOCTL_MODE_DESTROY_DUMB', `0xc00464b4') +define(`DRM_IOCTL_MODE_DETACHMODE', `0xc04864a9') +define(`DRM_IOCTL_MODE_DIRTYFB', `0xc01864b1') +define(`DRM_IOCTL_MODE_GETCONNECTOR', `0xc05064a7') +define(`DRM_IOCTL_MODE_GETCRTC', `0xc06864a1') +define(`DRM_IOCTL_MODE_GETENCODER', `0xc01464a6') +define(`DRM_IOCTL_MODE_GETFB', `0xc01c64ad') +define(`DRM_IOCTL_MODE_GETGAMMA', `0xc02064a4') +define(`DRM_IOCTL_MODE_GETPLANE', `0xc02064b6') +define(`DRM_IOCTL_MODE_GETPLANERESOURCES', `0xc01064b5') +define(`DRM_IOCTL_MODE_GETPROPBLOB', `0xc01064ac') +define(`DRM_IOCTL_MODE_GETPROPERTY', `0xc04064aa') +define(`DRM_IOCTL_MODE_GETRESOURCES', `0xc04064a0') +define(`DRM_IOCTL_MODE_MAP_DUMB', `0xc01064b3') +define(`DRM_IOCTL_MODE_OBJ_GETPROPERTIES', `0xc02064b9') +define(`DRM_IOCTL_MODE_OBJ_SETPROPERTY', `0xc01864ba') +define(`DRM_IOCTL_MODE_PAGE_FLIP', `0xc01864b0') +define(`DRM_IOCTL_MODE_RMFB', `0xc00464af') +define(`DRM_IOCTL_MODE_SETCRTC', `0xc06864a2') +define(`DRM_IOCTL_MODESET_CTL', `0x40086408') +define(`DRM_IOCTL_MODE_SETGAMMA', `0xc02064a5') +define(`DRM_IOCTL_MODE_SETPLANE', `0xc03064b7') +define(`DRM_IOCTL_MODE_SETPROPERTY', `0xc01064ab') +define(`DRM_IOCTL_MSM_GEM_CPU_FINI', `0x40046445') +define(`DRM_IOCTL_MSM_GEM_CPU_PREP', `0x40186444') +define(`DRM_IOCTL_MSM_GEM_INFO', `0xc0106443') +define(`DRM_IOCTL_MSM_GEM_NEW', `0xc0106442') +define(`DRM_IOCTL_MSM_GEM_SUBMIT', `0xc0206446') +define(`DRM_IOCTL_MSM_GET_PARAM', `0xc0106440') +define(`DRM_IOCTL_MSM_WAIT_FENCE', `0x40186447') +define(`DRM_IOCTL_NEW_CTX', `0x40086425') +define(`DRM_IOCTL_NOUVEAU_GEM_CPU_FINI', `0x40046483') +define(`DRM_IOCTL_NOUVEAU_GEM_CPU_PREP', `0x40086482') +define(`DRM_IOCTL_NOUVEAU_GEM_INFO', `0xc0286484') +define(`DRM_IOCTL_NOUVEAU_GEM_NEW', `0xc0306480') +define(`DRM_IOCTL_NOUVEAU_GEM_PUSHBUF', `0xc0406481') +define(`DRM_IOCTL_OMAP_GEM_CPU_FINI', `0x40106445') +define(`DRM_IOCTL_OMAP_GEM_CPU_PREP', `0x40086444') +define(`DRM_IOCTL_OMAP_GEM_INFO', `0xc0186446') +define(`DRM_IOCTL_OMAP_GEM_NEW', `0xc0106443') +define(`DRM_IOCTL_OMAP_GET_PARAM', `0xc0106440') +define(`DRM_IOCTL_OMAP_SET_PARAM', `0x40106441') +define(`DRM_IOCTL_PRIME_FD_TO_HANDLE', `0xc00c642e') +define(`DRM_IOCTL_PRIME_HANDLE_TO_FD', `0xc00c642d') +define(`DRM_IOCTL_QXL_ALLOC', `0xc0086440') +define(`DRM_IOCTL_QXL_ALLOC_SURF', `0xc0186446') +define(`DRM_IOCTL_QXL_CLIENTCAP', `0x40086445') +define(`DRM_IOCTL_QXL_EXECBUFFER', `0x40106442') +define(`DRM_IOCTL_QXL_GETPARAM', `0xc0106444') +define(`DRM_IOCTL_QXL_MAP', `0xc0106441') +define(`DRM_IOCTL_QXL_UPDATE_AREA', `0x40186443') +define(`DRM_IOCTL_R128_BLIT', `0x4018644b') +define(`DRM_IOCTL_R128_CCE_IDLE', `0x00006444') +define(`DRM_IOCTL_R128_CCE_RESET', `0x00006443') +define(`DRM_IOCTL_R128_CCE_START', `0x00006441') +define(`DRM_IOCTL_R128_CCE_STOP', `0x40086442') +define(`DRM_IOCTL_R128_CLEAR', `0x40146448') +define(`DRM_IOCTL_R128_DEPTH', `0x4028644c') +define(`DRM_IOCTL_R128_FLIP', `0x00006453') +define(`DRM_IOCTL_R128_FULLSCREEN', `0x40046450') +define(`DRM_IOCTL_R128_GETPARAM', `0xc0106452') +define(`DRM_IOCTL_R128_INDICES', `0x4014644a') +define(`DRM_IOCTL_R128_INDIRECT', `0xc010644f') +define(`DRM_IOCTL_R128_INIT', `0x40786440') +define(`DRM_IOCTL_R128_RESET', `0x00006446') +define(`DRM_IOCTL_R128_STIPPLE', `0x4008644d') +define(`DRM_IOCTL_R128_SWAP', `0x00006447') +define(`DRM_IOCTL_R128_VERTEX', `0x40106449') +define(`DRM_IOCTL_RADEON_ALLOC', `0xc0186453') +define(`DRM_IOCTL_RADEON_CLEAR', `0x40206448') +define(`DRM_IOCTL_RADEON_CMDBUF', `0x40206450') +define(`DRM_IOCTL_RADEON_CP_IDLE', `0x00006444') +define(`DRM_IOCTL_RADEON_CP_INIT', `0x40786440') +define(`DRM_IOCTL_RADEON_CP_RESET', `0x00006443') +define(`DRM_IOCTL_RADEON_CP_RESUME', `0x00006458') +define(`DRM_IOCTL_RADEON_CP_START', `0x00006441') +define(`DRM_IOCTL_RADEON_CP_STOP', `0x40086442') +define(`DRM_IOCTL_RADEON_CS', `0xc0206466') +define(`DRM_IOCTL_RADEON_FLIP', `0x00006452') +define(`DRM_IOCTL_RADEON_FREE', `0x40086454') +define(`DRM_IOCTL_RADEON_FULLSCREEN', `0x40046446') +define(`DRM_IOCTL_RADEON_GEM_BUSY', `0xc008646a') +define(`DRM_IOCTL_RADEON_GEM_CREATE', `0xc020645d') +define(`DRM_IOCTL_RADEON_GEM_GET_TILING', `0xc00c6469') +define(`DRM_IOCTL_RADEON_GEM_INFO', `0xc018645c') +define(`DRM_IOCTL_RADEON_GEM_MMAP', `0xc020645e') +define(`DRM_IOCTL_RADEON_GEM_OP', `0xc010646c') +define(`DRM_IOCTL_RADEON_GEM_PREAD', `0xc0206461') +define(`DRM_IOCTL_RADEON_GEM_PWRITE', `0xc0206462') +define(`DRM_IOCTL_RADEON_GEM_SET_DOMAIN', `0xc00c6463') +define(`DRM_IOCTL_RADEON_GEM_SET_TILING', `0xc00c6468') +define(`DRM_IOCTL_RADEON_GEM_USERPTR', `0xc018646d') +define(`DRM_IOCTL_RADEON_GEM_VA', `0xc018646b') +define(`DRM_IOCTL_RADEON_GEM_WAIT_IDLE', `0x40086464') +define(`DRM_IOCTL_RADEON_GETPARAM', `0xc0106451') +define(`DRM_IOCTL_RADEON_INDICES', `0x4014644a') +define(`DRM_IOCTL_RADEON_INDIRECT', `0xc010644d') +define(`DRM_IOCTL_RADEON_INFO', `0xc0106467') +define(`DRM_IOCTL_RADEON_INIT_HEAP', `0x400c6455') +define(`DRM_IOCTL_RADEON_IRQ_EMIT', `0xc0086456') +define(`DRM_IOCTL_RADEON_IRQ_WAIT', `0x40046457') +define(`DRM_IOCTL_RADEON_RESET', `0x00006445') +define(`DRM_IOCTL_RADEON_SETPARAM', `0x40106459') +define(`DRM_IOCTL_RADEON_STIPPLE', `0x4008644c') +define(`DRM_IOCTL_RADEON_SURF_ALLOC', `0x400c645a') +define(`DRM_IOCTL_RADEON_SURF_FREE', `0x4004645b') +define(`DRM_IOCTL_RADEON_SWAP', `0x00006447') +define(`DRM_IOCTL_RADEON_TEXTURE', `0xc020644e') +define(`DRM_IOCTL_RADEON_VERTEX', `0x40106449') +define(`DRM_IOCTL_RADEON_VERTEX2', `0x4028644f') +define(`DRM_IOCTL_RES_CTX', `0xc0106426') +define(`DRM_IOCTL_RM_CTX', `0xc0086421') +define(`DRM_IOCTL_RM_DRAW', `0xc0046428') +define(`DRM_IOCTL_RM_MAP', `0x4028641b') +define(`DRM_IOCTL_SAVAGE_BCI_CMDBUF', `0x40386441') +define(`DRM_IOCTL_SAVAGE_BCI_EVENT_EMIT', `0xc0086442') +define(`DRM_IOCTL_SAVAGE_BCI_EVENT_WAIT', `0x40086443') +define(`DRM_IOCTL_SAVAGE_BCI_INIT', `0x40606440') +define(`DRM_IOCTL_SET_CLIENT_CAP', `0x4010640d') +define(`DRM_IOCTL_SET_MASTER', `0x0000641e') +define(`DRM_IOCTL_SET_SAREA_CTX', `0x4010641c') +define(`DRM_IOCTL_SET_UNIQUE', `0x40106410') +define(`DRM_IOCTL_SET_VERSION', `0xc0106407') +define(`DRM_IOCTL_SG_ALLOC', `0xc0106438') +define(`DRM_IOCTL_SG_FREE', `0x40106439') +define(`DRM_IOCTL_SIS_AGP_ALLOC', `0xc0206454') +define(`DRM_IOCTL_SIS_AGP_FREE', `0x40206455') +define(`DRM_IOCTL_SIS_AGP_INIT', `0xc0106453') +define(`DRM_IOCTL_SIS_FB_ALLOC', `0xc0206444') +define(`DRM_IOCTL_SIS_FB_FREE', `0x40206445') +define(`DRM_IOCTL_SIS_FB_INIT', `0x40106456') +define(`DRM_IOCTL_SWITCH_CTX', `0x40086424') +define(`DRM_IOCTL_TEGRA_CLOSE_CHANNEL', `0xc0106446') +define(`DRM_IOCTL_TEGRA_GEM_CREATE', `0xc0106440') +define(`DRM_IOCTL_TEGRA_GEM_GET_FLAGS', `0xc008644d') +define(`DRM_IOCTL_TEGRA_GEM_GET_TILING', `0xc010644b') +define(`DRM_IOCTL_TEGRA_GEM_MMAP', `0xc0086441') +define(`DRM_IOCTL_TEGRA_GEM_SET_FLAGS', `0xc008644c') +define(`DRM_IOCTL_TEGRA_GEM_SET_TILING', `0xc010644a') +define(`DRM_IOCTL_TEGRA_GET_SYNCPT', `0xc0106447') +define(`DRM_IOCTL_TEGRA_GET_SYNCPT_BASE', `0xc0106449') +define(`DRM_IOCTL_TEGRA_OPEN_CHANNEL', `0xc0106445') +define(`DRM_IOCTL_TEGRA_SUBMIT', `0xc0586448') +define(`DRM_IOCTL_TEGRA_SYNCPT_INCR', `0xc0086443') +define(`DRM_IOCTL_TEGRA_SYNCPT_READ', `0xc0086442') +define(`DRM_IOCTL_TEGRA_SYNCPT_WAIT', `0xc0106444') +define(`DRM_IOCTL_UNBLOCK', `0xc0046413') +define(`DRM_IOCTL_UNLOCK', `0x4008642b') +define(`DRM_IOCTL_UPDATE_DRAW', `0x4018643f') +define(`DRM_IOCTL_VERSION', `0xc0406400') +define(`DRM_IOCTL_VIA_AGP_INIT', `0xc0086442') +define(`DRM_IOCTL_VIA_ALLOCMEM', `0xc0206440') +define(`DRM_IOCTL_VIA_BLIT_SYNC', `0x4008644f') +define(`DRM_IOCTL_VIA_CMDBUFFER', `0x40106448') +define(`DRM_IOCTL_VIA_CMDBUF_SIZE', `0xc00c644b') +define(`DRM_IOCTL_VIA_DEC_FUTEX', `0x40106445') +define(`DRM_IOCTL_VIA_DMA_BLIT', `0x4030644e') +define(`DRM_IOCTL_VIA_DMA_INIT', `0xc0206447') +define(`DRM_IOCTL_VIA_FB_INIT', `0xc0086443') +define(`DRM_IOCTL_VIA_FLUSH', `0x00006449') +define(`DRM_IOCTL_VIA_FREEMEM', `0x40206441') +define(`DRM_IOCTL_VIA_MAP_INIT', `0xc0286444') +define(`DRM_IOCTL_VIA_PCICMD', `0x4010644a') +define(`DRM_IOCTL_VIA_WAIT_IRQ', `0xc018644d') +define(`DRM_IOCTL_WAIT_VBLANK', `0xc018643a') +define(`DVD_AUTH', `0x00005392') +define(`DVD_READ_STRUCT', `0x00005390') +define(`DVD_WRITE_STRUCT', `0x00005391') +define(`ECCGETLAYOUT', `0x81484d11') +define(`ECCGETSTATS', `0x80104d12') +define(`ENI_MEMDUMP', `0x40106160') +define(`ENI_SETMULT', `0x40106167') +define(`EVIOCGEFFECTS', `0x80044584') +define(`EVIOCGID', `0x80084502') +define(`EVIOCGKEYCODE', `0x80084504') +define(`EVIOCGKEYCODE_V2', `0x80284504') +define(`EVIOCGRAB', `0x40044590') +define(`EVIOCGREP', `0x80084503') +define(`EVIOCGVERSION', `0x80044501') +define(`EVIOCREVOKE', `0x40044591') +define(`EVIOCRMFF', `0x40044581') +define(`EVIOCSCLOCKID', `0x400445a0') +define(`EVIOCSFF', `0x40304580') +define(`EVIOCSKEYCODE', `0x40084504') +define(`EVIOCSKEYCODE_V2', `0x40284504') +define(`EVIOCSREP', `0x40084503') +define(`F2FS_IOC_ABORT_VOLATILE_WRITE', `0xf505') +define(`F2FS_IOC_COMMIT_ATOMIC_WRITE', `0xf502') +define(`F2FS_IOC_DEFRAGMENT', `0xf508') +define(`F2FS_IOC_FLUSH_DEVICE', `0xf50a') +define(`F2FS_IOC_GARBAGE_COLLECT', `0xf506') +define(`F2FS_IOC_GARBAGE_COLLECT_RANGE', `0xf50b') +define(`F2FS_IOC_GET_FEATURES', `0xf50c') +define(`F2FS_IOC_GET_PIN_FILE', `0xf50e') +define(`F2FS_IOC_MOVE_RANGE', `0xf509') +define(`F2FS_IOC_PRECACHE_EXTENTS', `0xf50f') +define(`F2FS_IOC_RELEASE_VOLATILE_WRITE', `0xf504') +define(`F2FS_IOC_SET_PIN_FILE', `0xf50d') +define(`F2FS_IOC_START_ATOMIC_WRITE', `0xf501') +define(`F2FS_IOC_START_VOLATILE_WRITE', `0xf503') +define(`F2FS_IOC_WRITE_CHECKPOINT', `0xf507') +define(`FAT_IOCTL_GET_ATTRIBUTES', `0x80047210') +define(`FAT_IOCTL_GET_VOLUME_ID', `0x80047213') +define(`FAT_IOCTL_SET_ATTRIBUTES', `0x40047211') +define(`FBIGET_BRIGHTNESS', `0x80044603') +define(`FBIGET_COLOR', `0x80044605') +define(`FBIO_ALLOC', `0x00004613') +define(`FBIOBLANK', `0x00004611') +define(`FBIO_CURSOR', `0xc0684608') +define(`FBIO_FREE', `0x00004614') +define(`FBIOGETCMAP', `0x00004604') +define(`FBIOGET_CON2FBMAP', `0x0000460f') +define(`FBIOGET_CONTRAST', `0x80044601') +define(`FBIO_GETCONTROL2', `0x80084689') +define(`FBIOGET_DISPINFO', `0x00004618') +define(`FBIOGET_FSCREENINFO', `0x00004602') +define(`FBIOGET_GLYPH', `0x00004615') +define(`FBIOGET_HWCINFO', `0x00004616') +define(`FBIOGET_VBLANK', `0x80204612') +define(`FBIOGET_VSCREENINFO', `0x00004600') +define(`FBIOPAN_DISPLAY', `0x00004606') +define(`FBIOPUTCMAP', `0x00004605') +define(`FBIOPUT_CON2FBMAP', `0x00004610') +define(`FBIOPUT_CONTRAST', `0x40044602') +define(`FBIOPUT_MODEINFO', `0x00004617') +define(`FBIOPUT_VSCREENINFO', `0x00004601') +define(`FBIO_RADEON_GET_MIRROR', `0x80084003') +define(`FBIO_RADEON_SET_MIRROR', `0x40084004') +define(`FBIO_WAITEVENT', `0x00004688') +define(`FBIO_WAITFORVSYNC', `0x40044620') +define(`FBIPUT_BRIGHTNESS', `0x40044603') +define(`FBIPUT_COLOR', `0x40044606') +define(`FBIPUT_HSYNC', `0x40044609') +define(`FBIPUT_VSYNC', `0x4004460a') +define(`FDCLRPRM', `0x00000241') +define(`FDDEFPRM', `0x40200243') +define(`FDEJECT', `0x0000025a') +define(`FDFLUSH', `0x0000024b') +define(`FDFMTBEG', `0x00000247') +define(`FDFMTEND', `0x00000249') +define(`FDFMTTRK', `0x400c0248') +define(`FDGETDRVPRM', `0x80800211') +define(`FDGETDRVSTAT', `0x80500212') +define(`FDGETDRVTYP', `0x8010020f') +define(`FDGETFDCSTAT', `0x80280215') +define(`FDGETMAXERRS', `0x8014020e') +define(`FDGETPRM', `0x80200204') +define(`FDMSGOFF', `0x00000246') +define(`FDMSGON', `0x00000245') +define(`FDPOLLDRVSTAT', `0x80500213') +define(`FDRAWCMD', `0x00000258') +define(`FDRESET', `0x00000254') +define(`FDSETDRVPRM', `0x40800290') +define(`FDSETEMSGTRESH', `0x0000024a') +define(`FDSETMAXERRS', `0x4014024c') +define(`FDSETPRM', `0x40200242') +define(`FDTWADDLE', `0x00000259') +define(`FDWERRORCLR', `0x00000256') +define(`FDWERRORGET', `0x80280217') +define(`FE_DISEQC_RECV_SLAVE_REPLY', `0x800c6f40') +define(`FE_DISEQC_RESET_OVERLOAD', `0x00006f3e') +define(`FE_DISEQC_SEND_BURST', `0x00006f41') +define(`FE_DISEQC_SEND_MASTER_CMD', `0x40076f3f') +define(`FE_DISHNETWORK_SEND_LEGACY_CMD', `0x00006f50') +define(`FE_ENABLE_HIGH_LNB_VOLTAGE', `0x00006f44') +define(`FE_GET_EVENT', `0x80286f4e') +define(`FE_GET_FRONTEND', `0x80246f4d') +define(`FE_GET_INFO', `0x80a86f3d') +define(`FE_GET_PROPERTY', `0x80106f53') +define(`FE_READ_BER', `0x80046f46') +define(`FE_READ_SIGNAL_STRENGTH', `0x80026f47') +define(`FE_READ_SNR', `0x80026f48') +define(`FE_READ_STATUS', `0x80046f45') +define(`FE_READ_UNCORRECTED_BLOCKS', `0x80046f49') +define(`FE_SET_FRONTEND', `0x40246f4c') +define(`FE_SET_FRONTEND_TUNE_MODE', `0x00006f51') +define(`FE_SET_PROPERTY', `0x40106f52') +define(`FE_SET_TONE', `0x00006f42') +define(`FE_SET_VOLTAGE', `0x00006f43') +define(`FIBMAP', `0x00000001') +define(`FIFREEZE', `0xc0045877') +define(`FIGETBSZ', `0x00000002') +define(`FIOASYNC', `0x00005452') +define(`FIOCLEX', ifelse(target_arch, mips, 0x00006601, 0x00005451)) +define(`FIOGETOWN', `0x00008903') +define(`FIONBIO', `0x00005421') +define(`FIONCLEX', ifelse(target_arch, mips, 0x00006602, 0x00005450)) +define(`FIONREAD', ifelse(target_arch, mips, 0x0000467f, 0x0000541b)) +define(`FIOQSIZE', `0x00005460') +define(`FIOSETOWN', `0x00008901') +define(`FITHAW', `0xc0045878') +define(`FITRIM', `0xc0185879') +define(`FS_IOC32_GETFLAGS', `0x80046601') +define(`FS_IOC32_GETVERSION', `0x80047601') +define(`FS_IOC32_SETFLAGS', `0x40046602') +define(`FS_IOC32_SETVERSION', `0x40047602') +define(`FS_IOC_ADD_ENCRYPTION_KEY', `0xc0506617') +define(`FS_IOC_ENABLE_VERITY', `0x6685') +define(`FS_IOC_FIEMAP', `0xc020660b') +define(`FS_IOC_FSGETXATTR', `0x801c581f') +define(`FS_IOC_FSSETXATTR', `0x401c5820') +define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615') +define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616') +define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614') +define(`FS_IOC_GETFLAGS', `0x80086601') +define(`FS_IOC_GETVERSION', `0x80087601') +define(`FS_IOC_MEASURE_VERITY', `0x6686') +define(`FS_IOC_REMOVE_ENCRYPTION_KEY', `0xc0406618') +define(`FS_IOC_SET_ENCRYPTION_POLICY', `0x800c6613') +define(`FS_IOC_SETFLAGS', `0x40086602') +define(`FS_IOC_SETVERSION', `0x40087602') +define(`FSL_HV_IOCTL_DOORBELL', `0xc008af06') +define(`FSL_HV_IOCTL_GETPROP', `0xc028af07') +define(`FSL_HV_IOCTL_MEMCPY', `0xc028af05') +define(`FSL_HV_IOCTL_PARTITION_GET_STATUS', `0xc00caf02') +define(`FSL_HV_IOCTL_PARTITION_RESTART', `0xc008af01') +define(`FSL_HV_IOCTL_PARTITION_START', `0xc010af03') +define(`FSL_HV_IOCTL_PARTITION_STOP', `0xc008af04') +define(`FSL_HV_IOCTL_SETPROP', `0xc028af08') +define(`FUNCTIONFS_CLEAR_HALT', `0x00006703') +define(`FUNCTIONFS_ENDPOINT_DESC', `0x80096782') +define(`FUNCTIONFS_ENDPOINT_REVMAP', `0x00006781') +define(`FUNCTIONFS_FIFO_FLUSH', `0x00006702') +define(`FUNCTIONFS_FIFO_STATUS', `0x00006701') +define(`FUNCTIONFS_INTERFACE_REVMAP', `0x00006780') +define(`FW_CDEV_IOC_ADD_DESCRIPTOR', `0xc0182306') +define(`FW_CDEV_IOC_ALLOCATE', `0xc0202302') +define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE', `0xc018230d') +define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE_ONCE', `0x4018230f') +define(`FW_CDEV_IOC_CREATE_ISO_CONTEXT', `0xc0202308') +define(`FW_CDEV_IOC_DEALLOCATE', `0x40042303') +define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE', `0x4004230e') +define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE_ONCE', `0x40182310') +define(`FW_CDEV_IOC_FLUSH_ISO', `0x40042318') +define(`FW_CDEV_IOC_GET_CYCLE_TIMER', `0x8010230c') +define(`FW_CDEV_IOC_GET_CYCLE_TIMER2', `0xc0182314') +define(`FW_CDEV_IOC_GET_INFO', `0xc0282300') +define(`FW_CDEV_IOC_GET_SPEED', `0x00002311') +define(`FW_CDEV_IOC_INITIATE_BUS_RESET', `0x40042305') +define(`FW_CDEV_IOC_QUEUE_ISO', `0xc0182309') +define(`FW_CDEV_IOC_RECEIVE_PHY_PACKETS', `0x40082316') +define(`FW_CDEV_IOC_REMOVE_DESCRIPTOR', `0x40042307') +define(`FW_CDEV_IOC_SEND_BROADCAST_REQUEST', `0x40282312') +define(`FW_CDEV_IOC_SEND_PHY_PACKET', `0xc0182315') +define(`FW_CDEV_IOC_SEND_REQUEST', `0x40282301') +define(`FW_CDEV_IOC_SEND_RESPONSE', `0x40182304') +define(`FW_CDEV_IOC_SEND_STREAM_PACKET', `0x40282313') +define(`FW_CDEV_IOC_SET_ISO_CHANNELS', `0x40102317') +define(`FW_CDEV_IOC_START_ISO', `0x4010230a') +define(`FW_CDEV_IOC_STOP_ISO', `0x4004230b') +define(`GADGETFS_CLEAR_HALT', `0x00006703') +define(`GADGETFS_FIFO_FLUSH', `0x00006702') +define(`GADGETFS_FIFO_STATUS', `0x00006701') +define(`GADGET_GET_PRINTER_STATUS', `0x80016721') +define(`GADGET_SET_PRINTER_STATUS', `0xc0016722') +define(`GENWQE_EXECUTE_DDCB', `0xc0e8a532') +define(`GENWQE_EXECUTE_RAW_DDCB', `0xc0e8a533') +define(`GENWQE_GET_CARD_STATE', `0x8004a524') +define(`GENWQE_PIN_MEM', `0xc020a528') +define(`GENWQE_READ_REG16', `0x8010a522') +define(`GENWQE_READ_REG32', `0x8010a520') +define(`GENWQE_READ_REG64', `0x8010a51e') +define(`GENWQE_SLU_READ', `0xc038a551') +define(`GENWQE_SLU_UPDATE', `0xc038a550') +define(`GENWQE_UNPIN_MEM', `0xc020a529') +define(`GENWQE_WRITE_REG16', `0x4010a523') +define(`GENWQE_WRITE_REG32', `0x4010a521') +define(`GENWQE_WRITE_REG64', `0x4010a51f') +define(`GET_ARRAY_INFO', `0x80480911') +define(`GET_BITMAP_FILE', `0x90000915') +define(`GET_DISK_INFO', `0x80140912') +define(`GIGASET_BRKCHARS', `0x40064702') +define(`GIGASET_CONFIG', `0xc0044701') +define(`GIGASET_REDIR', `0xc0044700') +define(`GIGASET_VERSION', `0xc0104703') +define(`GIO_CMAP', `0x00004b70') +define(`GIO_FONT', `0x00004b60') +define(`GIO_FONTX', `0x00004b6b') +define(`GIO_SCRNMAP', `0x00004b40') +define(`GIO_UNIMAP', `0x00004b66') +define(`GIO_UNISCRNMAP', `0x00004b69') +define(`GSMIOC_DISABLE_NET', `0x00004703') +define(`GSMIOC_ENABLE_NET', `0x40344702') +define(`GSMIOC_GETCONF', `0x804c4700') +define(`GSMIOC_SETCONF', `0x404c4701') +define(`HCIBLOCKADDR', `0x400448e6') +define(`HCIDEVDOWN', `0x400448ca') +define(`HCIDEVRESET', `0x400448cb') +define(`HCIDEVRESTAT', `0x400448cc') +define(`HCIDEVUP', `0x400448c9') +define(`HCIGETAUTHINFO', `0x800448d7') +define(`HCIGETCONNINFO', `0x800448d5') +define(`HCIGETCONNLIST', `0x800448d4') +define(`HCIGETDEVINFO', `0x800448d3') +define(`HCIGETDEVLIST', `0x800448d2') +define(`HCIINQUIRY', `0x800448f0') +define(`HCISETACLMTU', `0x400448e3') +define(`HCISETAUTH', `0x400448de') +define(`HCISETENCRYPT', `0x400448df') +define(`HCISETLINKMODE', `0x400448e2') +define(`HCISETLINKPOL', `0x400448e1') +define(`HCISETPTYPE', `0x400448e0') +define(`HCISETRAW', `0x400448dc') +define(`HCISETSCAN', `0x400448dd') +define(`HCISETSCOMTU', `0x400448e4') +define(`HCIUNBLOCKADDR', `0x400448e7') +define(`HDA_IOCTL_GET_WCAP', `0xc0084812') +define(`HDA_IOCTL_PVERSION', `0x80044810') +define(`HDA_IOCTL_VERB_WRITE', `0xc0084811') +define(`HDIO_DRIVE_CMD', `0x0000031f') +define(`HDIO_DRIVE_RESET', `0x0000031c') +define(`HDIO_DRIVE_TASK', `0x0000031e') +define(`HDIO_DRIVE_TASKFILE', `0x0000031d') +define(`HDIO_GET_32BIT', `0x00000309') +define(`HDIO_GET_ACOUSTIC', `0x0000030f') +define(`HDIO_GET_ADDRESS', `0x00000310') +define(`HDIO_GET_BUSSTATE', `0x0000031a') +define(`HDIO_GET_DMA', `0x0000030b') +define(`HDIO_GETGEO', `0x00000301') +define(`HDIO_GET_IDENTITY', `0x0000030d') +define(`HDIO_GET_KEEPSETTINGS', `0x00000308') +define(`HDIO_GET_MULTCOUNT', `0x00000304') +define(`HDIO_GET_NICE', `0x0000030c') +define(`HDIO_GET_NOWERR', `0x0000030a') +define(`HDIO_GET_QDMA', `0x00000305') +define(`HDIO_GET_UNMASKINTR', `0x00000302') +define(`HDIO_GET_WCACHE', `0x0000030e') +define(`HDIO_OBSOLETE_IDENTITY', `0x00000307') +define(`HDIO_SCAN_HWIF', `0x00000328') +define(`HDIO_SET_32BIT', `0x00000324') +define(`HDIO_SET_ACOUSTIC', `0x0000032c') +define(`HDIO_SET_ADDRESS', `0x0000032f') +define(`HDIO_SET_BUSSTATE', `0x0000032d') +define(`HDIO_SET_DMA', `0x00000326') +define(`HDIO_SET_KEEPSETTINGS', `0x00000323') +define(`HDIO_SET_MULTCOUNT', `0x00000321') +define(`HDIO_SET_NICE', `0x00000329') +define(`HDIO_SET_NOWERR', `0x00000325') +define(`HDIO_SET_PIO_MODE', `0x00000327') +define(`HDIO_SET_QDMA', `0x0000032e') +define(`HDIO_SET_UNMASKINTR', `0x00000322') +define(`HDIO_SET_WCACHE', `0x0000032b') +define(`HDIO_SET_XFER', `0x00000306') +define(`HDIO_TRISTATE_HWIF', `0x0000031b') +define(`HDIO_UNREGISTER_HWIF', `0x0000032a') +define(`HE_GET_REG', `0x40106160') +define(`HIDIOCAPPLICATION', `0x00004802') +define(`HIDIOCGCOLLECTIONINDEX', `0x40184810') +define(`HIDIOCGCOLLECTIONINFO', `0xc0104811') +define(`HIDIOCGDEVINFO', `0x801c4803') +define(`HIDIOCGFIELDINFO', `0xc038480a') +define(`HIDIOCGFLAG', `0x8004480e') +define(`HIDIOCGRAWINFO', `0x80084803') +define(`HIDIOCGRDESC', `0x90044802') +define(`HIDIOCGRDESCSIZE', `0x80044801') +define(`HIDIOCGREPORT', `0x400c4807') +define(`HIDIOCGREPORTINFO', `0xc00c4809') +define(`HIDIOCGSTRING', `0x81044804') +define(`HIDIOCGUCODE', `0xc018480d') +define(`HIDIOCGUSAGE', `0xc018480b') +define(`HIDIOCGUSAGES', `0xd01c4813') +define(`HIDIOCGVERSION', `0x80044801') +define(`HIDIOCINITREPORT', `0x00004805') +define(`HIDIOCSFLAG', `0x4004480f') +define(`HIDIOCSREPORT', `0x400c4808') +define(`HIDIOCSUSAGE', `0x4018480c') +define(`HIDIOCSUSAGES', `0x501c4814') +define(`HOT_ADD_DISK', `0x00000928') +define(`HOT_GENERATE_ERROR', `0x0000092a') +define(`HOT_REMOVE_DISK', `0x00000922') +define(`HPET_DPI', `0x00006805') +define(`HPET_EPI', `0x00006804') +define(`HPET_IE_OFF', `0x00006802') +define(`HPET_IE_ON', `0x00006801') +define(`HPET_INFO', `0x80186803') +define(`HPET_IRQFREQ', `0x40086806') +define(`HSC_GET_RX', `0x400c6b14') +define(`HSC_GET_TX', `0x40106b16') +define(`HSC_RESET', `0x00006b10') +define(`HSC_SEND_BREAK', `0x00006b12') +define(`HSC_SET_PM', `0x00006b11') +define(`HSC_SET_RX', `0x400c6b13') +define(`HSC_SET_TX', `0x40106b15') +define(`I2OEVTGET', `0x8068690b') +define(`I2OEVTREG', `0x400c690a') +define(`I2OGETIOPS', `0x80206900') +define(`I2OHRTGET', `0xc0186901') +define(`I2OHTML', `0xc0306909') +define(`I2OLCTGET', `0xc0186902') +define(`I2OPARMGET', `0xc0286904') +define(`I2OPARMSET', `0xc0286903') +define(`I2OPASSTHRU', `0x8010690c') +define(`I2OPASSTHRU32', `0x8008690c') +define(`I2OSWDEL', `0xc0306907') +define(`I2OSWDL', `0xc0306905') +define(`I2OSWUL', `0xc0306906') +define(`I2OVALIDATE', `0x80046908') +define(`I8K_BIOS_VERSION', `0x80046980') +define(`I8K_FN_STATUS', `0x80086983') +define(`I8K_GET_FAN', `0xc0086986') +define(`I8K_GET_SPEED', `0xc0086985') +define(`I8K_GET_TEMP', `0x80086984') +define(`I8K_MACHINE_ID', `0x80046981') +define(`I8K_POWER_STATUS', `0x80086982') +define(`I8K_SET_FAN', `0xc0086987') +define(`IB_USER_MAD_ENABLE_PKEY', `0x00001b03') +define(`IB_USER_MAD_REGISTER_AGENT', `0xc01c1b01') +define(`IB_USER_MAD_REGISTER_AGENT2', `0xc0281b04') +define(`IB_USER_MAD_UNREGISTER_AGENT', `0x40041b02') +define(`IDT77105_GETSTAT', `0x40106132') +define(`IDT77105_GETSTATZ', `0x40106133') +define(`IIOCDBGVAR', `0x0000497f') +define(`IIOCDRVCTL', `0x00004980') +define(`IIOCGETCPS', `0x00004915') +define(`IIOCGETDVR', `0x00004916') +define(`IIOCGETMAP', `0x00004911') +define(`IIOCGETPRF', `0x0000490f') +define(`IIOCGETSET', `0x00004908') +define(`IIOCNETAIF', `0x00004901') +define(`IIOCNETALN', `0x00004920') +define(`IIOCNETANM', `0x00004905') +define(`IIOCNETASL', `0x00004913') +define(`IIOCNETDIF', `0x00004902') +define(`IIOCNETDIL', `0x00004914') +define(`IIOCNETDLN', `0x00004921') +define(`IIOCNETDNM', `0x00004906') +define(`IIOCNETDWRSET', `0x00004918') +define(`IIOCNETGCF', `0x00004904') +define(`IIOCNETGNM', `0x00004907') +define(`IIOCNETGPN', `0x00004922') +define(`IIOCNETHUP', `0x0000490b') +define(`IIOCNETLCR', `0x00004917') +define(`IIOCNETSCF', `0x00004903') +define(`IIOCSETBRJ', `0x0000490d') +define(`IIOCSETGST', `0x0000490c') +define(`IIOCSETMAP', `0x00004912') +define(`IIOCSETPRF', `0x00004910') +define(`IIOCSETSET', `0x00004909') +define(`IIOCSETVER', `0x0000490a') +define(`IIOCSIGPRF', `0x0000490e') +define(`IIO_GET_EVENT_FD_IOCTL', `0x80046990') +define(`IMADDTIMER', `0x80044940') +define(`IMCLEAR_L2', `0x80044946') +define(`IMCTRLREQ', `0x80044945') +define(`IMDELTIMER', `0x80044941') +define(`IMGETCOUNT', `0x80044943') +define(`IMGETDEVINFO', `0x80044944') +define(`IMGETVERSION', `0x80044942') +define(`IMHOLD_L1', `0x80044948') +define(`IMSETDEVNAME', `0x80184947') +define(`INCFS_IOCTL_CREATE_FILE', `0x0000671e') +define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f') +define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720') +define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721') +define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501') +define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502') +define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500') +define(`IOCTL_EVTCHN_NOTIFY', `0x00044504') +define(`IOCTL_EVTCHN_RESET', `0x00004505') +define(`IOCTL_EVTCHN_UNBIND', `0x00044503') +define(`IOCTL_MEI_CONNECT_CLIENT', `0xc0104801') +define(`IOCTL_VMCI_CTX_ADD_NOTIFICATION', `0x000007af') +define(`IOCTL_VMCI_CTX_GET_CPT_STATE', `0x000007b1') +define(`IOCTL_VMCI_CTX_REMOVE_NOTIFICATION', `0x000007b0') +define(`IOCTL_VMCI_CTX_SET_CPT_STATE', `0x000007b2') +define(`IOCTL_VMCI_DATAGRAM_RECEIVE', `0x000007ac') +define(`IOCTL_VMCI_DATAGRAM_SEND', `0x000007ab') +define(`IOCTL_VMCI_GET_CONTEXT_ID', `0x000007b3') +define(`IOCTL_VMCI_INIT_CONTEXT', `0x000007a0') +define(`IOCTL_VMCI_NOTIFICATIONS_RECEIVE', `0x000007a6') +define(`IOCTL_VMCI_NOTIFY_RESOURCE', `0x000007a5') +define(`IOCTL_VMCI_QUEUEPAIR_ALLOC', `0x000007a8') +define(`IOCTL_VMCI_QUEUEPAIR_DETACH', `0x000007aa') +define(`IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE', `0x000007a9') +define(`IOCTL_VMCI_QUEUEPAIR_SETVA', `0x000007a4') +define(`IOCTL_VMCI_SET_NOTIFY', `0x000007cb') +define(`IOCTL_VMCI_SOCKETS_GET_AF_VALUE', `0x000007b8') +define(`IOCTL_VMCI_SOCKETS_GET_LOCAL_CID', `0x000007b9') +define(`IOCTL_VMCI_SOCKETS_VERSION', `0x000007b4') +define(`IOCTL_VMCI_VERSION', `0x0000079f') +define(`IOCTL_VMCI_VERSION2', `0x000007a7') +define(`IOCTL_VM_SOCKETS_GET_LOCAL_CID', `0x000007b9') +define(`IOCTL_WDM_MAX_COMMAND', `0x800248a0') +define(`IOCTL_XENBUS_BACKEND_EVTCHN', `0x00004200') +define(`IOCTL_XENBUS_BACKEND_SETUP', `0x00004201') +define(`ION_IOC_ALLOC', `0xc0204900') +define(`ION_IOC_CUSTOM', `0xc0104906') +define(`ION_IOC_FREE', `0xc0044901') +define(`ION_IOC_IMPORT', `0xc0084905') +define(`ION_IOC_MAP', `0xc0084902') +define(`ION_IOC_SHARE', `0xc0084904') +define(`ION_IOC_SYNC', `0xc0084907') +define(`ION_IOC_TEST_DMA_MAPPING', `0x402049f1') +define(`ION_IOC_TEST_KERNEL_MAPPING', `0x402049f2') +define(`ION_IOC_TEST_SET_FD', `0x000049f0') +define(`IOW_GETINFO', `0x8028c003') +define(`IOW_READ', `0x4008c002') +define(`IOW_WRITE', `0x4008c001') +define(`IPMICTL_GET_MAINTENANCE_MODE_CMD', `0x8004691e') +define(`IPMICTL_GET_MY_ADDRESS_CMD', `0x80046912') +define(`IPMICTL_GET_MY_CHANNEL_ADDRESS_CMD', `0x80046919') +define(`IPMICTL_GET_MY_CHANNEL_LUN_CMD', `0x8004691b') +define(`IPMICTL_GET_MY_LUN_CMD', `0x80046914') +define(`IPMICTL_GET_TIMING_PARMS_CMD', `0x80086917') +define(`IPMICTL_RECEIVE_MSG', `0xc030690c') +define(`IPMICTL_RECEIVE_MSG_TRUNC', `0xc030690b') +define(`IPMICTL_REGISTER_FOR_CMD', `0x8002690e') +define(`IPMICTL_REGISTER_FOR_CMD_CHANS', `0x800c691c') +define(`IPMICTL_SEND_COMMAND', `0x8028690d') +define(`IPMICTL_SEND_COMMAND_SETTIME', `0x80306915') +define(`IPMICTL_SET_GETS_EVENTS_CMD', `0x80046910') +define(`IPMICTL_SET_MAINTENANCE_MODE_CMD', `0x4004691f') +define(`IPMICTL_SET_MY_ADDRESS_CMD', `0x80046911') +define(`IPMICTL_SET_MY_CHANNEL_ADDRESS_CMD', `0x80046918') +define(`IPMICTL_SET_MY_CHANNEL_LUN_CMD', `0x8004691a') +define(`IPMICTL_SET_MY_LUN_CMD', `0x80046913') +define(`IPMICTL_SET_TIMING_PARMS_CMD', `0x80086916') +define(`IPMICTL_UNREGISTER_FOR_CMD', `0x8002690f') +define(`IPMICTL_UNREGISTER_FOR_CMD_CHANS', `0x800c691d') +define(`IVTVFB_IOC_DMA_FRAME', `0x401856c0') +define(`IVTV_IOC_DMA_FRAME', `0x404056c0') +define(`IVTV_IOC_PASSTHROUGH_MODE', `0x400456c1') +define(`IXJCTL_AEC_GET_LEVEL', `0x000071cd') +define(`IXJCTL_AEC_START', `0x400471cb') +define(`IXJCTL_AEC_STOP', `0x000071cc') +define(`IXJCTL_CARDTYPE', `0x800471c1') +define(`IXJCTL_CID', `0x800871d4') +define(`IXJCTL_CIDCW', `0x400871d9') +define(`IXJCTL_DAA_AGAIN', `0x400471d2') +define(`IXJCTL_DAA_COEFF_SET', `0x400471d0') +define(`IXJCTL_DRYBUFFER_CLEAR', `0x000071e7') +define(`IXJCTL_DRYBUFFER_READ', `0x800871e6') +define(`IXJCTL_DSP_IDLE', `0x000071c5') +define(`IXJCTL_DSP_RESET', `0x000071c0') +define(`IXJCTL_DSP_TYPE', `0x800471c3') +define(`IXJCTL_DSP_VERSION', `0x800471c4') +define(`IXJCTL_DTMF_PRESCALE', `0x400471e8') +define(`IXJCTL_FILTER_CADENCE', `0x400871d6') +define(`IXJCTL_FRAMES_READ', `0x800871e2') +define(`IXJCTL_FRAMES_WRITTEN', `0x800871e3') +define(`IXJCTL_GET_FILTER_HIST', `0x400471c8') +define(`IXJCTL_HZ', `0x400471e0') +define(`IXJCTL_INIT_TONE', `0x400871c9') +define(`IXJCTL_INTERCOM_START', `0x400471fd') +define(`IXJCTL_INTERCOM_STOP', `0x400471fe') +define(`IXJCTL_MIXER', `0x400471cf') +define(`IXJCTL_PLAY_CID', `0x000071d7') +define(`IXJCTL_PORT', `0x400471d1') +define(`IXJCTL_POTS_PSTN', `0x400471d5') +define(`IXJCTL_PSTN_LINETEST', `0x000071d3') +define(`IXJCTL_RATE', `0x400471e1') +define(`IXJCTL_READ_WAIT', `0x800871e4') +define(`IXJCTL_SC_RXG', `0x400471ea') +define(`IXJCTL_SC_TXG', `0x400471eb') +define(`IXJCTL_SERIAL', `0x800471c2') +define(`IXJCTL_SET_FILTER', `0x400871c7') +define(`IXJCTL_SET_FILTER_RAW', `0x400871dd') +define(`IXJCTL_SET_LED', `0x400471ce') +define(`IXJCTL_SIGCTL', `0x400871e9') +define(`IXJCTL_TESTRAM', `0x000071c6') +define(`IXJCTL_TONE_CADENCE', `0x400871ca') +define(`IXJCTL_VERSION', `0x800871da') +define(`IXJCTL_VMWI', `0x800471d8') +define(`IXJCTL_WRITE_WAIT', `0x800871e5') +define(`JSIOCGAXES', `0x80016a11') +define(`JSIOCGAXMAP', `0x80406a32') +define(`JSIOCGBTNMAP', `0x84006a34') +define(`JSIOCGBUTTONS', `0x80016a12') +define(`JSIOCGCORR', `0x80246a22') +define(`JSIOCGVERSION', `0x80046a01') +define(`JSIOCSAXMAP', `0x40406a31') +define(`JSIOCSBTNMAP', `0x44006a33') +define(`JSIOCSCORR', `0x40246a21') +define(`KCOV_DISABLE', `0x00006365') +define(`KCOV_ENABLE', `0x00006364') +define(`KCOV_INIT_TRACE', `0x80086301') +define(`KDADDIO', `0x00004b34') +define(`KDDELIO', `0x00004b35') +define(`KDDISABIO', `0x00004b37') +define(`KDENABIO', `0x00004b36') +define(`KDFONTOP', `0x00004b72') +define(`KDGETKEYCODE', `0x00004b4c') +define(`KDGETLED', `0x00004b31') +define(`KDGETMODE', `0x00004b3b') +define(`KDGKBDIACR', `0x00004b4a') +define(`KDGKBDIACRUC', `0x00004bfa') +define(`KDGKBENT', `0x00004b46') +define(`KDGKBLED', `0x00004b64') +define(`KDGKBMETA', `0x00004b62') +define(`KDGKBMODE', `0x00004b44') +define(`KDGKBSENT', `0x00004b48') +define(`KDGKBTYPE', `0x00004b33') +define(`KDKBDREP', `0x00004b52') +define(`KDMAPDISP', `0x00004b3c') +define(`KDMKTONE', `0x00004b30') +define(`KDSETKEYCODE', `0x00004b4d') +define(`KDSETLED', `0x00004b32') +define(`KDSETMODE', `0x00004b3a') +define(`KDSIGACCEPT', `0x00004b4e') +define(`KDSKBDIACR', `0x00004b4b') +define(`KDSKBDIACRUC', `0x00004bfb') +define(`KDSKBENT', `0x00004b47') +define(`KDSKBLED', `0x00004b65') +define(`KDSKBMETA', `0x00004b63') +define(`KDSKBMODE', `0x00004b45') +define(`KDSKBSENT', `0x00004b49') +define(`KDUNMAPDISP', `0x00004b3d') +define(`KIOCSOUND', `0x00004b2f') +define(`KVM_ALLOCATE_RMA', `0x8008aea9') +define(`KVM_ARM_PREFERRED_TARGET', `0x8020aeaf') +define(`KVM_ARM_SET_DEVICE_ADDR', `0x4010aeab') +define(`KVM_ARM_VCPU_INIT', `0x4020aeae') +define(`KVM_ASSIGN_DEV_IRQ', `0x4040ae70') +define(`KVM_ASSIGN_PCI_DEVICE', `0x8040ae69') +define(`KVM_ASSIGN_SET_INTX_MASK', `0x4040aea4') +define(`KVM_ASSIGN_SET_MSIX_ENTRY', `0x4010ae74') +define(`KVM_ASSIGN_SET_MSIX_NR', `0x4008ae73') +define(`KVM_CHECK_EXTENSION', `0x0000ae03') +define(`KVM_CREATE_DEVICE', `0xc00caee0') +define(`KVM_CREATE_IRQCHIP', `0x0000ae60') +define(`KVM_CREATE_PIT', `0x0000ae64') +define(`KVM_CREATE_PIT2', `0x4040ae77') +define(`KVM_CREATE_SPAPR_TCE', `0x400caea8') +define(`KVM_CREATE_VCPU', `0x0000ae41') +define(`KVM_CREATE_VM', `0x0000ae01') +define(`KVM_DEASSIGN_DEV_IRQ', `0x4040ae75') +define(`KVM_DEASSIGN_PCI_DEVICE', `0x4040ae72') +define(`KVM_DIRTY_TLB', `0x4010aeaa') +define(`KVM_ENABLE_CAP', `0x4068aea3') +define(`KVM_GET_API_VERSION', `0x0000ae00') +define(`KVM_GET_CLOCK', `0x8030ae7c') +define(`KVM_GET_CPUID2', `0xc008ae91') +define(`KVM_GET_DEBUGREGS', `0x8080aea1') +define(`KVM_GET_DEVICE_ATTR', `0x4018aee2') +define(`KVM_GET_DIRTY_LOG', `0x4010ae42') +define(`KVM_GET_EMULATED_CPUID', `0xc008ae09') +define(`KVM_GET_FPU', `0x81a0ae8c') +define(`KVM_GET_IRQCHIP', `0xc208ae62') +define(`KVM_GET_LAPIC', `0x8400ae8e') +define(`KVM_GET_MP_STATE', `0x8004ae98') +define(`KVM_GET_MSR_INDEX_LIST', `0xc004ae02') +define(`KVM_GET_MSRS', `0xc008ae88') +define(`KVM_GET_NR_MMU_PAGES', `0x0000ae45') +define(`KVM_GET_ONE_REG', `0x4010aeab') +define(`KVM_GET_PIT', `0xc048ae65') +define(`KVM_GET_PIT2', `0x8070ae9f') +define(`KVM_GET_REG_LIST', `0xc008aeb0') +define(`KVM_GET_REGS', `0x8090ae81') +define(`KVM_GET_SREGS', `0x8138ae83') +define(`KVM_GET_SUPPORTED_CPUID', `0xc008ae05') +define(`KVM_GET_TSC_KHZ', `0x0000aea3') +define(`KVM_GET_VCPU_EVENTS', `0x8040ae9f') +define(`KVM_GET_VCPU_MMAP_SIZE', `0x0000ae04') +define(`KVM_GET_XCRS', `0x8188aea6') +define(`KVM_GET_XSAVE', `0x9000aea4') +define(`KVM_HAS_DEVICE_ATTR', `0x4018aee3') +define(`KVM_INTERRUPT', `0x4004ae86') +define(`KVM_IOEVENTFD', `0x4040ae79') +define(`KVM_IRQFD', `0x4020ae76') +define(`KVM_IRQ_LINE', `0x4008ae61') +define(`KVM_IRQ_LINE_STATUS', `0xc008ae67') +define(`KVM_KVMCLOCK_CTRL', `0x0000aead') +define(`KVM_NMI', `0x0000ae9a') +define(`KVM_PPC_ALLOCATE_HTAB', `0xc004aea7') +define(`KVM_PPC_GET_HTAB_FD', `0x4020aeaa') +define(`KVM_PPC_GET_PVINFO', `0x4080aea1') +define(`KVM_PPC_GET_SMMU_INFO', `0x8250aea6') +define(`KVM_PPC_RTAS_DEFINE_TOKEN', `0x4080aeac') +define(`KVM_REGISTER_COALESCED_MMIO', `0x4010ae67') +define(`KVM_REINJECT_CONTROL', `0x0000ae71') +define(`KVM_RUN', `0x0000ae80') +define(`KVM_S390_ENABLE_SIE', `0x0000ae06') +define(`KVM_S390_INITIAL_RESET', `0x0000ae97') +define(`KVM_S390_INTERRUPT', `0x4010ae94') +define(`KVM_S390_SET_INITIAL_PSW', `0x4010ae96') +define(`KVM_S390_STORE_STATUS', `0x4008ae95') +define(`KVM_S390_UCAS_MAP', `0x4018ae50') +define(`KVM_S390_UCAS_UNMAP', `0x4018ae51') +define(`KVM_S390_VCPU_FAULT', `0x4008ae52') +define(`KVM_SET_BOOT_CPU_ID', `0x0000ae78') +define(`KVM_SET_CLOCK', `0x4030ae7b') +define(`KVM_SET_CPUID', `0x4008ae8a') +define(`KVM_SET_CPUID2', `0x4008ae90') +define(`KVM_SET_DEBUGREGS', `0x4080aea2') +define(`KVM_SET_DEVICE_ATTR', `0x4018aee1') +define(`KVM_SET_FPU', `0x41a0ae8d') +define(`KVM_SET_GSI_ROUTING', `0x4008ae6a') +define(`KVM_SET_GUEST_DEBUG', `0x4048ae9b') +define(`KVM_SET_IDENTITY_MAP_ADDR', `0x4008ae48') +define(`KVM_SET_IRQCHIP', `0x8208ae63') +define(`KVM_SET_LAPIC', `0x4400ae8f') +define(`KVM_SET_MEMORY_ALIAS', `0x4020ae43') +define(`KVM_SET_MEMORY_REGION', `0x4018ae40') +define(`KVM_SET_MP_STATE', `0x4004ae99') +define(`KVM_SET_MSRS', `0x4008ae89') +define(`KVM_SET_NR_MMU_PAGES', `0x0000ae44') +define(`KVM_SET_ONE_REG', `0x4010aeac') +define(`KVM_SET_PIT', `0x8048ae66') +define(`KVM_SET_PIT2', `0x4070aea0') +define(`KVM_SET_REGS', `0x4090ae82') +define(`KVM_SET_SIGNAL_MASK', `0x4004ae8b') +define(`KVM_SET_SREGS', `0x4138ae84') +define(`KVM_SET_TSC_KHZ', `0x0000aea2') +define(`KVM_SET_TSS_ADDR', `0x0000ae47') +define(`KVM_SET_USER_MEMORY_REGION', `0x4020ae46') +define(`KVM_SET_VAPIC_ADDR', `0x4008ae93') +define(`KVM_SET_VCPU_EVENTS', `0x4040aea0') +define(`KVM_SET_XCRS', `0x4188aea7') +define(`KVM_SET_XSAVE', `0x5000aea5') +define(`KVM_SIGNAL_MSI', `0x4020aea5') +define(`KVM_TPR_ACCESS_REPORTING', `0xc028ae92') +define(`KVM_TRANSLATE', `0xc018ae85') +define(`KVM_UNREGISTER_COALESCED_MMIO', `0x4010ae68') +define(`KVM_X86_GET_MCE_CAP_SUPPORTED', `0x8008ae9d') +define(`KVM_X86_SET_MCE', `0x4040ae9e') +define(`KVM_X86_SETUP_MCE', `0x4008ae9c') +define(`KVM_XEN_HVM_CONFIG', `0x4038ae7a') +define(`KYRO_IOCTL_OVERLAY_CREATE', `0x00006b00') +define(`KYRO_IOCTL_OVERLAY_OFFSET', `0x00006b04') +define(`KYRO_IOCTL_OVERLAY_VIEWPORT_SET', `0x00006b01') +define(`KYRO_IOCTL_SET_VIDEO_MODE', `0x00006b02') +define(`KYRO_IOCTL_STRIDE', `0x00006b05') +define(`KYRO_IOCTL_UVSTRIDE', `0x00006b03') +define(`LIRC_GET_FEATURES', `0x80046900') +define(`LIRC_GET_LENGTH', `0x8004690f') +define(`LIRC_GET_MAX_FILTER_PULSE', `0x8004690b') +define(`LIRC_GET_MAX_FILTER_SPACE', `0x8004690d') +define(`LIRC_GET_MAX_TIMEOUT', `0x80046909') +define(`LIRC_GET_MIN_FILTER_PULSE', `0x8004690a') +define(`LIRC_GET_MIN_FILTER_SPACE', `0x8004690c') +define(`LIRC_GET_MIN_TIMEOUT', `0x80046908') +define(`LIRC_GET_REC_CARRIER', `0x80046904') +define(`LIRC_GET_REC_DUTY_CYCLE', `0x80046906') +define(`LIRC_GET_REC_MODE', `0x80046902') +define(`LIRC_GET_REC_RESOLUTION', `0x80046907') +define(`LIRC_GET_SEND_CARRIER', `0x80046903') +define(`LIRC_GET_SEND_DUTY_CYCLE', `0x80046905') +define(`LIRC_GET_SEND_MODE', `0x80046901') +define(`LIRC_NOTIFY_DECODE', `0x00006920') +define(`LIRC_SET_MEASURE_CARRIER_MODE', `0x4004691d') +define(`LIRC_SET_REC_CARRIER', `0x40046914') +define(`LIRC_SET_REC_CARRIER_RANGE', `0x4004691f') +define(`LIRC_SET_REC_DUTY_CYCLE', `0x40046916') +define(`LIRC_SET_REC_DUTY_CYCLE_RANGE', `0x4004691e') +define(`LIRC_SET_REC_FILTER', `0x4004691c') +define(`LIRC_SET_REC_FILTER_PULSE', `0x4004691a') +define(`LIRC_SET_REC_FILTER_SPACE', `0x4004691b') +define(`LIRC_SET_REC_MODE', `0x40046912') +define(`LIRC_SET_REC_TIMEOUT', `0x40046918') +define(`LIRC_SET_REC_TIMEOUT_REPORTS', `0x40046919') +define(`LIRC_SET_SEND_CARRIER', `0x40046913') +define(`LIRC_SET_SEND_DUTY_CYCLE', `0x40046915') +define(`LIRC_SET_SEND_MODE', `0x40046911') +define(`LIRC_SET_TRANSMITTER_MASK', `0x40046917') +define(`LIRC_SETUP_END', `0x00006922') +define(`LIRC_SETUP_START', `0x00006921') +define(`LIRC_SET_WIDEBAND_RECEIVER', `0x40046923') +define(`LOGGER_FLUSH_LOG', `0x0000ae04') +define(`LOGGER_GET_LOG_BUF_SIZE', `0x0000ae01') +define(`LOGGER_GET_LOG_LEN', `0x0000ae02') +define(`LOGGER_GET_NEXT_ENTRY_LEN', `0x0000ae03') +define(`LOGGER_GET_VERSION', `0x0000ae05') +define(`LOGGER_SET_VERSION', `0x0000ae06') +define(`LOOP_CHANGE_FD', `0x00004c06') +define(`LOOP_CLR_FD', `0x00004c01') +define(`LOOP_CTL_ADD', `0x00004c80') +define(`LOOP_CTL_GET_FREE', `0x00004c82') +define(`LOOP_CTL_REMOVE', `0x00004c81') +define(`LOOP_GET_STATUS', `0x00004c03') +define(`LOOP_GET_STATUS64', `0x00004c05') +define(`LOOP_SET_BLOCK_SIZE', `0x00004c09') +define(`LOOP_SET_CAPACITY', `0x00004c07') +define(`LOOP_SET_DIRECT_IO', `0x00004c08') +define(`LOOP_SET_FD', `0x00004c00') +define(`LOOP_SET_STATUS', `0x00004c02') +define(`LOOP_SET_STATUS64', `0x00004c04') +define(`MATROXFB_GET_ALL_OUTPUTS', `0x80086efb') +define(`MATROXFB_GET_AVAILABLE_OUTPUTS', `0x80086ef9') +define(`MATROXFB_GET_OUTPUT_CONNECTION', `0x80086ef8') +define(`MATROXFB_GET_OUTPUT_MODE', `0xc0086efa') +define(`MATROXFB_SET_OUTPUT_CONNECTION', `0x40086ef8') +define(`MATROXFB_SET_OUTPUT_MODE', `0x40086efa') +define(`MBXFB_IOCG_ALPHA', `0x8018f401') +define(`MBXFB_IOCS_ALPHA', `0x4018f402') +define(`MBXFB_IOCS_PLANEORDER', `0x8002f403') +define(`MBXFB_IOCS_REG', `0x400cf404') +define(`MBXFB_IOCX_OVERLAY', `0xc030f400') +define(`MBXFB_IOCX_REG', `0xc00cf405') +define(`MCE_GETCLEAR_FLAGS', `0x80044d03') +define(`MCE_GET_LOG_LEN', `0x80044d02') +define(`MCE_GET_RECORD_LEN', `0x80044d01') +define(`MEDIA_IOC_DEVICE_INFO', `0xc1007c00') +define(`MEDIA_IOC_ENUM_ENTITIES', `0xc1007c01') +define(`MEDIA_IOC_ENUM_LINKS', `0xc0287c02') +define(`MEDIA_IOC_SETUP_LINK', `0xc0347c03') +define(`MEMERASE', `0x40084d02') +define(`MEMERASE64', `0x40104d14') +define(`MEMGETBADBLOCK', `0x40084d0b') +define(`MEMGETINFO', `0x80204d01') +define(`MEMGETOOBSEL', `0x80c84d0a') +define(`MEMGETREGIONCOUNT', `0x80044d07') +define(`MEMGETREGIONINFO', `0xc0104d08') +define(`MEMISLOCKED', `0x80084d17') +define(`MEMLOCK', `0x40084d05') +define(`MEMREADOOB', `0xc0104d04') +define(`MEMREADOOB64', `0xc0184d16') +define(`MEMSETBADBLOCK', `0x40084d0c') +define(`MEMUNLOCK', `0x40084d06') +define(`MEMWRITE', `0xc0304d18') +define(`MEMWRITEOOB', `0xc0104d03') +define(`MEMWRITEOOB64', `0xc0184d15') +define(`MEYEIOC_G_PARAMS', `0x800676c0') +define(`MEYEIOC_QBUF_CAPT', `0x400476c2') +define(`MEYEIOC_S_PARAMS', `0x400676c1') +define(`MEYEIOC_STILLCAPT', `0x000076c4') +define(`MEYEIOC_STILLJCAPT', `0x800476c5') +define(`MEYEIOC_SYNC', `0xc00476c3') +define(`MFB_GET_ALPHA', `0x80014d00') +define(`MFB_GET_AOID', `0x80084d04') +define(`MFB_GET_GAMMA', `0x80014d01') +define(`MFB_GET_PIXFMT', `0x80044d08') +define(`MFB_SET_ALPHA', `0x40014d00') +define(`MFB_SET_AOID', `0x40084d04') +define(`MFB_SET_BRIGHTNESS', `0x40014d03') +define(`MFB_SET_CHROMA_KEY', `0x400c4d01') +define(`MFB_SET_GAMMA', `0x40014d01') +define(`MFB_SET_PIXFMT', `0x40044d08') +define(`MGSL_IOCCLRMODCOUNT', `0x00006d0f') +define(`MGSL_IOCGGPIO', `0x80106d11') +define(`MGSL_IOCGIF', `0x00006d0b') +define(`MGSL_IOCGPARAMS', `0x80306d01') +define(`MGSL_IOCGSTATS', `0x00006d07') +define(`MGSL_IOCGTXIDLE', `0x00006d03') +define(`MGSL_IOCGXCTRL', `0x00006d16') +define(`MGSL_IOCGXSYNC', `0x00006d14') +define(`MGSL_IOCLOOPTXDONE', `0x00006d09') +define(`MGSL_IOCRXENABLE', `0x00006d05') +define(`MGSL_IOCSGPIO', `0x40106d10') +define(`MGSL_IOCSIF', `0x00006d0a') +define(`MGSL_IOCSPARAMS', `0x40306d00') +define(`MGSL_IOCSTXIDLE', `0x00006d02') +define(`MGSL_IOCSXCTRL', `0x00006d15') +define(`MGSL_IOCSXSYNC', `0x00006d13') +define(`MGSL_IOCTXABORT', `0x00006d06') +define(`MGSL_IOCTXENABLE', `0x00006d04') +define(`MGSL_IOCWAITEVENT', `0xc0046d08') +define(`MGSL_IOCWAITGPIO', `0xc0106d12') +define(`MIC_VIRTIO_ADD_DEVICE', `0xc0087301') +define(`MIC_VIRTIO_CONFIG_CHANGE', `0xc0087305') +define(`MIC_VIRTIO_COPY_DESC', `0xc0087302') +define(`MMC_IOC_CMD', `0xc048b300') +define(`MMTIMER_GETBITS', `0x00006d04') +define(`MMTIMER_GETCOUNTER', `0x80086d09') +define(`MMTIMER_GETFREQ', `0x80086d02') +define(`MMTIMER_GETOFFSET', `0x00006d00') +define(`MMTIMER_GETRES', `0x80086d01') +define(`MMTIMER_MMAPAVAIL', `0x00006d06') +define(`MSMFB_BLIT', `0x40046d02') +define(`MSMFB_GRP_DISP', `0x40046d01') +define(`MTDFILEMODE', `0x00004d13') +define(`MTIOCGET', `0x80306d02') +define(`MTIOCPOS', `0x80086d03') +define(`MTIOCTOP', `0x40086d01') +define(`MTRRIOC_ADD_ENTRY', `0x40104d00') +define(`MTRRIOC_ADD_PAGE_ENTRY', `0x40104d05') +define(`MTRRIOC_DEL_ENTRY', `0x40104d02') +define(`MTRRIOC_DEL_PAGE_ENTRY', `0x40104d07') +define(`MTRRIOC_GET_ENTRY', `0xc0184d03') +define(`MTRRIOC_GET_PAGE_ENTRY', `0xc0184d08') +define(`MTRRIOC_KILL_ENTRY', `0x40104d04') +define(`MTRRIOC_KILL_PAGE_ENTRY', `0x40104d09') +define(`MTRRIOC_SET_ENTRY', `0x40104d01') +define(`MTRRIOC_SET_PAGE_ENTRY', `0x40104d06') +define(`NBD_CLEAR_QUE', `0x0000ab05') +define(`NBD_CLEAR_SOCK', `0x0000ab04') +define(`NBD_DISCONNECT', `0x0000ab08') +define(`NBD_DO_IT', `0x0000ab03') +define(`NBD_PRINT_DEBUG', `0x0000ab06') +define(`NBD_SET_BLKSIZE', `0x0000ab01') +define(`NBD_SET_FLAGS', `0x0000ab0a') +define(`NBD_SET_SIZE', `0x0000ab02') +define(`NBD_SET_SIZE_BLOCKS', `0x0000ab07') +define(`NBD_SET_SOCK', `0x0000ab00') +define(`NBD_SET_TIMEOUT', `0x0000ab09') +define(`NCP_IOC_CONN_LOGGED_IN', `0x00006e03') +define(`NCP_IOC_GETCHARSETS', `0xc02a6e0b') +define(`NCP_IOC_GETDENTRYTTL', `0x40046e0c') +define(`NCP_IOC_GET_FS_INFO', `0xc0286e04') +define(`NCP_IOC_GET_FS_INFO_V2', `0xc0306e04') +define(`NCP_IOC_GETMOUNTUID', `0x40026e02') +define(`NCP_IOC_GETMOUNTUID2', `0x40086e02') +define(`NCP_IOC_GETOBJECTNAME', `0xc0186e09') +define(`NCP_IOC_GETPRIVATEDATA', `0xc0106e0a') +define(`NCP_IOC_GETROOT', `0x400c6e08') +define(`NCP_IOC_LOCKUNLOCK', `0x80146e07') +define(`NCP_IOC_NCPREQUEST', `0x80106e01') +define(`NCP_IOC_SETCHARSETS', `0x802a6e0b') +define(`NCP_IOC_SETDENTRYTTL', `0x80046e0c') +define(`NCP_IOC_SETOBJECTNAME', `0x80186e09') +define(`NCP_IOC_SETPRIVATEDATA', `0x80106e0a') +define(`NCP_IOC_SETROOT', `0x800c6e08') +define(`NCP_IOC_SET_SIGN_WANTED', `0x40046e06') +define(`NCP_IOC_SIGN_INIT', `0x80186e05') +define(`NCP_IOC_SIGN_WANTED', `0x80046e06') +define(`NET_ADD_IF', `0xc0066f34') +define(`NET_GET_IF', `0xc0066f36') +define(`NET_REMOVE_IF', `0x00006f35') +define(`NILFS_IOCTL_CHANGE_CPMODE', `0x40106e80') +define(`NILFS_IOCTL_CLEAN_SEGMENTS', `0x40786e88') +define(`NILFS_IOCTL_DELETE_CHECKPOINT', `0x40086e81') +define(`NILFS_IOCTL_GET_BDESCS', `0xc0186e87') +define(`NILFS_IOCTL_GET_CPINFO', `0x80186e82') +define(`NILFS_IOCTL_GET_CPSTAT', `0x80186e83') +define(`NILFS_IOCTL_GET_SUINFO', `0x80186e84') +define(`NILFS_IOCTL_GET_SUSTAT', `0x80306e85') +define(`NILFS_IOCTL_GET_VINFO', `0xc0186e86') +define(`NILFS_IOCTL_RESIZE', `0x40086e8b') +define(`NILFS_IOCTL_SET_ALLOC_RANGE', `0x40106e8c') +define(`NILFS_IOCTL_SET_SUINFO', `0x40186e8d') +define(`NILFS_IOCTL_SYNC', `0x80086e8a') +define(`NS_ADJBUFLEV', `0x00006163') +define(`NS_GETPSTAT', `0xc0106161') +define(`NS_SETBUFLEV', `0x40106162') +define(`NVME_IOCTL_ADMIN_CMD', `0xc0484e41') +define(`NVME_IOCTL_ID', `0x00004e40') +define(`NVME_IOCTL_IO_CMD', `0xc0484e43') +define(`NVME_IOCTL_SUBMIT_IO', `0x40304e42') +define(`NVRAM_INIT', `0x00007040') +define(`NVRAM_SETCKS', `0x00007041') +define(`OLD_PHONE_RING_START', `0x00007187') +define(`OMAPFB_CTRL_TEST', `0x40044f2e') +define(`OMAPFB_GET_CAPS', `0x800c4f2a') +define(`OMAPFB_GET_COLOR_KEY', `0x40104f33') +define(`OMAPFB_GET_DISPLAY_INFO', `0x80204f3f') +define(`OMAPFB_GET_OVERLAY_COLORMODE', `0x803c4f3b') +define(`OMAPFB_GET_UPDATE_MODE', `0x40044f2b') +define(`OMAPFB_GET_VRAM_INFO', `0x80204f3d') +define(`OMAPFB_LCD_TEST', `0x40044f2d') +define(`OMAPFB_MEMORY_READ', `0x80184f3a') +define(`OMAPFB_MIRROR', `0x40044f1f') +define(`OMAPFB_QUERY_MEM', `0x40084f38') +define(`OMAPFB_QUERY_PLANE', `0x40444f35') +define(`OMAPFB_SET_COLOR_KEY', `0x40104f32') +define(`OMAPFB_SET_TEARSYNC', `0x40084f3e') +define(`OMAPFB_SET_UPDATE_MODE', `0x40044f28') +define(`OMAPFB_SETUP_MEM', `0x40084f37') +define(`OMAPFB_SETUP_PLANE', `0x40444f34') +define(`OMAPFB_SYNC_GFX', `0x00004f25') +define(`OMAPFB_UPDATE_WINDOW', `0x40444f36') +define(`OMAPFB_UPDATE_WINDOW_OLD', `0x40144f2f') +define(`OMAPFB_VSYNC', `0x00004f26') +define(`OMAPFB_WAITFORGO', `0x00004f3c') +define(`OMAPFB_WAITFORVSYNC', `0x00004f39') +define(`OSD_GET_CAPABILITY', `0x80106fa1') +define(`OSD_SEND_CMD', `0x40206fa0') +define(`OSIOCGNETADDR', `0x800489e1') +define(`OSIOCSNETADDR', `0x400489e0') +define(`OSS_GETVERSION', `0x80044d76') +define(`OTPGETREGIONCOUNT', `0x40044d0e') +define(`OTPGETREGIONINFO', `0x400c4d0f') +define(`OTPLOCK', `0x800c4d10') +define(`OTPSELECT', `0x80044d0d') +define(`PACKET_CTRL_CMD', `0xc0185801') +define(`PERF_EVENT_IOC_DISABLE', `0x00002401') +define(`PERF_EVENT_IOC_ENABLE', `0x00002400') +define(`PERF_EVENT_IOC_ID', `0x80082407') +define(`PERF_EVENT_IOC_PERIOD', `0x40082404') +define(`PERF_EVENT_IOC_REFRESH', `0x00002402') +define(`PERF_EVENT_IOC_RESET', `0x00002403') +define(`PERF_EVENT_IOC_SET_FILTER', `0x40082406') +define(`PERF_EVENT_IOC_SET_OUTPUT', `0x00002405') +define(`PHN_GET_REG', `0xc0087000') +define(`PHN_GETREG', `0xc0087005') +define(`PHN_GET_REGS', `0xc0087002') +define(`PHN_GETREGS', `0xc0287007') +define(`PHN_NOT_OH', `0x00007004') +define(`PHN_SET_REG', `0x40087001') +define(`PHN_SETREG', `0x40087006') +define(`PHN_SET_REGS', `0x40087003') +define(`PHN_SETREGS', `0x40287008') +define(`PHONE_BUSY', `0x000071a1') +define(`PHONE_CAPABILITIES', `0x00007180') +define(`PHONE_CAPABILITIES_CHECK', `0x40087182') +define(`PHONE_CAPABILITIES_LIST', `0x80087181') +define(`PHONE_CPT_STOP', `0x000071a4') +define(`PHONE_DIALTONE', `0x000071a3') +define(`PHONE_DTMF_OOB', `0x40047199') +define(`PHONE_DTMF_READY', `0x80047196') +define(`PHONE_EXCEPTION', `0x8004719a') +define(`PHONE_FRAME', `0x4004718d') +define(`PHONE_GET_DTMF', `0x80047197') +define(`PHONE_GET_DTMF_ASCII', `0x80047198') +define(`PHONE_GET_TONE_OFF_TIME', `0x0000719f') +define(`PHONE_GET_TONE_ON_TIME', `0x0000719e') +define(`PHONE_GET_TONE_STATE', `0x000071a0') +define(`PHONE_HOOKSTATE', `0x00007184') +define(`PHONE_MAXRINGS', `0x40017185') +define(`PHONE_PLAY_CODEC', `0x40047190') +define(`PHONE_PLAY_DEPTH', `0x40047193') +define(`PHONE_PLAY_LEVEL', `0x00007195') +define(`PHONE_PLAY_START', `0x00007191') +define(`PHONE_PLAY_STOP', `0x00007192') +define(`PHONE_PLAY_TONE', `0x4001719b') +define(`PHONE_PLAY_VOLUME', `0x40047194') +define(`PHONE_PLAY_VOLUME_LINEAR', `0x400471dc') +define(`PHONE_PSTN_GET_STATE', `0x000071a5') +define(`PHONE_PSTN_LINETEST', `0x000071a8') +define(`PHONE_PSTN_SET_STATE', `0x400471a4') +define(`PHONE_QUERY_CODEC', `0xc00871a7') +define(`PHONE_REC_CODEC', `0x40047189') +define(`PHONE_REC_DEPTH', `0x4004718c') +define(`PHONE_REC_LEVEL', `0x0000718f') +define(`PHONE_REC_START', `0x0000718a') +define(`PHONE_REC_STOP', `0x0000718b') +define(`PHONE_REC_VOLUME', `0x4004718e') +define(`PHONE_REC_VOLUME_LINEAR', `0x400471db') +define(`PHONE_RING', `0x00007183') +define(`PHONE_RINGBACK', `0x000071a2') +define(`PHONE_RING_CADENCE', `0x40027186') +define(`PHONE_RING_START', `0x40087187') +define(`PHONE_RING_STOP', `0x00007188') +define(`PHONE_SET_TONE_OFF_TIME', `0x4004719d') +define(`PHONE_SET_TONE_ON_TIME', `0x4004719c') +define(`PHONE_VAD', `0x400471a9') +define(`PHONE_WINK', `0x400471aa') +define(`PHONE_WINK_DURATION', `0x400471a6') +define(`PIO_CMAP', `0x00004b71') +define(`PIO_FONT', `0x00004b61') +define(`PIO_FONTRESET', `0x00004b6d') +define(`PIO_FONTX', `0x00004b6c') +define(`PIO_SCRNMAP', `0x00004b41') +define(`PIO_UNIMAP', `0x00004b67') +define(`PIO_UNIMAPCLR', `0x00004b68') +define(`PIO_UNISCRNMAP', `0x00004b6a') +define(`PMU_IOC_CAN_SLEEP', `0x80084205') +define(`PMU_IOC_GET_BACKLIGHT', `0x80084201') +define(`PMU_IOC_GET_MODEL', `0x80084203') +define(`PMU_IOC_GRAB_BACKLIGHT', `0x80084206') +define(`PMU_IOC_HAS_ADB', `0x80084204') +define(`PMU_IOC_SET_BACKLIGHT', `0x40084202') +define(`PMU_IOC_SLEEP', `0x00004200') +define(`PPCLAIM', `0x0000708b') +define(`PPCLRIRQ', `0x80047093') +define(`PPDATADIR', `0x40047090') +define(`PPEXCL', `0x0000708f') +define(`PPFCONTROL', `0x4002708e') +define(`PPGETFLAGS', `0x8004709a') +define(`PPGETMODE', `0x80047098') +define(`PPGETMODES', `0x80047097') +define(`PPGETPHASE', `0x80047099') +define(`PPGETTIME', `0x80107095') +define(`PPNEGOT', `0x40047091') +define(`PPPIOCATTACH', `0x743d') +define(`PPPIOCATTCHAN', `0x7438') +define(`PPPIOCBUNDLE', `0x7481') +define(`PPPIOCCONNECT', `0x743a') +define(`PPPIOCDETACH', `0x743c') +define(`PPPIOCDISCONN', `0x7439') +define(`PPPIOCGASYNCMAP', `0x7458') +define(`PPPIOCGCALLINFO', `0x7480') +define(`PPPIOCGCHAN', `0x7437') +define(`PPPIOCGCOMPRESSORS', `0x7486') +define(`PPPIOCGDEBUG', `0x7441') +define(`PPPIOCGFLAGS', `0x745a') +define(`PPPIOCGIDLE', `0x743f') +define(`PPPIOCGIFNAME', `0x7488') +define(`PPPIOCGL2TPSTATS', `0x7436') +define(`PPPIOCGMPFLAGS', `0x7482') +define(`PPPIOCGMRU', `0x7453') +define(`PPPIOCGNPMODE', `0x744c') +define(`PPPIOCGRASYNCMAP', `0x7455') +define(`PPPIOCGUNIT', `0x7456') +define(`PPPIOCGXASYNCMAP', `0x7450') +define(`PPPIOCNEWUNIT', `0x743e') +define(`PPPIOCSACTIVE', `0x7446') +define(`PPPIOCSASYNCMAP', `0x7457') +define(`PPPIOCSCOMPRESS', `0x744d') +define(`PPPIOCSCOMPRESSOR', `0x7487') +define(`PPPIOCSDEBUG', `0x7440') +define(`PPPIOCSFLAGS', `0x7459') +define(`PPPIOCSMAXCID', `0x7451') +define(`PPPIOCSMPFLAGS', `0x7483') +define(`PPPIOCSMPMRU', `0x7485') +define(`PPPIOCSMPMTU', `0x7484') +define(`PPPIOCSMRRU', `0x743b') +define(`PPPIOCSMRU', `0x7452') +define(`PPPIOCSNPMODE', `0x744b') +define(`PPPIOCSPASS', `0x7447') +define(`PPPIOCSRASYNCMAP', `0x7454') +define(`PPPIOCSXASYNCMAP', `0x744f') +define(`PPPIOCXFERUNIT', `0x744e') +define(`PPPOEIOCDFWD', `0x0000b101') +define(`PPPOEIOCSFWD', `0x4008b100') +define(`PPRCONTROL', `0x80017083') +define(`PPRDATA', `0x80017085') +define(`PPRELEASE', `0x0000708c') +define(`PPRSTATUS', `0x80017081') +define(`PPSETFLAGS', `0x4004709b') +define(`PPSETMODE', `0x40047080') +define(`PPSETPHASE', `0x40047094') +define(`PPSETTIME', `0x40107096') +define(`PPS_FETCH', `0xc00870a4') +define(`PPS_GETCAP', `0x800870a3') +define(`PPS_GETPARAMS', `0x800870a1') +define(`PPS_KC_BIND', `0x400870a5') +define(`PPS_SETPARAMS', `0x400870a2') +define(`PPWCONTROL', `0x40017084') +define(`PPWCTLONIRQ', `0x40017092') +define(`PPWDATA', `0x40017086') +define(`PPYIELD', `0x0000708d') +define(`PROTECT_ARRAY', `0x00000927') +define(`PTP_CLOCK_GETCAPS', `0x80503d01') +define(`PTP_ENABLE_PPS', `0x40043d04') +define(`PTP_EXTTS_REQUEST', `0x40103d02') +define(`PTP_PEROUT_REQUEST', `0x40383d03') +define(`PTP_PIN_GETFUNC', `0xc0603d06') +define(`PTP_PIN_SETFUNC', `0x40603d07') +define(`PTP_SYS_OFFSET', `0x43403d05') +define(`RAID_AUTORUN', `0x00000914') +define(`RAID_VERSION', `0x800c0910') +define(`RAW_GETBIND', `0x0000ac01') +define(`RAW_SETBIND', `0x0000ac00') +define(`REISERFS_IOC_UNPACK', `0x4008cd01') +define(`RESTART_ARRAY_RW', `0x00000934') +define(`RFCOMMCREATEDEV', `0x400452c8') +define(`RFCOMMGETDEVINFO', `0x800452d3') +define(`RFCOMMGETDEVLIST', `0x800452d2') +define(`RFCOMMRELEASEDEV', `0x400452c9') +define(`RFCOMMSTEALDLC', `0x400452dc') +define(`RFKILL_IOCTL_NOINPUT', `0x00005201') +define(`RNDADDENTROPY', `0x40085203') +define(`RNDADDTOENTCNT', `0x40045201') +define(`RNDCLEARPOOL', `0x00005206') +define(`RNDGETENTCNT', `0x80045200') +define(`RNDGETPOOL', `0x80085202') +define(`RNDZAPENTCNT', `0x00005204') +define(`ROCCATIOCGREPSIZE', `0x800448f1') +define(`RTC_AIE_OFF', `0x00007002') +define(`RTC_AIE_ON', `0x00007001') +define(`RTC_ALM_READ', `0x80247008') +define(`RTC_ALM_SET', `0x40247007') +define(`RTC_EPOCH_READ', `0x8008700d') +define(`RTC_EPOCH_SET', `0x4008700e') +define(`RTC_IRQP_READ', `0x8008700b') +define(`RTC_IRQP_SET', `0x4008700c') +define(`RTC_PIE_OFF', `0x00007006') +define(`RTC_PIE_ON', `0x00007005') +define(`RTC_PLL_GET', `0x80207011') +define(`RTC_PLL_SET', `0x40207012') +define(`RTC_RD_TIME', `0x80247009') +define(`RTC_SET_TIME', `0x4024700a') +define(`RTC_UIE_OFF', `0x00007004') +define(`RTC_UIE_ON', `0x00007003') +define(`RTC_VL_CLR', `0x00007014') +define(`RTC_VL_READ', `0x80047013') +define(`RTC_WIE_OFF', `0x00007010') +define(`RTC_WIE_ON', `0x0000700f') +define(`RTC_WKALM_RD', `0x80287010') +define(`RTC_WKALM_SET', `0x4028700f') +define(`RUN_ARRAY', `0x400c0930') +define(`S5P_FIMC_TX_END_NOTIFY', `0x00006500') +define(`SAA6588_CMD_CLOSE', `0x40045202') +define(`SAA6588_CMD_POLL', `0x80045204') +define(`SAA6588_CMD_READ', `0x80045203') +define(`SCSI_IOCTL_DOORLOCK', `0x00005380') +define(`SCSI_IOCTL_DOORUNLOCK', `0x00005381') +define(`SCSI_IOCTL_GET_BUS_NUMBER', `0x00005386') +define(`SCSI_IOCTL_GET_IDLUN', `0x00005382') +define(`SCSI_IOCTL_GET_PCI', `0x00005387') +define(`SCSI_IOCTL_PROBE_HOST', `0x00005385') +define(`SET_ARRAY_INFO', `0x40480923') +define(`SET_BITMAP_FILE', `0x4004092b') +define(`SET_DISK_FAULTY', `0x00000929') +define(`SET_DISK_INFO', `0x00000924') +define(`SG_EMULATED_HOST', `0x00002203') +define(`SG_GET_ACCESS_COUNT', `0x00002289') +define(`SG_GET_COMMAND_Q', `0x00002270') +define(`SG_GET_KEEP_ORPHAN', `0x00002288') +define(`SG_GET_LOW_DMA', `0x0000227a') +define(`SG_GET_NUM_WAITING', `0x0000227d') +define(`SG_GET_PACK_ID', `0x0000227c') +define(`SG_GET_REQUEST_TABLE', `0x00002286') +define(`SG_GET_RESERVED_SIZE', `0x00002272') +define(`SG_GET_SCSI_ID', `0x00002276') +define(`SG_GET_SG_TABLESIZE', `0x0000227f') +define(`SG_GET_TIMEOUT', `0x00002202') +define(`SG_GET_TRANSFORM', `0x00002205') +define(`SG_GET_VERSION_NUM', `0x00002282') +define(`SG_IO', `0x00002285') +define(`SG_NEXT_CMD_LEN', `0x00002283') +define(`SG_SCSI_RESET', `0x00002284') +define(`SG_SET_COMMAND_Q', `0x00002271') +define(`SG_SET_DEBUG', `0x0000227e') +define(`SG_SET_FORCE_LOW_DMA', `0x00002279') +define(`SG_SET_FORCE_PACK_ID', `0x0000227b') +define(`SG_SET_KEEP_ORPHAN', `0x00002287') +define(`SG_SET_RESERVED_SIZE', `0x00002275') +define(`SG_SET_TIMEOUT', `0x00002201') +define(`SG_SET_TRANSFORM', `0x00002204') +define(`SI4713_IOC_MEASURE_RNL', `0xc01c56c0') +define(`SIOCADDDLCI', `0x00008980') +define(`SIOCADDMULTI', `0x00008931') +define(`SIOCADDRT', `0x0000890b') +define(`SIOCATMARK', `0x00008905') +define(`SIOCBONDCHANGEACTIVE', `0x00008995') +define(`SIOCBONDENSLAVE', `0x00008990') +define(`SIOCBONDINFOQUERY', `0x00008994') +define(`SIOCBONDRELEASE', `0x00008991') +define(`SIOCBONDSETHWADDR', `0x00008992') +define(`SIOCBONDSLAVEINFOQUERY', `0x00008993') +define(`SIOCBRADDBR', `0x000089a0') +define(`SIOCBRADDIF', `0x000089a2') +define(`SIOCBRDELBR', `0x000089a1') +define(`SIOCBRDELIF', `0x000089a3') +define(`SIOCDARP', `0x00008953') +define(`SIOCDELDLCI', `0x00008981') +define(`SIOCDELMULTI', `0x00008932') +define(`SIOCDELRT', `0x0000890c') +define(`SIOCDEVPRIVATE', `0x000089f0') +define(`SIOCDEVPRIVATE_1', `0x000089f1') +define(`SIOCDEVPRIVATE_2', `0x000089f2') +define(`SIOCDEVPRIVATE_3', `0x000089f3') +define(`SIOCDEVPRIVATE_4', `0x000089f4') +define(`SIOCDEVPRIVATE_5', `0x000089f5') +define(`SIOCDEVPRIVATE_6', `0x000089f6') +define(`SIOCDEVPRIVATE_7', `0x000089f7') +define(`SIOCDEVPRIVATE_8', `0x000089f8') +define(`SIOCDEVPRIVATE_9', `0x000089f9') +define(`SIOCDEVPRIVATE_A', `0x000089fa') +define(`SIOCDEVPRIVATE_B', `0x000089fb') +define(`SIOCDEVPRIVATE_C', `0x000089fc') +define(`SIOCDEVPRIVATE_D', `0x000089fd') +define(`SIOCDEVPRIVATE_E', `0x000089fe') +define(`SIOCDEVPRIVLAST', `0x000089ff') +define(`SIOCDIFADDR', `0x00008936') +define(`SIOCDRARP', `0x00008960') +define(`SIOCETHTOOL', `0x00008946') +define(`SIOCGARP', `0x00008954') +define(`SIOCGHWTSTAMP', `0x000089b1') +define(`SIOCGIFADDR', `0x00008915') +define(`SIOCGIFBR', `0x00008940') +define(`SIOCGIFBRDADDR', `0x00008919') +define(`SIOCGIFCONF', `0x00008912') +define(`SIOCGIFCOUNT', `0x00008938') +define(`SIOCGIFDSTADDR', `0x00008917') +define(`SIOCGIFENCAP', `0x00008925') +define(`SIOCGIFFLAGS', `0x00008913') +define(`SIOCGIFHWADDR', `0x00008927') +define(`SIOCGIFINDEX', `0x00008933') +define(`SIOCGIFMAP', `0x00008970') +define(`SIOCGIFMEM', `0x0000891f') +define(`SIOCGIFMETRIC', `0x0000891d') +define(`SIOCGIFMTU', `0x00008921') +define(`SIOCGIFNAME', `0x00008910') +define(`SIOCGIFNETMASK', `0x0000891b') +define(`SIOCGIFPFLAGS', `0x00008935') +define(`SIOCGIFSLAVE', `0x00008929') +define(`SIOCGIFTXQLEN', `0x00008942') +define(`SIOCGIFVLAN', `0x00008982') +define(`SIOCGIWAP', `0x00008b15') +define(`SIOCGIWAPLIST', `0x00008b17') +define(`SIOCGIWAUTH', `0x00008b33') +define(`SIOCGIWENCODE', `0x00008b2b') +define(`SIOCGIWENCODEEXT', `0x00008b35') +define(`SIOCGIWESSID', `0x00008b1b') +define(`SIOCGIWFRAG', `0x00008b25') +define(`SIOCGIWFREQ', `0x00008b05') +define(`SIOCGIWGENIE', `0x00008b31') +define(`SIOCGIWMODE', `0x00008b07') +define(`SIOCGIWNAME', `0x00008b01') +define(`SIOCGIWNICKN', `0x00008b1d') +define(`SIOCGIWNWID', `0x00008b03') +define(`SIOCGIWPOWER', `0x00008b2d') +define(`SIOCGIWPRIV', `0x00008b0d') +define(`SIOCGIWRANGE', `0x00008b0b') +define(`SIOCGIWRATE', `0x00008b21') +define(`SIOCGIWRETRY', `0x00008b29') +define(`SIOCGIWRTS', `0x00008b23') +define(`SIOCGIWSCAN', `0x00008b19') +define(`SIOCGIWSENS', `0x00008b09') +define(`SIOCGIWSPY', `0x00008b11') +define(`SIOCGIWSTATS', `0x00008b0f') +define(`SIOCGIWTHRSPY', `0x00008b13') +define(`SIOCGIWTXPOW', `0x00008b27') +define(`SIOCGMIIPHY', `0x00008947') +define(`SIOCGMIIREG', `0x00008948') +define(`SIOCGNETADDR', `0x800489e1') +define(`SIOCGPGRP', `0x00008904') +define(`SIOCGRARP', `0x00008961') +define(`SIOCGSTAMP', `0x00008906') +define(`SIOCGSTAMPNS', `0x00008907') +define(`SIOCIWFIRST', `0x00008b00') +define(`SIOCIWFIRSTPRIV_01', `0x00008be1') +define(`SIOCIWFIRSTPRIV_02', `0x00008be2') +define(`SIOCIWFIRSTPRIV_03', `0x00008be3') +define(`SIOCIWFIRSTPRIV_04', `0x00008be4') +define(`SIOCIWFIRSTPRIV_05', `0x00008be5') +define(`SIOCIWFIRSTPRIV_06', `0x00008be6') +define(`SIOCIWFIRSTPRIV_07', `0x00008be7') +define(`SIOCIWFIRSTPRIV_08', `0x00008be8') +define(`SIOCIWFIRSTPRIV_09', `0x00008be9') +define(`SIOCIWFIRSTPRIV_0A', `0x00008bea') +define(`SIOCIWFIRSTPRIV_0B', `0x00008beb') +define(`SIOCIWFIRSTPRIV_0C', `0x00008bec') +define(`SIOCIWFIRSTPRIV_0D', `0x00008bed') +define(`SIOCIWFIRSTPRIV_0E', `0x00008bee') +define(`SIOCIWFIRSTPRIV_0F', `0x00008bef') +define(`SIOCIWFIRSTPRIV', `0x00008be0') +define(`SIOCIWFIRSTPRIV_10', `0x00008bf0') +define(`SIOCIWFIRSTPRIV_11', `0x00008bf1') +define(`SIOCIWFIRSTPRIV_12', `0x00008bf2') +define(`SIOCIWFIRSTPRIV_13', `0x00008bf3') +define(`SIOCIWFIRSTPRIV_14', `0x00008bf4') +define(`SIOCIWFIRSTPRIV_15', `0x00008bf5') +define(`SIOCIWFIRSTPRIV_16', `0x00008bf6') +define(`SIOCIWFIRSTPRIV_17', `0x00008bf7') +define(`SIOCIWFIRSTPRIV_18', `0x00008bf8') +define(`SIOCIWFIRSTPRIV_19', `0x00008bf9') +define(`SIOCIWFIRSTPRIV_1A', `0x00008bfa') +define(`SIOCIWFIRSTPRIV_1B', `0x00008bfb') +define(`SIOCIWFIRSTPRIV_1C', `0x00008bfc') +define(`SIOCIWFIRSTPRIV_1D', `0x00008bfd') +define(`SIOCIWFIRSTPRIV_1E', `0x00008bfe') +define(`SIOCIWLASTPRIV', `0x00008bff') +define(`SIOCKILLADDR', `0x00008939') +define(`SIOCMKCLIP', `0x000061e0') +define(`SIOCOUTQNSD', `0x0000894b') +define(`SIOCPROTOPRIVATE', `0x000089e0') +define(`SIOCPROTOPRIVATE_1', `0x000089e1') +define(`SIOCPROTOPRIVATE_2', `0x000089e2') +define(`SIOCPROTOPRIVATE_3', `0x000089e3') +define(`SIOCPROTOPRIVATE_4', `0x000089e4') +define(`SIOCPROTOPRIVATE_5', `0x000089e5') +define(`SIOCPROTOPRIVATE_6', `0x000089e6') +define(`SIOCPROTOPRIVATE_7', `0x000089e7') +define(`SIOCPROTOPRIVATE_8', `0x000089e8') +define(`SIOCPROTOPRIVATE_9', `0x000089e9') +define(`SIOCPROTOPRIVATE_A', `0x000089ea') +define(`SIOCPROTOPRIVATE_B', `0x000089eb') +define(`SIOCPROTOPRIVATE_C', `0x000089ec') +define(`SIOCPROTOPRIVATE_D', `0x000089ed') +define(`SIOCPROTOPRIVATE_E', `0x000089ee') +define(`SIOCPROTOPRIVLAST', `0x000089ef') +define(`SIOCRTMSG', `0x0000890d') +define(`SIOCSARP', `0x00008955') +define(`SIOCSHWTSTAMP', `0x000089b0') +define(`SIOCSIFADDR', `0x00008916') +define(`SIOCSIFATMTCP', `0x00006180') +define(`SIOCSIFBR', `0x00008941') +define(`SIOCSIFBRDADDR', `0x0000891a') +define(`SIOCSIFDSTADDR', `0x00008918') +define(`SIOCSIFENCAP', `0x00008926') +define(`SIOCSIFFLAGS', `0x00008914') +define(`SIOCSIFHWADDR', `0x00008924') +define(`SIOCSIFHWBROADCAST', `0x00008937') +define(`SIOCSIFLINK', `0x00008911') +define(`SIOCSIFMAP', `0x00008971') +define(`SIOCSIFMEM', `0x00008920') +define(`SIOCSIFMETRIC', `0x0000891e') +define(`SIOCSIFMTU', `0x00008922') +define(`SIOCSIFNAME', `0x00008923') +define(`SIOCSIFNETMASK', `0x0000891c') +define(`SIOCSIFPFLAGS', `0x00008934') +define(`SIOCSIFSLAVE', `0x00008930') +define(`SIOCSIFTXQLEN', `0x00008943') +define(`SIOCSIFVLAN', `0x00008983') +define(`SIOCSIWAP', `0x00008b14') +define(`SIOCSIWAUTH', `0x00008b32') +define(`SIOCSIWCOMMIT', `0x00008b00') +define(`SIOCSIWENCODE', `0x00008b2a') +define(`SIOCSIWENCODEEXT', `0x00008b34') +define(`SIOCSIWESSID', `0x00008b1a') +define(`SIOCSIWFRAG', `0x00008b24') +define(`SIOCSIWFREQ', `0x00008b04') +define(`SIOCSIWGENIE', `0x00008b30') +define(`SIOCSIWMLME', `0x00008b16') +define(`SIOCSIWMODE', `0x00008b06') +define(`SIOCSIWNICKN', `0x00008b1c') +define(`SIOCSIWNWID', `0x00008b02') +define(`SIOCSIWPMKSA', `0x00008b36') +define(`SIOCSIWPOWER', `0x00008b2c') +define(`SIOCSIWPRIV', `0x00008b0c') +define(`SIOCSIWRANGE', `0x00008b0a') +define(`SIOCSIWRATE', `0x00008b20') +define(`SIOCSIWRETRY', `0x00008b28') +define(`SIOCSIWRTS', `0x00008b22') +define(`SIOCSIWSCAN', `0x00008b18') +define(`SIOCSIWSENS', `0x00008b08') +define(`SIOCSIWSPY', `0x00008b10') +define(`SIOCSIWSTATS', `0x00008b0e') +define(`SIOCSIWTHRSPY', `0x00008b12') +define(`SIOCSIWTXPOW', `0x00008b26') +define(`SIOCSMIIREG', `0x00008949') +define(`SIOCSNETADDR', `0x400489e0') +define(`SIOCSPGRP', `0x00008902') +define(`SIOCSRARP', `0x00008962') +define(`SIOCWANDEV', `0x0000894a') +define(`SISFB_COMMAND', `0xc054f305') +define(`SISFB_GET_AUTOMAXIMIZE', `0x8004f303') +define(`SISFB_GET_AUTOMAXIMIZE_OLD', `0x80046efa') +define(`SISFB_GET_INFO', `0x811cf301') +define(`SISFB_GET_INFO_OLD', `0x80046ef8') +define(`SISFB_GET_INFO_SIZE', `0x8004f300') +define(`SISFB_GET_TVPOSOFFSET', `0x8004f304') +define(`SISFB_GET_VBRSTATUS', `0x8004f302') +define(`SISFB_GET_VBRSTATUS_OLD', `0x80046ef9') +define(`SISFB_SET_AUTOMAXIMIZE', `0x4004f303') +define(`SISFB_SET_AUTOMAXIMIZE_OLD', `0x40046efa') +define(`SISFB_SET_LOCK', `0x4004f306') +define(`SISFB_SET_TVPOSOFFSET', `0x4004f304') +define(`SNAPSHOT_ALLOC_SWAP_PAGE', `0x80083314') +define(`SNAPSHOT_ATOMIC_RESTORE', `0x00003304') +define(`SNAPSHOT_AVAIL_SWAP_SIZE', `0x80083313') +define(`SNAPSHOT_CREATE_IMAGE', `0x40043311') +define(`SNAPSHOT_FREE', `0x00003305') +define(`SNAPSHOT_FREE_SWAP_PAGES', `0x00003309') +define(`SNAPSHOT_FREEZE', `0x00003301') +define(`SNAPSHOT_GET_IMAGE_SIZE', `0x8008330e') +define(`SNAPSHOT_PLATFORM_SUPPORT', `0x0000330f') +define(`SNAPSHOT_POWER_OFF', `0x00003310') +define(`SNAPSHOT_PREF_IMAGE_SIZE', `0x00003312') +define(`SNAPSHOT_S2RAM', `0x0000330b') +define(`SNAPSHOT_SET_SWAP_AREA', `0x400c330d') +define(`SNAPSHOT_UNFREEZE', `0x00003302') +define(`SNDCTL_COPR_HALT', `0xc0144307') +define(`SNDCTL_COPR_LOAD', `0xcfb04301') +define(`SNDCTL_COPR_RCODE', `0xc0144303') +define(`SNDCTL_COPR_RCVMSG', `0x8fa44309') +define(`SNDCTL_COPR_RDATA', `0xc0144302') +define(`SNDCTL_COPR_RESET', `0x00004300') +define(`SNDCTL_COPR_RUN', `0xc0144306') +define(`SNDCTL_COPR_SENDMSG', `0xcfa44308') +define(`SNDCTL_COPR_WCODE', `0x40144305') +define(`SNDCTL_COPR_WDATA', `0x40144304') +define(`SNDCTL_DSP_BIND_CHANNEL', `0xc0045041') +define(`SNDCTL_DSP_CHANNELS', `0xc0045006') +define(`SNDCTL_DSP_GETBLKSIZE', `0xc0045004') +define(`SNDCTL_DSP_GETCAPS', `0x8004500f') +define(`SNDCTL_DSP_GETCHANNELMASK', `0xc0045040') +define(`SNDCTL_DSP_GETFMTS', `0x8004500b') +define(`SNDCTL_DSP_GETIPTR', `0x800c5011') +define(`SNDCTL_DSP_GETISPACE', `0x8010500d') +define(`SNDCTL_DSP_GETODELAY', `0x80045017') +define(`SNDCTL_DSP_GETOPTR', `0x800c5012') +define(`SNDCTL_DSP_GETOSPACE', `0x8010500c') +define(`SNDCTL_DSP_GETSPDIF', `0x80045043') +define(`SNDCTL_DSP_GETTRIGGER', `0x80045010') +define(`SNDCTL_DSP_MAPINBUF', `0x80105013') +define(`SNDCTL_DSP_MAPOUTBUF', `0x80105014') +define(`SNDCTL_DSP_NONBLOCK', `0x0000500e') +define(`SNDCTL_DSP_POST', `0x00005008') +define(`SNDCTL_DSP_PROFILE', `0x40045017') +define(`SNDCTL_DSP_RESET', `0x00005000') +define(`SNDCTL_DSP_SETDUPLEX', `0x00005016') +define(`SNDCTL_DSP_SETFMT', `0xc0045005') +define(`SNDCTL_DSP_SETFRAGMENT', `0xc004500a') +define(`SNDCTL_DSP_SETSPDIF', `0x40045042') +define(`SNDCTL_DSP_SETSYNCRO', `0x00005015') +define(`SNDCTL_DSP_SETTRIGGER', `0x40045010') +define(`SNDCTL_DSP_SPEED', `0xc0045002') +define(`SNDCTL_DSP_STEREO', `0xc0045003') +define(`SNDCTL_DSP_SUBDIVIDE', `0xc0045009') +define(`SNDCTL_DSP_SYNC', `0x00005001') +define(`SNDCTL_FM_4OP_ENABLE', `0x4004510f') +define(`SNDCTL_FM_LOAD_INSTR', `0x40285107') +define(`SNDCTL_MIDI_INFO', `0xc074510c') +define(`SNDCTL_MIDI_MPUCMD', `0xc0216d02') +define(`SNDCTL_MIDI_MPUMODE', `0xc0046d01') +define(`SNDCTL_MIDI_PRETIME', `0xc0046d00') +define(`SNDCTL_SEQ_CTRLRATE', `0xc0045103') +define(`SNDCTL_SEQ_GETINCOUNT', `0x80045105') +define(`SNDCTL_SEQ_GETOUTCOUNT', `0x80045104') +define(`SNDCTL_SEQ_GETTIME', `0x80045113') +define(`SNDCTL_SEQ_NRMIDIS', `0x8004510b') +define(`SNDCTL_SEQ_NRSYNTHS', `0x8004510a') +define(`SNDCTL_SEQ_OUTOFBAND', `0x40085112') +define(`SNDCTL_SEQ_PANIC', `0x00005111') +define(`SNDCTL_SEQ_PERCMODE', `0x40045106') +define(`SNDCTL_SEQ_RESET', `0x00005100') +define(`SNDCTL_SEQ_RESETSAMPLES', `0x40045109') +define(`SNDCTL_SEQ_SYNC', `0x00005101') +define(`SNDCTL_SEQ_TESTMIDI', `0x40045108') +define(`SNDCTL_SEQ_THRESHOLD', `0x4004510d') +define(`SNDCTL_SYNTH_CONTROL', `0xcfa45115') +define(`SNDCTL_SYNTH_ID', `0xc08c5114') +define(`SNDCTL_SYNTH_INFO', `0xc08c5102') +define(`SNDCTL_SYNTH_MEMAVL', `0xc004510e') +define(`SNDCTL_SYNTH_REMOVESAMPLE', `0xc00c5116') +define(`SNDCTL_TMR_CONTINUE', `0x00005404') +define(`SNDCTL_TMR_METRONOME', `0x40045407') +define(`SNDCTL_TMR_SELECT', `0x40045408') +define(`SNDCTL_TMR_SOURCE', `0xc0045406') +define(`SNDCTL_TMR_START', `0x00005402') +define(`SNDCTL_TMR_STOP', `0x00005403') +define(`SNDCTL_TMR_TEMPO', `0xc0045405') +define(`SNDCTL_TMR_TIMEBASE', `0xc0045401') +define(`SNDRV_COMPRESS_AVAIL', `0x801c4321') +define(`SNDRV_COMPRESS_DRAIN', `0x00004334') +define(`SNDRV_COMPRESS_GET_CAPS', `0xc0c44310') +define(`SNDRV_COMPRESS_GET_CODEC_CAPS', `0xeb884311') +define(`SNDRV_COMPRESS_GET_METADATA', `0xc0244315') +define(`SNDRV_COMPRESS_GET_PARAMS', `0x80784313') +define(`SNDRV_COMPRESS_IOCTL_VERSION', `0x80044300') +define(`SNDRV_COMPRESS_NEXT_TRACK', `0x00004335') +define(`SNDRV_COMPRESS_PARTIAL_DRAIN', `0x00004336') +define(`SNDRV_COMPRESS_PAUSE', `0x00004330') +define(`SNDRV_COMPRESS_RESUME', `0x00004331') +define(`SNDRV_COMPRESS_SET_METADATA', `0x40244314') +define(`SNDRV_COMPRESS_SET_PARAMS', `0x40844312') +define(`SNDRV_COMPRESS_START', `0x00004332') +define(`SNDRV_COMPRESS_STOP', `0x00004333') +define(`SNDRV_COMPRESS_TSTAMP', `0x80144320') +define(`SNDRV_CTL_IOCTL_CARD_INFO', `0x81785501') +define(`SNDRV_CTL_IOCTL_ELEM_ADD', `0xc1105517') +define(`SNDRV_CTL_IOCTL_ELEM_INFO', `0xc1105511') +define(`SNDRV_CTL_IOCTL_ELEM_LIST', `0xc0505510') +define(`SNDRV_CTL_IOCTL_ELEM_LOCK', `0x40405514') +define(`SNDRV_CTL_IOCTL_ELEM_READ', `0xc4c85512') +define(`SNDRV_CTL_IOCTL_ELEM_REMOVE', `0xc0405519') +define(`SNDRV_CTL_IOCTL_ELEM_REPLACE', `0xc1105518') +define(`SNDRV_CTL_IOCTL_ELEM_UNLOCK', `0x40405515') +define(`SNDRV_CTL_IOCTL_ELEM_WRITE', `0xc4c85513') +define(`SNDRV_CTL_IOCTL_HWDEP_INFO', `0x80dc5521') +define(`SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE', `0xc0045520') +define(`SNDRV_CTL_IOCTL_PCM_INFO', `0xc1205531') +define(`SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE', `0x80045530') +define(`SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE', `0x40045532') +define(`SNDRV_CTL_IOCTL_POWER', `0xc00455d0') +define(`SNDRV_CTL_IOCTL_POWER_STATE', `0x800455d1') +define(`SNDRV_CTL_IOCTL_PVERSION', `0x80045500') +define(`SNDRV_CTL_IOCTL_RAWMIDI_INFO', `0xc10c5541') +define(`SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE', `0xc0045540') +define(`SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE', `0x40045542') +define(`SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS', `0xc0045516') +define(`SNDRV_CTL_IOCTL_TLV_COMMAND', `0xc008551c') +define(`SNDRV_CTL_IOCTL_TLV_READ', `0xc008551a') +define(`SNDRV_CTL_IOCTL_TLV_WRITE', `0xc008551b') +define(`SNDRV_DM_FM_IOCTL_CLEAR_PATCHES', `0x00004840') +define(`SNDRV_DM_FM_IOCTL_INFO', `0x80024820') +define(`SNDRV_DM_FM_IOCTL_PLAY_NOTE', `0x400c4822') +define(`SNDRV_DM_FM_IOCTL_RESET', `0x00004821') +define(`SNDRV_DM_FM_IOCTL_SET_CONNECTION', `0x40044826') +define(`SNDRV_DM_FM_IOCTL_SET_MODE', `0x40044825') +define(`SNDRV_DM_FM_IOCTL_SET_PARAMS', `0x40094824') +define(`SNDRV_DM_FM_IOCTL_SET_VOICE', `0x40124823') +define(`SNDRV_EMU10K1_IOCTL_CODE_PEEK', `0xc1b04812') +define(`SNDRV_EMU10K1_IOCTL_CODE_POKE', `0x41b04811') +define(`SNDRV_EMU10K1_IOCTL_CONTINUE', `0x00004881') +define(`SNDRV_EMU10K1_IOCTL_DBG_READ', `0x80044884') +define(`SNDRV_EMU10K1_IOCTL_INFO', `0x880c4810') +define(`SNDRV_EMU10K1_IOCTL_PCM_PEEK', `0xc0484831') +define(`SNDRV_EMU10K1_IOCTL_PCM_POKE', `0x40484830') +define(`SNDRV_EMU10K1_IOCTL_PVERSION', `0x80044840') +define(`SNDRV_EMU10K1_IOCTL_SINGLE_STEP', `0x40044883') +define(`SNDRV_EMU10K1_IOCTL_STOP', `0x00004880') +define(`SNDRV_EMU10K1_IOCTL_TRAM_PEEK', `0xc0104822') +define(`SNDRV_EMU10K1_IOCTL_TRAM_POKE', `0x40104821') +define(`SNDRV_EMU10K1_IOCTL_TRAM_SETUP', `0x40044820') +define(`SNDRV_EMU10K1_IOCTL_ZERO_TRAM_COUNTER', `0x00004882') +define(`SNDRV_EMUX_IOCTL_LOAD_PATCH', `0xc0104881') +define(`SNDRV_EMUX_IOCTL_MEM_AVAIL', `0x40044884') +define(`SNDRV_EMUX_IOCTL_MISC_MODE', `0xc0104884') +define(`SNDRV_EMUX_IOCTL_REMOVE_LAST_SAMPLES', `0x00004883') +define(`SNDRV_EMUX_IOCTL_RESET_SAMPLES', `0x00004882') +define(`SNDRV_EMUX_IOCTL_VERSION', `0x80044880') +define(`SNDRV_FIREWIRE_IOCTL_GET_INFO', `0x802048f8') +define(`SNDRV_FIREWIRE_IOCTL_LOCK', `0x000048f9') +define(`SNDRV_FIREWIRE_IOCTL_UNLOCK', `0x000048fa') +define(`SNDRV_HDSP_IOCTL_GET_9632_AEB', `0x80084845') +define(`SNDRV_HDSP_IOCTL_GET_CONFIG_INFO', `0x80244841') +define(`SNDRV_HDSP_IOCTL_GET_MIXER', `0x90004844') +define(`SNDRV_HDSP_IOCTL_GET_PEAK_RMS', `0x83b04840') +define(`SNDRV_HDSP_IOCTL_GET_VERSION', `0x80084843') +define(`SNDRV_HDSP_IOCTL_UPLOAD_FIRMWARE', `0x40084842') +define(`SNDRV_HDSPM_IOCTL_GET_CONFIG', `0x80184841') +define(`SNDRV_HDSPM_IOCTL_GET_LTC', `0x80104846') +define(`SNDRV_HDSPM_IOCTL_GET_MIXER', `0x80084844') +define(`SNDRV_HDSPM_IOCTL_GET_PEAK_RMS', `0x89084842') +define(`SNDRV_HDSPM_IOCTL_GET_STATUS', `0x80204847') +define(`SNDRV_HDSPM_IOCTL_GET_VERSION', `0x80244848') +define(`SNDRV_HWDEP_IOCTL_DSP_LOAD', `0x40604803') +define(`SNDRV_HWDEP_IOCTL_DSP_STATUS', `0x80404802') +define(`SNDRV_HWDEP_IOCTL_INFO', `0x80dc4801') +define(`SNDRV_HWDEP_IOCTL_PVERSION', `0x80044800') +define(`SNDRV_PCM_IOCTL_CHANNEL_INFO', `0x80184132') +define(`SNDRV_PCM_IOCTL_DELAY', `0x80084121') +define(`SNDRV_PCM_IOCTL_DRAIN', `0x00004144') +define(`SNDRV_PCM_IOCTL_DROP', `0x00004143') +define(`SNDRV_PCM_IOCTL_FORWARD', `0x40084149') +define(`SNDRV_PCM_IOCTL_HW_FREE', `0x00004112') +define(`SNDRV_PCM_IOCTL_HW_PARAMS', `0xc2604111') +define(`SNDRV_PCM_IOCTL_HW_REFINE', `0xc2604110') +define(`SNDRV_PCM_IOCTL_HWSYNC', `0x00004122') +define(`SNDRV_PCM_IOCTL_INFO', `0x81204101') +define(`SNDRV_PCM_IOCTL_LINK', `0x40044160') +define(`SNDRV_PCM_IOCTL_PAUSE', `0x40044145') +define(`SNDRV_PCM_IOCTL_PREPARE', `0x00004140') +define(`SNDRV_PCM_IOCTL_PVERSION', `0x80044100') +define(`SNDRV_PCM_IOCTL_READI_FRAMES', `0x80184151') +define(`SNDRV_PCM_IOCTL_READN_FRAMES', `0x80184153') +define(`SNDRV_PCM_IOCTL_RESET', `0x00004141') +define(`SNDRV_PCM_IOCTL_RESUME', `0x00004147') +define(`SNDRV_PCM_IOCTL_REWIND', `0x40084146') +define(`SNDRV_PCM_IOCTL_START', `0x00004142') +define(`SNDRV_PCM_IOCTL_STATUS', `0x80984120') +define(`SNDRV_PCM_IOCTL_SW_PARAMS', `0xc0884113') +define(`SNDRV_PCM_IOCTL_SYNC_PTR', `0xc0884123') +define(`SNDRV_PCM_IOCTL_TSTAMP', `0x40044102') +define(`SNDRV_PCM_IOCTL_TTSTAMP', `0x40044103') +define(`SNDRV_PCM_IOCTL_UNLINK', `0x00004161') +define(`SNDRV_PCM_IOCTL_WRITEI_FRAMES', `0x40184150') +define(`SNDRV_PCM_IOCTL_WRITEN_FRAMES', `0x40184152') +define(`SNDRV_PCM_IOCTL_XRUN', `0x00004148') +define(`SNDRV_RAWMIDI_IOCTL_DRAIN', `0x40045731') +define(`SNDRV_RAWMIDI_IOCTL_DROP', `0x40045730') +define(`SNDRV_RAWMIDI_IOCTL_INFO', `0x810c5701') +define(`SNDRV_RAWMIDI_IOCTL_PARAMS', `0xc0305710') +define(`SNDRV_RAWMIDI_IOCTL_PVERSION', `0x80045700') +define(`SNDRV_RAWMIDI_IOCTL_STATUS', `0xc0385720') +define(`SNDRV_SB_CSP_IOCTL_INFO', `0x80284810') +define(`SNDRV_SB_CSP_IOCTL_LOAD_CODE', `0x70124811') +define(`SNDRV_SB_CSP_IOCTL_PAUSE', `0x00004815') +define(`SNDRV_SB_CSP_IOCTL_RESTART', `0x00004816') +define(`SNDRV_SB_CSP_IOCTL_START', `0x40084813') +define(`SNDRV_SB_CSP_IOCTL_STOP', `0x00004814') +define(`SNDRV_SB_CSP_IOCTL_UNLOAD_CODE', `0x00004812') +define(`SNDRV_SEQ_IOCTL_CLIENT_ID', `0x80045301') +define(`SNDRV_SEQ_IOCTL_CREATE_PORT', `0xc0a85320') +define(`SNDRV_SEQ_IOCTL_CREATE_QUEUE', `0xc08c5332') +define(`SNDRV_SEQ_IOCTL_DELETE_PORT', `0x40a85321') +define(`SNDRV_SEQ_IOCTL_DELETE_QUEUE', `0x408c5333') +define(`SNDRV_SEQ_IOCTL_GET_CLIENT_INFO', `0xc0bc5310') +define(`SNDRV_SEQ_IOCTL_GET_CLIENT_POOL', `0xc058534b') +define(`SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE', `0xc08c5336') +define(`SNDRV_SEQ_IOCTL_GET_PORT_INFO', `0xc0a85322') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT', `0xc04c5349') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_INFO', `0xc08c5334') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_OWNER', `0xc0005343') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS', `0xc05c5340') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO', `0xc02c5341') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER', `0xc0605345') +define(`SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION', `0xc0505350') +define(`SNDRV_SEQ_IOCTL_PVERSION', `0x80045300') +define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT', `0xc0bc5351') +define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT', `0xc0a85352') +define(`SNDRV_SEQ_IOCTL_QUERY_SUBS', `0xc058534f') +define(`SNDRV_SEQ_IOCTL_REMOVE_EVENTS', `0x4040534e') +define(`SNDRV_SEQ_IOCTL_RUNNING_MODE', `0xc0105303') +define(`SNDRV_SEQ_IOCTL_SET_CLIENT_INFO', `0x40bc5311') +define(`SNDRV_SEQ_IOCTL_SET_CLIENT_POOL', `0x4058534c') +define(`SNDRV_SEQ_IOCTL_SET_PORT_INFO', `0x40a85323') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT', `0x404c534a') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_INFO', `0xc08c5335') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_OWNER', `0x40005344') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO', `0x402c5342') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER', `0x40605346') +define(`SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT', `0x40505330') +define(`SNDRV_SEQ_IOCTL_SYSTEM_INFO', `0xc0305302') +define(`SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT', `0x40505331') +define(`SNDRV_TIMER_IOCTL_CONTINUE', `0x000054a2') +define(`SNDRV_TIMER_IOCTL_GINFO', `0xc0f85403') +define(`SNDRV_TIMER_IOCTL_GPARAMS', `0x40485404') +define(`SNDRV_TIMER_IOCTL_GSTATUS', `0xc0505405') +define(`SNDRV_TIMER_IOCTL_INFO', `0x80e85411') +define(`SNDRV_TIMER_IOCTL_NEXT_DEVICE', `0xc0145401') +define(`SNDRV_TIMER_IOCTL_PARAMS', `0x40505412') +define(`SNDRV_TIMER_IOCTL_PAUSE', `0x000054a3') +define(`SNDRV_TIMER_IOCTL_PVERSION', `0x80045400') +define(`SNDRV_TIMER_IOCTL_SELECT', `0x40345410') +define(`SNDRV_TIMER_IOCTL_START', `0x000054a0') +define(`SNDRV_TIMER_IOCTL_STATUS', `0x80605414') +define(`SNDRV_TIMER_IOCTL_STOP', `0x000054a1') +define(`SNDRV_TIMER_IOCTL_TREAD', `0x40045402') +define(`SONET_CLRDIAG', `0xc0046113') +define(`SONET_GETDIAG', `0x80046114') +define(`SONET_GETFRAMING', `0x80046116') +define(`SONET_GETFRSENSE', `0x80066117') +define(`SONET_GETSTAT', `0x80246110') +define(`SONET_GETSTATZ', `0x80246111') +define(`SONET_SETDIAG', `0xc0046112') +define(`SONET_SETFRAMING', `0x40046115') +define(`SONYPI_IOCGBAT1CAP', `0x80027602') +define(`SONYPI_IOCGBAT1REM', `0x80027603') +define(`SONYPI_IOCGBAT2CAP', `0x80027604') +define(`SONYPI_IOCGBAT2REM', `0x80027605') +define(`SONYPI_IOCGBATFLAGS', `0x80017607') +define(`SONYPI_IOCGBLUE', `0x80017608') +define(`SONYPI_IOCGBRT', `0x80017600') +define(`SONYPI_IOCGFAN', `0x8001760a') +define(`SONYPI_IOCGTEMP', `0x8001760c') +define(`SONYPI_IOCSBLUE', `0x40017609') +define(`SONYPI_IOCSBRT', `0x40017600') +define(`SONYPI_IOCSFAN', `0x4001760b') +define(`SOUND_MIXER_3DSE', `0xc0044d68') +define(`SOUND_MIXER_ACCESS', `0xc0804d66') +define(`SOUND_MIXER_AGC', `0xc0044d67') +define(`SOUND_MIXER_GETLEVELS', `0xc0a44d74') +define(`SOUND_MIXER_INFO', `0x805c4d65') +define(`SOUND_MIXER_PRIVATE1', `0xc0044d6f') +define(`SOUND_MIXER_PRIVATE2', `0xc0044d70') +define(`SOUND_MIXER_PRIVATE3', `0xc0044d71') +define(`SOUND_MIXER_PRIVATE4', `0xc0044d72') +define(`SOUND_MIXER_PRIVATE5', `0xc0044d73') +define(`SOUND_MIXER_SETLEVELS', `0xc0a44d75') +define(`SOUND_OLD_MIXER_INFO', `0x80304d65') +define(`SOUND_PCM_READ_BITS', `0x80045005') +define(`SOUND_PCM_READ_CHANNELS', `0x80045006') +define(`SOUND_PCM_READ_FILTER', `0x80045007') +define(`SOUND_PCM_READ_RATE', `0x80045002') +define(`SOUND_PCM_WRITE_FILTER', `0xc0045007') +define(`SPI_IOC_RD_BITS_PER_WORD', `0x80016b03') +define(`SPI_IOC_RD_LSB_FIRST', `0x80016b02') +define(`SPI_IOC_RD_MAX_SPEED_HZ', `0x80046b04') +define(`SPI_IOC_RD_MODE', `0x80016b01') +define(`SPI_IOC_RD_MODE32', `0x80046b05') +define(`SPI_IOC_WR_BITS_PER_WORD', `0x40016b03') +define(`SPI_IOC_WR_LSB_FIRST', `0x40016b02') +define(`SPI_IOC_WR_MAX_SPEED_HZ', `0x40046b04') +define(`SPI_IOC_WR_MODE', `0x40016b01') +define(`SPI_IOC_WR_MODE32', `0x40046b05') +define(`SPIOCSTYPE', `0x40087101') +define(`SSTFB_GET_VGAPASS', `0x800446dd') +define(`SSTFB_SET_VGAPASS', `0x400446dd') +define(`STOP_ARRAY', `0x00000932') +define(`STOP_ARRAY_RO', `0x00000933') +define(`SW_SYNC_IOC_CREATE_FENCE', `0xc0285700') +define(`SW_SYNC_IOC_INC', `0x40045701') +define(`SYNC_IOC_FENCE_INFO', `0xc0283e02') +define(`SYNC_IOC_MERGE', `0xc0283e01') +define(`SYNC_IOC_WAIT', `0x40043e00') +define(`TCFLSH', `0x0000540b') +define(`TCGETA', `0x00005405') +define(`TCGETS2', `0x802c542a') +define(`TCGETS', ifelse(target_arch, mips, 0x0000540d, 0x00005401)) +define(`TCGETX', `0x00005432') +define(`TCSBRK', `0x00005409') +define(`TCSBRKP', `0x00005425') +define(`TCSETA', `0x00005406') +define(`TCSETAF', `0x00005408') +define(`TCSETAW', `0x00005407') +define(`TCSETS', `0x00005402') +define(`TCSETS2', `0x402c542b') +define(`TCSETSF', `0x00005404') +define(`TCSETSF2', `0x402c542d') +define(`TCSETSW', `0x00005403') +define(`TCSETSW2', `0x402c542c') +define(`TCSETX', `0x00005433') +define(`TCSETXF', `0x00005434') +define(`TCSETXW', `0x00005435') +define(`TCXONC', `0x0000540a') +define(`TFD_IOC_SET_TICKS', `0x40085400') +define(`TIOCCBRK', `0x00005428') +define(`TIOCCONS', `0x0000541d') +define(`TIOCEXCL', `0x0000540c') +define(`TIOCGDEV', `0x80045432') +define(`TIOCGETD', `0x00005424') +define(`TIOCGEXCL', `0x80045440') +define(`TIOCGICOUNT', `0x0000545d') +define(`TIOCGLCKTRMIOS', `0x00005456') +define(`TIOCGPGRP', `0x0000540f') +define(`TIOCGPKT', `0x80045438') +define(`TIOCGPTLCK', `0x80045439') +define(`TIOCGPTN', `0x80045430') +define(`TIOCGRS485', `0x0000542e') +define(`TIOCGSERIAL', `0x0000541e') +define(`TIOCGSID', `0x00005429') +define(`TIOCGSOFTCAR', `0x00005419') +define(`TIOCGWINSZ', ifelse(target_arch, mips, 0x80087468, 0x00005413)) +define(`TIOCLINUX', `0x0000541c') +define(`TIOCMBIC', `0x00005417') +define(`TIOCMBIS', `0x00005416') +define(`TIOCMGET', `0x00005415') +define(`TIOCMIWAIT', `0x0000545c') +define(`TIOCMSET', `0x00005418') +define(`TIOCNOTTY', `0x00005422') +define(`TIOCNXCL', `0x0000540d') +define(`TIOCOUTQ', ifelse(target_arch, mips, 0x00007472, 0x00005411)) +define(`TIOCPKT', `0x00005420') +define(`TIOCSBRK', `0x00005427') +define(`TIOCSCTTY', ifelse(target_arch, mips, 0x00005480, 0x0000540e)) +define(`TIOCSERCONFIG', `0x00005453') +define(`TIOCSERGETLSR', `0x00005459') +define(`TIOCSERGETMULTI', `0x0000545a') +define(`TIOCSERGSTRUCT', `0x00005458') +define(`TIOCSERGWILD', `0x00005454') +define(`TIOCSERSETMULTI', `0x0000545b') +define(`TIOCSERSWILD', `0x00005455') +define(`TIOCSETD', `0x00005423') +define(`TIOCSIG', `0x40045436') +define(`TIOCSLCKTRMIOS', `0x00005457') +define(`TIOCSPGRP', `0x00005410') +define(`TIOCSPTLCK', `0x40045431') +define(`TIOCSRS485', `0x0000542f') +define(`TIOCSSERIAL', `0x0000541f') +define(`TIOCSSOFTCAR', `0x0000541a') +define(`TIOCSTI', `0x00005412') +define(`TIOCSWINSZ', ifelse(target_arch, mips, 0x40087467, 0x00005414)) +define(`TIOCVHANGUP', `0x00005437') +define(`TOSH_SMM', `0xc0047490') +define(`TUNATTACHFILTER', `0x401054d5') +define(`TUNDETACHFILTER', `0x401054d6') +define(`TUNER_SET_CONFIG', `0x4010645c') +define(`TUNGETFEATURES', `0x800454cf') +define(`TUNGETFILTER', `0x801054db') +define(`TUNGETIFF', `0x800454d2') +define(`TUNGETSNDBUF', `0x800454d3') +define(`TUNGETVNETHDRSZ', `0x800454d7') +define(`TUNGETVNETLE', `0x800454dd') +define(`TUNSETDEBUG', `0x400454c9') +define(`TUNSETGROUP', `0x400454ce') +define(`TUNSETIFF', `0x400454ca') +define(`TUNSETIFINDEX', `0x400454da') +define(`TUNSETLINK', `0x400454cd') +define(`TUNSETNOCSUM', `0x400454c8') +define(`TUNSETOFFLOAD', `0x400454d0') +define(`TUNSETOWNER', `0x400454cc') +define(`TUNSETPERSIST', `0x400454cb') +define(`TUNSETQUEUE', `0x400454d9') +define(`TUNSETSNDBUF', `0x400454d4') +define(`TUNSETTXFILTER', `0x400454d1') +define(`TUNSETVNETHDRSZ', `0x400454d8') +define(`TUNSETVNETLE', `0x400454dc') +define(`UBI_IOCATT', `0x40186f40') +define(`UBI_IOCDET', `0x40046f41') +define(`UBI_IOCEBCH', `0x40044f02') +define(`UBI_IOCEBER', `0x40044f01') +define(`UBI_IOCEBISMAP', `0x80044f05') +define(`UBI_IOCEBMAP', `0x40084f03') +define(`UBI_IOCEBUNMAP', `0x40044f04') +define(`UBI_IOCMKVOL', `0x40986f00') +define(`UBI_IOCRMVOL', `0x40046f01') +define(`UBI_IOCRNVOL', `0x51106f03') +define(`UBI_IOCRSVOL', `0x400c6f02') +define(`UBI_IOCSETVOLPROP', `0x40104f06') +define(`UBI_IOCVOLCRBLK', `0x40804f07') +define(`UBI_IOCVOLRMBLK', `0x00004f08') +define(`UBI_IOCVOLUP', `0x40084f00') +define(`UDF_GETEABLOCK', `0x80086c41') +define(`UDF_GETEASIZE', `0x80046c40') +define(`UDF_GETVOLIDENT', `0x80086c42') +define(`UDF_RELOCATE_BLOCKS', `0xc0086c43') +define(`UI_BEGIN_FF_ERASE', `0xc00c55ca') +define(`UI_BEGIN_FF_UPLOAD', `0xc06855c8') +define(`UI_DEV_CREATE', `0x00005501') +define(`UI_DEV_DESTROY', `0x00005502') +define(`UI_END_FF_ERASE', `0x400c55cb') +define(`UI_END_FF_UPLOAD', `0x406855c9') +define(`UI_GET_VERSION', `0x8004552d') +define(`UI_SET_ABSBIT', `0x40045567') +define(`UI_SET_EVBIT', `0x40045564') +define(`UI_SET_FFBIT', `0x4004556b') +define(`UI_SET_KEYBIT', `0x40045565') +define(`UI_SET_LEDBIT', `0x40045569') +define(`UI_SET_MSCBIT', `0x40045568') +define(`UI_SET_PHYS', `0x4008556c') +define(`UI_SET_PROPBIT', `0x4004556e') +define(`UI_SET_RELBIT', `0x40045566') +define(`UI_SET_SNDBIT', `0x4004556a') +define(`UI_SET_SWBIT', `0x4004556d') +define(`UNPROTECT_ARRAY', `0x00000926') +define(`USBDEVFS_ALLOC_STREAMS', `0x8008551c') +define(`USBDEVFS_BULK', `0xc0185502') +define(`USBDEVFS_BULK32', `0xc0105502') +define(`USBDEVFS_CLAIMINTERFACE', `0x8004550f') +define(`USBDEVFS_CLAIM_PORT', `0x80045518') +define(`USBDEVFS_CLEAR_HALT', `0x80045515') +define(`USBDEVFS_CONNECT', `0x00005517') +define(`USBDEVFS_CONNECTINFO', `0x40085511') +define(`USBDEVFS_CONTROL', `0xc0185500') +define(`USBDEVFS_CONTROL32', `0xc0105500') +define(`USBDEVFS_DISCARDURB', `0x0000550b') +define(`USBDEVFS_DISCONNECT', `0x00005516') +define(`USBDEVFS_DISCONNECT_CLAIM', `0x8108551b') +define(`USBDEVFS_DISCSIGNAL', `0x8010550e') +define(`USBDEVFS_DISCSIGNAL32', `0x8008550e') +define(`USBDEVFS_FREE_STREAMS', `0x8008551d') +define(`USBDEVFS_GET_CAPABILITIES', `0x8004551a') +define(`USBDEVFS_GETDRIVER', `0x41045508') +define(`USBDEVFS_HUB_PORTINFO', `0x80805513') +define(`USBDEVFS_IOCTL', `0xc0105512') +define(`USBDEVFS_IOCTL32', `0xc00c5512') +define(`USBDEVFS_REAPURB', `0x4008550c') +define(`USBDEVFS_REAPURB32', `0x4004550c') +define(`USBDEVFS_REAPURBNDELAY', `0x4008550d') +define(`USBDEVFS_REAPURBNDELAY32', `0x4004550d') +define(`USBDEVFS_RELEASEINTERFACE', `0x80045510') +define(`USBDEVFS_RELEASE_PORT', `0x80045519') +define(`USBDEVFS_RESET', `0x00005514') +define(`USBDEVFS_RESETEP', `0x80045503') +define(`USBDEVFS_SETCONFIGURATION', `0x80045505') +define(`USBDEVFS_SETINTERFACE', `0x80085504') +define(`USBDEVFS_SUBMITURB', `0x8038550a') +define(`USBDEVFS_SUBMITURB32', `0x802a550a') +define(`USBTMC_IOCTL_ABORT_BULK_IN', `0x00005b04') +define(`USBTMC_IOCTL_ABORT_BULK_OUT', `0x00005b03') +define(`USBTMC_IOCTL_CLEAR', `0x00005b02') +define(`USBTMC_IOCTL_CLEAR_IN_HALT', `0x00005b07') +define(`USBTMC_IOCTL_CLEAR_OUT_HALT', `0x00005b06') +define(`USBTMC_IOCTL_INDICATOR_PULSE', `0x00005b01') +define(`UVCIOC_CTRL_MAP', `0xc0607520') +define(`UVCIOC_CTRL_QUERY', `0xc0107521') +define(`V4L2_SUBDEV_IR_RX_NOTIFY', `0x40047600') +define(`V4L2_SUBDEV_IR_TX_NOTIFY', `0x40047601') +define(`VFAT_IOCTL_READDIR_BOTH', `0x82307201') +define(`VFAT_IOCTL_READDIR_SHORT', `0x82307202') +define(`VFIO_CHECK_EXTENSION', `0x00003b65') +define(`VFIO_DEVICE_GET_INFO', `0x00003b6b') +define(`VFIO_DEVICE_GET_IRQ_INFO', `0x00003b6d') +define(`VFIO_DEVICE_GET_PCI_HOT_RESET_INFO', `0x00003b70') +define(`VFIO_DEVICE_GET_REGION_INFO', `0x00003b6c') +define(`VFIO_DEVICE_PCI_HOT_RESET', `0x00003b71') +define(`VFIO_DEVICE_RESET', `0x00003b6f') +define(`VFIO_DEVICE_SET_IRQS', `0x00003b6e') +define(`VFIO_EEH_PE_OP', `0x00003b79') +define(`VFIO_GET_API_VERSION', `0x00003b64') +define(`VFIO_GROUP_GET_DEVICE_FD', `0x00003b6a') +define(`VFIO_GROUP_GET_STATUS', `0x00003b67') +define(`VFIO_GROUP_SET_CONTAINER', `0x00003b68') +define(`VFIO_GROUP_UNSET_CONTAINER', `0x00003b69') +define(`VFIO_IOMMU_DISABLE', `0x00003b74') +define(`VFIO_IOMMU_ENABLE', `0x00003b73') +define(`VFIO_IOMMU_GET_INFO', `0x00003b70') +define(`VFIO_IOMMU_MAP_DMA', `0x00003b71') +define(`VFIO_IOMMU_SPAPR_TCE_GET_INFO', `0x00003b70') +define(`VFIO_IOMMU_UNMAP_DMA', `0x00003b72') +define(`VFIO_SET_IOMMU', `0x00003b66') +define(`VHOST_GET_FEATURES', `0x8008af00') +define(`VHOST_GET_VRING_BASE', `0xc008af12') +define(`VHOST_NET_SET_BACKEND', `0x4008af30') +define(`VHOST_RESET_OWNER', `0x0000af02') +define(`VHOST_SCSI_CLEAR_ENDPOINT', `0x40e8af41') +define(`VHOST_SCSI_GET_ABI_VERSION', `0x4004af42') +define(`VHOST_SCSI_GET_EVENTS_MISSED', `0x4004af44') +define(`VHOST_SCSI_SET_ENDPOINT', `0x40e8af40') +define(`VHOST_SCSI_SET_EVENTS_MISSED', `0x4004af43') +define(`VHOST_SET_FEATURES', `0x4008af00') +define(`VHOST_SET_LOG_BASE', `0x4008af04') +define(`VHOST_SET_LOG_FD', `0x4004af07') +define(`VHOST_SET_MEM_TABLE', `0x4008af03') +define(`VHOST_SET_OWNER', `0x0000af01') +define(`VHOST_SET_VRING_ADDR', `0x4028af11') +define(`VHOST_SET_VRING_BASE', `0x4008af12') +define(`VHOST_SET_VRING_CALL', `0x4008af21') +define(`VHOST_SET_VRING_ERR', `0x4008af22') +define(`VHOST_SET_VRING_KICK', `0x4008af20') +define(`VHOST_SET_VRING_NUM', `0x4008af10') +define(`VIDEO_CLEAR_BUFFER', `0x00006f22') +define(`VIDEO_COMMAND', `0xc0486f3b') +define(`VIDEO_CONTINUE', `0x00006f18') +define(`VIDEO_FAST_FORWARD', `0x00006f1f') +define(`VIDEO_FREEZE', `0x00006f17') +define(`VIDEO_GET_CAPABILITIES', `0x80046f21') +define(`VIDEO_GET_EVENT', `0x80206f1c') +define(`VIDEO_GET_FRAME_COUNT', `0x80086f3a') +define(`VIDEO_GET_FRAME_RATE', `0x80046f38') +define(`VIDEO_GET_NAVI', `0x84046f34') +define(`VIDEO_GET_PTS', `0x80086f39') +define(`VIDEO_GET_SIZE', `0x800c6f37') +define(`VIDEO_GET_STATUS', `0x80146f1b') +define(`VIDEO_PLAY', `0x00006f16') +define(`VIDEO_SELECT_SOURCE', `0x00006f19') +define(`VIDEO_SET_ATTRIBUTES', `0x00006f35') +define(`VIDEO_SET_BLANK', `0x00006f1a') +define(`VIDEO_SET_DISPLAY_FORMAT', `0x00006f1d') +define(`VIDEO_SET_FORMAT', `0x00006f25') +define(`VIDEO_SET_HIGHLIGHT', `0x40106f27') +define(`VIDEO_SET_ID', `0x00006f23') +define(`VIDEO_SET_SPU', `0x40086f32') +define(`VIDEO_SET_SPU_PALETTE', `0x40106f33') +define(`VIDEO_SET_STREAMTYPE', `0x00006f24') +define(`VIDEO_SET_SYSTEM', `0x00006f26') +define(`VIDEO_SLOWMOTION', `0x00006f20') +define(`VIDEO_STILLPICTURE', `0x40106f1e') +define(`VIDEO_STOP', `0x00006f15') +define(`VIDEO_TRY_COMMAND', `0xc0486f3c') +define(`VIDIOC_CREATE_BUFS', `0xc100565c') +define(`VIDIOC_CROPCAP', `0xc02c563a') +define(`VIDIOC_DBG_G_CHIP_INFO', `0xc0c85666') +define(`VIDIOC_DBG_G_REGISTER', `0xc0385650') +define(`VIDIOC_DBG_S_REGISTER', `0x4038564f') +define(`VIDIOC_DECODER_CMD', `0xc0485660') +define(`VIDIOC_DQBUF', `0xc0585611') +define(`VIDIOC_DQEVENT', `0x80885659') +define(`VIDIOC_DV_TIMINGS_CAP', `0xc0905664') +define(`VIDIOC_ENCODER_CMD', `0xc028564d') +define(`VIDIOC_ENUMAUDIO', `0xc0345641') +define(`VIDIOC_ENUMAUDOUT', `0xc0345642') +define(`VIDIOC_ENUM_DV_TIMINGS', `0xc0945662') +define(`VIDIOC_ENUM_FMT', `0xc0405602') +define(`VIDIOC_ENUM_FRAMEINTERVALS', `0xc034564b') +define(`VIDIOC_ENUM_FRAMESIZES', `0xc02c564a') +define(`VIDIOC_ENUM_FREQ_BANDS', `0xc0405665') +define(`VIDIOC_ENUMINPUT', `0xc050561a') +define(`VIDIOC_ENUMOUTPUT', `0xc0485630') +define(`VIDIOC_ENUMSTD', `0xc0485619') +define(`VIDIOC_EXPBUF', `0xc0405610') +define(`VIDIOC_G_AUDIO', `0x80345621') +define(`VIDIOC_G_AUDOUT', `0x80345631') +define(`VIDIOC_G_CROP', `0xc014563b') +define(`VIDIOC_G_CTRL', `0xc008561b') +define(`VIDIOC_G_DV_TIMINGS', `0xc0845658') +define(`VIDIOC_G_EDID', `0xc0285628') +define(`VIDIOC_G_ENC_INDEX', `0x8818564c') +define(`VIDIOC_G_EXT_CTRLS', `0xc0205647') +define(`VIDIOC_G_FBUF', `0x8030560a') +define(`VIDIOC_G_FMT', `0xc0d05604') +define(`VIDIOC_G_FREQUENCY', `0xc02c5638') +define(`VIDIOC_G_INPUT', `0x80045626') +define(`VIDIOC_G_JPEGCOMP', `0x808c563d') +define(`VIDIOC_G_MODULATOR', `0xc0445636') +define(`VIDIOC_G_OUTPUT', `0x8004562e') +define(`VIDIOC_G_PARM', `0xc0cc5615') +define(`VIDIOC_G_PRIORITY', `0x80045643') +define(`VIDIOC_G_SELECTION', `0xc040565e') +define(`VIDIOC_G_SLICED_VBI_CAP', `0xc0745645') +define(`VIDIOC_G_STD', `0x80085617') +define(`VIDIOC_G_TUNER', `0xc054561d') +define(`VIDIOC_INT_RESET', `0x40046466') +define(`VIDIOC_LOG_STATUS', `0x00005646') +define(`VIDIOC_OMAP3ISP_AEWB_CFG', `0xc02056c3') +define(`VIDIOC_OMAP3ISP_AF_CFG', `0xc04c56c5') +define(`VIDIOC_OMAP3ISP_CCDC_CFG', `0xc03856c1') +define(`VIDIOC_OMAP3ISP_HIST_CFG', `0xc03056c4') +define(`VIDIOC_OMAP3ISP_PRV_CFG', `0xc07056c2') +define(`VIDIOC_OMAP3ISP_STAT_EN', `0xc00856c7') +define(`VIDIOC_OMAP3ISP_STAT_REQ', `0xc02856c6') +define(`VIDIOC_OVERLAY', `0x4004560e') +define(`VIDIOC_PREPARE_BUF', `0xc058565d') +define(`VIDIOC_QBUF', `0xc058560f') +define(`VIDIOC_QUERYBUF', `0xc0585609') +define(`VIDIOC_QUERYCAP', `0x80685600') +define(`VIDIOC_QUERYCTRL', `0xc0445624') +define(`VIDIOC_QUERY_DV_TIMINGS', `0x80845663') +define(`VIDIOC_QUERY_EXT_CTRL', `0xc0e85667') +define(`VIDIOC_QUERYMENU', `0xc02c5625') +define(`VIDIOC_QUERYSTD', `0x8008563f') +define(`VIDIOC_REQBUFS', `0xc0145608') +define(`VIDIOC_RESERVED', `0x00005601') +define(`VIDIOC_S_AUDIO', `0x40345622') +define(`VIDIOC_S_AUDOUT', `0x40345632') +define(`VIDIOC_S_CROP', `0x4014563c') +define(`VIDIOC_S_CTRL', `0xc008561c') +define(`VIDIOC_S_DV_TIMINGS', `0xc0845657') +define(`VIDIOC_S_EDID', `0xc0285629') +define(`VIDIOC_S_EXT_CTRLS', `0xc0205648') +define(`VIDIOC_S_FBUF', `0x4030560b') +define(`VIDIOC_S_FMT', `0xc0d05605') +define(`VIDIOC_S_FREQUENCY', `0x402c5639') +define(`VIDIOC_S_HW_FREQ_SEEK', `0x40305652') +define(`VIDIOC_S_INPUT', `0xc0045627') +define(`VIDIOC_S_JPEGCOMP', `0x408c563e') +define(`VIDIOC_S_MODULATOR', `0x40445637') +define(`VIDIOC_S_OUTPUT', `0xc004562f') +define(`VIDIOC_S_PARM', `0xc0cc5616') +define(`VIDIOC_S_PRIORITY', `0x40045644') +define(`VIDIOC_S_SELECTION', `0xc040565f') +define(`VIDIOC_S_STD', `0x40085618') +define(`VIDIOC_STREAMOFF', `0x40045613') +define(`VIDIOC_STREAMON', `0x40045612') +define(`VIDIOC_S_TUNER', `0x4054561e') +define(`VIDIOC_SUBDEV_DV_TIMINGS_CAP', `0xc0905664') +define(`VIDIOC_SUBDEV_ENUM_DV_TIMINGS', `0xc0945662') +define(`VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL', `0xc040564b') +define(`VIDIOC_SUBDEV_ENUM_FRAME_SIZE', `0xc040564a') +define(`VIDIOC_SUBDEV_ENUM_MBUS_CODE', `0xc0305602') +define(`VIDIOC_SUBDEV_G_CROP', `0xc038563b') +define(`VIDIOC_SUBDEV_G_DV_TIMINGS', `0xc0845658') +define(`VIDIOC_SUBDEV_G_EDID', `0xc0285628') +define(`VIDIOC_SUBDEV_G_FMT', `0xc0585604') +define(`VIDIOC_SUBDEV_G_FRAME_INTERVAL', `0xc0305615') +define(`VIDIOC_SUBDEV_G_SELECTION', `0xc040563d') +define(`VIDIOC_SUBDEV_QUERY_DV_TIMINGS', `0x80845663') +define(`VIDIOC_SUBDEV_S_CROP', `0xc038563c') +define(`VIDIOC_SUBDEV_S_DV_TIMINGS', `0xc0845657') +define(`VIDIOC_SUBDEV_S_EDID', `0xc0285629') +define(`VIDIOC_SUBDEV_S_FMT', `0xc0585605') +define(`VIDIOC_SUBDEV_S_FRAME_INTERVAL', `0xc0305616') +define(`VIDIOC_SUBDEV_S_SELECTION', `0xc040563e') +define(`VIDIOC_SUBSCRIBE_EVENT', `0x4020565a') +define(`VIDIOC_TRY_DECODER_CMD', `0xc0485661') +define(`VIDIOC_TRY_ENCODER_CMD', `0xc028564e') +define(`VIDIOC_TRY_EXT_CTRLS', `0xc0205649') +define(`VIDIOC_TRY_FMT', `0xc0d05640') +define(`VIDIOC_UNSUBSCRIBE_EVENT', `0x4020565b') +define(`VIDIOC_VSP1_LUT_CONFIG', `0xc40056c1') +define(`VPFE_CMD_S_CCDC_RAW_PARAMS', `0x400856c1') +define(`VT_ACTIVATE', `0x00005606') +define(`VT_DISALLOCATE', `0x00005608') +define(`VT_GETHIFONTMASK', `0x0000560d') +define(`VT_GETMODE', `0x00005601') +define(`VT_GETSTATE', `0x00005603') +define(`VT_LOCKSWITCH', `0x0000560b') +define(`VT_OPENQRY', `0x00005600') +define(`VT_RELDISP', `0x00005605') +define(`VT_RESIZE', `0x00005609') +define(`VT_RESIZEX', `0x0000560a') +define(`VT_SENDSIG', `0x00005604') +define(`VT_SETACTIVATE', `0x0000560f') +define(`VT_SETMODE', `0x00005602') +define(`VT_UNLOCKSWITCH', `0x0000560c') +define(`VT_WAITACTIVE', `0x00005607') +define(`VT_WAITEVENT', `0x0000560e') +define(`WAN_IOC_ADD_FLT_INDEX', `0x00006902') +define(`WAN_IOC_ADD_FLT_RULE', `0x00006900') +define(`WDIOC_GETBOOTSTATUS', `0x80045702') +define(`WDIOC_GETPRETIMEOUT', `0x80045709') +define(`WDIOC_GETSTATUS', `0x80045701') +define(`WDIOC_GETSUPPORT', `0x80285700') +define(`WDIOC_GETTEMP', `0x80045703') +define(`WDIOC_GETTIMELEFT', `0x8004570a') +define(`WDIOC_GETTIMEOUT', `0x80045707') +define(`WDIOC_KEEPALIVE', `0x80045705') +define(`WDIOC_SETOPTIONS', `0x80045704') +define(`WDIOC_SETPRETIMEOUT', `0xc0045708') +define(`WDIOC_SETTIMEOUT', `0xc0045706') +define(`WRITE_RAID_INFO', `0x00000925') +define(`X86_IOC_RDMSR_REGS', `0xc02063a0') +define(`X86_IOC_WRMSR_REGS', `0xc02063a1') +define(`ZATM_GETPOOL', `0x40106161') +define(`ZATM_GETPOOLZ', `0x40106162') +define(`ZATM_SETPOOL', `0x40106163') diff --git a/prebuilts/api/30.0/public/ioctl_macros b/prebuilts/api/30.0/public/ioctl_macros new file mode 100644 index 000000000..5cbfae53f --- /dev/null +++ b/prebuilts/api/30.0/public/ioctl_macros @@ -0,0 +1,68 @@ +# socket ioctls allowed to unprivileged apps +define(`unpriv_sock_ioctls', ` +{ +# Socket ioctls for gathering information about the interface +SIOCGSTAMP SIOCGSTAMPNS +SIOCGIFNAME SIOCGIFCONF SIOCGIFFLAGS SIOCGIFADDR SIOCGIFDSTADDR SIOCGIFBRDADDR +SIOCGIFNETMASK SIOCGIFMTU SIOCGIFINDEX SIOCGIFCOUNT SIOCGIFTXQLEN +# Wireless extension ioctls. Primarily get functions. +SIOCGIWNAME SIOCGIWFREQ SIOCGIWMODE SIOCGIWSENS SIOCGIWRANGE SIOCGIWPRIV +SIOCGIWSTATS SIOCGIWSPY SIOCSIWTHRSPY SIOCGIWTHRSPY SIOCGIWRATE SIOCGIWRTS +SIOCGIWFRAG SIOCGIWTXPOW SIOCGIWRETRY SIOCGIWPOWER +}') + +# socket ioctls never allowed to unprivileged apps +define(`priv_sock_ioctls', ` +{ +# qualcomm rmnet ioctls +WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX +# socket ioctls +SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR +SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM +SIOCSIFMEM SIOCSIFMTU SIOCSIFNAME SIOCSIFHWADDR SIOCGIFENCAP SIOCSIFENCAP +SIOCGIFHWADDR SIOCGIFSLAVE SIOCSIFSLAVE SIOCADDMULTI SIOCDELMULTI +SIOCSIFPFLAGS SIOCGIFPFLAGS SIOCDIFADDR SIOCSIFHWBROADCAST SIOCKILLADDR SIOCGIFBR SIOCSIFBR +SIOCSIFTXQLEN SIOCETHTOOL SIOCGMIIPHY SIOCGMIIREG SIOCSMIIREG SIOCWANDEV +SIOCOUTQNSD SIOCDARP SIOCGARP SIOCSARP SIOCDRARP SIOCGRARP SIOCSRARP SIOCGIFMAP +SIOCSIFMAP SIOCADDDLCI SIOCDELDLCI SIOCGIFVLAN SIOCSIFVLAN SIOCBONDENSLAVE +SIOCBONDRELEASE SIOCBONDSETHWADDR SIOCBONDSLAVEINFOQUERY SIOCBONDINFOQUERY +SIOCBONDCHANGEACTIVE SIOCBRADDBR SIOCBRDELBR SIOCBRADDIF SIOCBRDELIF SIOCSHWTSTAMP +# device and protocol specific ioctls +SIOCDEVPRIVATE-SIOCDEVPRIVLAST +SIOCPROTOPRIVATE-SIOCPROTOPRIVLAST +# Wireless extension ioctls +SIOCSIWCOMMIT SIOCSIWNWID SIOCSIWFREQ SIOCSIWMODE SIOCSIWSENS SIOCSIWRANGE +SIOCSIWPRIV SIOCSIWSTATS SIOCSIWSPY SIOCSIWAP SIOCGIWAP SIOCSIWMLME SIOCGIWAPLIST +SIOCSIWSCAN SIOCGIWSCAN SIOCSIWESSID SIOCGIWESSID SIOCSIWNICKN SIOCGIWNICKN +SIOCSIWRATE SIOCSIWRTS SIOCSIWFRAG SIOCSIWTXPOW SIOCSIWRETRY SIOCSIWENCODE +SIOCGIWENCODE SIOCSIWPOWER SIOCSIWGENIE SIOCGIWGENIE SIOCSIWAUTH SIOCGIWAUTH +SIOCSIWENCODEEXT SIOCGIWENCODEEXT SIOCSIWPMKSA +# Dev private ioctl i.e. hardware specific ioctls +SIOCIWFIRSTPRIV-SIOCIWLASTPRIV +}') + +# commonly used ioctls on unix sockets +define(`unpriv_unix_sock_ioctls', `{ + TIOCOUTQ FIOCLEX FIONCLEX TCGETS TIOCGWINSZ TIOCSWINSZ FIONREAD +}') + +# commonly used TTY ioctls +# merge with unpriv_unix_sock_ioctls? +define(`unpriv_tty_ioctls', `{ + TIOCOUTQ FIOCLEX FIONCLEX TCGETS TCSETS TIOCGWINSZ TIOCSWINSZ TIOCSCTTY + TCSETSW TCFLSH TIOCSPGRP TIOCGPGRP +}') + +# point to point ioctls +define(`ppp_ioctls', `{ +PPPIOCGL2TPSTATS PPPIOCGCHAN PPPIOCATTCHAN PPPIOCDISCONN +PPPIOCCONNECT PPPIOCSMRRU PPPIOCDETACH PPPIOCATTACH +PPPIOCNEWUNIT PPPIOCGIDLE PPPIOCSDEBUG PPPIOCGDEBUG +PPPIOCSACTIVE PPPIOCSPASS PPPIOCSNPMODE PPPIOCGNPMODE +PPPIOCSCOMPRESS PPPIOCXFERUNIT PPPIOCSXASYNCMAP +PPPIOCGXASYNCMAP PPPIOCSMAXCID PPPIOCSMRU PPPIOCGMRU +PPPIOCSRASYNCMAP PPPIOCGRASYNCMAP PPPIOCGUNIT PPPIOCSASYNCMAP +PPPIOCGASYNCMAP PPPIOCSFLAGS PPPIOCGFLAGS PPPIOCGCALLINFO +PPPIOCBUNDLE PPPIOCGMPFLAGS PPPIOCSMPFLAGS PPPIOCSMPMTU +PPPIOCSMPMRU PPPIOCGCOMPRESSORS PPPIOCSCOMPRESSOR PPPIOCGIFNAME +}') diff --git a/prebuilts/api/30.0/public/iorap_inode2filename.te b/prebuilts/api/30.0/public/iorap_inode2filename.te new file mode 100644 index 000000000..4041ddd83 --- /dev/null +++ b/prebuilts/api/30.0/public/iorap_inode2filename.te @@ -0,0 +1,77 @@ +# iorap.inode2filename -> look up file paths from an inode +type iorap_inode2filename, domain; +type iorap_inode2filename_exec, exec_type, file_type, system_file_type; +type iorap_inode2filename_tmpfs, file_type; + +r_dir_file(iorap_inode2filename, rootfs) + +# Allow usage of pipes (child stdout -> parent pipe). +allow iorap_inode2filename iorapd:fd use; +allow iorap_inode2filename iorapd:fifo_file { read write getattr }; + +# Allow reading most files under / ignoring usual access controls. +allow iorap_inode2filename self:capability dac_read_search; + +typeattribute iorap_inode2filename mlstrustedsubject; + +# Grant access to open most of the files under / +allow iorap_inode2filename apex_data_file:dir { getattr open read search }; +allow iorap_inode2filename apex_data_file:file { getattr }; +allow iorap_inode2filename apex_mnt_dir:dir { getattr open read search }; +allow iorap_inode2filename apex_mnt_dir:file { getattr }; +allow iorap_inode2filename apk_data_file:dir { getattr open read search }; +allow iorap_inode2filename apk_data_file:file { getattr }; +allow iorap_inode2filename app_data_file:dir { getattr open read search }; +allow iorap_inode2filename app_data_file:file { getattr }; +allow iorap_inode2filename backup_data_file:dir { getattr open read search }; +allow iorap_inode2filename backup_data_file:file { getattr }; +allow iorap_inode2filename bluetooth_data_file:dir { getattr open read search }; +allow iorap_inode2filename bluetooth_data_file:file { getattr }; +allow iorap_inode2filename bootchart_data_file:dir { getattr open read search }; +allow iorap_inode2filename bootchart_data_file:file { getattr }; +allow iorap_inode2filename metadata_file:dir { getattr open read search search }; +allow iorap_inode2filename metadata_file:file { getattr }; +allow iorap_inode2filename packages_list_file:dir { getattr open read search }; +allow iorap_inode2filename packages_list_file:file { getattr }; +allow iorap_inode2filename privapp_data_file:dir { getattr open read search }; +allow iorap_inode2filename privapp_data_file:file { getattr }; +allow iorap_inode2filename property_data_file:dir { getattr open read search }; +allow iorap_inode2filename property_data_file:file { getattr }; +allow iorap_inode2filename radio_data_file:dir { getattr open read search }; +allow iorap_inode2filename radio_data_file:file { getattr }; +allow iorap_inode2filename resourcecache_data_file:dir { getattr open read search }; +allow iorap_inode2filename resourcecache_data_file:file { getattr }; +allow iorap_inode2filename recovery_data_file:dir { getattr open read search }; +allow iorap_inode2filename ringtone_file:dir { getattr open read search }; +allow iorap_inode2filename ringtone_file:file { getattr }; +allow iorap_inode2filename same_process_hal_file:dir { getattr open read search }; +allow iorap_inode2filename same_process_hal_file:file { getattr }; +allow iorap_inode2filename sepolicy_file:file { getattr }; +allow iorap_inode2filename staging_data_file:dir { getattr open read search }; +allow iorap_inode2filename staging_data_file:file { getattr }; +allow iorap_inode2filename system_bootstrap_lib_file:dir { getattr open read search }; +allow iorap_inode2filename system_bootstrap_lib_file:file { getattr }; +allow iorap_inode2filename system_app_data_file:dir { getattr open read search }; +allow iorap_inode2filename system_app_data_file:file { getattr }; +allow iorap_inode2filename system_data_file:dir { getattr open read search }; +allow iorap_inode2filename system_data_file:file { getattr }; +allow iorap_inode2filename system_data_file:lnk_file { getattr open read }; +allow iorap_inode2filename system_data_root_file:dir { getattr open read search }; +allow iorap_inode2filename textclassifier_data_file:dir { getattr open read search }; +allow iorap_inode2filename textclassifier_data_file:file { getattr }; +allow iorap_inode2filename toolbox_exec:file getattr; +allow iorap_inode2filename user_profile_data_file:dir { getattr open read search }; +allow iorap_inode2filename user_profile_data_file:file { getattr }; +allow iorap_inode2filename unencrypted_data_file:dir { getattr open read search }; +allow iorap_inode2filename unlabeled:file { getattr }; +allow iorap_inode2filename vendor_file:dir { getattr open read search }; +allow iorap_inode2filename vendor_file:file { getattr }; +allow iorap_inode2filename vendor_overlay_file:file { getattr }; +allow iorap_inode2filename zygote_exec:file { getattr }; + +### +### neverallow rules +### + +neverallow { domain -init -iorapd } iorap_inode2filename:process { transition dyntransition }; +neverallow iorap_inode2filename domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/iorap_prefetcherd.te b/prebuilts/api/30.0/public/iorap_prefetcherd.te new file mode 100644 index 000000000..ad9db142b --- /dev/null +++ b/prebuilts/api/30.0/public/iorap_prefetcherd.te @@ -0,0 +1,54 @@ +# volume manager +type iorap_prefetcherd, domain; +type iorap_prefetcherd_exec, exec_type, file_type, system_file_type; +type iorap_prefetcherd_tmpfs, file_type; + +r_dir_file(iorap_prefetcherd, rootfs) + +# Allow read/write /proc/sys/vm/drop/caches +allow iorap_prefetcherd proc_drop_caches:file rw_file_perms; + +# iorap_prefetcherd temporarily changes its priority when running benchmarks +allow iorap_prefetcherd self:global_capability_class_set sys_nice; + +# Allow usage of pipes (--input-fd=# and --output-fd=# command line parameters). +allow iorap_prefetcherd iorapd:fd use; +allow iorap_prefetcherd iorapd:fifo_file { read write }; + +# Allow reading most files under / ignoring usual access controls. +allow iorap_prefetcherd self:capability dac_read_search; + +typeattribute iorap_prefetcherd mlstrustedsubject; + +# Grant logcat access +allow iorap_prefetcherd logcat_exec:file { open read }; + +# Grant access to open most of the files under / +allow iorap_prefetcherd apk_data_file:dir { open read search }; +allow iorap_prefetcherd apk_data_file:file { open read }; +allow iorap_prefetcherd app_data_file:dir { open read search }; +allow iorap_prefetcherd app_data_file:file { open read }; +allow iorap_prefetcherd dalvikcache_data_file:dir { open read search }; +allow iorap_prefetcherd dalvikcache_data_file:file{ open read }; +allow iorap_prefetcherd packages_list_file:dir { open read search }; +allow iorap_prefetcherd packages_list_file:file { open read }; +allow iorap_prefetcherd privapp_data_file:dir { open read search }; +allow iorap_prefetcherd privapp_data_file:file { open read }; +allow iorap_prefetcherd same_process_hal_file:dir{ open read search }; +allow iorap_prefetcherd same_process_hal_file:file { open read }; +allow iorap_prefetcherd system_data_file:dir { open read search }; +allow iorap_prefetcherd system_data_file:file { open read }; +allow iorap_prefetcherd system_data_file:lnk_file { open read }; +allow iorap_prefetcherd user_profile_data_file:dir { open read search }; +allow iorap_prefetcherd user_profile_data_file:file { open read }; +allow iorap_prefetcherd vendor_overlay_file:dir { open read search }; +allow iorap_prefetcherd vendor_overlay_file:file { open read }; +# Note: Do not add any /vendor labels because they can be customized +# by the vendor and we won't know about them beforehand. + +### +### neverallow rules +### + +neverallow { domain -init -iorapd } iorap_prefetcherd:process { transition dyntransition }; +neverallow iorap_prefetcherd domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/iorapd.te b/prebuilts/api/30.0/public/iorapd.te new file mode 100644 index 000000000..426eccae6 --- /dev/null +++ b/prebuilts/api/30.0/public/iorapd.te @@ -0,0 +1,85 @@ +# volume manager +type iorapd, domain; +type iorapd_exec, exec_type, file_type, system_file_type; +type iorapd_tmpfs, file_type; + +r_dir_file(iorapd, rootfs) + +# Allow read/write /proc/sys/vm/drop/caches +allow iorapd proc_drop_caches:file rw_file_perms; + +# Give iorapd a place where only iorapd can store files; everyone else is off limits +allow iorapd iorapd_data_file:dir create_dir_perms; +allow iorapd iorapd_data_file:file create_file_perms; + +# Allow iorapd to publish a binder service and make binder calls. +binder_use(iorapd) +add_service(iorapd, iorapd_service) + +# Allow iorapd to call into the system server so it can check permissions. +binder_call(iorapd, system_server) +allow iorapd permission_service:service_manager find; +# IUserManager +allow iorapd user_service:service_manager find; +# IPackageManagerNative +allow iorapd package_native_service:service_manager find; +# Allow dumpstate (bugreport) to call into iorapd. +allow iorapd dumpstate:fd use; +allow iorapd dumpstate:fifo_file write; + +# talk to batteryservice +binder_call(iorapd, healthd) + +# TODO: does each of the service_manager allow finds above need the binder_call? + +# iorapd temporarily changes its priority when running benchmarks +allow iorapd self:global_capability_class_set sys_nice; + +# Allow to access Perfetto traced's privileged consumer socket to start/stop +# tracing sessions and read trace data. +unix_socket_connect(iorapd, traced_consumer, traced) + +# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time. +allow iorapd system_file:file rx_file_perms; + +### +### neverallow rules +### + +neverallow { + domain + -iorapd +} iorapd_data_file:dir ~{ open create read getattr setattr search relabelto ioctl }; + +neverallow { + domain + -init + -iorapd +} iorapd_data_file:dir *; + +neverallow { + domain + -kernel + -iorapd +} iorapd_data_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { + domain + -init + -kernel + -vendor_init + -iorapd +} { iorapd_data_file }:notdevfile_class_set *; + +# Only system_server and shell (for dumpsys) can interact with iorapd over binder +neverallow { domain -dumpstate -system_server -iorapd } iorapd_service:service_manager find; +neverallow iorapd { + domain + -healthd + -servicemanager + -system_server + userdebug_or_eng(`-su') +}:binder call; + +neverallow { domain -init } iorapd:process { transition dyntransition }; +neverallow iorapd domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/isolated_app.te b/prebuilts/api/30.0/public/isolated_app.te new file mode 100644 index 000000000..a907dacc2 --- /dev/null +++ b/prebuilts/api/30.0/public/isolated_app.te @@ -0,0 +1,9 @@ +### +### Services with isolatedProcess=true in their manifest. +### +### This file defines the rules for isolated apps. An "isolated +### app" is an APP with UID between AID_ISOLATED_START (99000) +### and AID_ISOLATED_END (99999). +### + +type isolated_app, domain; diff --git a/prebuilts/api/30.0/public/kernel.te b/prebuilts/api/30.0/public/kernel.te new file mode 100644 index 000000000..42fe2c476 --- /dev/null +++ b/prebuilts/api/30.0/public/kernel.te @@ -0,0 +1,136 @@ +# Life begins with the kernel. +type kernel, domain, mlstrustedsubject; + +allow kernel self:global_capability_class_set sys_nice; + +# Root fs. +r_dir_file(kernel, rootfs) +allow kernel proc_cmdline:file r_file_perms; + +# Get SELinux enforcing status. +allow kernel selinuxfs:dir r_dir_perms; +allow kernel selinuxfs:file r_file_perms; + +# Get file contexts during first stage +allow kernel file_contexts_file:file r_file_perms; + +# Allow init relabel itself. +allow kernel rootfs:file relabelfrom; +allow kernel init_exec:file relabelto; +# TODO: investigate why we need this. +allow kernel init:process share; + +# cgroup filesystem initialization prior to setting the cgroup root directory label. +allow kernel unlabeled:dir search; + +# Mount usbfs. +allow kernel usbfs:filesystem mount; +allow kernel usbfs:dir search; + +# Initial setenforce by init prior to switching to init domain. +# We use dontaudit instead of allow to prevent a kernel spawned userspace +# process from turning off SELinux once enabled. +dontaudit kernel self:security setenforce; + +# Write to /proc/1/oom_adj prior to switching to init domain. +allow kernel self:global_capability_class_set sys_resource; + +# Init reboot before switching selinux domains under certain error +# conditions. Allow it. +# As part of rebooting, init writes "u" to /proc/sysrq-trigger to +# remount filesystems read-only. /data is not mounted at this point, +# so we could ignore this. For now, we allow it. +allow kernel self:global_capability_class_set sys_boot; +allow kernel proc_sysrq:file w_file_perms; + +# Allow writing to /dev/kmsg which was created prior to loading policy. +allow kernel tmpfs:chr_file write; + +# Set checkreqprot by init.rc prior to switching to init domain. +allow kernel selinuxfs:file write; +allow kernel self:security setcheckreqprot; + +# kernel thread "loop0", used by the loop block device, for ASECs (b/17158723) +allow kernel sdcard_type:file { read write }; + +# f_mtp driver accesses files from kernel context. +allow kernel mediaprovider:fd use; + +# Allow the kernel to read OBB files from app directories. (b/17428116) +# Kernel thread "loop0" reads a vold supplied file descriptor. +# Fixes CTS tests: +# * android.os.storage.cts.StorageManagerTest#testMountAndUnmountObbNormal +# * android.os.storage.cts.StorageManagerTest#testMountAndUnmountTwoObbs +allow kernel vold:fd use; +allow kernel { app_data_file privapp_data_file }:file read; +allow kernel asec_image_file:file read; + +# Allow reading loop device in update_engine_unittests. (b/28319454) +# and for LTP kernel tests (b/73220071) +userdebug_or_eng(` + allow kernel update_engine_data_file:file read; + allow kernel nativetest_data_file:file { read write }; +') + +# Access to /data/media. +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow kernel media_rw_data_file:dir create_dir_perms; +allow kernel media_rw_data_file:file create_file_perms; + +# Access to /data/misc/vold/virtual_disk. +allow kernel vold_data_file:file { read write }; + +# Allow the kernel to read APEX file descriptors and (staged) data files; +# Needed because APEX uses the loopback driver, which issues requests from +# a kernel thread in earlier kernel version. +allow kernel apexd:fd use; +allow kernel { + apex_data_file + staging_data_file + vendor_apex_file +}:file read; + +# Allow the first-stage init (which is running in the kernel domain) to execute the +# dynamic linker when it re-executes /init to switch into the second stage. +# Until Linux 4.8, the program interpreter (dynamic linker in this case) is executed +# before the domain is switched to the target domain. So, we need to allow the kernel +# domain (the source domain) to execute the dynamic linker (system_file type). +# TODO(b/110147943) remove these allow rules when we no longer need to support Linux +# kernel older than 4.8. +allow kernel system_file:file execute; +# The label for the dynamic linker is rootfs in the recovery partition. This is because +# the recovery partition which is rootfs does not support xattr and thus labeling can't be +# done at build-time. All files are by default labeled as rootfs upon booting. +recovery_only(` + allow kernel rootfs:file execute; +') + +# required by VTS lidbm unit test +allow kernel appdomain_tmpfs:file { read write }; + +### +### neverallow rules +### + +# The initial task starts in the kernel domain (assigned via +# initial_sid_contexts), but nothing ever transitions to it. +neverallow * kernel:process { transition dyntransition }; + +# The kernel domain is never entered via an exec, nor should it +# ever execute a program outside the rootfs without changing to another domain. +# If you encounter an execute_no_trans denial on the kernel domain, then +# possible causes include: +# - The program is a kernel usermodehelper. In this case, define a domain +# for the program and domain_auto_trans() to it. +# - You are running an exploit which switched to the init task credentials +# and is then trying to exec a shell or other program. You lose! +neverallow kernel *:file { entrypoint execute_no_trans }; + +# the kernel should not be accessing files owned by other users. +# Instead of adding dac_{read_search,override}, fix the unix permissions +# on files being accessed. +neverallow kernel self:global_capability_class_set { dac_override dac_read_search }; + +# Nobody should be ptracing kernel threads +neverallow * kernel:process ptrace; diff --git a/prebuilts/api/30.0/public/keystore.te b/prebuilts/api/30.0/public/keystore.te new file mode 100644 index 000000000..27c462470 --- /dev/null +++ b/prebuilts/api/30.0/public/keystore.te @@ -0,0 +1,36 @@ +type keystore, domain; +type keystore_exec, system_file_type, exec_type, file_type; + +# keystore daemon +typeattribute keystore mlstrustedsubject; +binder_use(keystore) +binder_service(keystore) +binder_call(keystore, system_server) +binder_call(keystore, wificond) + +allow keystore keystore_data_file:dir create_dir_perms; +allow keystore keystore_data_file:notdevfile_class_set create_file_perms; +allow keystore keystore_exec:file { getattr }; + +add_service(keystore, keystore_service) +allow keystore sec_key_att_app_id_provider_service:service_manager find; +allow keystore dropbox_service:service_manager find; + +# Check SELinux permissions. +selinux_check_access(keystore) + +r_dir_file(keystore, cgroup) + +### +### Neverallow rules +### +### Protect ourself from others +### + +neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto ioctl }; +neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { domain -keystore -init } keystore_data_file:dir *; +neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *; + +neverallow * keystore:process ptrace; diff --git a/prebuilts/api/30.0/public/llkd.te b/prebuilts/api/30.0/public/llkd.te new file mode 100644 index 000000000..1faa42995 --- /dev/null +++ b/prebuilts/api/30.0/public/llkd.te @@ -0,0 +1,3 @@ +# llkd Live LocK Daemon +type llkd, domain, mlstrustedsubject; +type llkd_exec, system_file_type, exec_type, file_type; diff --git a/prebuilts/api/30.0/public/lmkd.te b/prebuilts/api/30.0/public/lmkd.te new file mode 100644 index 000000000..b852f4418 --- /dev/null +++ b/prebuilts/api/30.0/public/lmkd.te @@ -0,0 +1,70 @@ +# lmkd low memory killer daemon +type lmkd, domain, mlstrustedsubject; +type lmkd_exec, system_file_type, exec_type, file_type; + +allow lmkd self:global_capability_class_set { dac_override dac_read_search sys_resource kill }; + +# lmkd locks itself in memory, to prevent it from being +# swapped out and unable to kill other memory hogs. +# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35 +# b/16236289 +allow lmkd self:global_capability_class_set ipc_lock; + +## Open and write to /proc/PID/oom_score_adj and /proc/PID/timerslack_ns +## TODO: maybe scope this down? +r_dir_file(lmkd, domain) +allow lmkd domain:file write; + +## Writes to /sys/module/lowmemorykiller/parameters/minfree +r_dir_file(lmkd, sysfs_lowmemorykiller) +allow lmkd sysfs_lowmemorykiller:file w_file_perms; + +# setsched and send kill signals to any registered process +allow lmkd domain:process { setsched sigkill }; +# TODO: delete this line b/131761776 +allow lmkd kernel:process { setsched }; + +# Clean up old cgroups +allow lmkd cgroup:dir { remove_name rmdir }; + +# Allow to read memcg stats +allow lmkd cgroup:file r_file_perms; + +# Set self to SCHED_FIFO +allow lmkd self:global_capability_class_set sys_nice; + +allow lmkd proc_zoneinfo:file r_file_perms; +allow lmkd proc_vmstat:file r_file_perms; + +# Set sys.lmk.* properties. +set_prop(lmkd, system_lmk_prop) + +# live lock watchdog process allowed to look through /proc/ +allow lmkd domain:dir { search open read }; +allow lmkd domain:file { open read }; + +# live lock watchdog process allowed to dump process trace and +# reboot because orderly shutdown may not be possible. +allow lmkd proc_sysrq:file rw_file_perms; + +# Read /proc/lowmemorykiller +allow lmkd proc_lowmemorykiller:file r_file_perms; + +# Read /proc/meminfo +allow lmkd proc_meminfo:file r_file_perms; + +# Read /proc/pressure/cpu and /proc/pressure/io +allow lmkd proc_pressure_cpu:file r_file_perms; +allow lmkd proc_pressure_io:file r_file_perms; + +# Read/Write /proc/pressure/memory +allow lmkd proc_pressure_mem:file rw_file_perms; + +# Allow lmkd to write to statsd. +unix_socket_send(lmkd, statsdw, statsd) + +### neverallow rules + +# never honor LD_PRELOAD +neverallow * lmkd:process noatsecure; +neverallow lmkd self:global_capability_class_set sys_ptrace; diff --git a/prebuilts/api/30.0/public/logd.te b/prebuilts/api/30.0/public/logd.te new file mode 100644 index 000000000..57e29d940 --- /dev/null +++ b/prebuilts/api/30.0/public/logd.te @@ -0,0 +1,73 @@ +# android user-space log manager +type logd, domain, mlstrustedsubject; +type logd_exec, system_file_type, exec_type, file_type; + +# Read access to pseudo filesystems. +r_dir_file(logd, cgroup) +r_dir_file(logd, proc_kmsg) +r_dir_file(logd, proc_meminfo) + +allow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control }; +allow logd self:global_capability2_class_set syslog; +allow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; +allow logd kernel:system syslog_read; +allow logd kmsg_device:chr_file { getattr w_file_perms }; +allow logd system_data_file:{ file lnk_file } r_file_perms; +allow logd packages_list_file:file r_file_perms; +allow logd pstorefs:dir search; +allow logd pstorefs:file r_file_perms; +userdebug_or_eng(` + # Access to /data/misc/logd/event-log-tags + allow logd misc_logd_file:dir r_dir_perms; + allow logd misc_logd_file:file rw_file_perms; +') +allow logd runtime_event_log_tags_file:file rw_file_perms; + +# Access device logging gating property +get_prop(logd, device_logging_prop) + +r_dir_file(logd, domain) + +allow logd kernel:system syslog_mod; + +control_logd(logd) +read_runtime_log_tags(logd) + +allow runtime_event_log_tags_file tmpfs:filesystem associate; +# Typically harmlessly blindly trying to access via liblog +# event tag mapping while in the untrusted_app domain. +# Access for that domain is controlled and gated via the +# event log tag service (albeit at a performance penalty, +# expected to be locally cached). +dontaudit domain runtime_event_log_tags_file:file { map open read }; + +### +### Neverallow rules +### +### logd should NEVER do any of this + +# Block device access. +neverallow logd dev_type:blk_file { read write }; + +# ptrace any other app +neverallow logd domain:process ptrace; + +# ... and nobody may ptrace me (except on userdebug or eng builds) +neverallow { domain userdebug_or_eng(`-crash_dump -llkd') } logd:process ptrace; + +# Write to /system. +neverallow logd system_file:dir_file_class_set write; + +# Write to files in /data/data or system files on /data +neverallow logd { app_data_file privapp_data_file system_data_file packages_list_file }:dir_file_class_set write; + +# Only init is allowed to enter the logd domain via exec() +neverallow { domain -init } logd:process transition; +neverallow * logd:process dyntransition; + +# protect the event-log-tags file +neverallow { + domain + -init + -logd +} runtime_event_log_tags_file:file no_w_file_perms; diff --git a/prebuilts/api/30.0/public/logpersist.te b/prebuilts/api/30.0/public/logpersist.te new file mode 100644 index 000000000..c8e6af4e1 --- /dev/null +++ b/prebuilts/api/30.0/public/logpersist.te @@ -0,0 +1,30 @@ +# android debug logging, logpersist domains +type logpersist, domain; + +# logcatd is a shell script that execs logcat with various parameters. +allow logpersist shell_exec:file rx_file_perms; +allow logpersist logcat_exec:file rx_file_perms; + +### +### Neverallow rules +### +### logpersist should NEVER do any of this + +# Block device access. +neverallow logpersist dev_type:blk_file { read write }; + +# ptrace any other app +neverallow logpersist domain:process ptrace; + +# Write to files in /data/data or system files on /data except misc_logd_file +neverallow logpersist { privapp_data_file app_data_file system_data_file }:dir_file_class_set write; + +# Only init should be allowed to enter the logpersist domain via exec() +# Following is a list of debug domains we know that transition to logpersist +# neverallow_with_undefined_domains { +# domain +# -init # goldfish, logcatd, raft +# -mmi # bat, mtp8996, msmcobalt +# -system_app # Smith.apk +# } logpersist:process transition; +neverallow * logpersist:process dyntransition; diff --git a/prebuilts/api/30.0/public/mdnsd.te b/prebuilts/api/30.0/public/mdnsd.te new file mode 100644 index 000000000..ef7b065d8 --- /dev/null +++ b/prebuilts/api/30.0/public/mdnsd.te @@ -0,0 +1,2 @@ +# mdns daemon +type mdnsd, domain; diff --git a/prebuilts/api/30.0/public/mediadrmserver.te b/prebuilts/api/30.0/public/mediadrmserver.te new file mode 100644 index 000000000..a52295e2c --- /dev/null +++ b/prebuilts/api/30.0/public/mediadrmserver.te @@ -0,0 +1,33 @@ +# mediadrmserver - mediadrm daemon +type mediadrmserver, domain; +type mediadrmserver_exec, system_file_type, exec_type, file_type; + +typeattribute mediadrmserver mlstrustedsubject; + +net_domain(mediadrmserver) +binder_use(mediadrmserver) +binder_call(mediadrmserver, binderservicedomain) +binder_call(mediadrmserver, appdomain) +binder_service(mediadrmserver) +hal_client_domain(mediadrmserver, hal_drm) + +add_service(mediadrmserver, mediadrmserver_service) +allow mediadrmserver mediaserver_service:service_manager find; +allow mediadrmserver mediametrics_service:service_manager find; +allow mediadrmserver processinfo_service:service_manager find; +allow mediadrmserver surfaceflinger_service:service_manager find; +allow mediadrmserver system_file:dir r_dir_perms; + +# TODO(b/80317992): remove +binder_call(mediadrmserver, hal_omx_server) + +### +### neverallow rules +### + +# mediadrmserver should never execute any executable without a +# domain transition +neverallow mediadrmserver { file_type fs_type }:file execute_no_trans; + +# do not allow privileged socket ioctl commands +neverallowxperm mediadrmserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; diff --git a/prebuilts/api/30.0/public/mediaextractor.te b/prebuilts/api/30.0/public/mediaextractor.te new file mode 100644 index 000000000..4bedb0f06 --- /dev/null +++ b/prebuilts/api/30.0/public/mediaextractor.te @@ -0,0 +1,70 @@ +# mediaextractor - multimedia daemon +type mediaextractor, domain; +type mediaextractor_exec, system_file_type, exec_type, file_type; +type mediaextractor_tmpfs, file_type; + +typeattribute mediaextractor mlstrustedsubject; + +binder_use(mediaextractor) +binder_call(mediaextractor, binderservicedomain) +binder_call(mediaextractor, appdomain) +binder_service(mediaextractor) + +add_service(mediaextractor, mediaextractor_service) +allow mediaextractor mediametrics_service:service_manager find; +allow mediaextractor hidl_token_hwservice:hwservice_manager find; + +allow mediaextractor system_server:fd use; + +hal_client_domain(mediaextractor, hal_cas) +hal_client_domain(mediaextractor, hal_allocator) + +r_dir_file(mediaextractor, cgroup) +allow mediaextractor proc_meminfo:file r_file_perms; + +crash_dump_fallback(mediaextractor) + +# allow mediaextractor read permissions for file sources +allow mediaextractor sdcard_type:file { getattr read }; +allow mediaextractor media_rw_data_file:file { getattr read }; +allow mediaextractor { app_data_file privapp_data_file }:file { getattr read }; + +# Read resources from open apk files passed over Binder +allow mediaextractor apk_data_file:file { read getattr }; +allow mediaextractor asec_apk_file:file { read getattr }; +allow mediaextractor ringtone_file:file { read getattr }; + +# scan extractor library directory to dynamically load extractors +allow mediaextractor system_file:dir { read open }; + +get_prop(mediaextractor, device_config_media_native_prop) + +### +### neverallow rules +### + +# mediaextractor should never execute any executable without a +# domain transition +neverallow mediaextractor { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *; + +# mediaextractor should not be opening /data files directly. Any files +# it touches (with a few exceptions) need to be passed to it via a file +# descriptor opened outside the process. +neverallow mediaextractor { + data_file_type + -zoneinfo_data_file # time zone data from /data/misc/zoneinfo + userdebug_or_eng(`-apk_data_file') # for loading media extractor plugins + with_native_coverage(`-method_trace_data_file') +}:file open; diff --git a/prebuilts/api/30.0/public/mediametrics.te b/prebuilts/api/30.0/public/mediametrics.te new file mode 100644 index 000000000..0e56b07ec --- /dev/null +++ b/prebuilts/api/30.0/public/mediametrics.te @@ -0,0 +1,44 @@ +# mediametrics - daemon for collecting media.metrics data +type mediametrics, domain; +type mediametrics_exec, system_file_type, exec_type, file_type; + + +binder_use(mediametrics) +binder_call(mediametrics, binderservicedomain) +binder_service(mediametrics) + +add_service(mediametrics, mediametrics_service) + +allow mediametrics system_server:fd use; + +r_dir_file(mediametrics, cgroup) +allow mediametrics proc_meminfo:file r_file_perms; + +# allows interactions with dumpsys to GMScore +allow mediametrics { app_data_file privapp_data_file }:file write; + +# allow access to package manager for uid->apk mapping +allow mediametrics package_native_service:service_manager find; + +# Allow metrics service to send information to statsd socket. +unix_socket_send(mediametrics, statsdw, statsd) + +### +### neverallow rules +### + +# mediametrics should never execute any executable without a +# domain transition +neverallow mediametrics { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediametrics domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/mediaprovider.te b/prebuilts/api/30.0/public/mediaprovider.te new file mode 100644 index 000000000..24170a5cf --- /dev/null +++ b/prebuilts/api/30.0/public/mediaprovider.te @@ -0,0 +1,6 @@ +### +### A domain for android.process.media, which contains both +### MediaProvider and DownloadProvider and associated services. +### + +type mediaprovider, domain; diff --git a/prebuilts/api/30.0/public/mediaserver.te b/prebuilts/api/30.0/public/mediaserver.te new file mode 100644 index 000000000..02a0eb072 --- /dev/null +++ b/prebuilts/api/30.0/public/mediaserver.te @@ -0,0 +1,144 @@ +# mediaserver - multimedia daemon +type mediaserver, domain; +type mediaserver_exec, system_file_type, exec_type, file_type; +type mediaserver_tmpfs, file_type; + +typeattribute mediaserver mlstrustedsubject; + +net_domain(mediaserver) + +r_dir_file(mediaserver, sdcard_type) +r_dir_file(mediaserver, cgroup) + +# stat /proc/self +allow mediaserver proc:lnk_file getattr; + +# open /vendor/lib/mediadrm +allow mediaserver system_file:dir r_dir_perms; + +userdebug_or_eng(` + # ptrace to processes in the same domain for memory leak detection + allow mediaserver self:process ptrace; +') + +binder_use(mediaserver) +binder_call(mediaserver, binderservicedomain) +binder_call(mediaserver, appdomain) +binder_service(mediaserver) + +allow mediaserver media_data_file:dir create_dir_perms; +allow mediaserver media_data_file:file create_file_perms; +allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read write }; +allow mediaserver sdcard_type:file write; +allow mediaserver gpu_device:chr_file rw_file_perms; +allow mediaserver video_device:dir r_dir_perms; +allow mediaserver video_device:chr_file rw_file_perms; + +set_prop(mediaserver, audio_prop) + +# Read resources from open apk files passed over Binder. +allow mediaserver apk_data_file:file { read getattr }; +allow mediaserver asec_apk_file:file { read getattr }; +allow mediaserver ringtone_file:file { read getattr }; + +# Read /data/data/com.android.providers.telephony files passed over Binder. +allow mediaserver radio_data_file:file { read getattr }; + +# Use pipes passed over Binder from app domains. +allow mediaserver appdomain:fifo_file { getattr read write }; + +allow mediaserver rpmsg_device:chr_file rw_file_perms; + +# Inter System processes communicate over named pipe (FIFO) +allow mediaserver system_server:fifo_file r_file_perms; + +r_dir_file(mediaserver, media_rw_data_file) + +# Grant access to read files on appfuse. +allow mediaserver app_fuse_file:file { read getattr }; + +# Needed on some devices for playing DRM protected content, +# but seems expected and appropriate for all devices. +unix_socket_connect(mediaserver, drmserver, drmserver) + +# Needed on some devices for playing audio on paired BT device, +# but seems appropriate for all devices. +unix_socket_connect(mediaserver, bluetooth, bluetooth) + +add_service(mediaserver, mediaserver_service) +allow mediaserver activity_service:service_manager find; +allow mediaserver appops_service:service_manager find; +allow mediaserver audio_service:service_manager find; +allow mediaserver audioserver_service:service_manager find; +allow mediaserver cameraserver_service:service_manager find; +allow mediaserver batterystats_service:service_manager find; +allow mediaserver drmserver_service:service_manager find; +allow mediaserver mediaextractor_service:service_manager find; +allow mediaserver mediametrics_service:service_manager find; +allow mediaserver media_session_service:service_manager find; +allow mediaserver permission_service:service_manager find; +allow mediaserver power_service:service_manager find; +allow mediaserver processinfo_service:service_manager find; +allow mediaserver scheduling_policy_service:service_manager find; +allow mediaserver surfaceflinger_service:service_manager find; + +# for ModDrm/MediaPlayer +allow mediaserver mediadrmserver_service:service_manager find; + +# For hybrid interfaces +allow mediaserver hidl_token_hwservice:hwservice_manager find; + +# /oem access +allow mediaserver oemfs:dir search; +allow mediaserver oemfs:file r_file_perms; + +# /vendor apk access +allow mediaserver vendor_app_file:file { read map getattr }; + +use_drmservice(mediaserver) +allow mediaserver drmserver:drmservice { + consumeRights + setPlaybackStatus + openDecryptSession + closeDecryptSession + initializeDecryptUnit + decrypt + finalizeDecryptUnit + pread +}; + +# only allow unprivileged socket ioctl commands +allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket } + ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; + +# Access to /data/media. +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow mediaserver media_rw_data_file:dir create_dir_perms; +allow mediaserver media_rw_data_file:file create_file_perms; + +# Access to media in /data/preloads +allow mediaserver preloads_media_file:file { getattr read ioctl }; + +allow mediaserver ion_device:chr_file r_file_perms; +allow mediaserver hal_graphics_allocator:fd use; +allow mediaserver hal_graphics_composer:fd use; +allow mediaserver hal_camera:fd use; + +allow mediaserver system_server:fd use; + +# b/120491318 allow mediaserver to access void:fd +allow mediaserver vold:fd use; + +hal_client_domain(mediaserver, hal_allocator) + +### +### neverallow rules +### + +# mediaserver should never execute any executable without a +# domain transition +neverallow mediaserver { file_type fs_type }:file execute_no_trans; + +# do not allow privileged socket ioctl commands +neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; diff --git a/prebuilts/api/30.0/public/mediaswcodec.te b/prebuilts/api/30.0/public/mediaswcodec.te new file mode 100644 index 000000000..2acdeeadd --- /dev/null +++ b/prebuilts/api/30.0/public/mediaswcodec.te @@ -0,0 +1,27 @@ +type mediaswcodec, domain; +type mediaswcodec_exec, system_file_type, exec_type, file_type; + +hal_server_domain(mediaswcodec, hal_codec2) + +# mediaswcodec may use an input surface from a different Codec2 service or an +# OMX service +hal_client_domain(mediaswcodec, hal_codec2) +hal_client_domain(mediaswcodec, hal_omx) + +hal_client_domain(mediaswcodec, hal_allocator) +hal_client_domain(mediaswcodec, hal_graphics_allocator) + +get_prop(mediaswcodec, device_config_media_native_prop) + +crash_dump_fallback(mediaswcodec) + +# mediaswcodec_server should never execute any executable without a +# domain transition +neverallow mediaswcodec { file_type fs_type }:file execute_no_trans; + +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediaswcodec domain:{ tcp_socket udp_socket rawip_socket } *; + diff --git a/prebuilts/api/30.0/public/mediatranscoding.te b/prebuilts/api/30.0/public/mediatranscoding.te new file mode 100644 index 000000000..386535bb2 --- /dev/null +++ b/prebuilts/api/30.0/public/mediatranscoding.te @@ -0,0 +1,26 @@ +# mediatranscoding - daemon for transcoding video and image. +type mediatranscoding, domain; +type mediatranscoding_exec, system_file_type, exec_type, file_type; + +binder_use(mediatranscoding) +binder_service(mediatranscoding) + +add_service(mediatranscoding, mediatranscoding_service) + +allow mediatranscoding system_server:fd use; + +# mediatranscoding should never execute any executable without a +# domain transition +neverallow mediatranscoding { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/modprobe.te b/prebuilts/api/30.0/public/modprobe.te new file mode 100644 index 000000000..119040921 --- /dev/null +++ b/prebuilts/api/30.0/public/modprobe.te @@ -0,0 +1,9 @@ +type modprobe, domain; + +allow modprobe proc_modules:file r_file_perms; +allow modprobe self:global_capability_class_set sys_module; +allow modprobe kernel:key search; +recovery_only(` + allow modprobe rootfs:system module_load; + allow modprobe rootfs:file r_file_perms; +') diff --git a/prebuilts/api/30.0/public/mtp.te b/prebuilts/api/30.0/public/mtp.te new file mode 100644 index 000000000..add63c0f5 --- /dev/null +++ b/prebuilts/api/30.0/public/mtp.te @@ -0,0 +1,11 @@ +# vpn tunneling protocol manager +type mtp, domain; +type mtp_exec, system_file_type, exec_type, file_type; + +net_domain(mtp) + +# pptp policy +allow mtp self:{ socket pppox_socket } create_socket_perms_no_ioctl; +allow mtp self:global_capability_class_set net_raw; +allow mtp ppp:process signal; +allow mtp vpn_data_file:dir search; diff --git a/prebuilts/api/30.0/public/net.te b/prebuilts/api/30.0/public/net.te new file mode 100644 index 000000000..e90715e66 --- /dev/null +++ b/prebuilts/api/30.0/public/net.te @@ -0,0 +1,39 @@ +## Network types +type node, node_type; +type netif, netif_type; +type port, port_type; + +### +### Domain with network access +### + +# Use network sockets. +allow netdomain self:tcp_socket create_stream_socket_perms; +allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms; + +# Connect to ports. +allow netdomain port_type:tcp_socket name_connect; +# Bind to ports. +allow {netdomain -ephemeral_app} node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind; +allow {netdomain -ephemeral_app} port_type:udp_socket name_bind; +allow {netdomain -ephemeral_app} port_type:tcp_socket name_bind; +# See changes to the routing table. +allow netdomain self:netlink_route_socket { create read getattr write setattr lock append connect getopt setopt shutdown nlmsg_read }; +# b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from +# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-29) are granted access elsewhere +# to avoid app-compat breakage. +allow { + netdomain + -ephemeral_app + -mediaprovider + -untrusted_app_all +} self:netlink_route_socket { bind nlmsg_readpriv }; + +# Talks to netd via dnsproxyd socket. +unix_socket_connect(netdomain, dnsproxyd, netd) + +# Talks to netd via fwmarkd socket. +unix_socket_connect(netdomain, fwmarkd, netd) + +# Connect to mdnsd via mdnsd socket. +unix_socket_connect(netdomain, mdnsd, mdnsd) diff --git a/prebuilts/api/30.0/public/netd.te b/prebuilts/api/30.0/public/netd.te new file mode 100644 index 000000000..8005406d6 --- /dev/null +++ b/prebuilts/api/30.0/public/netd.te @@ -0,0 +1,185 @@ +# network manager +type netd, domain, mlstrustedsubject; +type netd_exec, system_file_type, exec_type, file_type; + +net_domain(netd) +# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls. +allowxperm netd self:udp_socket ioctl priv_sock_ioctls; + +r_dir_file(netd, cgroup) + +allow netd system_server:fd use; + +allow netd self:global_capability_class_set { net_admin net_raw kill }; +# Note: fsetid is deliberately not included above. fsetid checks are +# triggered by chmod on a directory or file owned by a group other +# than one of the groups assigned to the current process to see if +# the setgid bit should be cleared, regardless of whether the setgid +# bit was even set. We do not appear to truly need this capability +# for netd to operate. +dontaudit netd self:global_capability_class_set fsetid; + +# Allow netd to open /dev/tun, set it up and pass it to clatd +allow netd tun_device:chr_file rw_file_perms; +allowxperm netd tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF }; +allow netd self:tun_socket create; + +allow netd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow netd self:netlink_route_socket nlmsg_write; +allow netd self:netlink_nflog_socket create_socket_perms_no_ioctl; +allow netd self:netlink_socket create_socket_perms_no_ioctl; +allow netd self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write }; +allow netd self:netlink_generic_socket create_socket_perms_no_ioctl; +allow netd self:netlink_netfilter_socket create_socket_perms_no_ioctl; +allow netd shell_exec:file rx_file_perms; +allow netd system_file:file x_file_perms; +not_full_treble(`allow netd vendor_file:file x_file_perms;') +allow netd devpts:chr_file rw_file_perms; + +# Acquire advisory lock on /system/etc/xtables.lock +allow netd system_file:file lock; + +# Allow netd to write to qtaguid ctrl file. +# TODO: Add proper rules to prevent other process to access qtaguid_proc file +# after migration complete +allow netd proc_qtaguid_ctrl:file rw_file_perms; +# Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have. +allow netd qtaguid_device:chr_file r_file_perms; + +r_dir_file(netd, proc_net_type) +# For /proc/sys/net/ipv[46]/route/flush. +allow netd proc_net_type:file rw_file_perms; + +# Enables PppController and interface enumeration (among others) +allow netd sysfs:dir r_dir_perms; +r_dir_file(netd, sysfs_net) + +# Allows setting interface MTU +allow netd sysfs_net:file w_file_perms; + +# TODO: added to match above sysfs rule. Remove me? +allow netd sysfs_usb:file write; + +r_dir_file(netd, cgroup_bpf) + +allow netd fs_bpf:dir search; +allow netd fs_bpf:file { read write }; + +# TODO: netd previously thought it needed these permissions to do WiFi related +# work. However, after all the WiFi stuff is gone, we still need them. +# Why? +allow netd self:global_capability_class_set { dac_override dac_read_search chown }; + +# Needed to update /data/misc/net/rt_tables +allow netd net_data_file:file create_file_perms; +allow netd net_data_file:dir rw_dir_perms; +allow netd self:global_capability_class_set fowner; + +# Needed to lock the iptables lock. +allow netd system_file:file lock; + +# Allow netd to spawn dnsmasq in it's own domain +allow netd dnsmasq:process signal; + +set_prop(netd, ctl_mdnsd_prop) +set_prop(netd, netd_stable_secret_prop) + +# Allow netd to publish a binder service and make binder calls. +binder_use(netd) +add_service(netd, netd_service) +add_service(netd, dnsresolver_service) +allow netd dumpstate:fifo_file { getattr write }; + +# Allow netd to call into the system server so it can check permissions. +allow netd system_server:binder call; +allow netd permission_service:service_manager find; + +# Allow netd to talk to the framework service which collects netd events. +allow netd netd_listener_service:service_manager find; + +# Allow netd to operate on sockets that are passed to it. +allow netd netdomain:{ + icmp_socket + tcp_socket + udp_socket + rawip_socket + tun_socket +} { read write getattr setattr getopt setopt }; +allow netd netdomain:fd use; + +# give netd permission to read and write netlink xfrm +allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read }; + +# Allow netd to register as hal server. +add_hwservice(netd, system_net_netd_hwservice) +hwbinder_use(netd) +get_prop(netd, hwservicemanager_prop) +get_prop(netd, device_config_netd_native_prop) + +### +### Neverallow rules +### +### netd should NEVER do any of this + +# Block device access. +neverallow netd dev_type:blk_file { read write }; + +# ptrace any other app +neverallow netd { domain }:process ptrace; + +# Write to /system. +neverallow netd system_file:dir_file_class_set write; + +# Write to files in /data/data or system files on /data +neverallow netd { app_data_file privapp_data_file system_data_file }:dir_file_class_set write; + +# only system_server, dumpstate and network stack app may find netd service +neverallow { + domain + -system_server + -dumpstate + -network_stack + -netd + -netutils_wrapper +} netd_service:service_manager find; + +# only system_server, dumpstate and network stack app may find dnsresolver service +neverallow { + domain + -system_server + -dumpstate + -network_stack + -netd + -netutils_wrapper +} dnsresolver_service:service_manager find; + +# apps may not interact with netd over binder. +neverallow { appdomain -network_stack } netd:binder call; +neverallow netd { appdomain -network_stack userdebug_or_eng(`-su') }:binder call; + +# persist.netd.stable_secret contains RFC 7217 secret key which should never be +# leaked to other processes. Make sure it never leaks. +neverallow { domain -netd -init -dumpstate } netd_stable_secret_prop:file r_file_perms; + +# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret, +# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy. +neverallow { domain -netd -init } netd_stable_secret_prop:property_service set; + +# If an already existing file is opened with O_CREATE, the kernel might generate +# a false report of a create denial. Silence these denials and make sure that +# inappropriate permissions are not granted. +neverallow netd proc_net:dir no_w_dir_perms; +dontaudit netd proc_net:dir write; + +neverallow netd sysfs_net:dir no_w_dir_perms; +dontaudit netd sysfs_net:dir write; + +# Netd should not have SYS_ADMIN privs. +neverallow netd self:capability sys_admin; +dontaudit netd self:capability sys_admin; + +# Netd should not have SYS_MODULE privs, nor should it be requesting module loads +# (things it requires should be built directly into the kernel) +dontaudit netd self:capability sys_module; + +dontaudit netd kernel:system module_request; diff --git a/prebuilts/api/30.0/public/netutils_wrapper.te b/prebuilts/api/30.0/public/netutils_wrapper.te new file mode 100644 index 000000000..27aa7496c --- /dev/null +++ b/prebuilts/api/30.0/public/netutils_wrapper.te @@ -0,0 +1,4 @@ +type netutils_wrapper, domain; +type netutils_wrapper_exec, system_file_type, exec_type, file_type; + +neverallow domain netutils_wrapper_exec:file execute_no_trans; diff --git a/prebuilts/api/30.0/public/network_stack.te b/prebuilts/api/30.0/public/network_stack.te new file mode 100644 index 000000000..feff66460 --- /dev/null +++ b/prebuilts/api/30.0/public/network_stack.te @@ -0,0 +1,2 @@ +# Network stack service app +type network_stack, domain; diff --git a/prebuilts/api/30.0/public/neverallow_macros b/prebuilts/api/30.0/public/neverallow_macros new file mode 100644 index 000000000..59fa441d2 --- /dev/null +++ b/prebuilts/api/30.0/public/neverallow_macros @@ -0,0 +1,15 @@ +# +# Common neverallow permissions +define(`no_w_file_perms', `{ append create link unlink relabelfrom rename setattr write }') +define(`no_rw_file_perms', `{ no_w_file_perms open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads }') +define(`no_x_file_perms', `{ execute execute_no_trans }') +define(`no_w_dir_perms', `{ add_name create link relabelfrom remove_name rename reparent rmdir setattr write }') + +##################################### +# neverallow_establish_socket_comms(src, dst) +# neverallow src domain establishing socket connections to dst domain. +# +define(`neverallow_establish_socket_comms', ` + neverallow $1 $2:socket_class_set { connect sendto }; + neverallow $1 $2:unix_stream_socket connectto; +') diff --git a/prebuilts/api/30.0/public/nfc.te b/prebuilts/api/30.0/public/nfc.te new file mode 100644 index 000000000..e3a03e796 --- /dev/null +++ b/prebuilts/api/30.0/public/nfc.te @@ -0,0 +1,2 @@ +# nfc subsystem +type nfc, domain; diff --git a/prebuilts/api/30.0/public/perfetto.te b/prebuilts/api/30.0/public/perfetto.te new file mode 100644 index 000000000..cec0e6f09 --- /dev/null +++ b/prebuilts/api/30.0/public/perfetto.te @@ -0,0 +1 @@ +type perfetto, domain, coredomain; diff --git a/prebuilts/api/30.0/public/performanced.te b/prebuilts/api/30.0/public/performanced.te new file mode 100644 index 000000000..7dcb5ea1e --- /dev/null +++ b/prebuilts/api/30.0/public/performanced.te @@ -0,0 +1,30 @@ +# performanced +type performanced, domain, mlstrustedsubject; +type performanced_exec, system_file_type, exec_type, file_type; + +# Needed to check for app permissions. +binder_use(performanced) +binder_call(performanced, system_server) +allow performanced permission_service:service_manager find; + +pdx_server(performanced, performance_client) + +# TODO: use file caps to obtain sys_nice instead of setuid / setgid. +allow performanced self:global_capability_class_set { setuid setgid sys_nice }; + +# Access /proc to validate we're only affecting threads in the same thread group. +# Performanced also shields unbound kernel threads. It scans every task in the +# root cpu set, but only affects the kernel threads. +r_dir_file(performanced, { appdomain bufferhubd kernel surfaceflinger }) +dontaudit performanced domain:dir read; +allow performanced { appdomain bufferhubd kernel surfaceflinger }:process setsched; + +# These /proc accesses only show up in permissive mode but they +# generate a lot of noise in the log. +userdebug_or_eng(` + dontaudit performanced domain:dir open; + dontaudit performanced domain:file { open read getattr }; +') + +# Access /dev/cpuset/cpuset.cpus +r_dir_file(performanced, cgroup) diff --git a/prebuilts/api/30.0/public/platform_app.te b/prebuilts/api/30.0/public/platform_app.te new file mode 100644 index 000000000..9b1faf0f6 --- /dev/null +++ b/prebuilts/api/30.0/public/platform_app.te @@ -0,0 +1,5 @@ +### +### Apps signed with the platform key. +### + +type platform_app, domain; diff --git a/prebuilts/api/30.0/public/postinstall.te b/prebuilts/api/30.0/public/postinstall.te new file mode 100644 index 000000000..bcea2dcbf --- /dev/null +++ b/prebuilts/api/30.0/public/postinstall.te @@ -0,0 +1,45 @@ +# Domain where the postinstall program runs during the update. +# Extend the permissions in this domain to allow this program to access other +# files needed by the specific device on your device's sepolicy directory. +type postinstall, domain; + +# Allow postinstall to write to its stdout/stderr when redirected via pipes to +# update_engine. +allow postinstall update_engine_common:fd use; +allow postinstall update_engine_common:fifo_file rw_file_perms; + +# Allow postinstall to read and execute directories and files in the same +# mounted location. +allow postinstall postinstall_file:file rx_file_perms; +allow postinstall postinstall_file:lnk_file r_file_perms; +allow postinstall postinstall_file:dir r_dir_perms; + +# Allow postinstall to execute the shell or other system executables. +allow postinstall shell_exec:file rx_file_perms; +allow postinstall system_file:file rx_file_perms; +allow postinstall toolbox_exec:file rx_file_perms; + +# Allow postinstall to execute shell in recovery. +recovery_only(` + allow postinstall rootfs:file rx_file_perms; +') + +# +# For OTA dexopt. +# + +# Allow postinstall scripts to talk to the system server. +binder_use(postinstall) +binder_call(postinstall, system_server) + +# Need to talk to the otadexopt service. +allow postinstall otadexopt_service:service_manager find; + +# Allow postinstall scripts to trigger f2fs garbage collection +allow postinstall sysfs_fs_f2fs:file rw_file_perms; +allow postinstall sysfs_fs_f2fs:dir r_dir_perms; + +# No domain other than update_engine and recovery (via update_engine_sideload) +# should transition to postinstall, as it is only meant to run during the +# update. +neverallow { domain -update_engine -recovery } postinstall:process { transition dyntransition }; diff --git a/prebuilts/api/30.0/public/ppp.te b/prebuilts/api/30.0/public/ppp.te new file mode 100644 index 000000000..b736deff5 --- /dev/null +++ b/prebuilts/api/30.0/public/ppp.te @@ -0,0 +1,23 @@ +# Point to Point Protocol daemon +type ppp, domain; +type ppp_device, dev_type; +type ppp_exec, system_file_type, exec_type, file_type; + +net_domain(ppp) + +r_dir_file(ppp, proc_net_type) + +allow ppp mtp:{ socket pppox_socket } rw_socket_perms; + +# ioctls needed for VPN. +allowxperm ppp self:udp_socket ioctl priv_sock_ioctls; +allowxperm ppp mtp:{ socket pppox_socket } ioctl ppp_ioctls; + +allow ppp mtp:unix_dgram_socket rw_socket_perms; +allow ppp ppp_device:chr_file rw_file_perms; +allow ppp self:global_capability_class_set net_admin; +allow ppp system_file:file rx_file_perms; +not_full_treble(`allow ppp vendor_file:file rx_file_perms;') +allow ppp vpn_data_file:dir w_dir_perms; +allow ppp vpn_data_file:file create_file_perms; +allow ppp mtp:fd use; diff --git a/prebuilts/api/30.0/public/priv_app.te b/prebuilts/api/30.0/public/priv_app.te new file mode 100644 index 000000000..0761fc30f --- /dev/null +++ b/prebuilts/api/30.0/public/priv_app.te @@ -0,0 +1,5 @@ +### +### A domain for further sandboxing privileged apps. +### + +type priv_app, domain; diff --git a/prebuilts/api/30.0/public/profman.te b/prebuilts/api/30.0/public/profman.te new file mode 100644 index 000000000..8ff62710e --- /dev/null +++ b/prebuilts/api/30.0/public/profman.te @@ -0,0 +1,29 @@ +# profman +type profman, domain; +type profman_exec, system_file_type, exec_type, file_type; + +allow profman user_profile_data_file:file { getattr read write lock map }; + +# Dumping profile info opens the application APK file for pretty printing. +allow profman asec_apk_file:file { read map }; +allow profman apk_data_file:file { getattr read map }; +allow profman apk_data_file:dir { getattr read search }; + +allow profman oemfs:file { read map }; +# Reading an APK opens a ZipArchive, which unpack to tmpfs. +allow profman tmpfs:file { read map }; +allow profman profman_dump_data_file:file { write map }; + +allow profman installd:fd use; + +# Allow profman to analyze profiles for the secondary dex files. These +# are application dex files reported back to the framework when using +# BaseDexClassLoader. +allow profman { privapp_data_file app_data_file }:file { getattr read write lock map }; +allow profman { privapp_data_file app_data_file }:dir { getattr read search }; + +### +### neverallow rules +### + +neverallow profman { privapp_data_file app_data_file }:notdevfile_class_set open; diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te new file mode 100644 index 000000000..a435b4dc9 --- /dev/null +++ b/prebuilts/api/30.0/public/property.te @@ -0,0 +1,601 @@ +# Properties used only in /system +system_internal_prop(apexd_prop) +system_internal_prop(bootloader_boot_reason_prop) +system_internal_prop(device_config_activity_manager_native_boot_prop) +system_internal_prop(device_config_boot_count_prop) +system_internal_prop(device_config_input_native_boot_prop) +system_internal_prop(device_config_media_native_prop) +system_internal_prop(device_config_netd_native_prop) +system_internal_prop(device_config_reset_performed_prop) +system_internal_prop(device_config_runtime_native_boot_prop) +system_internal_prop(device_config_runtime_native_prop) +system_internal_prop(device_config_storage_native_boot_prop) +system_internal_prop(device_config_sys_traced_prop) +system_internal_prop(device_config_window_manager_native_boot_prop) +system_internal_prop(device_config_configuration_prop) +system_internal_prop(firstboot_prop) +system_internal_prop(gsid_prop) +system_internal_prop(init_perf_lsm_hooks_prop) +system_internal_prop(init_svc_debug_prop) +system_internal_prop(last_boot_reason_prop) +system_internal_prop(netd_stable_secret_prop) +system_internal_prop(pm_prop) +system_internal_prop(userspace_reboot_log_prop) +system_internal_prop(userspace_reboot_test_prop) +system_internal_prop(system_adbd_prop) +system_internal_prop(adbd_prop) +system_internal_prop(traced_perf_enabled_prop) + +compatible_property_only(` + # DO NOT ADD ANY PROPERTIES HERE + system_internal_prop(boottime_prop) + system_internal_prop(bpf_progs_loaded_prop) + system_internal_prop(charger_prop) + system_internal_prop(cold_boot_done_prop) + system_internal_prop(ctl_adbd_prop) + system_internal_prop(ctl_apexd_prop) + system_internal_prop(ctl_bootanim_prop) + system_internal_prop(ctl_bugreport_prop) + system_internal_prop(ctl_console_prop) + system_internal_prop(ctl_dumpstate_prop) + system_internal_prop(ctl_fuse_prop) + system_internal_prop(ctl_gsid_prop) + system_internal_prop(ctl_interface_restart_prop) + system_internal_prop(ctl_interface_stop_prop) + system_internal_prop(ctl_mdnsd_prop) + system_internal_prop(ctl_restart_prop) + system_internal_prop(ctl_rildaemon_prop) + system_internal_prop(ctl_sigstop_prop) + system_internal_prop(dynamic_system_prop) + system_internal_prop(heapprofd_enabled_prop) + system_internal_prop(llkd_prop) + system_internal_prop(lpdumpd_prop) + system_internal_prop(mmc_prop) + system_internal_prop(mock_ota_prop) + system_internal_prop(net_dns_prop) + system_internal_prop(overlay_prop) + system_internal_prop(persistent_properties_ready_prop) + system_internal_prop(safemode_prop) + system_internal_prop(system_lmk_prop) + system_internal_prop(system_trace_prop) + system_internal_prop(test_boot_reason_prop) + system_internal_prop(time_prop) + system_internal_prop(traced_enabled_prop) + system_internal_prop(traced_lazy_prop) +') + +# Properties which can't be written outside system + +# Properties used by binder caches +system_restricted_prop(binder_cache_bluetooth_server_prop) +system_restricted_prop(binder_cache_system_server_prop) +system_restricted_prop(binder_cache_telephony_server_prop) +system_restricted_prop(boottime_public_prop) +system_restricted_prop(bq_config_prop) +system_restricted_prop(module_sdkextensions_prop) +system_restricted_prop(nnapi_ext_deny_product_prop) +system_restricted_prop(restorecon_prop) +system_restricted_prop(socket_hook_prop) +system_restricted_prop(system_boot_reason_prop) +system_restricted_prop(system_jvmti_agent_prop) +system_restricted_prop(userspace_reboot_exported_prop) + +compatible_property_only(` + # DO NOT ADD ANY PROPERTIES HERE + system_restricted_prop(config_prop) + system_restricted_prop(cppreopt_prop) + system_restricted_prop(dalvik_prop) + system_restricted_prop(debuggerd_prop) + system_restricted_prop(default_prop) + system_restricted_prop(device_logging_prop) + system_restricted_prop(dhcp_prop) + system_restricted_prop(dumpstate_prop) + system_restricted_prop(exported2_default_prop) + system_restricted_prop(exported3_system_prop) + system_restricted_prop(exported_dumpstate_prop) + system_restricted_prop(exported_fingerprint_prop) + system_restricted_prop(exported_secure_prop) + system_restricted_prop(exported_vold_prop) + system_restricted_prop(ffs_prop) + system_restricted_prop(fingerprint_prop) + system_restricted_prop(heapprofd_prop) + system_restricted_prop(net_radio_prop) + system_restricted_prop(pan_result_prop) + system_restricted_prop(persist_debug_prop) + system_restricted_prop(shell_prop) + system_restricted_prop(system_radio_prop) + system_restricted_prop(test_harness_prop) + system_restricted_prop(theme_prop) + system_restricted_prop(use_memfd_prop) + system_restricted_prop(vold_prop) +') + +# Properties which can be written only by vendor_init +system_vendor_config_prop(apk_verity_prop) +system_vendor_config_prop(cpu_variant_prop) +system_vendor_config_prop(exported_audio_prop) +system_vendor_config_prop(exported_camera_prop) +system_vendor_config_prop(exported_config_prop) +system_vendor_config_prop(exported_default_prop) +system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(media_variant_prop) +system_vendor_config_prop(storage_config_prop) +system_vendor_config_prop(userspace_reboot_config_prop) +system_vendor_config_prop(vehicle_hal_prop) +system_vendor_config_prop(vendor_security_patch_level_prop) +system_vendor_config_prop(vendor_socket_hook_prop) +system_vendor_config_prop(vndk_prop) +system_vendor_config_prop(virtual_ab_prop) + +# Properties with no restrictions +system_public_prop(audio_prop) +system_public_prop(bluetooth_a2dp_offload_prop) +system_public_prop(bluetooth_audio_hal_prop) +system_public_prop(bluetooth_prop) +system_public_prop(ctl_default_prop) +system_public_prop(ctl_interface_start_prop) +system_public_prop(ctl_start_prop) +system_public_prop(ctl_stop_prop) +system_public_prop(debug_prop) +system_public_prop(dumpstate_options_prop) +system_public_prop(exported_system_prop) +system_public_prop(exported2_config_prop) +system_public_prop(exported2_radio_prop) +system_public_prop(exported2_system_prop) +system_public_prop(exported2_vold_prop) +system_public_prop(exported3_radio_prop) +system_public_prop(exported_bluetooth_prop) +system_public_prop(exported_dalvik_prop) +system_public_prop(exported_ffs_prop) +system_public_prop(exported_overlay_prop) +system_public_prop(exported_pm_prop) +system_public_prop(exported_radio_prop) +system_public_prop(exported_system_radio_prop) +system_public_prop(exported_wifi_prop) +system_public_prop(sota_prop) +system_public_prop(hwservicemanager_prop) +system_public_prop(logd_prop) +system_public_prop(logpersistd_logging_prop) +system_public_prop(log_prop) +system_public_prop(log_tag_prop) +system_public_prop(lowpan_prop) +system_public_prop(nfc_prop) +system_public_prop(ota_prop) +system_public_prop(powerctl_prop) +system_public_prop(radio_prop) +system_public_prop(serialno_prop) +system_public_prop(system_prop) +system_public_prop(wifi_log_prop) +system_public_prop(wifi_prop) + +# Properties used in default HAL implementations +vendor_internal_prop(rebootescrow_hal_prop) + +# Properties which are public for devices launching with Android O or earlier +# This should not be used for any new properties. +not_compatible_property(` + # DO NOT ADD ANY PROPERTIES HERE + system_public_prop(boottime_prop) + system_public_prop(bpf_progs_loaded_prop) + system_public_prop(charger_prop) + system_public_prop(cold_boot_done_prop) + system_public_prop(ctl_adbd_prop) + system_public_prop(ctl_apexd_prop) + system_public_prop(ctl_bootanim_prop) + system_public_prop(ctl_bugreport_prop) + system_public_prop(ctl_console_prop) + system_public_prop(ctl_dumpstate_prop) + system_public_prop(ctl_fuse_prop) + system_public_prop(ctl_gsid_prop) + system_public_prop(ctl_interface_restart_prop) + system_public_prop(ctl_interface_stop_prop) + system_public_prop(ctl_mdnsd_prop) + system_public_prop(ctl_restart_prop) + system_public_prop(ctl_rildaemon_prop) + system_public_prop(ctl_sigstop_prop) + system_public_prop(dynamic_system_prop) + system_public_prop(heapprofd_enabled_prop) + system_public_prop(llkd_prop) + system_public_prop(lpdumpd_prop) + system_public_prop(mmc_prop) + system_public_prop(mock_ota_prop) + system_public_prop(net_dns_prop) + system_public_prop(overlay_prop) + system_public_prop(persistent_properties_ready_prop) + system_public_prop(safemode_prop) + system_public_prop(system_lmk_prop) + system_public_prop(system_trace_prop) + system_public_prop(test_boot_reason_prop) + system_public_prop(time_prop) + system_public_prop(traced_enabled_prop) + system_public_prop(traced_lazy_prop) + + system_public_prop(config_prop) + system_public_prop(cppreopt_prop) + system_public_prop(dalvik_prop) + system_public_prop(debuggerd_prop) + system_public_prop(default_prop) + system_public_prop(device_logging_prop) + system_public_prop(dhcp_prop) + system_public_prop(dumpstate_prop) + system_public_prop(exported2_default_prop) + system_public_prop(exported3_system_prop) + system_public_prop(exported_dumpstate_prop) + system_public_prop(exported_fingerprint_prop) + system_public_prop(exported_secure_prop) + system_public_prop(exported_vold_prop) + system_public_prop(ffs_prop) + system_public_prop(fingerprint_prop) + system_public_prop(heapprofd_prop) + system_public_prop(net_radio_prop) + system_public_prop(pan_result_prop) + system_public_prop(persist_debug_prop) + system_public_prop(shell_prop) + system_public_prop(system_radio_prop) + system_public_prop(test_harness_prop) + system_public_prop(theme_prop) + system_public_prop(use_memfd_prop) + system_public_prop(vold_prop) +') + +type vendor_default_prop, property_type; + +typeattribute log_prop log_property_type; +typeattribute log_tag_prop log_property_type; +typeattribute wifi_log_prop log_property_type; + +allow property_type tmpfs:filesystem associate; + +### +### Neverallow rules +### + +treble_sysprop_neverallow(` + +# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties +# neverallow domain { +# property_type +# -system_property_type +# -product_property_type +# -vendor_property_type +# }:file no_rw_file_perms; + +neverallow { domain -coredomain } { + system_property_type + system_internal_property_type + -system_restricted_property_type + -system_public_property_type +}:file no_rw_file_perms; + +neverallow { domain -coredomain } { + system_property_type + -system_public_property_type +}:property_service set; + +# init is in coredomain, but should be able to read/write all props. +# dumpstate is also in coredomain, but should be able to read all props. +neverallow { coredomain -init -dumpstate } { + vendor_property_type + vendor_internal_property_type + -vendor_restricted_property_type + -vendor_public_property_type +}:file no_rw_file_perms; + +neverallow { coredomain -init } { + vendor_property_type + -vendor_public_property_type +}:property_service set; + +') + +# There is no need to perform ioctl or advisory locking operations on +# property files. If this neverallow is being triggered, it is +# likely that the policy is using r_file_perms directly instead of +# the get_prop() macro. +neverallow domain property_type:file { ioctl lock }; + +# core_property_type should not be used for new properties or +# device specific properties. Properties with this attribute +# are readable to everyone, which is overly broad and should +# be avoided. +# New properties should have appropriate read / write access +# control rules written. + +typeattribute audio_prop core_property_type; +typeattribute config_prop core_property_type; +typeattribute cppreopt_prop core_property_type; +typeattribute dalvik_prop core_property_type; +typeattribute debuggerd_prop core_property_type; +typeattribute debug_prop core_property_type; +typeattribute default_prop core_property_type; +typeattribute dhcp_prop core_property_type; +typeattribute dumpstate_prop core_property_type; +typeattribute ffs_prop core_property_type; +typeattribute fingerprint_prop core_property_type; +typeattribute logd_prop core_property_type; +typeattribute net_radio_prop core_property_type; +typeattribute nfc_prop core_property_type; +typeattribute ota_prop core_property_type; +typeattribute pan_result_prop core_property_type; +typeattribute persist_debug_prop core_property_type; +typeattribute powerctl_prop core_property_type; +typeattribute radio_prop core_property_type; +typeattribute restorecon_prop core_property_type; +typeattribute shell_prop core_property_type; +typeattribute system_prop core_property_type; +typeattribute system_radio_prop core_property_type; +typeattribute vold_prop core_property_type; + +neverallow * { + core_property_type + -audio_prop + -config_prop + -cppreopt_prop + -dalvik_prop + -debuggerd_prop + -debug_prop + -default_prop + -dhcp_prop + -dumpstate_prop + -ffs_prop + -fingerprint_prop + -logd_prop + -net_radio_prop + -nfc_prop + -ota_prop + -pan_result_prop + -persist_debug_prop + -powerctl_prop + -radio_prop + -restorecon_prop + -shell_prop + -system_prop + -system_radio_prop + -vold_prop +}:file no_rw_file_perms; + +# sigstop property is only used for debugging; should only be set by su which is permissive +# for userdebug/eng +neverallow { + domain + -init + -vendor_init +} ctl_sigstop_prop:property_service set; + +# Don't audit legacy ctl. property handling. We only want the newer permission check to appear +# in the audit log +dontaudit domain { + ctl_bootanim_prop + ctl_bugreport_prop + ctl_console_prop + ctl_default_prop + ctl_dumpstate_prop + ctl_fuse_prop + ctl_mdnsd_prop + ctl_rildaemon_prop +}:property_service set; + +neverallow { + domain + -init +} init_svc_debug_prop:property_service set; + +neverallow { + domain + -init + -dumpstate + userdebug_or_eng(`-su') +} init_svc_debug_prop:file no_rw_file_perms; + +compatible_property_only(` +# Prevent properties from being set + neverallow { + domain + -coredomain + -appdomain + -vendor_init + } { + core_property_type + extended_core_property_type + exported_config_prop + exported_dalvik_prop + exported_default_prop + exported_dumpstate_prop + exported_ffs_prop + exported_fingerprint_prop + exported_system_prop + exported_system_radio_prop + exported_vold_prop + exported2_config_prop + exported2_default_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_system_prop + -nfc_prop + -powerctl_prop + -radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_nfc_server + } { + nfc_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + -vendor_init + } { + exported_radio_prop + exported3_radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + } { + exported2_radio_prop + radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + } { + bluetooth_prop + }:property_service set; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + -vendor_init + } { + exported_bluetooth_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_camera_server + -cameraserver + -vendor_init + } { + exported_camera_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + } { + wifi_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + -vendor_init + } { + exported_wifi_prop + }:property_service set; + +# Prevent properties from being read + neverallow { + domain + -coredomain + -appdomain + -vendor_init + } { + core_property_type + extended_core_property_type + exported_dalvik_prop + exported_ffs_prop + exported_system_radio_prop + exported2_config_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_system_prop + -debug_prop + -logd_prop + -nfc_prop + -powerctl_prop + -radio_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -appdomain + -hal_nfc_server + } { + nfc_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + } { + radio_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + } { + bluetooth_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + } { + wifi_prop + }:file no_rw_file_perms; +') + +compatible_property_only(` + # Neverallow coredomain to set vendor properties + neverallow { + coredomain + -init + -system_writes_vendor_properties_violators + } { + property_type + -system_property_type + -extended_core_property_type + }:property_service set; +') + +neverallow { + -init + -system_server +} { + userspace_reboot_log_prop +}:property_service set; + +neverallow { + # Only allow init and system_server to set system_adbd_prop + -init + -system_server +} { + system_adbd_prop +}:property_service set; + +neverallow { + # Only allow init and adbd to set adbd_prop + -init + -adbd +} { + adbd_prop +}:property_service set; + +neverallow { + # Only allow init and shell to set userspace_reboot_test_prop + -init + -shell +} { + userspace_reboot_test_prop +}:property_service set; diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts new file mode 100644 index 000000000..5abe85b82 --- /dev/null +++ b/prebuilts/api/30.0/public/property_contexts @@ -0,0 +1,468 @@ +# vendor-init-readable +persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool + +# vendor-init-settable +af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int +audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool +audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool +audio.offload.video u:object_r:exported3_default_prop:s0 exact bool +audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int +camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool +camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int +dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.dex2oat64.enabled u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int +drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool +external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool +external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool +keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool +media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool +media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string +media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool +persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string +persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool +persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool +persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool +persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string +persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int +persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int +persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int +persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string +persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string +persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool +persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool +persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int +persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string +persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int +pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool +pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int +pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string +ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int +ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int +ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool +ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool +ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string +ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string +ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string +ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int +ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool +ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool +ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool +ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string +ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int +ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string +ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool +ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string +ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string +ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int +ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool +ro.crypto.dm_default_key.options_format.version u:object_r:exported2_vold_prop:s0 exact int +ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int +ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool +ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string +ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string +ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool +ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string +ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool +ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string +ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int +ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int +ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.low u:object_r:exported3_default_prop:s0 exact int +ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int +ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int +ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int +ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int +ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int +ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string +ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int +ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string +ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int +ro.opengles.version u:object_r:exported3_default_prop:s0 exact int +ro.radio.noril u:object_r:exported3_default_prop:s0 exact string +ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string +ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string +ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool +ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool +ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int +ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool +ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool +ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int +ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string +ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string +ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string +ro.media.xml_variant.codecs u:object_r:media_variant_prop:s0 exact string +ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string +ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string +ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int +ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int +ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int +ro.zygote u:object_r:exported3_default_prop:s0 exact string +sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string +sys.usb.controller u:object_r:exported2_system_prop:s0 exact string +sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int +sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int +sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool +sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int +sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool +sys.usb.state u:object_r:exported2_system_prop:s0 exact string +telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int +tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int +vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int +vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool +wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded +zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool + +# vendor-init-readable +apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready +dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool +persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string +persist.sys.theme u:object_r:theme_prop:s0 exact string +persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string +sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool +sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int +sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool +sys.vdso u:object_r:exported3_system_prop:s0 exact string + +# vendor-init-settable +persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool +sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string +sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int + +# public-readable +aac_drc_boost u:object_r:exported2_default_prop:s0 exact int +aac_drc_cut u:object_r:exported2_default_prop:s0 exact int +aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int +aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int +aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int +build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int +ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int +drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool +dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool +dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool +hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool +init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string +init.svc.console u:object_r:exported2_default_prop:s0 exact string +init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string +init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string +init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string +init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string +init.svc.zygote u:object_r:exported2_default_prop:s0 exact string +libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string +libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string +libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string +net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool +persist.sys.locale u:object_r:exported_system_prop:s0 exact string +persist.sys.timezone u:object_r:exported_system_prop:s0 exact string +persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool +ro.adb.secure u:object_r:exported_secure_prop:s0 exact bool +ro.arch u:object_r:exported2_default_prop:s0 exact string +ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool +ro.baseband u:object_r:exported2_default_prop:s0 exact string +ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string +ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string +ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string +ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string +ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string +ro.boot.console u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string +ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string +ro.boot.mode u:object_r:exported2_default_prop:s0 exact string +ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string +ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string +ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string +ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string +ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string +ro.bootloader u:object_r:exported2_default_prop:s0 exact string +ro.build.date u:object_r:exported2_default_prop:s0 exact string +ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int +ro.build.description u:object_r:exported2_default_prop:s0 exact string +ro.build.display.id u:object_r:exported2_default_prop:s0 exact string +ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string +ro.build.host u:object_r:exported2_default_prop:s0 exact string +ro.build.id u:object_r:exported2_default_prop:s0 exact string +ro.build.product u:object_r:exported2_default_prop:s0 exact string +ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool +ro.build.tags u:object_r:exported2_default_prop:s0 exact string +ro.build.user u:object_r:exported2_default_prop:s0 exact string +ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string +ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string +ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string +ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int +ro.build.version.release u:object_r:exported2_default_prop:s0 exact string +ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string +ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int +ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string +ro.crypto.state u:object_r:exported_vold_prop:s0 exact enum encrypted unencrypted unsupported +ro.crypto.type u:object_r:exported_vold_prop:s0 exact enum block file none +ro.debuggable u:object_r:exported2_default_prop:s0 exact int +ro.hardware u:object_r:exported2_default_prop:s0 exact string +ro.product.brand u:object_r:exported2_default_prop:s0 exact string +ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string +ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string +ro.product.device u:object_r:exported2_default_prop:s0 exact string +ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string +ro.product.model u:object_r:exported2_default_prop:s0 exact string +ro.product.name u:object_r:exported2_default_prop:s0 exact string +ro.property_service.version u:object_r:exported2_default_prop:s0 exact int +ro.revision u:object_r:exported2_default_prop:s0 exact string +ro.secure u:object_r:exported_secure_prop:s0 exact int +ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool +service.bootanim.exit u:object_r:exported_system_prop:s0 exact int +sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int +sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool +sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool +vold.decrypt u:object_r:exported_vold_prop:s0 exact string + +# vendor-init-settable|public-readable +aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int +aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int +aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int +aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int +aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int +aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int +config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool +gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string +media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool +persist.rcs.supported u:object_r:exported_default_prop:s0 exact int +rcs.publish.status u:object_r:exported_radio_prop:s0 exact string +ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string +ro.board.platform u:object_r:exported_default_prop:s0 exact string +ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int +ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string +ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string +ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string +ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string +ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string +ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool +ro.build.ab_update u:object_r:exported_default_prop:s0 exact string +ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string +ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string +ro.carrier u:object_r:exported_default_prop:s0 exact string +ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool +ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int +ro.frp.pst u:object_r:exported_default_prop:s0 exact string +ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string +ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string +ro.hardware.camera u:object_r:exported_default_prop:s0 exact string +ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string +ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string +ro.hardware.egl u:object_r:exported_default_prop:s0 exact string +ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.hardware.flp u:object_r:exported_default_prop:s0 exact string +ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string +ro.hardware.gps u:object_r:exported_default_prop:s0 exact string +ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string +ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string +ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string +ro.hardware.input u:object_r:exported_default_prop:s0 exact string +ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string +ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string +ro.hardware.lights u:object_r:exported_default_prop:s0 exact string +ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string +ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string +ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string +ro.hardware.power u:object_r:exported_default_prop:s0 exact string +ro.hardware.radio u:object_r:exported_default_prop:s0 exact string +ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string +ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string +ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string +ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string +ro.hardware.type u:object_r:exported_default_prop:s0 exact string +ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string +ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string +ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string +ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string +ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool +ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool +ro.kernel.qemu. u:object_r:exported_default_prop:s0 +ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int +ro.kernel.ebpf.supported u:object_r:exported_default_prop:s0 exact bool +ro.odm.build.date u:object_r:exported_default_prop:s0 exact string +ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string +ro.oem.key1 u:object_r:exported_default_prop:s0 exact string +ro.product.board u:object_r:exported_default_prop:s0 exact string +ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string +ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string +ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int +ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string +ro.product.odm.device u:object_r:exported_default_prop:s0 exact string +ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string +ro.product.odm.model u:object_r:exported_default_prop:s0 exact string +ro.product.odm.name u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string +ro.product.vndk.version u:object_r:vndk_prop:s0 exact string +ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted +ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string +ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string +ro.vndk.lite u:object_r:vndk_prop:s0 exact bool +ro.vndk.version u:object_r:vndk_prop:s0 exact string +ro.vts.coverage u:object_r:exported_default_prop:s0 exact int +wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string +wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string +wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string +wifi.direct.interface u:object_r:exported_default_prop:s0 exact string +wifi.interface u:object_r:exported_default_prop:s0 exact string +ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool +ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool + +# public-readable +ro.boot.revision u:object_r:exported2_default_prop:s0 exact string +ro.bootmode u:object_r:exported2_default_prop:s0 exact string +ro.build.type u:object_r:exported2_default_prop:s0 exact string +sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string + +# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable +ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.max_graphics_height u:object_r:exported3_default_prop:s0 exact int +ro.surface_flinger.max_graphics_width u:object_r:exported3_default_prop:s0 exact int +ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact enum ORIENTATION_0 ORIENTATION_180 ORIENTATION_270 ORIENTATION_90 +ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool + +# Binder cache properties. These are world-readable +cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0 +cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0 +cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0 +cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0 +cache_key.display_info u:object_r:binder_cache_system_server_prop:s0 +cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0 +cache_key.package_info u:object_r:binder_cache_system_server_prop:s0 + +cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string +cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string +cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string diff --git a/prebuilts/api/30.0/public/racoon.te b/prebuilts/api/30.0/public/racoon.te new file mode 100644 index 000000000..688874024 --- /dev/null +++ b/prebuilts/api/30.0/public/racoon.te @@ -0,0 +1,34 @@ +# IKE key management daemon +type racoon, domain; +type racoon_exec, system_file_type, exec_type, file_type; + +typeattribute racoon mlstrustedsubject; + +net_domain(racoon) +allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK }; + +binder_use(racoon) + +allow racoon tun_device:chr_file r_file_perms; +allowxperm racoon tun_device:chr_file ioctl TUNSETIFF; +allow racoon cgroup:dir { add_name create }; +allow racoon kernel:system module_request; + +allow racoon self:key_socket create_socket_perms_no_ioctl; +allow racoon self:tun_socket create_socket_perms_no_ioctl; +allow racoon self:global_capability_class_set { net_admin net_bind_service net_raw }; + +# XXX: should we give ip-up-vpn its own label (currently racoon domain) +allow racoon system_file:file rx_file_perms; +not_full_treble(`allow racoon vendor_file:file rx_file_perms;') +allow racoon vpn_data_file:file create_file_perms; +allow racoon vpn_data_file:dir w_dir_perms; + +use_keystore(racoon) + +# Racoon (VPN) has a restricted set of permissions from the default. +allow racoon keystore:keystore_key { + get + sign + verify +}; diff --git a/prebuilts/api/30.0/public/radio.te b/prebuilts/api/30.0/public/radio.te new file mode 100644 index 000000000..34eaf83d0 --- /dev/null +++ b/prebuilts/api/30.0/public/radio.te @@ -0,0 +1,45 @@ +# phone subsystem +type radio, domain, mlstrustedsubject; + +net_domain(radio) +bluetooth_domain(radio) +binder_service(radio) + +# Talks to hal_telephony_server via the rild socket only for devices without full treble +not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)') + +# Data file accesses. +allow radio radio_data_file:dir create_dir_perms; +allow radio radio_data_file:notdevfile_class_set create_file_perms; + + +allow radio net_data_file:dir search; +allow radio net_data_file:file r_file_perms; + +# Property service +set_prop(radio, radio_prop) +set_prop(radio, exported_radio_prop) +set_prop(radio, exported2_radio_prop) +set_prop(radio, exported3_radio_prop) +set_prop(radio, net_radio_prop) + +# ctl interface +set_prop(radio, ctl_rildaemon_prop) + +add_service(radio, radio_service) +allow radio audioserver_service:service_manager find; +allow radio cameraserver_service:service_manager find; +allow radio drmserver_service:service_manager find; +allow radio mediaserver_service:service_manager find; +allow radio nfc_service:service_manager find; +allow radio app_api_service:service_manager find; +allow radio system_api_service:service_manager find; +allow radio timedetector_service:service_manager find; +allow radio timezonedetector_service:service_manager find; + +# Perform HwBinder IPC. +hwbinder_use(radio) +hal_client_domain(radio, hal_telephony) + +# Used by TelephonyManager +allow radio proc_cmdline:file r_file_perms; diff --git a/prebuilts/api/30.0/public/recovery.te b/prebuilts/api/30.0/public/recovery.te new file mode 100644 index 000000000..16b670f96 --- /dev/null +++ b/prebuilts/api/30.0/public/recovery.te @@ -0,0 +1,184 @@ +# recovery console (used in recovery init.rc for /sbin/recovery) + +# Declare the domain unconditionally so we can always reference it +# in neverallow rules. +type recovery, domain; + +# But the allow rules are only included in the recovery policy. +# Otherwise recovery is only allowed the domain rules. +recovery_only(` + # Allow recovery to perform an update as update_engine would do. + typeattribute recovery update_engine_common; + # Recovery can only use HALs in passthrough mode + passthrough_hal_client_domain(recovery, hal_bootctl) + + allow recovery self:global_capability_class_set { + chown + dac_override + dac_read_search + fowner + setuid + setgid + sys_admin + sys_tty_config + }; + + # Run helpers from / or /system without changing domain. + r_dir_file(recovery, rootfs) + allow recovery rootfs:file execute_no_trans; + allow recovery system_file:file execute_no_trans; + allow recovery toolbox_exec:file rx_file_perms; + + # Mount filesystems. + allow recovery rootfs:dir mounton; + allow recovery tmpfs:dir mounton; + allow recovery fs_type:filesystem ~relabelto; + allow recovery unlabeled:filesystem ~relabelto; + allow recovery contextmount_type:filesystem relabelto; + + # We may be asked to set an SELinux label for a type not known to the + # currently loaded policy. Allow it. + allow recovery unlabeled:{ file lnk_file } { create_file_perms relabelfrom relabelto }; + allow recovery unlabeled:dir { create_dir_perms relabelfrom relabelto }; + + # Get file contexts + allow recovery file_contexts_file:file r_file_perms; + + # Write to /proc/sys/vm/drop_caches + allow recovery proc_drop_caches:file w_file_perms; + + # Read /proc/swaps + allow recovery proc_swaps:file r_file_perms; + + # Read kernel config through libvintf for OTA matching + allow recovery config_gz:file { open read getattr }; + + # Write to /sys/class/android_usb/android0/enable. + r_dir_file(recovery, sysfs_android_usb) + allow recovery sysfs_android_usb:file w_file_perms; + + # Write to /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq. + allow recovery sysfs_devices_system_cpu:file w_file_perms; + + allow recovery sysfs_batteryinfo:file r_file_perms; + + # Read /sysfs/fs/ext4/features + r_dir_file(recovery, sysfs_fs_ext4_features) + + # Read from /sys/class/leds/lcd-backlight/max_brightness and write to /s/c/l/l/brightness to + # control backlight brightness. + allow recovery sysfs_leds:dir r_dir_perms; + allow recovery sysfs_leds:file rw_file_perms; + allow recovery sysfs_leds:lnk_file read; + + allow recovery kernel:system syslog_read; + + # Access /dev/usb-ffs/adb/ep0 + allow recovery functionfs:dir search; + allow recovery functionfs:file rw_file_perms; + allowxperm recovery functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC; + + # Access to /sys/fs/selinux/policyvers for compatibility check + allow recovery selinuxfs:file r_file_perms; + + # Required to e.g. wipe userdata/cache. + allow recovery device:dir r_dir_perms; + allow recovery block_device:dir r_dir_perms; + allow recovery dev_type:blk_file rw_file_perms; + allowxperm recovery { userdata_block_device metadata_block_device cache_block_device }:blk_file ioctl BLKPBSZGET; + + # GUI + allow recovery graphics_device:chr_file rw_file_perms; + allow recovery graphics_device:dir r_dir_perms; + allow recovery input_device:dir r_dir_perms; + allow recovery input_device:chr_file r_file_perms; + allow recovery tty_device:chr_file rw_file_perms; + + # Create /tmp/recovery.log and execute /tmp/update_binary. + allow recovery tmpfs:file { create_file_perms x_file_perms }; + allow recovery tmpfs:dir create_dir_perms; + + # Manage files on /cache and /cache/recovery + allow recovery { cache_file cache_recovery_file }:dir create_dir_perms; + allow recovery { cache_file cache_recovery_file }:file create_file_perms; + + # Read /sys/class/thermal/*/temp for thermal info. + r_dir_file(recovery, sysfs_thermal) + + # Read files on /oem. + r_dir_file(recovery, oemfs); + + # Reboot the device + set_prop(recovery, powerctl_prop) + + # Read serial number of the device from system properties + get_prop(recovery, serialno_prop) + + # Set sys.usb.ffs.ready when starting minadbd for sideload. + set_prop(recovery, ffs_prop) + set_prop(recovery, exported_ffs_prop) + + # Set sys.usb.config when switching into fastboot. + set_prop(recovery, system_radio_prop) + set_prop(recovery, exported_system_radio_prop) + + # Read ro.boot.bootreason + get_prop(recovery, bootloader_boot_reason_prop) + + # Read storage properties (for correctly formatting filesystems) + get_prop(recovery, storage_config_prop) + + # Use setfscreatecon() to label files for OTA updates. + allow recovery self:process setfscreate; + + # Allow recovery to create a fuse filesystem, and read files from it. + allow recovery fuse_device:chr_file rw_file_perms; + allow recovery fuse:dir r_dir_perms; + allow recovery fuse:file r_file_perms; + + wakelock_use(recovery) + + # This line seems suspect, as it should not really need to + # set scheduling parameters for a kernel domain task. + allow recovery kernel:process setsched; + + # These are needed to update dynamic partitions in recovery. + r_dir_file(recovery, sysfs_dm) + allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; + + # Allow using libfiemap/gsid directly (no binder in recovery). + set_prop(recovery, gsid_prop) + allow recovery gsi_metadata_file:dir search; + allow recovery ota_metadata_file:dir rw_dir_perms; + allow recovery ota_metadata_file:file create_file_perms; + + # Allow mounting /metadata for writing update states + allow recovery metadata_file:dir { getattr mounton }; +') + +### +### neverallow rules +### + +# Recovery should never touch /data. +# +# In particular, if /data is encrypted, it is not accessible +# to recovery anyway. +# +# For now, we only enforce write/execute restrictions, as domain.te +# contains a number of read-only rules that apply to all +# domains, including recovery. +# +# TODO: tighten this up further. +neverallow recovery { + data_file_type + -cache_file + -cache_recovery_file + with_native_coverage(`-method_trace_data_file') +}:file { no_w_file_perms no_x_file_perms }; +neverallow recovery { + data_file_type + -cache_file + -cache_recovery_file + with_native_coverage(`-method_trace_data_file') +}:dir no_w_dir_perms; diff --git a/prebuilts/api/30.0/public/recovery_persist.te b/prebuilts/api/30.0/public/recovery_persist.te new file mode 100644 index 000000000..d4b456201 --- /dev/null +++ b/prebuilts/api/30.0/public/recovery_persist.te @@ -0,0 +1,32 @@ +# android recovery persistent log manager +type recovery_persist, domain; +type recovery_persist_exec, system_file_type, exec_type, file_type; + +allow recovery_persist pstorefs:dir search; +allow recovery_persist pstorefs:file r_file_perms; + +allow recovery_persist recovery_data_file:file create_file_perms; +allow recovery_persist recovery_data_file:dir create_dir_perms; + +allow recovery_persist cache_file:dir search; +allow recovery_persist cache_file:lnk_file read; +allow recovery_persist cache_recovery_file:dir rw_dir_perms; +allow recovery_persist cache_recovery_file:file { r_file_perms unlink }; + +### +### Neverallow rules +### +### recovery_persist should NEVER do any of this + +# Block device access. +neverallow recovery_persist dev_type:blk_file { read write }; + +# ptrace any other app +neverallow recovery_persist domain:process ptrace; + +# Write to /system. +neverallow recovery_persist system_file:dir_file_class_set write; + +# Write to files in /data/data +neverallow recovery_persist { privapp_data_file app_data_file system_data_file }:dir_file_class_set write; + diff --git a/prebuilts/api/30.0/public/recovery_refresh.te b/prebuilts/api/30.0/public/recovery_refresh.te new file mode 100644 index 000000000..d6870dcb2 --- /dev/null +++ b/prebuilts/api/30.0/public/recovery_refresh.te @@ -0,0 +1,24 @@ +# android recovery refresh log manager +type recovery_refresh, domain; +type recovery_refresh_exec, system_file_type, exec_type, file_type; + +allow recovery_refresh pstorefs:dir search; +allow recovery_refresh pstorefs:file r_file_perms; +# NB: domain inherits write_logd which hands us write to pmsg_device + +### +### Neverallow rules +### +### recovery_refresh should NEVER do any of this + +# Block device access. +neverallow recovery_refresh dev_type:blk_file { read write }; + +# ptrace any other app +neverallow recovery_refresh domain:process ptrace; + +# Write to /system. +neverallow recovery_refresh system_file:dir_file_class_set write; + +# Write to files in /data/data or system files on /data +neverallow recovery_refresh { app_data_file privapp_data_file system_data_file }:dir_file_class_set write; diff --git a/prebuilts/api/30.0/public/roles b/prebuilts/api/30.0/public/roles new file mode 100644 index 000000000..ca9293439 --- /dev/null +++ b/prebuilts/api/30.0/public/roles @@ -0,0 +1 @@ +role r types domain; diff --git a/prebuilts/api/30.0/public/rs.te b/prebuilts/api/30.0/public/rs.te new file mode 100644 index 000000000..16b6e9630 --- /dev/null +++ b/prebuilts/api/30.0/public/rs.te @@ -0,0 +1,2 @@ +type rs, domain, coredomain; +type rs_exec, system_file_type, exec_type, file_type; diff --git a/prebuilts/api/30.0/public/rss_hwm_reset.te b/prebuilts/api/30.0/public/rss_hwm_reset.te new file mode 100644 index 000000000..163e1acde --- /dev/null +++ b/prebuilts/api/30.0/public/rss_hwm_reset.te @@ -0,0 +1,2 @@ +# rss_hwm_reset resets RSS high-water mark counters for all procesess. +type rss_hwm_reset, domain, coredomain, mlstrustedsubject; diff --git a/prebuilts/api/30.0/public/runas.te b/prebuilts/api/30.0/public/runas.te new file mode 100644 index 000000000..356a0190c --- /dev/null +++ b/prebuilts/api/30.0/public/runas.te @@ -0,0 +1,43 @@ +type runas, domain, mlstrustedsubject; +type runas_exec, system_file_type, exec_type, file_type; + +allow runas adbd:fd use; +allow runas adbd:process sigchld; +allow runas adbd:unix_stream_socket { read write }; +allow runas shell:fd use; +allow runas shell:fifo_file { read write }; +allow runas shell:unix_stream_socket { read write }; +allow runas devpts:chr_file { read write ioctl }; +allow runas shell_data_file:file { read write }; + +# run-as reads package information. +allow runas system_data_file:file r_file_perms; +allow runas system_data_file:lnk_file getattr; +allow runas packages_list_file:file r_file_perms; + +# The app's data dir may be accessed through a symlink. +allow runas system_data_file:lnk_file read; + +# run-as checks and changes to the app data dir. +dontaudit runas self:global_capability_class_set { dac_override dac_read_search }; +allow runas app_data_file:dir { getattr search }; + +# run-as switches to the app UID/GID. +allow runas self:global_capability_class_set { setuid setgid }; + +# run-as switches to the app security context. +selinux_check_context(runas) # validate context +allow runas self:process setcurrent; +allow runas non_system_app_set:process dyntransition; # setcon + +# runas/libselinux needs access to seapp_contexts_file to +# determine which domain to transition to. +allow runas seapp_contexts_file:file r_file_perms; + +### +### neverallow rules +### + +# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID +neverallow runas self:global_capability_class_set ~{ setuid setgid }; +neverallow runas self:global_capability2_class_set *; diff --git a/prebuilts/api/30.0/public/runas_app.te b/prebuilts/api/30.0/public/runas_app.te new file mode 100644 index 000000000..cdaa799c9 --- /dev/null +++ b/prebuilts/api/30.0/public/runas_app.te @@ -0,0 +1 @@ +type runas_app, domain; diff --git a/prebuilts/api/30.0/public/scheduler_service_server.te b/prebuilts/api/30.0/public/scheduler_service_server.te new file mode 100644 index 000000000..b3cede168 --- /dev/null +++ b/prebuilts/api/30.0/public/scheduler_service_server.te @@ -0,0 +1 @@ +add_hwservice(scheduler_service_server, fwk_scheduler_hwservice) diff --git a/prebuilts/api/30.0/public/sdcardd.te b/prebuilts/api/30.0/public/sdcardd.te new file mode 100644 index 000000000..1ae377082 --- /dev/null +++ b/prebuilts/api/30.0/public/sdcardd.te @@ -0,0 +1,45 @@ +type sdcardd, domain; +type sdcardd_exec, system_file_type, exec_type, file_type; + +allow sdcardd cgroup:dir create_dir_perms; +allow sdcardd fuse_device:chr_file rw_file_perms; +allow sdcardd rootfs:dir mounton; # TODO: deprecated in M +allow sdcardd sdcardfs:filesystem remount; +allow sdcardd tmpfs:dir r_dir_perms; +allow sdcardd mnt_media_rw_file:dir r_dir_perms; +allow sdcardd storage_file:dir search; +allow sdcardd storage_stub_file:dir { search mounton }; +allow sdcardd sdcard_type:filesystem { mount unmount }; +allow sdcardd self:global_capability_class_set { setuid setgid dac_override dac_read_search sys_admin sys_resource }; + +allow sdcardd sdcard_type:dir create_dir_perms; +allow sdcardd sdcard_type:file create_file_perms; + +allow sdcardd media_rw_data_file:dir create_dir_perms; +allow sdcardd media_rw_data_file:file create_file_perms; + +# Read /data/system/packages.list. +allow sdcardd system_data_file:file r_file_perms; +allow sdcardd packages_list_file:file r_file_perms; + +# Read /data/misc/installd/layout_version +allow sdcardd install_data_file:file r_file_perms; +allow sdcardd install_data_file:dir search; + +# Allow stdin/out back to vold +allow sdcardd vold:fd use; +allow sdcardd vold:fifo_file { read write getattr }; + +# Allow running on top of expanded storage +allow sdcardd mnt_expand_file:dir search; + +# access /proc/filesystems +allow sdcardd proc_filesystems:file r_file_perms; + +### +### neverallow rules +### + +# The sdcard daemon should no longer be started from init +neverallow init sdcardd_exec:file execute; +neverallow init sdcardd:process { transition dyntransition }; diff --git a/prebuilts/api/30.0/public/secure_element.te b/prebuilts/api/30.0/public/secure_element.te new file mode 100644 index 000000000..4ce6714f6 --- /dev/null +++ b/prebuilts/api/30.0/public/secure_element.te @@ -0,0 +1,2 @@ +# secure_element subsystem +type secure_element, domain; diff --git a/prebuilts/api/30.0/public/sensor_service_server.te b/prebuilts/api/30.0/public/sensor_service_server.te new file mode 100644 index 000000000..7c526a5f3 --- /dev/null +++ b/prebuilts/api/30.0/public/sensor_service_server.te @@ -0,0 +1 @@ +add_hwservice(sensor_service_server, fwk_sensor_hwservice) diff --git a/prebuilts/api/30.0/public/service.te b/prebuilts/api/30.0/public/service.te new file mode 100644 index 000000000..968e523cf --- /dev/null +++ b/prebuilts/api/30.0/public/service.te @@ -0,0 +1,225 @@ +type aidl_lazy_test_service, service_manager_type; +type apex_service, service_manager_type; +type audioserver_service, service_manager_type; +type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type; +type bluetooth_service, service_manager_type; +type cameraserver_service, service_manager_type; +type default_android_service, service_manager_type; +type dnsresolver_service, service_manager_type; +type drmserver_service, service_manager_type; +type dumpstate_service, service_manager_type; +type fingerprintd_service, service_manager_type; +type hal_fingerprint_service, service_manager_type; +type gatekeeper_service, app_api_service, service_manager_type; +type gpu_service, app_api_service, service_manager_type; +type idmap_service, service_manager_type; +type iorapd_service, service_manager_type; +type incident_service, service_manager_type; +type installd_service, service_manager_type; +type credstore_service, app_api_service, service_manager_type; +type keystore_service, service_manager_type; +type lpdump_service, service_manager_type; +type mediaserver_service, service_manager_type; +type mediametrics_service, service_manager_type; +type mediaextractor_service, service_manager_type; +type mediadrmserver_service, service_manager_type; +type mediatranscoding_service, app_api_service, service_manager_type; +type netd_service, service_manager_type; +type nfc_service, service_manager_type; +type radio_service, service_manager_type; +type secure_element_service, service_manager_type; +type service_manager_service, service_manager_type; +type storaged_service, service_manager_type; +type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type; +type system_app_service, service_manager_type; +type system_suspend_control_service, service_manager_type; +type update_engine_service, service_manager_type; +type virtual_touchpad_service, service_manager_type; +type vold_service, service_manager_type; +type vr_hwc_service, service_manager_type; +type vrflinger_vsync_service, service_manager_type; + +# system_server_services broken down +type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type account_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type activity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type activity_task_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type adb_service, system_api_service, system_server_service, service_manager_type; +type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type app_binding_service, system_server_service, service_manager_type; +type app_integrity_service, system_api_service, system_server_service, service_manager_type; +type app_prediction_service, app_api_service, system_server_service, service_manager_type; +type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type auth_service, app_api_service, system_server_service, service_manager_type; +type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type battery_service, system_server_service, service_manager_type; +type binder_calls_stats_service, system_server_service, service_manager_type; +type blob_store_service, app_api_service, system_server_service, service_manager_type; +type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type broadcastradio_service, system_server_service, service_manager_type; +type cameraproxy_service, system_server_service, service_manager_type; +type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type contexthub_service, app_api_service, system_server_service, service_manager_type; +type crossprofileapps_service, app_api_service, system_server_service, service_manager_type; +type IProxyService_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type companion_device_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type content_suggestions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +# Note: The coverage_service should only be enabled for userdebug / eng builds that were compiled +# with EMMA_INSTRUMENT=true. We should consider locking this down in the future. +type coverage_service, system_server_service, service_manager_type; +type cpuinfo_service, system_api_service, system_server_service, service_manager_type; +type dataloader_manager_service, system_server_service, service_manager_type; +type dbinfo_service, system_api_service, system_server_service, service_manager_type; +type device_config_service, system_server_service, service_manager_type; +type device_policy_service, app_api_service, system_server_service, service_manager_type; +type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type devicestoragemonitor_service, system_server_service, service_manager_type; +type diskstats_service, system_api_service, system_server_service, service_manager_type; +type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type color_display_service, system_api_service, system_server_service, service_manager_type; +type external_vibrator_service, system_server_service, service_manager_type; +type file_integrity_service, app_api_service, system_server_service, service_manager_type; +type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type netd_listener_service, system_server_service, service_manager_type; +type network_watchlist_service, system_server_service, service_manager_type; +type DockObserver_service, system_server_service, service_manager_type; +type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type lowpan_service, system_api_service, system_server_service, service_manager_type; +type ethernet_service, app_api_service, system_server_service, service_manager_type; +type biometric_service, app_api_service, system_server_service, service_manager_type; +type bugreport_service, system_api_service, system_server_service, service_manager_type; +type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type face_service, app_api_service, system_server_service, service_manager_type; +type fingerprint_service, app_api_service, system_server_service, service_manager_type; +type gfxinfo_service, system_api_service, system_server_service, service_manager_type; +type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type hardware_service, system_server_service, service_manager_type; +type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type hdmi_control_service, system_api_service, system_server_service, service_manager_type; +type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type incremental_service, system_server_service, service_manager_type; +type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type iris_service, app_api_service, system_server_service, service_manager_type; +type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type light_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type lock_settings_service, system_api_service, system_server_service, service_manager_type; +type looper_stats_service, system_server_service, service_manager_type; +type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type meminfo_service, system_api_service, system_server_service, service_manager_type; +type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type network_score_service, system_api_service, system_server_service, service_manager_type; +type network_stack_service, system_server_service, service_manager_type; +type network_time_update_service, system_server_service, service_manager_type; +type notification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type oem_lock_service, system_api_service, system_server_service, service_manager_type; +type otadexopt_service, system_server_service, service_manager_type; +type overlay_service, system_api_service, system_server_service, service_manager_type; +type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type package_native_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type permissionmgr_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type persistent_data_block_service, system_api_service, system_server_service, service_manager_type; +type pinner_service, system_server_service, service_manager_type; +type power_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type print_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type processinfo_service, system_server_service, service_manager_type; +type procstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type recovery_service, system_server_service, service_manager_type; +type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type role_service, app_api_service, system_server_service, service_manager_type; +type rollback_service, app_api_service, system_server_service, service_manager_type; +type runtime_service, system_server_service, service_manager_type; +type rttmanager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type samplingprofiler_service, system_server_service, service_manager_type; +type scheduling_policy_service, system_server_service, service_manager_type; +type search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type; +type sensorservice_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type sensor_privacy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type serial_service, system_api_service, system_server_service, service_manager_type; +type servicediscovery_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type settings_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type shortcut_service, app_api_service, system_server_service, service_manager_type; +type slice_service, app_api_service, system_server_service, service_manager_type; +type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type system_config_service, system_api_service, system_server_service, service_manager_type; +type system_update_service, system_server_service, service_manager_type; +type soundtrigger_middleware_service, system_server_service, service_manager_type; +type task_service, system_server_service, service_manager_type; +type testharness_service, system_server_service, service_manager_type; +type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type timedetector_service, system_server_service, service_manager_type; +type timezone_service, system_server_service, service_manager_type; +type timezonedetector_service, system_server_service, service_manager_type; +type trust_service, app_api_service, system_server_service, service_manager_type; +type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type tv_tuner_resource_mgr_service, system_server_service, service_manager_type; +type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type updatelock_service, system_api_service, system_server_service, service_manager_type; +type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type usagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type usb_service, app_api_service, system_server_service, service_manager_type; +type user_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type vibrator_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type voiceinteraction_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type vr_manager_service, system_server_service, service_manager_type; +type wallpaper_service, app_api_service, system_server_service, service_manager_type; +type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type wifip2p_service, app_api_service, system_server_service, service_manager_type; +type wifiscanner_service, system_api_service, system_server_service, service_manager_type; +type wifi_service, app_api_service, system_server_service, service_manager_type; +type wifinl80211_service, service_manager_type; +type wifiaware_service, app_api_service, system_server_service, service_manager_type; +type window_service, system_api_service, system_server_service, service_manager_type; +type inputflinger_service, system_api_service, system_server_service, service_manager_type; +type wpantund_service, system_api_service, service_manager_type; +type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type emergency_affordance_service, system_server_service, service_manager_type; + +### +### HAL Services +### + +type hal_identity_service, vendor_service, service_manager_type; +type hal_light_service, vendor_service, service_manager_type; +type hal_power_service, vendor_service, service_manager_type; +type hal_rebootescrow_service, vendor_service, service_manager_type; +type hal_vibrator_service, vendor_service, service_manager_type; + +### +### Neverallow rules +### + +# servicemanager handles registering or looking up named services. +# It does not make sense to register or lookup something which is not a service. +# Trigger a compile error if this occurs. +neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find }; diff --git a/prebuilts/api/30.0/public/servicemanager.te b/prebuilts/api/30.0/public/servicemanager.te new file mode 100644 index 000000000..10347d913 --- /dev/null +++ b/prebuilts/api/30.0/public/servicemanager.te @@ -0,0 +1,27 @@ +# servicemanager - the Binder context manager +type servicemanager, domain, mlstrustedsubject; +type servicemanager_exec, system_file_type, exec_type, file_type; + +# Note that we do not use the binder_* macros here. +# servicemanager is unique in that it only provides +# name service (aka context manager) for Binder. +# As such, it only ever receives and transfers other references +# created by other domains. It never passes its own references +# or initiates a Binder IPC. +allow servicemanager self:binder set_context_mgr; +allow servicemanager { + domain + -init + -vendor_init + -hwservicemanager + -vndservicemanager +}:binder transfer; + +allow servicemanager service_contexts_file:file r_file_perms; +# nonplat_service_contexts only accessible on non full-treble devices +not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;') + +add_service(servicemanager, service_manager_service) + +# Check SELinux permissions. +selinux_check_access(servicemanager) diff --git a/prebuilts/api/30.0/public/sgdisk.te b/prebuilts/api/30.0/public/sgdisk.te new file mode 100644 index 000000000..9d7124983 --- /dev/null +++ b/prebuilts/api/30.0/public/sgdisk.te @@ -0,0 +1,34 @@ +# sgdisk called from vold +type sgdisk, domain; +type sgdisk_exec, system_file_type, exec_type, file_type; + +# Allowed to read/write low-level partition tables +allow sgdisk block_device:dir search; +allow sgdisk vold_device:blk_file rw_file_perms; +# HDIO_GETGEO needed to get the number of disk heads +# on vold_device. How quaint. +allowxperm sgdisk vold_device:blk_file ioctl { HDIO_GETGEO }; +# sgdisk also uses BLKGETSIZE and BLKGETSIZE64. BLKGETSIZE64 +# is granted to all block device users in domain.te, so +# no need to mention it here. sgdisk should not be +# using the BLKGETSIZE ioctl as it is useless for devices over +# 2T in size, but we allow it for now and hope that sgdisk +# will fix their bug. +allowxperm sgdisk vold_device:blk_file ioctl { BLKGETSIZE }; +# Force a re-read of the partition table. +allowxperm sgdisk vold_device:blk_file ioctl { BLKRRPART }; + +# Inherit and use pty created by android_fork_execvp() +allow sgdisk devpts:chr_file { read write ioctl getattr }; + +# Allow stdin/out back to vold +allow sgdisk vold:fd use; +allow sgdisk vold:fifo_file { read write getattr }; + +# Used to probe kernel to reload partition tables +allow sgdisk self:global_capability_class_set sys_admin; + +# Only allow entry from vold +neverallow { domain -vold } sgdisk:process transition; +neverallow * sgdisk:process dyntransition; +neverallow sgdisk { file_type fs_type -sgdisk_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/public/shared_relro.te b/prebuilts/api/30.0/public/shared_relro.te new file mode 100644 index 000000000..8e58e421a --- /dev/null +++ b/prebuilts/api/30.0/public/shared_relro.te @@ -0,0 +1,11 @@ +# Process which creates/updates shared RELRO files to be used by other apps. +type shared_relro, domain; + +# Grant write access to the shared relro files/directory. +allow shared_relro shared_relro_file:dir rw_dir_perms; +allow shared_relro shared_relro_file:file create_file_perms; + +# Needs to contact the "webviewupdate" and "activity" services +allow shared_relro activity_service:service_manager find; +allow shared_relro webviewupdate_service:service_manager find; +allow shared_relro package_service:service_manager find; diff --git a/prebuilts/api/30.0/public/shell.te b/prebuilts/api/30.0/public/shell.te new file mode 100644 index 000000000..c0412ebfd --- /dev/null +++ b/prebuilts/api/30.0/public/shell.te @@ -0,0 +1,265 @@ +# Domain for shell processes spawned by ADB or console service. +type shell, domain, mlstrustedsubject; +type shell_exec, system_file_type, exec_type, file_type; + +# Create and use network sockets. +net_domain(shell) + +# logcat +read_logd(shell) +control_logd(shell) +# logcat -L (directly, or via dumpstate) +allow shell pstorefs:dir search; +allow shell pstorefs:file r_file_perms; + +# Root fs. +allow shell rootfs:dir r_dir_perms; + +# read files in /data/anr +allow shell anr_data_file:dir r_dir_perms; +allow shell anr_data_file:file r_file_perms; + +# Access /data/local/tmp. +allow shell shell_data_file:dir create_dir_perms; +allow shell shell_data_file:file create_file_perms; +allow shell shell_data_file:file rx_file_perms; +allow shell shell_data_file:lnk_file create_file_perms; + +# Read and delete from /data/local/traces. +allow shell trace_data_file:file { r_file_perms unlink }; +allow shell trace_data_file:dir { r_dir_perms remove_name write }; + +# Access /data/misc/profman. +allow shell profman_dump_data_file:dir { write remove_name r_dir_perms }; +allow shell profman_dump_data_file:file { unlink r_file_perms }; + +# Read/execute files in /data/nativetest +userdebug_or_eng(` + allow shell nativetest_data_file:dir r_dir_perms; + allow shell nativetest_data_file:file rx_file_perms; +') + +# adb bugreport +unix_socket_connect(shell, dumpstate, dumpstate) + +allow shell devpts:chr_file rw_file_perms; +allow shell tty_device:chr_file rw_file_perms; +allow shell console_device:chr_file rw_file_perms; + +allow shell input_device:dir r_dir_perms; +allow shell input_device:chr_file r_file_perms; + +r_dir_file(shell, system_file) +allow shell system_file:file x_file_perms; +allow shell toolbox_exec:file rx_file_perms; +allow shell tzdatacheck_exec:file rx_file_perms; +allow shell shell_exec:file rx_file_perms; +allow shell zygote_exec:file rx_file_perms; + +r_dir_file(shell, apk_data_file) + +# Set properties. +set_prop(shell, shell_prop) +set_prop(shell, ctl_bugreport_prop) +set_prop(shell, ctl_dumpstate_prop) +set_prop(shell, dumpstate_prop) +set_prop(shell, exported_dumpstate_prop) +set_prop(shell, debug_prop) +set_prop(shell, powerctl_prop) +set_prop(shell, log_tag_prop) +set_prop(shell, wifi_log_prop) +# Allow shell to start/stop traced via the persist.traced.enable +# property (which also takes care of /data/misc initialization). +set_prop(shell, traced_enabled_prop) +# adjust is_loggable properties +userdebug_or_eng(`set_prop(shell, log_prop)') +# logpersist script +userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)') +# Allow shell to start/stop heapprofd via the persist.heapprofd.enable +# property. +set_prop(shell, heapprofd_enabled_prop) +# Allow shell to start/stop traced_perf via the persist.traced_perf.enable +# property. +set_prop(shell, traced_perf_enabled_prop) +# Allow shell to start/stop gsid via ctl.start|stop|restart gsid. +set_prop(shell, ctl_gsid_prop) +# Allow shell to enable Dynamic System Update +set_prop(shell, dynamic_system_prop) +# Allow shell to mock an OTA using persist.pm.mock-upgrade +set_prop(shell, mock_ota_prop) + +userdebug_or_eng(` + # "systrace --boot" support - allow boottrace service to run + allow shell boottrace_data_file:dir rw_dir_perms; + allow shell boottrace_data_file:file create_file_perms; + set_prop(shell, persist_debug_prop) +') + +# Read device's serial number from system properties +get_prop(shell, serialno_prop) + +# Allow shell to read the vendor security patch level for CTS +get_prop(shell, vendor_security_patch_level_prop) + +# Read state of logging-related properties +get_prop(shell, device_logging_prop) + +# Read state of boot reason properties +get_prop(shell, bootloader_boot_reason_prop) +get_prop(shell, last_boot_reason_prop) +get_prop(shell, system_boot_reason_prop) + +# Allow reading the outcome of perf_event_open LSM support test for CTS. +get_prop(shell, init_perf_lsm_hooks_prop) + +# allow shell access to services +allow shell servicemanager:service_manager list; +# don't allow shell to access GateKeeper service +# TODO: why is this so broad? Tightening candidate? It needs at list: +# - dumpstate_service (so it can receive dumpstate progress updates) +allow shell { + service_manager_type + -apex_service + -dnsresolver_service + -gatekeeper_service + -incident_service + -installd_service + -iorapd_service + -netd_service + -system_suspend_control_service + -virtual_touchpad_service + -vold_service + -vr_hwc_service + -default_android_service +}:service_manager find; +allow shell dumpstate:binder call; + +# allow shell to get information from hwservicemanager +# for instance, listing hardware services with lshal +hwbinder_use(shell) +allow shell hwservicemanager:hwservice_manager list; + +# allow shell to look through /proc/ for lsmod, ps, top, netstat, vmstat. +r_dir_file(shell, proc_net_type) + +allow shell { + proc_asound + proc_filesystems + proc_interrupts + proc_loadavg # b/124024827 + proc_meminfo + proc_modules + proc_pid_max + proc_slabinfo + proc_stat + proc_timer + proc_uptime + proc_version + proc_vmstat + proc_zoneinfo +}:file r_file_perms; + +# allow listing network interfaces under /sys/class/net. +allow shell sysfs_net:dir r_dir_perms; + +r_dir_file(shell, cgroup) +allow shell domain:dir { search open read getattr }; +allow shell domain:{ file lnk_file } { open read getattr }; + +# statvfs() of /proc and other labeled filesystems +# (yaffs2, jffs2, ext2, ext3, ext4, xfs, btrfs, f2fs, squashfs, overlay) +allow shell { proc labeledfs }:filesystem getattr; + +# stat() of /dev +allow shell device:dir getattr; + +# allow shell to read /proc/pid/attr/current for ps -Z +allow shell domain:process getattr; + +# Allow pulling the SELinux policy for CTS purposes +allow shell selinuxfs:dir r_dir_perms; +allow shell selinuxfs:file r_file_perms; + +# enable shell domain to read/write files/dirs for bootchart data +# User will creates the start and stop file via adb shell +# and read other files created by init process under /data/bootchart +allow shell bootchart_data_file:dir rw_dir_perms; +allow shell bootchart_data_file:file create_file_perms; + +# Make sure strace works for the non-privileged shell user +allow shell self:process ptrace; + +# allow shell to get battery info +allow shell sysfs:dir r_dir_perms; +allow shell sysfs_batteryinfo:dir r_dir_perms; +allow shell sysfs_batteryinfo:file r_file_perms; + +# Allow access to ion memory allocation device. +allow shell ion_device:chr_file rw_file_perms; + +# +# filesystem test for insecure chr_file's is done +# via a host side test +# +allow shell dev_type:dir r_dir_perms; +allow shell dev_type:chr_file getattr; + +# /dev/fd is a symlink +allow shell proc:lnk_file getattr; + +# +# filesystem test for insucre blk_file's is done +# via hostside test +# +allow shell dev_type:blk_file getattr; + +# read selinux policy files +allow shell file_contexts_file:file r_file_perms; +allow shell property_contexts_file:file r_file_perms; +allow shell seapp_contexts_file:file r_file_perms; +allow shell service_contexts_file:file r_file_perms; +allow shell sepolicy_file:file r_file_perms; + +# Allow shell to start up vendor shell +allow shell vendor_shell_exec:file rx_file_perms; + +# Everything is labeled as rootfs in recovery mode. Allow shell to +# execute them. +recovery_only(` + allow shell rootfs:file rx_file_perms; +') + +### +### Neverallow rules +### + +# Do not allow shell to hard link to any files. +# In particular, if shell hard links to app data +# files, installd will not be able to guarantee the deletion +# of the linked to file. Hard links also contribute to security +# bugs, so we want to ensure the shell user never has this +# capability. +neverallow shell file_type:file link; + +# Do not allow privileged socket ioctl commands +neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; + +# limit shell access to sensitive char drivers to +# only getattr required for host side test. +neverallow shell { + fuse_device + hw_random_device + port_device +}:chr_file ~getattr; + +# Limit shell to only getattr on blk devices for host side tests. +neverallow shell dev_type:blk_file ~getattr; + +# b/30861057: Shell access to existing input devices is an abuse +# vector. The shell user can inject events that look like they +# originate from the touchscreen etc. +# Everyone should have already moved to UiAutomation#injectInputEvent +# if they are running instrumentation tests (i.e. CTS), Monkey for +# their stress tests, and the input command (adb shell input ...) for +# injecting swipes and things. +neverallow shell input_device:chr_file no_w_file_perms; diff --git a/prebuilts/api/30.0/public/simpleperf.te b/prebuilts/api/30.0/public/simpleperf.te new file mode 100644 index 000000000..218fee77a --- /dev/null +++ b/prebuilts/api/30.0/public/simpleperf.te @@ -0,0 +1 @@ +type simpleperf, domain; diff --git a/prebuilts/api/30.0/public/simpleperf_app_runner.te b/prebuilts/api/30.0/public/simpleperf_app_runner.te new file mode 100644 index 000000000..b7ff7a032 --- /dev/null +++ b/prebuilts/api/30.0/public/simpleperf_app_runner.te @@ -0,0 +1,43 @@ +type simpleperf_app_runner, domain, mlstrustedsubject; +type simpleperf_app_runner_exec, system_file_type, exec_type, file_type; + +# run simpleperf_app_runner in adb shell. +allow simpleperf_app_runner adbd:fd use; +allow simpleperf_app_runner shell:fd use; +allow simpleperf_app_runner devpts:chr_file { read write ioctl }; + +# simpleperf_app_runner reads package information. +allow simpleperf_app_runner system_data_file:file r_file_perms; +allow simpleperf_app_runner system_data_file:lnk_file getattr; +allow simpleperf_app_runner packages_list_file:file r_file_perms; + +# The app's data dir may be accessed through a symlink. +allow simpleperf_app_runner system_data_file:lnk_file read; + +# simpleperf_app_runner switches to the app UID/GID. +allow simpleperf_app_runner self:global_capability_class_set { setuid setgid }; + +# simpleperf_app_runner switches to the app security context. +selinux_check_context(simpleperf_app_runner) # validate context +allow simpleperf_app_runner self:process setcurrent; +allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon + +# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to +# determine which domain to transition to. +allow simpleperf_app_runner seapp_contexts_file:file r_file_perms; + +# simpleperf_app_runner passes pipe fds. +allow simpleperf_app_runner shell:fifo_file read; + +# simpleperf_app_runner checks shell data paths. +# simpleperf_app_runner passes shell data fds. +allow simpleperf_app_runner shell_data_file:dir { getattr search }; +allow simpleperf_app_runner shell_data_file:file { getattr write }; + +### +### neverallow rules +### + +# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID +neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid }; +neverallow simpleperf_app_runner self:global_capability2_class_set *; diff --git a/prebuilts/api/30.0/public/slideshow.te b/prebuilts/api/30.0/public/slideshow.te new file mode 100644 index 000000000..10fbbb852 --- /dev/null +++ b/prebuilts/api/30.0/public/slideshow.te @@ -0,0 +1,14 @@ +# slideshow seclabel is specified in init.rc since +# it lives in the rootfs and has no unique file type. +type slideshow, domain; + +allow slideshow kmsg_device:chr_file rw_file_perms; +wakelock_use(slideshow) +allow slideshow device:dir r_dir_perms; +allow slideshow self:global_capability_class_set sys_tty_config; +allow slideshow graphics_device:dir r_dir_perms; +allow slideshow graphics_device:chr_file rw_file_perms; +allow slideshow input_device:dir r_dir_perms; +allow slideshow input_device:chr_file r_file_perms; +allow slideshow tty_device:chr_file rw_file_perms; + diff --git a/prebuilts/api/30.0/public/stats_service_server.te b/prebuilts/api/30.0/public/stats_service_server.te new file mode 100644 index 000000000..564ae234e --- /dev/null +++ b/prebuilts/api/30.0/public/stats_service_server.te @@ -0,0 +1 @@ +add_hwservice(stats_service_server, fwk_stats_hwservice) diff --git a/prebuilts/api/30.0/public/statsd.te b/prebuilts/api/30.0/public/statsd.te new file mode 100644 index 000000000..435bbdfb1 --- /dev/null +++ b/prebuilts/api/30.0/public/statsd.te @@ -0,0 +1,78 @@ +type statsd, domain, mlstrustedsubject; + +type statsd_exec, system_file_type, exec_type, file_type; +binder_use(statsd) + +# Allow statsd to scan through /proc/pid for all processes. +r_dir_file(statsd, domain) + +# Allow executing files on system, such as running a shell or running: +# /system/bin/toolbox +# /system/bin/logcat +# /system/bin/dumpsys +allow statsd devpts:chr_file { getattr ioctl read write }; +allow statsd shell_exec:file rx_file_perms; +allow statsd system_file:file execute_no_trans; +allow statsd toolbox_exec:file rx_file_perms; + +userdebug_or_eng(` + allow statsd su:fifo_file read; +') + +# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system. +allow statsd stats_data_file:dir create_dir_perms; +allow statsd stats_data_file:file create_file_perms; + +# Allow statsd to make binder calls to any binder service. +binder_call(statsd, appdomain) +binder_call(statsd, healthd) +binder_call(statsd, incidentd) +binder_call(statsd, system_server) + +# Allow statsd to interact with gpuservice +allow statsd gpu_service:service_manager find; +binder_call(statsd, gpuservice) + +# Allow logd access. +read_logd(statsd) +control_logd(statsd) + +# Grant statsd with permissions to register the services. +allow statsd { + app_api_service + incident_service + system_api_service +}:service_manager find; + +# Grant statsd to access health hal to access battery metrics. +allow statsd hal_health_hwservice:hwservice_manager find; + +# Allow statsd to send dump info to dumpstate +allow statsd dumpstate:fd use; +allow statsd dumpstate:fifo_file { getattr write }; + +# Allow access to with hardware layer and process stats. +allow statsd proc_uid_cputime_showstat:file { getattr open read }; +hal_client_domain(statsd, hal_health) +hal_client_domain(statsd, hal_power) +hal_client_domain(statsd, hal_power_stats) +hal_client_domain(statsd, hal_thermal) + +# Allow 'adb shell cmd' to upload configs and download output. +allow statsd adbd:fd use; +allow statsd adbd:unix_stream_socket { getattr read write }; +allow statsd shell:fifo_file { getattr read write }; + +unix_socket_send(statsd, statsdw, statsd) + +### +### neverallow rules +### + +# Only statsd and the other root services in limited circumstances. +# can get to the files in /data/misc/stats-data, /data/misc/stats-service. +# Other services are prohibitted from accessing the file. +neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *; + +# Limited access to the directory itself. +neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *; diff --git a/prebuilts/api/30.0/public/su.te b/prebuilts/api/30.0/public/su.te new file mode 100644 index 000000000..99d460303 --- /dev/null +++ b/prebuilts/api/30.0/public/su.te @@ -0,0 +1,106 @@ +# All types must be defined regardless of build variant to ensure +# policy compilation succeeds with userdebug/user combination at boot +type su, domain; + +# File types must be defined for file_contexts. +type su_exec, system_file_type, exec_type, file_type; + +userdebug_or_eng(` + # Domain used for su processes, as well as for adbd and adb shell + # after performing an adb root command. The domain definition is + # wrapped to ensure that it does not exist at all on -user builds. + typeattribute su mlstrustedsubject; + + # Add su to various domains + net_domain(su) + + # grant su access to vndbinder + vndbinder_use(su) + + dontaudit su self:capability_class_set *; + dontaudit su kernel:security *; + dontaudit su { kernel file_type }:system *; + dontaudit su self:memprotect *; + dontaudit su domain:{ process process2 } *; + dontaudit su domain:fd *; + dontaudit su domain:dir *; + dontaudit su domain:lnk_file *; + dontaudit su domain:{ fifo_file file } *; + dontaudit su domain:socket_class_set *; + dontaudit su domain:ipc_class_set *; + dontaudit su domain:key *; + dontaudit su fs_type:filesystem *; + dontaudit su {fs_type dev_type file_type}:dir_file_class_set *; + dontaudit su node_type:node *; + dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *; + dontaudit su netif_type:netif *; + dontaudit su port_type:socket_class_set *; + dontaudit su port_type:{ tcp_socket dccp_socket } *; + dontaudit su domain:peer *; + dontaudit su domain:binder *; + dontaudit su property_type:property_service *; + dontaudit su property_type:file *; + dontaudit su service_manager_type:service_manager *; + dontaudit su hwservice_manager_type:hwservice_manager *; + dontaudit su vndservice_manager_type:service_manager *; + dontaudit su servicemanager:service_manager list; + dontaudit su hwservicemanager:hwservice_manager list; + dontaudit su vndservicemanager:service_manager list; + dontaudit su keystore:keystore_key *; + dontaudit su domain:drmservice *; + dontaudit su unlabeled:filesystem *; + dontaudit su postinstall_file:filesystem *; + dontaudit su domain:bpf *; + dontaudit su unlabeled:vsock_socket *; + dontaudit su self:perf_event *; + + # VTS tests run in the permissive su domain on debug builds, but the HALs + # being tested run in enforcing mode. Because hal_foo_server is enforcing + # su needs to be declared as hal_foo_client to grant hal_foo_server + # permission to interact with it. + typeattribute su halclientdomain; + typeattribute su hal_allocator_client; + typeattribute su hal_atrace_client; + typeattribute su hal_audio_client; + typeattribute su hal_authsecret_client; + typeattribute su hal_bluetooth_client; + typeattribute su hal_bootctl_client; + typeattribute su hal_camera_client; + typeattribute su hal_configstore_client; + typeattribute su hal_confirmationui_client; + typeattribute su hal_contexthub_client; + typeattribute su hal_drm_client; + typeattribute su hal_cas_client; + typeattribute su hal_dumpstate_client; + typeattribute su hal_fingerprint_client; + typeattribute su hal_gatekeeper_client; + typeattribute su hal_gnss_client; + typeattribute su hal_graphics_allocator_client; + typeattribute su hal_graphics_composer_client; + typeattribute su hal_health_client; + typeattribute su hal_input_classifier_client; + typeattribute su hal_ir_client; + typeattribute su hal_keymaster_client; + typeattribute su hal_light_client; + typeattribute su hal_memtrack_client; + typeattribute su hal_neuralnetworks_client; + typeattribute su hal_nfc_client; + typeattribute su hal_oemlock_client; + typeattribute su hal_power_client; + typeattribute su hal_rebootescrow_client; + typeattribute su hal_secure_element_client; + typeattribute su hal_sensors_client; + typeattribute su hal_telephony_client; + typeattribute su hal_tetheroffload_client; + typeattribute su hal_thermal_client; + typeattribute su hal_tv_cec_client; + typeattribute su hal_tv_input_client; + typeattribute su hal_tv_tuner_client; + typeattribute su hal_usb_client; + typeattribute su hal_vibrator_client; + typeattribute su hal_vr_client; + typeattribute su hal_weaver_client; + typeattribute su hal_wifi_client; + typeattribute su hal_wifi_hostapd_client; + typeattribute su hal_wifi_supplicant_client; +') diff --git a/prebuilts/api/30.0/public/surfaceflinger.te b/prebuilts/api/30.0/public/surfaceflinger.te new file mode 100644 index 000000000..c1e4844a0 --- /dev/null +++ b/prebuilts/api/30.0/public/surfaceflinger.te @@ -0,0 +1,3 @@ +# surfaceflinger - display compositor service +type surfaceflinger, domain; +type surfaceflinger_tmpfs, file_type; diff --git a/prebuilts/api/30.0/public/system_app.te b/prebuilts/api/30.0/public/system_app.te new file mode 100644 index 000000000..023058ee0 --- /dev/null +++ b/prebuilts/api/30.0/public/system_app.te @@ -0,0 +1,7 @@ +### +### Apps that run with the system UID, e.g. com.android.system.ui, +### com.android.settings. These are not as privileged as the system +### server. +### + +type system_app, domain; diff --git a/prebuilts/api/30.0/public/system_server.te b/prebuilts/api/30.0/public/system_server.te new file mode 100644 index 000000000..ff18bdf84 --- /dev/null +++ b/prebuilts/api/30.0/public/system_server.te @@ -0,0 +1,6 @@ +# +# System Server aka system_server spawned by zygote. +# Most of the framework services run in this process. +# +type system_server, domain; +type system_server_tmpfs, file_type, mlstrustedobject; diff --git a/prebuilts/api/30.0/public/system_suspend_server.te b/prebuilts/api/30.0/public/system_suspend_server.te new file mode 100644 index 000000000..8e8310d5e --- /dev/null +++ b/prebuilts/api/30.0/public/system_suspend_server.te @@ -0,0 +1,6 @@ +# Required to export a HIDL interface. +hwbinder_use(system_suspend_server) +get_prop(system_suspend_server, hwservicemanager_prop) + +# To serve ISystemSuspend.hal. +add_hwservice(system_suspend_server, system_suspend_hwservice) diff --git a/prebuilts/api/30.0/public/te_macros b/prebuilts/api/30.0/public/te_macros new file mode 100644 index 000000000..56f977522 --- /dev/null +++ b/prebuilts/api/30.0/public/te_macros @@ -0,0 +1,923 @@ +##################################### +# domain_trans(olddomain, type, newdomain) +# Allow a transition from olddomain to newdomain +# upon executing a file labeled with type. +# This only allows the transition; it does not +# cause it to occur automatically - use domain_auto_trans +# if that is what you want. +# +define(`domain_trans', ` +# Old domain may exec the file and transition to the new domain. +allow $1 $2:file { getattr open read execute map }; +allow $1 $3:process transition; +# New domain is entered by executing the file. +allow $3 $2:file { entrypoint open read execute getattr map }; +# New domain can send SIGCHLD to its caller. +ifelse($1, `init', `', `allow $3 $1:process sigchld;') +# Enable AT_SECURE, i.e. libc secure mode. +dontaudit $1 $3:process noatsecure; +# XXX dontaudit candidate but requires further study. +allow $1 $3:process { siginh rlimitinh }; +') + +##################################### +# domain_auto_trans(olddomain, type, newdomain) +# Automatically transition from olddomain to newdomain +# upon executing a file labeled with type. +# +define(`domain_auto_trans', ` +# Allow the necessary permissions. +domain_trans($1,$2,$3) +# Make the transition occur by default. +type_transition $1 $2:process $3; +') + +##################################### +# file_type_trans(domain, dir_type, file_type) +# Allow domain to create a file labeled file_type in a +# directory labeled dir_type. +# This only allows the transition; it does not +# cause it to occur automatically - use file_type_auto_trans +# if that is what you want. +# +define(`file_type_trans', ` +# Allow the domain to add entries to the directory. +allow $1 $2:dir ra_dir_perms; +# Allow the domain to create the file. +allow $1 $3:notdevfile_class_set create_file_perms; +allow $1 $3:dir create_dir_perms; +') + +##################################### +# file_type_auto_trans(domain, dir_type, file_type) +# Automatically label new files with file_type when +# they are created by domain in directories labeled dir_type. +# +define(`file_type_auto_trans', ` +# Allow the necessary permissions. +file_type_trans($1, $2, $3) +# Make the transition occur by default. +type_transition $1 $2:dir $3; +type_transition $1 $2:notdevfile_class_set $3; +') + +##################################### +# r_dir_file(domain, type) +# Allow the specified domain to read directories, files +# and symbolic links of the specified type. +define(`r_dir_file', ` +allow $1 $2:dir r_dir_perms; +allow $1 $2:{ file lnk_file } r_file_perms; +') + +##################################### +# tmpfs_domain(domain) +# Allow access to a unique type for this domain when creating tmpfs / ashmem files. +define(`tmpfs_domain', ` +type_transition $1 tmpfs:file $1_tmpfs; +allow $1 $1_tmpfs:file { read write getattr map }; +') + +# pdx macros for IPC. pdx is a high-level name which contains transport-specific +# rules from underlying transport (e.g. UDS-based implementation). + +##################################### +# pdx_service_attributes(service) +# Defines type attribute used to identify various service-related types. +define(`pdx_service_attributes', ` +attribute pdx_$1_endpoint_dir_type; +attribute pdx_$1_endpoint_socket_type; +attribute pdx_$1_channel_socket_type; +attribute pdx_$1_server_type; +') + +##################################### +# pdx_service_socket_types(service, endpoint_dir_t) +# Define types for endpoint and channel sockets. +define(`pdx_service_socket_types', ` +typeattribute $2 pdx_$1_endpoint_dir_type; +type pdx_$1_endpoint_socket, pdx_$1_endpoint_socket_type, pdx_endpoint_socket_type, file_type, coredomain_socket, mlstrustedobject, mlstrustedsubject; +type pdx_$1_channel_socket, pdx_$1_channel_socket_type, pdx_channel_socket_type, coredomain_socket; +userdebug_or_eng(` +dontaudit su pdx_$1_endpoint_socket:unix_stream_socket *; +dontaudit su pdx_$1_channel_socket:unix_stream_socket *; +') +') + +##################################### +# pdx_server(server_domain, service) +define(`pdx_server', ` +# Mark the server domain as a PDX server. +typeattribute $1 pdx_$2_server_type; +# Allow the init process to create the initial endpoint socket. +allow init pdx_$2_endpoint_socket_type:unix_stream_socket { create bind }; +# Allow the server domain to use the endpoint socket and accept connections on it. +# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights +# than we need (e.g. we don"t need "bind" or "connect"). +allow $1 pdx_$2_endpoint_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown listen accept }; +# Allow the server domain to apply security context label to the channel socket pair (allow process to use setsockcreatecon_raw()). +allow $1 self:process setsockcreate; +# Allow the server domain to create a client channel socket. +allow $1 pdx_$2_channel_socket_type:unix_stream_socket create_stream_socket_perms; +# Prevent other processes from claiming to be a server for the same service. +neverallow {domain -$1} pdx_$2_endpoint_socket_type:unix_stream_socket { listen accept }; +') + +##################################### +# pdx_connect(client, service) +define(`pdx_connect', ` +# Allow client to open the service endpoint file. +allow $1 pdx_$2_endpoint_dir_type:dir r_dir_perms; +allow $1 pdx_$2_endpoint_socket_type:sock_file rw_file_perms; +# Allow the client to connect to endpoint socket. +allow $1 pdx_$2_endpoint_socket_type:unix_stream_socket { connectto read write shutdown }; +') + +##################################### +# pdx_use(client, service) +define(`pdx_use', ` +# Allow the client to use the PDX channel socket. +# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights +# than we need (e.g. we don"t need "bind" or "connect"). +allow $1 pdx_$2_channel_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown }; +# Client needs to use an channel event fd from the server. +allow $1 pdx_$2_server_type:fd use; +# Servers may receive sync fences, gralloc buffers, etc, from clients. +# This could be tightened on a per-server basis, but keeping track of service +# clients is error prone. +allow pdx_$2_server_type $1:fd use; +') + +##################################### +# pdx_client(client, service) +define(`pdx_client', ` +pdx_connect($1, $2) +pdx_use($1, $2) +') + +##################################### +# init_daemon_domain(domain) +# Set up a transition from init to the daemon domain +# upon executing its binary. +define(`init_daemon_domain', ` +domain_auto_trans(init, $1_exec, $1) +') + +##################################### +# app_domain(domain) +# Allow a base set of permissions required for all apps. +define(`app_domain', ` +typeattribute $1 appdomain; +# Label tmpfs objects for all apps. +type_transition $1 tmpfs:file appdomain_tmpfs; +allow $1 appdomain_tmpfs:file { execute getattr map read write }; +neverallow { $1 -runas_app -shell -simpleperf } { domain -$1 }:file no_rw_file_perms; +neverallow { appdomain -runas_app -shell -simpleperf -$1 } $1:file no_rw_file_perms; +# The Android security model guarantees the confidentiality and integrity +# of application data and execution state. Ptrace bypasses those +# confidentiality guarantees. Disallow ptrace access from system components to +# apps. crash_dump is excluded, as it needs ptrace access to produce stack +# traces. runas_app is excluded, as it operates only on debuggable apps. +# simpleperf is excluded, as it operates only on debuggable or profileable +# apps. llkd is excluded, as it needs ptrace access to inspect stack traces for +# live lock conditions. +neverallow { domain -$1 -crash_dump userdebug_or_eng(`-llkd') -runas_app -simpleperf } $1:process ptrace; +') + +##################################### +# untrusted_app_domain(domain) +# Allow a base set of permissions required for all untrusted apps. +define(`untrusted_app_domain', ` +typeattribute $1 untrusted_app_all; +') + +##################################### +# net_domain(domain) +# Allow a base set of permissions required for network access. +define(`net_domain', ` +typeattribute $1 netdomain; +') + +##################################### +# bluetooth_domain(domain) +# Allow a base set of permissions required for bluetooth access. +define(`bluetooth_domain', ` +typeattribute $1 bluetoothdomain; +') + +##################################### +# hal_attribute(hal_name) +# Add an attribute for hal implementations along with necessary +# restrictions. +define(`hal_attribute', ` +attribute hal_$1; +expandattribute hal_$1 true; +attribute hal_$1_client; +expandattribute hal_$1_client true; +attribute hal_$1_server; +expandattribute hal_$1_server false; + +neverallow { hal_$1_server -halserverdomain } domain:process fork; +# hal_*_client and halclientdomain attributes are always expanded for +# performance reasons. Neverallow rules targeting expanded attributes can not be +# verified by CTS since these attributes are already expanded by that time. +build_test_only(` +neverallow { hal_$1_server -hal_$1 } domain:process fork; +neverallow { hal_$1_client -halclientdomain } domain:process fork; +') +') + +##################################### +# hal_server_domain(domain, hal_type) +# Allow a base set of permissions required for a domain to offer a +# HAL implementation of the specified type over HwBinder. +# +# For example, default implementation of Foo HAL: +# type hal_foo_default, domain; +# hal_server_domain(hal_foo_default, hal_foo) +# +define(`hal_server_domain', ` +typeattribute $1 halserverdomain; +typeattribute $1 $2_server; +typeattribute $1 $2; +') + +##################################### +# hal_client_domain(domain, hal_type) +# Allow a base set of permissions required for a domain to be a +# client of a HAL of the specified type. +# +# For example, make some_domain a client of Foo HAL: +# hal_client_domain(some_domain, hal_foo) +# +define(`hal_client_domain', ` +typeattribute $1 halclientdomain; +typeattribute $1 $2_client; + +# TODO(b/34170079): Make the inclusion of the rules below conditional also on +# non-Treble devices. For now, on non-Treble device, always grant clients of a +# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process). +not_full_treble(` +typeattribute $1 $2; +# Find passthrough HAL implementations +allow $2 system_file:dir r_dir_perms; +allow $2 vendor_file:dir r_dir_perms; +allow $2 vendor_file:file { read open getattr execute map }; +') +') + +##################################### +# passthrough_hal_client_domain(domain, hal_type) +# Allow a base set of permissions required for a domain to be a +# client of a passthrough HAL of the specified type. +# +# For example, make some_domain a client of passthrough Foo HAL: +# passthrough_hal_client_domain(some_domain, hal_foo) +# +define(`passthrough_hal_client_domain', ` +typeattribute $1 halclientdomain; +typeattribute $1 $2_client; +typeattribute $1 $2; +# Find passthrough HAL implementations +allow $2 system_file:dir r_dir_perms; +allow $2 vendor_file:dir r_dir_perms; +allow $2 vendor_file:file { read open getattr execute map }; +') + +##################################### +# unix_socket_connect(clientdomain, socket, serverdomain) +# Allow a local socket connection from clientdomain via +# socket to serverdomain. +# +# Note: If you see denial records that distill to the +# following allow rules: +# allow clientdomain property_socket:sock_file write; +# allow clientdomain init:unix_stream_socket connectto; +# allow clientdomain something_prop:property_service set; +# +# This sequence is indicative of attempting to set a property. +# use set_prop(sourcedomain, targetproperty) +# +define(`unix_socket_connect', ` +allow $1 $2_socket:sock_file write; +allow $1 $3:unix_stream_socket connectto; +') + +##################################### +# set_prop(sourcedomain, targetproperty) +# Allows source domain to set the +# targetproperty. +# +define(`set_prop', ` +unix_socket_connect($1, property, init) +allow $1 $2:property_service set; +get_prop($1, $2) +') + +##################################### +# get_prop(sourcedomain, targetproperty) +# Allows source domain to read the +# targetproperty. +# +define(`get_prop', ` +allow $1 $2:file { getattr open read map }; +') + +##################################### +# unix_socket_send(clientdomain, socket, serverdomain) +# Allow a local socket send from clientdomain via +# socket to serverdomain. +define(`unix_socket_send', ` +allow $1 $2_socket:sock_file write; +allow $1 $3:unix_dgram_socket sendto; +') + +##################################### +# binder_use(domain) +# Allow domain to use Binder IPC. +define(`binder_use', ` +# Call the servicemanager and transfer references to it. +allow $1 servicemanager:binder { call transfer }; +# Allow servicemanager to send out callbacks +allow servicemanager $1:binder { call transfer }; +# servicemanager performs getpidcon on clients. +allow servicemanager $1:dir search; +allow servicemanager $1:file { read open }; +allow servicemanager $1:process getattr; +# rw access to /dev/binder and /dev/ashmem is presently granted to +# all domains in domain.te. +') + +##################################### +# hwbinder_use(domain) +# Allow domain to use HwBinder IPC. +define(`hwbinder_use', ` +# Call the hwservicemanager and transfer references to it. +allow $1 hwservicemanager:binder { call transfer }; +# Allow hwservicemanager to send out callbacks +allow hwservicemanager $1:binder { call transfer }; +# hwservicemanager performs getpidcon on clients. +allow hwservicemanager $1:dir search; +allow hwservicemanager $1:file { read open map }; +allow hwservicemanager $1:process getattr; +# rw access to /dev/hwbinder and /dev/ashmem is presently granted to +# all domains in domain.te. +') + +##################################### +# vndbinder_use(domain) +# Allow domain to use Binder IPC. +define(`vndbinder_use', ` +# Talk to the vndbinder device node +allow $1 vndbinder_device:chr_file rw_file_perms; +# Call the vndservicemanager and transfer references to it. +allow $1 vndservicemanager:binder { call transfer }; +# vndservicemanager performs getpidcon on clients. +allow vndservicemanager $1:dir search; +allow vndservicemanager $1:file { read open map }; +allow vndservicemanager $1:process getattr; +') + +##################################### +# binder_call(clientdomain, serverdomain) +# Allow clientdomain to perform binder IPC to serverdomain. +define(`binder_call', ` +# Call the server domain and optionally transfer references to it. +allow $1 $2:binder { call transfer }; +# Allow the serverdomain to transfer references to the client on the reply. +allow $2 $1:binder transfer; +# Receive and use open files from the server. +allow $1 $2:fd use; +') + +##################################### +# binder_service(domain) +# Mark a domain as being a Binder service domain. +# Used to allow binder IPC to the various system services. +define(`binder_service', ` +typeattribute $1 binderservicedomain; +') + +##################################### +# wakelock_use(domain) +# Allow domain to manage wake locks +define(`wakelock_use', ` +# TODO(b/115946999): Remove /sys/power/* permissions once CONFIG_PM_WAKELOCKS is +# deprecated. +# Access /sys/power/wake_lock and /sys/power/wake_unlock +allow $1 sysfs_wake_lock:file rw_file_perms; +# Accessing these files requires CAP_BLOCK_SUSPEND +allow $1 self:global_capability2_class_set block_suspend; +# system_suspend permissions +binder_call($1, system_suspend_server) +allow $1 system_suspend_hwservice:hwservice_manager find; +# halclientdomain permissions +hwbinder_use($1) +get_prop($1, hwservicemanager_prop) +allow $1 hidl_manager_hwservice:hwservice_manager find; +') + +##################################### +# selinux_check_access(domain) +# Allow domain to check SELinux permissions via selinuxfs. +define(`selinux_check_access', ` +r_dir_file($1, selinuxfs) +allow $1 selinuxfs:file w_file_perms; +allow $1 kernel:security compute_av; +allow $1 self:netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind }; +') + +##################################### +# selinux_check_context(domain) +# Allow domain to check SELinux contexts via selinuxfs. +define(`selinux_check_context', ` +r_dir_file($1, selinuxfs) +allow $1 selinuxfs:file w_file_perms; +allow $1 kernel:security check_context; +') + +##################################### +# create_pty(domain) +# Allow domain to create and use a pty, isolated from any other domain ptys. +define(`create_pty', ` +# Each domain gets a unique devpts type. +type $1_devpts, fs_type; +# Label the pty with the unique type when created. +type_transition $1 devpts:chr_file $1_devpts; +# Allow use of the pty after creation. +allow $1 $1_devpts:chr_file { open getattr read write ioctl }; +allowxperm $1 $1_devpts:chr_file ioctl unpriv_tty_ioctls; +# TIOCSTI is only ever used for exploits. Block it. +# b/33073072, b/7530569 +# http://www.openwall.com/lists/oss-security/2016/09/26/14 +neverallowxperm * $1_devpts:chr_file ioctl TIOCSTI; +# Note: devpts:dir search and ptmx_device:chr_file rw_file_perms +# allowed to everyone via domain.te. +') + +##################################### +# Non system_app application set +# +define(`non_system_app_set', `{ appdomain -system_app }') + +##################################### +# Recovery only +# SELinux rules which apply only to recovery mode +# +define(`recovery_only', ifelse(target_recovery, `true', $1, )) + +##################################### +# Full TREBLE only +# SELinux rules which apply only to full TREBLE devices +# +define(`full_treble_only', ifelse(target_full_treble, `true', $1, +ifelse(target_full_treble, `cts', +# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify +$1 +# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify +, ))) + +##################################### +# Not full TREBLE +# SELinux rules which apply only to devices which are not full TREBLE devices +# +define(`not_full_treble', ifelse(target_full_treble, `true', , $1)) + +##################################### +# Compatible property only +# SELinux rules which apply only to devices with compatible property +# +define(`compatible_property_only', ifelse(target_compatible_property, `true', $1, +ifelse(target_compatible_property, `cts', +# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify +$1 +# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify +, ))) + +##################################### +# Not compatible property +# SELinux rules which apply only to devices without compatible property +# +define(`not_compatible_property', ifelse(target_compatible_property, `true', , $1)) + +##################################### +# Userdebug or eng builds +# SELinux rules which apply only to userdebug or eng builds +# +define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1))) + +##################################### +# asan builds +# SELinux rules which apply only to asan builds +# +define(`with_asan', ifelse(target_with_asan, `true', userdebug_or_eng(`$1'), )) + +##################################### +# native coverage builds +# SELinux rules which apply only to builds with native coverage +# +define(`with_native_coverage', ifelse(target_with_native_coverage, `true', userdebug_or_eng(`$1'), )) + +##################################### +# Build-time-only test +# SELinux rules which are verified during build, but not as part of *TS testing. +# +define(`build_test_only', ifelse(target_exclude_build_test, `true', , $1)) + +#################################### +# Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp). +# +define(`crash_dump_fallback', ` +userdebug_or_eng(` + allow $1 su:fifo_file append; +') +allow $1 anr_data_file:file append; +allow $1 dumpstate:fd use; +allow $1 incidentd:fd use; +# TODO: Figure out why write is needed. +allow $1 dumpstate:fifo_file { append write }; +allow $1 incidentd:fifo_file { append write }; +allow $1 system_server:fifo_file { append write }; +allow $1 tombstoned:unix_stream_socket connectto; +allow $1 tombstoned:fd use; +allow $1 tombstoned_crash_socket:sock_file write; +allow $1 tombstone_data_file:file append; +') + +##################################### +# WITH_DEXPREOPT builds +# SELinux rules which apply only when pre-opting. +# +define(`with_dexpreopt', ifelse(target_with_dexpreopt, `true', $1)) + +##################################### +# write_logd(domain) +# Ability to write to android log +# daemon via sockets +define(`write_logd', ` +unix_socket_send($1, logdw, logd) +allow $1 pmsg_device:chr_file w_file_perms; +') + +##################################### +# read_logd(domain) +# Ability to run logcat and read from android +# log daemon via sockets +define(`read_logd', ` +allow $1 logcat_exec:file rx_file_perms; +unix_socket_connect($1, logdr, logd) +') + +##################################### +# read_runtime_log_tags(domain) +# ability to directly map the runtime event log tags +define(`read_runtime_log_tags', ` +allow $1 runtime_event_log_tags_file:file r_file_perms; +') + +##################################### +# control_logd(domain) +# Ability to control +# android log daemon via sockets +define(`control_logd', ` +# Group AID_LOG checked by filesystem & logd +# to permit control commands +unix_socket_connect($1, logd, logd) +') + +##################################### +# use_keystore(domain) +# Ability to use keystore. +# Keystore is requires the following permissions +# to call getpidcon. +define(`use_keystore', ` + allow keystore $1:dir search; + allow keystore $1:file { read open }; + allow keystore $1:process getattr; + allow $1 keystore_service:service_manager find; + binder_call($1, keystore) + binder_call(keystore, $1) +') + +##################################### +# use_credstore(domain) +# Ability to use credstore. +define(`use_credstore', ` + allow credstore $1:dir search; + allow credstore $1:file { read open }; + allow credstore $1:process getattr; + allow $1 credstore_service:service_manager find; + binder_call($1, credstore) + binder_call(credstore, $1) +') + +########################################### +# use_drmservice(domain) +# Ability to use DrmService which requires +# DrmService to call getpidcon. +define(`use_drmservice', ` + allow drmserver $1:dir search; + allow drmserver $1:file { read open }; + allow drmserver $1:process getattr; +') + +########################################### +# add_service(domain, service) +# Ability for domain to add a service to service_manager +# and find it. It also creates a neverallow preventing +# others from adding it. +define(`add_service', ` + allow $1 $2:service_manager { add find }; + neverallow { domain -$1 } $2:service_manager add; +') + +########################################### +# add_hwservice(domain, service) +# Ability for domain to add a service to hwservice_manager +# and find it. It also creates a neverallow preventing +# others from adding it. +define(`add_hwservice', ` + allow $1 $2:hwservice_manager { add find }; + allow $1 hidl_base_hwservice:hwservice_manager add; + neverallow { domain -$1 } $2:hwservice_manager add; +') + +########################################### +# hal_attribute_hwservice(attribute, service) +# Ability for domain to get a service to hwservice_manager +# and find it. It also creates a neverallow preventing +# others from adding it. +# +# Used to pair hal_foo_client with hal_foo_hwservice +define(`hal_attribute_hwservice', ` + allow $1_client $2:hwservice_manager find; + add_hwservice($1_server, $2) + + build_test_only(` + neverallow { domain -$1_client -$1_server } $2:hwservice_manager find; + ') +') + +################################### +# can_profile_heap(domain) +# Allow processes within the domain to have their heap profiled by heapprofd. +# +# Note that profiling is performed differently between debug and user builds. +# There are two modes for profiling: +# * forked +# * central. +# On user builds, the default is to allow only forked mode. If it is desired +# to allow central mode as well for a domain, use can_profile_heap_central. +# On userdebug, this macro allows both forked and central. +define(`can_profile_heap', ` + # Allow central daemon to send signal for client initialization. + allow heapprofd $1:process signal; + + # Allow executing a private heapprofd process to handle profiling on + # user builds (also debug builds for testing & development purposes). + allow $1 heapprofd_exec:file rx_file_perms; + + # Allow directory & file read to the central heapprofd daemon, as it scans + # /proc/[pid]/cmdline for by-process-name profiling configs. + # Note that this excludes /proc/[pid]/mem, as it requires ptrace capabilities. + allow heapprofd $1:file r_file_perms; + allow heapprofd $1:dir r_dir_perms; + + # Profilability on user implies profilability on userdebug and eng. + userdebug_or_eng(` + can_profile_heap_central($1) + ') +') + +################################### +# can_profile_heap_central(domain) +# Allow processes within the domain to have their heap profiled by central +# heapprofd. +define(`can_profile_heap_central', ` + # Allow central daemon to send signal for client initialization. + allow heapprofd $1:process signal; + # Allow connecting to the daemon. + unix_socket_connect($1, heapprofd, heapprofd) + # Allow daemon to use the passed fds. + allow heapprofd $1:fd use; + # Allow to read and write to heapprofd shmem. + # The client needs to read the read and write pointers in order to write. + allow $1 heapprofd_tmpfs:file { read write getattr map }; + # Use shared memory received over the unix socket. + allow $1 heapprofd:fd use; + + # To read and write from the received file descriptors. + # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the + # process they relate to. + # We need to write to /proc/$PID/page_idle to find idle allocations. + # The client only opens /proc/self/page_idle with RDWR, everything else + # with RDONLY. + # heapprofd cannot open /proc/$PID/mem itself, as it does not have + # sys_ptrace. + allow heapprofd $1:file rw_file_perms; + # Allow searching the /proc/[pid] directory for cmdline. + allow heapprofd $1:dir r_dir_perms; +') + +################################### +# never_profile_heap(domain) +# Opt out of heap profiling by heapprofd. +define(`never_profile_heap', ` + neverallow heapprofd $1:file read; + neverallow heapprofd $1:process signal; +') + +################################### +# can_profile_perf(domain) +# Allow processes within the domain to be profiled, and have their stacks +# sampled, by traced_perf. +define(`can_profile_perf', ` + # Allow directory & file read to traced_perf, as it stat(2)s /proc/[pid], and + # reads /proc/[pid]/cmdline. + allow traced_perf $1:file r_file_perms; + allow traced_perf $1:dir r_dir_perms; + + # Allow central daemon to send signal to request /proc/[pid]/maps and + # /proc/[pid]/mem fds from this process. + allow traced_perf $1:process signal; + + # Allow connecting to the daemon. + unix_socket_connect($1, traced_perf, traced_perf) + # Allow daemon to use the passed fds. + allow traced_perf $1:fd use; +') + +################################### +# never_profile_perf(domain) +# Opt out of profiling by traced_perf. +define(`never_profile_perf', ` + neverallow traced_perf $1:file read; + neverallow traced_perf $1:process signal; +') + +################################### +# perfetto_producer(domain) +# Allow processes within the domain to write data to Perfetto. +# When applying this macro, you might need to also allow traced to use the +# producer tmpfs domain, if the producer will be the one creating the shared +# memory. +define(`perfetto_producer', ` + allow $1 traced:fd use; + allow $1 traced_tmpfs:file { read write getattr map }; + unix_socket_connect($1, traced_producer, traced) + + # Also allow the service to use the producer file descriptors. This is + # necessary when the producer is creating the shared memory, as it will be + # passed to the service as a file descriptor (obtained from memfd_create). + allow traced $1:fd use; +') + +########################################### +# dump_hal(hal_type) +# Ability to dump the hal debug info +# +define(`dump_hal', ` + hal_client_domain(dumpstate, $1); + allow $1_server dumpstate:fifo_file write; + allow $1_server dumpstate:fd use; +') + +##################################### +# treble_sysprop_neverallow(rules) +# SELinux neverallow rules which enforces the owner of each property and accessibility +# outside the owner. +# +# For devices launching with R or later, all properties must be explicitly marked as one of: +# system_property_type, vendor_property_type, or product_property_type. +# Also, exported properties must be explicitly marked as "restricted" or "public", +# depending on the accessibility outside the owner. +# For devices launching with Q or eariler, this neverallow rules can be relaxed with defining +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true on BoardConfig.mk. +# See {partition}_{accessibility}_prop macros below. +# +# CTS uses these rules only for devices launching with R or later. +# +define(`treble_sysprop_neverallow', ifelse(target_treble_sysprop_neverallow, `true', $1, +ifelse(target_treble_sysprop_neverallow, `cts', +# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify +$1 +# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify +, ))) + +########################################### +# define_prop(name, owner, scope) +# Define a property with given owner and scope +# +define(`define_prop', ` + type $1, property_type, $2_property_type, $2_$3_property_type; +') + +########################################### +# system_internal_prop(name) +# Define a /system-owned property used only in /system +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`system_internal_prop', ` + define_prop($1, system, internal) + treble_sysprop_neverallow(` + neverallow { domain -coredomain } $1:file no_rw_file_perms; + ') +') + +########################################### +# system_restricted_prop(name) +# Define a /system-owned property which can't be written outside /system +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`system_restricted_prop', ` + define_prop($1, system, restricted) + treble_sysprop_neverallow(` + neverallow { domain -coredomain } $1:property_service set; + ') +') + +########################################### +# system_public_prop(name) +# Define a /system-owned property with no restrictions +# +define(`system_public_prop', `define_prop($1, system, public)') + +########################################### +# system_vendor_config_prop(name) +# Define a /system-owned property which can only be written by vendor_init +# This is a macro for vendor-specific configuration properties which is meant +# to be set once from vendor_init. +# +define(`system_vendor_config_prop', ` + system_public_prop($1) + set_prop(vendor_init, $1) + neverallow { domain -init -vendor_init } $1:property_service set; +') + +########################################### +# product_internal_prop(name) +# Define a /product-owned property used only in /product +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`product_internal_prop', ` + define_prop($1, product, internal) + treble_sysprop_neverallow(` + neverallow { domain -coredomain } $1:file no_rw_file_perms; + ') +') + +########################################### +# product_restricted_prop(name) +# Define a /product-owned property which can't be written outside /product +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`product_restricted_prop', ` + define_prop($1, product, restricted) + treble_sysprop_neverallow(` + neverallow { domain -coredomain } $1:property_service set; + ') +') + +########################################### +# product_public_prop(name) +# Define a /product-owned property with no restrictions +# +define(`product_public_prop', `define_prop($1, product, public)') + +########################################### +# vendor_internal_prop(name) +# Define a /vendor-owned property used only in /vendor +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`vendor_internal_prop', ` + define_prop($1, vendor, internal) + treble_sysprop_neverallow(` +# init and dumpstate are in coredomain, but should be able to read all props. + neverallow { coredomain -init -dumpstate } $1:file no_rw_file_perms; + ') +') + +########################################### +# vendor_restricted_prop(name) +# Define a /vendor-owned property which can't be written outside /vendor +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`vendor_restricted_prop', ` + define_prop($1, vendor, restricted) + treble_sysprop_neverallow(` +# init is in coredomain, but should be able to write all props. + neverallow { coredomain -init } $1:property_service set; + ') +') + +########################################### +# vendor_public_prop(name) +# Define a /vendor-owned property with no restrictions +# +define(`vendor_public_prop', `define_prop($1, vendor, public)') diff --git a/prebuilts/api/30.0/public/tee.te b/prebuilts/api/30.0/public/tee.te new file mode 100644 index 000000000..0f9b32dc9 --- /dev/null +++ b/prebuilts/api/30.0/public/tee.te @@ -0,0 +1,11 @@ +## +# trusted execution environment (tee) daemon +# +type tee, domain; + +# Device(s) for communicating with the TEE +type tee_device, dev_type; + +allow tee fingerprint_vendor_data_file:dir rw_dir_perms; +allow tee fingerprint_vendor_data_file:file create_file_perms; + diff --git a/prebuilts/api/30.0/public/tombstoned.te b/prebuilts/api/30.0/public/tombstoned.te new file mode 100644 index 000000000..ea2abbb75 --- /dev/null +++ b/prebuilts/api/30.0/public/tombstoned.te @@ -0,0 +1,17 @@ +# debugger interface +type tombstoned, domain, mlstrustedsubject; +type tombstoned_exec, system_file_type, exec_type, file_type; + +# Write to arbitrary pipes given to us. +allow tombstoned domain:fd use; +allow tombstoned domain:fifo_file write; + +allow tombstoned domain:dir r_dir_perms; +allow tombstoned domain:file r_file_perms; +allow tombstoned tombstone_data_file:dir rw_dir_perms; +allow tombstoned tombstone_data_file:file { create_file_perms link }; + +# Changes for the new stack dumping mechanism. Each trace goes into a +# separate file, and these files are managed by tombstoned. +allow tombstoned anr_data_file:dir rw_dir_perms; +allow tombstoned anr_data_file:file { append create getattr open link unlink }; diff --git a/prebuilts/api/30.0/public/toolbox.te b/prebuilts/api/30.0/public/toolbox.te new file mode 100644 index 000000000..4c2cc3eab --- /dev/null +++ b/prebuilts/api/30.0/public/toolbox.te @@ -0,0 +1,38 @@ +# Any toolbox command run by init. +# At present, the only known usage is for running mkswap via fs_mgr. +# Do NOT use this domain for toolbox when run by any other domain. +type toolbox, domain; +type toolbox_exec, system_file_type, exec_type, file_type; + +# /dev/__null__ created by init prior to policy load, +# open fd inherited by fsck. +allow toolbox tmpfs:chr_file { read write ioctl }; + +# Inherit and use pty created by android_fork_execvp_ext(). +allow toolbox devpts:chr_file { read write getattr ioctl }; + +# mkswap-specific. +# Read/write block devices used for swap partitions. +# Assign swap_block_device type any such partition in your +# device///sepolicy/file_contexts file. +allow toolbox block_device:dir search; +allow toolbox swap_block_device:blk_file rw_file_perms; + +# Only allow entry from init via the toolbox binary. +neverallow { domain -init } toolbox:process transition; +neverallow * toolbox:process dyntransition; +neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint; + +# rm -rf directories in /data +allow toolbox system_data_root_file:dir { remove_name write }; +allow toolbox system_data_file:dir { rmdir rw_dir_perms }; +allow toolbox system_data_file:file { getattr unlink }; + +# chattr +F and chattr +P /data/media in init +allow toolbox media_rw_data_file:dir { r_dir_perms setattr }; +allowxperm toolbox media_rw_data_file:dir ioctl { + FS_IOC_FSGETXATTR + FS_IOC_FSSETXATTR + FS_IOC_GETFLAGS + FS_IOC_SETFLAGS +}; diff --git a/prebuilts/api/30.0/public/traced.te b/prebuilts/api/30.0/public/traced.te new file mode 100644 index 000000000..ec5b85039 --- /dev/null +++ b/prebuilts/api/30.0/public/traced.te @@ -0,0 +1,2 @@ +type traced, domain, coredomain, mlstrustedsubject; + diff --git a/prebuilts/api/30.0/public/traced_perf.te b/prebuilts/api/30.0/public/traced_perf.te new file mode 100644 index 000000000..f9a0324b1 --- /dev/null +++ b/prebuilts/api/30.0/public/traced_perf.te @@ -0,0 +1 @@ +type traced_perf, domain; diff --git a/prebuilts/api/30.0/public/traced_probes.te b/prebuilts/api/30.0/public/traced_probes.te new file mode 100644 index 000000000..3e587c8ef --- /dev/null +++ b/prebuilts/api/30.0/public/traced_probes.te @@ -0,0 +1 @@ +type traced_probes, domain, coredomain, mlstrustedsubject; diff --git a/prebuilts/api/30.0/public/traceur_app.te b/prebuilts/api/30.0/public/traceur_app.te new file mode 100644 index 000000000..7e2cc84a0 --- /dev/null +++ b/prebuilts/api/30.0/public/traceur_app.te @@ -0,0 +1,32 @@ +type traceur_app, domain; + +allow traceur_app servicemanager:service_manager list; +allow traceur_app hwservicemanager:hwservice_manager list; + +# Allow Traceur to enable traced if necessary. +set_prop(traceur_app, traced_enabled_prop) + +set_prop(traceur_app, debug_prop) + +allow traceur_app { + service_manager_type + -apex_service + -dnsresolver_service + -gatekeeper_service + -incident_service + -installd_service + -iorapd_service + -lpdump_service + -netd_service + -virtual_touchpad_service + -vold_service + -vr_hwc_service + -default_android_service +}:service_manager find; + +# Allow traceur_app to use atrace HAL +hal_client_domain(traceur_app, hal_atrace) + +dontaudit traceur_app service_manager_type:service_manager find; +dontaudit traceur_app hwservice_manager_type:hwservice_manager find; +dontaudit traceur_app domain:binder call; diff --git a/prebuilts/api/30.0/public/tzdatacheck.te b/prebuilts/api/30.0/public/tzdatacheck.te new file mode 100644 index 000000000..cf9b95de9 --- /dev/null +++ b/prebuilts/api/30.0/public/tzdatacheck.te @@ -0,0 +1,18 @@ +# The tzdatacheck command run by init. +type tzdatacheck, domain; +type tzdatacheck_exec, system_file_type, exec_type, file_type; + +allow tzdatacheck zoneinfo_data_file:dir create_dir_perms; +allow tzdatacheck zoneinfo_data_file:file unlink; + +# Below are strong assertion that only init, system_server and tzdatacheck +# can modify the /data time zone rules directories. This is to make it very +# clear that only these domains should modify the actual time zone rules data. +# The tzdatacheck binary itself may be executed by shell for tests but it must +# not be able to modify the real rules. +# If other users / binaries could modify time zone rules on device this might +# have negative implications for users (who may get incorrect local times) +# or break assumptions made / invalidate data held by the components actually +# responsible for updating time zone rules. +neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:file no_w_file_perms; +neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:dir no_w_dir_perms; diff --git a/prebuilts/api/30.0/public/ueventd.te b/prebuilts/api/30.0/public/ueventd.te new file mode 100644 index 000000000..fc503b890 --- /dev/null +++ b/prebuilts/api/30.0/public/ueventd.te @@ -0,0 +1,83 @@ +# ueventd seclabel is specified in init.rc since +# it lives in the rootfs and has no unique file type. +type ueventd, domain; +type ueventd_tmpfs, file_type; + +# Write to /dev/kmsg. +allow ueventd kmsg_device:chr_file rw_file_perms; + +allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner setuid }; +allow ueventd device:file create_file_perms; + +r_dir_file(ueventd, rootfs) + +# ueventd needs write access to files in /sys to regenerate uevents +allow ueventd sysfs_type:file w_file_perms; +r_dir_file(ueventd, sysfs_type) +allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr }; +allow ueventd sysfs_type:dir { relabelfrom relabelto setattr }; +allow ueventd tmpfs:chr_file rw_file_perms; +allow ueventd dev_type:dir create_dir_perms; +allow ueventd dev_type:lnk_file { create unlink }; +allow ueventd dev_type:chr_file { getattr create setattr unlink }; +allow ueventd dev_type:blk_file { getattr relabelfrom relabelto create setattr unlink }; +allow ueventd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow ueventd efs_file:dir search; +allow ueventd efs_file:file r_file_perms; + +# Get SELinux enforcing status. +r_dir_file(ueventd, selinuxfs) + +# Access for /vendor/ueventd.rc and /vendor/firmware +r_dir_file(ueventd, { vendor_file_type -vendor_app_file -vendor_overlay_file }) + +# Get file contexts for new device nodes +allow ueventd file_contexts_file:file r_file_perms; + +# Use setfscreatecon() to label /dev directories and files. +allow ueventd self:process setfscreate; + +# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline. +allow ueventd proc_cmdline:file r_file_perms; + +# Everything is labeled as rootfs in recovery mode. ueventd has to execute +# the dynamic linker and shared libraries. +recovery_only(` + allow ueventd rootfs:file { r_file_perms execute }; +') + +# Suppress denials for ueventd to getattr /postinstall. This occurs when the +# linker tries to resolve paths in ld.config.txt. +dontaudit ueventd postinstall_mnt_dir:dir getattr; + +# ueventd loads modules in response to modalias events. +allow ueventd self:global_capability_class_set sys_module; +allow ueventd vendor_file:system module_load; +allow ueventd kernel:key search; + +# ueventd is using bootstrap bionic +allow ueventd system_bootstrap_lib_file:dir r_dir_perms; +allow ueventd system_bootstrap_lib_file:file { execute read open getattr map }; + +# ueventd can set properties, particularly it sets ro.cold_boot_done to signal +# to init that cold boot has completed. +set_prop(ueventd, cold_boot_done_prop) + +# Allow ueventd to run shell scripts from vendor +allow ueventd vendor_shell_exec:file execute; + +##### +##### neverallow rules +##### + +# Restrict ueventd access on block devices to maintenence operations. +neverallow ueventd dev_type:blk_file ~{ getattr relabelfrom relabelto create setattr unlink }; + +# Only relabelto as we would never want to relabelfrom port_device +neverallow ueventd port_device:chr_file ~{ getattr create setattr unlink relabelto }; + +# Nobody should be able to ptrace ueventd +neverallow * ueventd:process ptrace; + +# ueventd should never execute a program without changing to another domain. +neverallow ueventd { file_type fs_type }:file execute_no_trans; diff --git a/prebuilts/api/30.0/public/uncrypt.te b/prebuilts/api/30.0/public/uncrypt.te new file mode 100644 index 000000000..28dc3f209 --- /dev/null +++ b/prebuilts/api/30.0/public/uncrypt.te @@ -0,0 +1,42 @@ +# uncrypt +type uncrypt, domain, mlstrustedsubject; +type uncrypt_exec, system_file_type, exec_type, file_type; + +allow uncrypt self:global_capability_class_set { dac_override dac_read_search }; + +userdebug_or_eng(` + # For debugging, allow /data/local/tmp access + r_dir_file(uncrypt, shell_data_file) +') + +# Read /cache/recovery/command +# Read /cache/recovery/uncrypt_file +allow uncrypt cache_file:dir search; +allow uncrypt cache_recovery_file:dir rw_dir_perms; +allow uncrypt cache_recovery_file:file create_file_perms; + +# Read OTA zip file at /data/ota_package/. +allow uncrypt ota_package_file:dir r_dir_perms; +allow uncrypt ota_package_file:file r_file_perms; + +# Write to /dev/socket/uncrypt +unix_socket_connect(uncrypt, uncrypt, uncrypt) + +# Set a property to reboot the device. +set_prop(uncrypt, powerctl_prop) + +# Raw writes to block device +allow uncrypt self:global_capability_class_set sys_rawio; +allow uncrypt misc_block_device:blk_file w_file_perms; +allow uncrypt block_device:dir r_dir_perms; + +# Access userdata block device. +allow uncrypt userdata_block_device:blk_file w_file_perms; + +r_dir_file(uncrypt, rootfs) + +# uncrypt reads /proc/cmdline +allow uncrypt proc_cmdline:file r_file_perms; + +# Read files in /sys +r_dir_file(uncrypt, sysfs_dt_firmware_android) diff --git a/prebuilts/api/30.0/public/untrusted_app.te b/prebuilts/api/30.0/public/untrusted_app.te new file mode 100644 index 000000000..43fe19a03 --- /dev/null +++ b/prebuilts/api/30.0/public/untrusted_app.te @@ -0,0 +1,30 @@ +### +### Untrusted apps. +### +### Apps are labeled based on mac_permissions.xml (maps signer and +### optionally package name to seinfo value) and seapp_contexts (maps UID +### and optionally seinfo value to domain for process and type for data +### directory). The untrusted_app domain is the default assignment in +### seapp_contexts for any app with UID between APP_AID (10000) +### and AID_ISOLATED_START (99000) if the app has no specific seinfo +### value as determined from mac_permissions.xml. In current AOSP, this +### domain is assigned to all non-system apps as well as to any system apps +### that are not signed by the platform key. To move +### a system app into a specific domain, add a signer entry for it to +### mac_permissions.xml and assign it one of the pre-existing seinfo values +### or define and use a new seinfo value in both mac_permissions.xml and +### seapp_contexts. +### + +# This file defines the rules for untrusted apps running with +# targetSdkVersion >= 30. +type untrusted_app, domain; +# This file defines the rules for untrusted apps running with +# targetSdkVersion = 29. +type untrusted_app_29, domain; +# This file defines the rules for untrusted apps running with +# 25 < targetSdkVersion <= 28. +type untrusted_app_27, domain; +# This file defines the rules for untrusted apps running with +# targetSdkVersion <= 25. +type untrusted_app_25, domain; diff --git a/prebuilts/api/30.0/public/update_engine.te b/prebuilts/api/30.0/public/update_engine.te new file mode 100644 index 000000000..078e494d9 --- /dev/null +++ b/prebuilts/api/30.0/public/update_engine.te @@ -0,0 +1,84 @@ +# Domain for update_engine daemon. +type update_engine, domain, update_engine_common; +type update_engine_exec, system_file_type, exec_type, file_type; + +net_domain(update_engine); + +# Following permissions are needed for update_engine. +allow update_engine self:process { setsched }; +allow update_engine self:global_capability_class_set { fowner sys_admin }; +# Note: fsetid checks are triggered when creating a file in a directory with +# the setgid bit set to determine if the file should inherit setgid. In this +# case, setgid on the file is undesirable so we should just suppress the +# denial. +dontaudit update_engine self:global_capability_class_set fsetid; + +allow update_engine kmsg_device:chr_file { getattr w_file_perms }; +allow update_engine update_engine_exec:file rx_file_perms; +wakelock_use(update_engine); + +# Ignore these denials. +dontaudit update_engine kernel:process setsched; +dontaudit update_engine self:global_capability_class_set sys_rawio; + +# Allow using persistent storage in /data/misc/update_engine. +allow update_engine update_engine_data_file:dir create_dir_perms; +allow update_engine update_engine_data_file:file create_file_perms; + +# Allow using persistent storage in /data/misc/update_engine_log. +allow update_engine update_engine_log_data_file:dir create_dir_perms; +allow update_engine update_engine_log_data_file:file create_file_perms; + +# Don't allow kernel module loading, just silence the logs. +dontaudit update_engine kernel:system module_request; + +# Register the service to perform Binder IPC. +binder_use(update_engine) +add_service(update_engine, update_engine_service) + +# Allow update_engine to call the callback function provided by priv_app/GMS core. +binder_call(update_engine, priv_app) +# b/142672293: No other priv-app should need this rule now that GMS core runs in its own domain. +userdebug_or_eng(` + auditallow update_engine priv_app:binder { call transfer }; + auditallow priv_app update_engine:binder transfer; + auditallow update_engine priv_app:fd use; +') + +binder_call(update_engine, gmscore_app) + +# Allow update_engine to call the callback function provided by system_server. +binder_call(update_engine, system_server) + +# Read OTA zip file at /data/ota_package/. +allow update_engine ota_package_file:file r_file_perms; +allow update_engine ota_package_file:dir r_dir_perms; + +# Use Boot Control HAL +hal_client_domain(update_engine, hal_bootctl) + +# access /proc/misc +allow update_engine proc_misc:file r_file_perms; + +# read directories on /system and /vendor +allow update_engine system_file:dir r_dir_perms; + +# Allow to start gsid service. +set_prop(update_engine, ctl_gsid_prop) + +# Allow to set the OTA related properties, e.g. ota.warm_reset. +set_prop(update_engine, ota_prop) + +# update_engine tries to determine the parent path for all devices (e.g. +# /dev/block/by-name) by reading the default fstab and looking for the misc +# device. ReadDefaultFstab() checks whether a GSI is running by checking +# gsi_metadata_file. We never apply OTAs when GSI is running, so just deny +# the access. +dontaudit update_engine gsi_metadata_file:dir search; + +# Allow to write to snapshotctl_log logs. +# TODO(b/148818798) revert when parent bug is fixed. +userdebug_or_eng(` +allow update_engine snapshotctl_log_data_file:dir rw_dir_perms; +allow update_engine snapshotctl_log_data_file:file create_file_perms; +') diff --git a/prebuilts/api/30.0/public/update_engine_common.te b/prebuilts/api/30.0/public/update_engine_common.te new file mode 100644 index 000000000..57d8e7e3a --- /dev/null +++ b/prebuilts/api/30.0/public/update_engine_common.te @@ -0,0 +1,86 @@ +# update_engine payload application permissions. These are shared between the +# background daemon and the recovery tool to sideload an update. + +# Allow update_engine to reach block devices in /dev/block. +allow update_engine_common block_device:dir search; + +# Allow read/write on system and boot partitions. +allow update_engine_common boot_block_device:blk_file rw_file_perms; +allow update_engine_common system_block_device:blk_file rw_file_perms; + +# Where ioctls are granted via standard allow rules to block devices, +# automatically allow common ioctls that are generally needed by +# update_engine. +allowxperm update_engine_common dev_type:blk_file ioctl { + BLKDISCARD + BLKDISCARDZEROES + BLKROGET + BLKROSET + BLKSECDISCARD + BLKZEROOUT +}; + +# Allow to set recovery options in the BCB. Used to trigger factory reset when +# the update to an older version (channel change) or incompatible version +# requires it. +allow update_engine_common misc_block_device:blk_file rw_file_perms; + +# read fstab +allow update_engine_common rootfs:dir getattr; +allow update_engine_common rootfs:file r_file_perms; + +# Allow update_engine_common to mount on the /postinstall directory and reset the +# labels on the mounted filesystem to postinstall_file. +allow update_engine_common postinstall_mnt_dir:dir { mounton getattr search }; +allow update_engine_common postinstall_file:filesystem { mount unmount relabelfrom relabelto }; +allow update_engine_common labeledfs:filesystem relabelfrom; + +# Allow update_engine_common to read and execute postinstall_file. +allow update_engine_common postinstall_file:file rx_file_perms; +allow update_engine_common postinstall_file:lnk_file r_file_perms; +allow update_engine_common postinstall_file:dir r_dir_perms; + +# install update.zip from cache +r_dir_file(update_engine_common, cache_file) + +# A postinstall program is typically a shell script (with a #!), so we allow +# to execute those. +allow update_engine_common shell_exec:file rx_file_perms; + +# Allow update_engine_common to suspend, resume and kill the postinstall program. +allow update_engine_common postinstall:process { signal sigstop sigkill }; + +# access /proc/cmdline +allow update_engine_common proc_cmdline:file r_file_perms; + +# Read files in /sys/firmware/devicetree/base/firmware/android/ +r_dir_file(update_engine_common, sysfs_dt_firmware_android) + +# Needed because libdm reads sysfs to validate when a dm path is ready. +r_dir_file(update_engine_common, sysfs_dm) + +# read / write on /dev/device-mapper to map / unmap devices +allow update_engine_common dm_device:chr_file rw_file_perms; + +# apply / verify updates on devices mapped via device mapper +allow update_engine_common dm_device:blk_file rw_file_perms; + +# read / write metadata on super device to resize partitions +allow update_engine_common super_block_device_type:blk_file rw_file_perms; + +# ioctl on super device to get block device alignment and alignment offset +allowxperm update_engine_common super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; + +# get physical block device to map logical partitions on device mapper +allow update_engine_common block_device:dir r_dir_perms; + +# Allow update_engine_common to write to statsd socket. +unix_socket_send(update_engine_common, statsdw, statsd) + +# Allow to read Virtual A/B feature flags. +get_prop(update_engine_common, virtual_ab_prop) + +# Allow to read/write/create OTA metadata files for snapshot status and COW file status. +allow update_engine_common metadata_file:dir search; +allow update_engine_common ota_metadata_file:dir rw_dir_perms; +allow update_engine_common ota_metadata_file:file create_file_perms; diff --git a/prebuilts/api/30.0/public/update_verifier.te b/prebuilts/api/30.0/public/update_verifier.te new file mode 100644 index 000000000..f881aeb6b --- /dev/null +++ b/prebuilts/api/30.0/public/update_verifier.te @@ -0,0 +1,39 @@ +# update_verifier +type update_verifier, domain; +type update_verifier_exec, system_file_type, exec_type, file_type; + +# Allow update_verifier to reach block devices in /dev/block. +allow update_verifier block_device:dir search; + +# Read care map in /data/ota_package/. +allow update_verifier ota_package_file:dir r_dir_perms; +allow update_verifier ota_package_file:file r_file_perms; + +# Read /sys/block to find all the DM directories like (/sys/block/dm-X). +allow update_verifier sysfs:dir r_dir_perms; + +# Read /sys/block/dm-X/dm/name (which is a symlink to +# /sys/devices/virtual/block/dm-X/dm/name) to identify the mapping between +# dm-X and system/vendor partitions. +allow update_verifier sysfs_dm:dir r_dir_perms; +allow update_verifier sysfs_dm:file r_file_perms; + +# Read all blocks in DM wrapped system partition. +allow update_verifier dm_device:blk_file r_file_perms; + +# Write to kernel message. +allow update_verifier kmsg_device:chr_file { getattr w_file_perms }; + +# Allow update_verifier to reboot the device. +set_prop(update_verifier, powerctl_prop) + +# Allow to set the OTA related properties e.g. ota.warm_reset. +set_prop(update_verifier, ota_prop) + +# Use Boot Control HAL +hal_client_domain(update_verifier, hal_bootctl) + +# Access Checkpoint commands over binder +allow update_verifier vold_service:service_manager find; +binder_call(update_verifier, servicemanager) +binder_call(update_verifier, vold) diff --git a/prebuilts/api/30.0/public/usbd.te b/prebuilts/api/30.0/public/usbd.te new file mode 100644 index 000000000..991e7be5f --- /dev/null +++ b/prebuilts/api/30.0/public/usbd.te @@ -0,0 +1,5 @@ +type usbd, domain; +type usbd_exec, system_file_type, exec_type, file_type; + +# Start/stop adbd via ctl.start adbd +set_prop(usbd, ctl_adbd_prop) diff --git a/prebuilts/api/30.0/public/vdc.te b/prebuilts/api/30.0/public/vdc.te new file mode 100644 index 000000000..e638e50a6 --- /dev/null +++ b/prebuilts/api/30.0/public/vdc.te @@ -0,0 +1,20 @@ +# vdc spawned from init for the following services: +# defaultcrypto +# encrypt +# +# We also transition into this domain from dumpstate, when +# collecting bug reports. + +type vdc, domain; +type vdc_exec, system_file_type, exec_type, file_type; + +# vdc can be invoked with logwrapper, so let it write to pty +allow vdc devpts:chr_file rw_file_perms; + +# vdc writes directly to kmsg during the boot process +allow vdc kmsg_device:chr_file { getattr w_file_perms }; + +# vdc talks to vold over Binder +binder_use(vdc) +binder_call(vdc, vold) +allow vdc vold_service:service_manager find; diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te new file mode 100644 index 000000000..c070dff6a --- /dev/null +++ b/prebuilts/api/30.0/public/vendor_init.te @@ -0,0 +1,278 @@ +# vendor_init is its own domain. +type vendor_init, domain, mlstrustedsubject; + +# Communication to the main init process +allow vendor_init init:unix_stream_socket { read write }; + +# Logging to kmsg +allow vendor_init kmsg_device:chr_file { open getattr write }; + +# Mount on /dev/usb-ffs/adb. +allow vendor_init device:dir mounton; + +# Create and remove symlinks in /. +allow vendor_init rootfs:lnk_file { create unlink }; + +# Create cgroups mount points in tmpfs and mount cgroups on them. +allow vendor_init cgroup:dir create_dir_perms; +allow vendor_init cgroup:file w_file_perms; + +# /config +allow vendor_init configfs:dir mounton; +allow vendor_init configfs:dir create_dir_perms; +allow vendor_init configfs:{ file lnk_file } create_file_perms; + +# Create directories under /dev/cpuctl after chowning it to system. +allow vendor_init self:global_capability_class_set { dac_override dac_read_search }; + +# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files. +# chown/chmod require open+read+setattr required for open()+fchown/fchmod(). +# system/core/init.rc requires at least cache_file and data_file_type. +# init..rc files often include device-specific types, so +# we just allow all file types except /system files here. +allow vendor_init self:global_capability_class_set { chown fowner fsetid }; + +# mkdir with FBE requires reading /data/unencrypted/{ref,mode}. +allow vendor_init unencrypted_data_file:dir search; +allow vendor_init unencrypted_data_file:file r_file_perms; + +# Set encryption policy on dirs in /data +allowxperm vendor_init data_file_type:dir ioctl { + FS_IOC_GET_ENCRYPTION_POLICY + FS_IOC_SET_ENCRYPTION_POLICY +}; + +allow vendor_init system_data_file:dir getattr; + +allow vendor_init { + file_type + -core_data_file_type + -exec_type + -system_file_type + -mnt_product_file + -password_slot_metadata_file + -ota_metadata_file + -unlabeled + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; + +allow vendor_init unlabeled:{ dir notdevfile_class_set } { getattr relabelfrom }; + +allow vendor_init { + file_type + -core_data_file_type + -exec_type + -password_slot_metadata_file + -ota_metadata_file + -runtime_event_log_tags_file + -system_file_type + -unlabeled + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:file { create getattr open read write setattr relabelfrom unlink map }; + +allow vendor_init { + file_type + -core_data_file_type + -exec_type + -password_slot_metadata_file + -ota_metadata_file + -system_file_type + -unlabeled + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink }; + +allow vendor_init { + file_type + -apex_mnt_dir + -core_data_file_type + -exec_type + -password_slot_metadata_file + -ota_metadata_file + -system_file_type + -unlabeled + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:lnk_file { create getattr setattr relabelfrom unlink }; + +allow vendor_init { + file_type + -core_data_file_type + -exec_type + -mnt_product_file + -password_slot_metadata_file + -ota_metadata_file + -system_file_type + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:dir_file_class_set relabelto; + +allow vendor_init dev_type:dir create_dir_perms; +allow vendor_init dev_type:lnk_file create; + +# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on +allow vendor_init debugfs_tracing:file w_file_perms; + +# chown/chmod on pseudo files. +allow vendor_init { + fs_type + -contextmount_type + -keychord_device + -sdcard_type + -rootfs + -proc_uid_time_in_state + -proc_uid_concurrent_active_time + -proc_uid_concurrent_policy_time +}:file { open read setattr map }; + +allow vendor_init { + fs_type + -contextmount_type + -sdcard_type + -rootfs + -proc_uid_time_in_state + -proc_uid_concurrent_active_time + -proc_uid_concurrent_policy_time +}:dir { open read setattr search }; + +# chown/chmod on devices, e.g. /dev/ttyHS0 +allow vendor_init { + dev_type + -keychord_device + -port_device + -lowpan_device + -hw_random_device +}:chr_file setattr; + +allow vendor_init dev_type:blk_file getattr; + +# Write to /proc/sys/net/ping_group_range and other /proc/sys/net files. +r_dir_file(vendor_init, proc_net_type) +allow vendor_init proc_net_type:file w_file_perms; +allow vendor_init self:global_capability_class_set net_admin; + +# Write to /proc/sys/vm/page-cluster +allow vendor_init proc_page_cluster:file w_file_perms; + +# Write to sysfs nodes. +allow vendor_init sysfs_type:dir r_dir_perms; +allow vendor_init sysfs_type:lnk_file read; +allow vendor_init { sysfs_type -sysfs_usermodehelper }:file rw_file_perms; + +# setfscreatecon() for labeling directories and socket files. +allow vendor_init self:process { setfscreate }; + +r_dir_file(vendor_init, vendor_file_type) + +# Vendor init can read properties +allow vendor_init serialno_prop:file { getattr open read map }; + +# Vendor init can perform operations on trusted and security Extended Attributes +allow vendor_init self:global_capability_class_set sys_admin; + +# Raw writes to misc block device +allow vendor_init misc_block_device:blk_file w_file_perms; + +# vendor_init is using bootstrap bionic +allow vendor_init system_bootstrap_lib_file:dir r_dir_perms; +allow vendor_init system_bootstrap_lib_file:file { execute read open getattr map }; + +# Everything is labeled as rootfs in recovery mode. Vendor init has to execute +# the dynamic linker and shared libraries. +recovery_only(` + allow vendor_init rootfs:file { r_file_perms execute }; +') + +not_compatible_property(` + set_prop(vendor_init, { + property_type + -system_internal_property_type + -system_restricted_property_type + }) +') + +# Get file context +allow vendor_init file_contexts_file:file r_file_perms; + +set_prop(vendor_init, apk_verity_prop) +set_prop(vendor_init, bluetooth_a2dp_offload_prop) +set_prop(vendor_init, bluetooth_audio_hal_prop) +set_prop(vendor_init, cpu_variant_prop) +set_prop(vendor_init, debug_prop) +set_prop(vendor_init, exported_audio_prop) +set_prop(vendor_init, exported_bluetooth_prop) +set_prop(vendor_init, exported_camera_prop) +set_prop(vendor_init, exported_config_prop) +set_prop(vendor_init, exported_dalvik_prop) +set_prop(vendor_init, exported_default_prop) +set_prop(vendor_init, exported_ffs_prop) +set_prop(vendor_init, exported_overlay_prop) +set_prop(vendor_init, exported_pm_prop) +set_prop(vendor_init, exported_radio_prop) +set_prop(vendor_init, exported_system_radio_prop) +set_prop(vendor_init, exported_wifi_prop) +set_prop(vendor_init, exported2_config_prop) +set_prop(vendor_init, exported2_system_prop) +set_prop(vendor_init, exported2_vold_prop) +set_prop(vendor_init, exported3_default_prop) +set_prop(vendor_init, exported3_radio_prop) +set_prop(vendor_init, logd_prop) +set_prop(vendor_init, log_tag_prop) +set_prop(vendor_init, log_prop) +set_prop(vendor_init, rebootescrow_hal_prop) +set_prop(vendor_init, serialno_prop) +set_prop(vendor_init, storage_config_prop) +set_prop(vendor_init, userspace_reboot_config_prop) +set_prop(vendor_init, vehicle_hal_prop) +set_prop(vendor_init, vendor_default_prop) +set_prop(vendor_init, vendor_security_patch_level_prop) +set_prop(vendor_init, vndk_prop) +set_prop(vendor_init, virtual_ab_prop) +set_prop(vendor_init, wifi_log_prop) + +get_prop(vendor_init, exported2_radio_prop) +get_prop(vendor_init, exported3_system_prop) +get_prop(vendor_init, theme_prop) + +get_prop(vendor_init, ota_prop) + +### +### neverallow rules +### + +# Vendor init shouldn't communicate with any vendor process, nor most system processes. +neverallow_establish_socket_comms(vendor_init, { domain -init -logd -su -vendor_init }); + +# The vendor_init domain is only entered via an exec based transition from the +# init domain, never via setcon(). +neverallow domain vendor_init:process dyntransition; +neverallow { domain -init } vendor_init:process transition; +neverallow vendor_init { file_type fs_type -init_exec }:file entrypoint; + +# Never read/follow symlinks created by shell or untrusted apps. +neverallow vendor_init { app_data_file privapp_data_file }:lnk_file read; +neverallow vendor_init shell_data_file:lnk_file read; +# Init should not be creating subdirectories in /data/local/tmp +neverallow vendor_init shell_data_file:dir { write add_name remove_name }; + +# init should never execute a program without changing to another domain. +neverallow vendor_init { file_type fs_type }:file execute_no_trans; + +# Init never adds or uses services via service_manager. +neverallow vendor_init service_manager_type:service_manager { add find }; +neverallow vendor_init servicemanager:service_manager list; + +# vendor_init should never be ptraced +neverallow * vendor_init:process ptrace; diff --git a/prebuilts/api/30.0/public/vendor_misc_writer.te b/prebuilts/api/30.0/public/vendor_misc_writer.te new file mode 100644 index 000000000..dee994134 --- /dev/null +++ b/prebuilts/api/30.0/public/vendor_misc_writer.te @@ -0,0 +1,13 @@ +# vendor_misc_writer +type vendor_misc_writer, domain; +type vendor_misc_writer_exec, vendor_file_type, exec_type, file_type; + +# Raw writes to misc_block_device +allow vendor_misc_writer misc_block_device:blk_file w_file_perms; +allow vendor_misc_writer block_device:dir r_dir_perms; + +# Silence the denial when calling libfstab's ReadDefaultFstab, which tries to +# load DT fstab. +dontaudit vendor_misc_writer proc_cmdline:file read; +dontaudit vendor_misc_writer metadata_file:dir search; +dontaudit vendor_misc_writer sysfs_dt_firmware_android:dir search; diff --git a/prebuilts/api/30.0/public/vendor_shell.te b/prebuilts/api/30.0/public/vendor_shell.te new file mode 100644 index 000000000..7d30acba4 --- /dev/null +++ b/prebuilts/api/30.0/public/vendor_shell.te @@ -0,0 +1,19 @@ +type vendor_shell, domain; +type vendor_shell_exec, exec_type, vendor_file_type, file_type; + +allow vendor_shell vendor_shell_exec:file rx_file_perms; +allow vendor_shell vendor_toolbox_exec:file rx_file_perms; + +# Use fd from shell when vendor_shell is started from shell +allow vendor_shell shell:fd use; + +# adbd: allow `adb shell /vendor/bin/sh` and `adb shell` then `/vendor/bin/sh` +allow vendor_shell adbd:fd use; +allow vendor_shell adbd:process sigchld; +allow vendor_shell adbd:unix_stream_socket { getattr ioctl read write }; + +allow vendor_shell devpts:chr_file rw_file_perms; +allow vendor_shell tty_device:chr_file rw_file_perms; +allow vendor_shell console_device:chr_file rw_file_perms; +allow vendor_shell input_device:dir r_dir_perms; +allow vendor_shell input_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/public/vendor_toolbox.te b/prebuilts/api/30.0/public/vendor_toolbox.te new file mode 100644 index 000000000..eb292cafb --- /dev/null +++ b/prebuilts/api/30.0/public/vendor_toolbox.te @@ -0,0 +1,16 @@ +# Toolbox installation for vendor binaries / scripts +# Non-vendor processes are not allowed to execute the binary +# and is always executed without transition. +type vendor_toolbox_exec, exec_type, vendor_file_type, file_type; + +# Do not allow domains to transition to vendor toolbox +# or read, execute the vendor_toolbox file. +full_treble_only(` + # Do not allow non-vendor domains to transition + # to vendor toolbox except for the whitelisted domains. + neverallow { + coredomain + -init + -modprobe + } vendor_toolbox_exec:file { entrypoint execute execute_no_trans }; +') diff --git a/prebuilts/api/30.0/public/virtual_touchpad.te b/prebuilts/api/30.0/public/virtual_touchpad.te new file mode 100644 index 000000000..49c87044c --- /dev/null +++ b/prebuilts/api/30.0/public/virtual_touchpad.te @@ -0,0 +1,16 @@ +type virtual_touchpad, domain; +type virtual_touchpad_exec, system_file_type, exec_type, file_type; + +binder_use(virtual_touchpad) +binder_service(virtual_touchpad) +add_service(virtual_touchpad, virtual_touchpad_service) + +# Needed to check app permissions. +binder_call(virtual_touchpad, system_server) + +# Requires access to /dev/uinput to create and feed the virtual device. +allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl }; + +# Requires access to the permission service to validate that clients have the +# appropriate VR permissions. +allow virtual_touchpad permission_service:service_manager find; diff --git a/prebuilts/api/30.0/public/vndservice.te b/prebuilts/api/30.0/public/vndservice.te new file mode 100644 index 000000000..efd9adf92 --- /dev/null +++ b/prebuilts/api/30.0/public/vndservice.te @@ -0,0 +1,2 @@ +type service_manager_vndservice, vndservice_manager_type; +type default_android_vndservice, vndservice_manager_type; diff --git a/prebuilts/api/30.0/public/vndservicemanager.te b/prebuilts/api/30.0/public/vndservicemanager.te new file mode 100644 index 000000000..6b9f73dc0 --- /dev/null +++ b/prebuilts/api/30.0/public/vndservicemanager.te @@ -0,0 +1,2 @@ +# vndservicemanager - the Binder context manager for vendor processes +type vndservicemanager, domain; diff --git a/prebuilts/api/30.0/public/vold.te b/prebuilts/api/30.0/public/vold.te new file mode 100644 index 000000000..e2985677b --- /dev/null +++ b/prebuilts/api/30.0/public/vold.te @@ -0,0 +1,368 @@ +# volume manager +type vold, domain; +type vold_exec, exec_type, file_type, system_file_type; + +# Read already opened /cache files. +allow vold cache_file:dir r_dir_perms; +allow vold cache_file:file { getattr read }; +allow vold cache_file:lnk_file r_file_perms; + +r_dir_file(vold, { sysfs_type -sysfs_batteryinfo }) +# XXX Label sysfs files with a specific type? +allow vold { + sysfs # writing to /sys/*/uevent during coldboot. + sysfs_devices_block + sysfs_dm + sysfs_loop # writing to /sys/block/loop*/uevent during coldboot. + sysfs_usb + sysfs_zram_uevent + sysfs_fs_f2fs +}:file w_file_perms; + +r_dir_file(vold, rootfs) +r_dir_file(vold, metadata_file) +allow vold { + proc # b/67049235 processes /proc//* files are mislabeled. + proc_cmdline + proc_drop_caches + proc_filesystems + proc_meminfo + proc_mounts +}:file r_file_perms; + +#Get file contexts +allow vold file_contexts_file:file r_file_perms; + +# Allow us to jump into execution domains of above tools +allow vold self:process setexec; + +# For formatting adoptable storage devices +allow vold e2fs_exec:file rx_file_perms; + +# Run fstrim on mounted partitions +# allowxperm still requires the ioctl permission for the individual type +allowxperm vold { fs_type file_type }:dir ioctl FITRIM; + +# Get/set file-based encryption policies on dirs in /data and adoptable storage, +# and add/remove file-based encryption keys. +allowxperm vold data_file_type:dir ioctl { + FS_IOC_GET_ENCRYPTION_POLICY + FS_IOC_SET_ENCRYPTION_POLICY + FS_IOC_ADD_ENCRYPTION_KEY + FS_IOC_REMOVE_ENCRYPTION_KEY +}; + +# Only vold and init should ever set file-based encryption policies. +neverallowxperm { + domain + -vold + -init + -vendor_init +} data_file_type:dir ioctl { FS_IOC_SET_ENCRYPTION_POLICY }; + +# Only vold should ever add/remove file-based encryption keys. +neverallowxperm { + domain + -vold +} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY }; + +# Find the location on the raw block device where the +# crypto key is stored so it can be destroyed +allowxperm vold vold_data_file:file ioctl { + FS_IOC_FIEMAP +}; + +typeattribute vold mlstrustedsubject; +allow vold self:process setfscreate; +allow vold system_file:file x_file_perms; +not_full_treble(`allow vold vendor_file:file x_file_perms;') +allow vold block_device:dir create_dir_perms; +allow vold device:dir write; +allow vold devpts:chr_file rw_file_perms; +allow vold rootfs:dir mounton; +allow vold sdcard_type:dir mounton; # TODO: deprecated in M +allow vold sdcard_type:filesystem { mount remount unmount }; # TODO: deprecated in M +allow vold sdcard_type:dir create_dir_perms; # TODO: deprecated in M +allow vold sdcard_type:file create_file_perms; # TODO: deprecated in M + +# Manage locations where storage is mounted +allow vold { mnt_media_rw_file storage_file sdcard_type }:dir create_dir_perms; +allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms; + +# Access to storage that backs emulated FUSE daemons for migration optimization +allow vold media_rw_data_file:dir create_dir_perms; +allow vold media_rw_data_file:file create_file_perms; +# Allow mounting (lower filesystem) on parts of media for performance +allow vold media_rw_data_file:dir mounton; + +# Allow setting extended attributes (for project quota IDs) on files and dirs +# and to enable project ID inheritance through FS_IOC_SETFLAGS +allowxperm vold media_rw_data_file:{ dir file } ioctl { + FS_IOC_FSGETXATTR + FS_IOC_FSSETXATTR + FS_IOC_GETFLAGS + FS_IOC_SETFLAGS +}; + +# Allow mounting of storage devices +allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr }; + +# Manage per-user primary symlinks +allow vold mnt_user_file:dir { create_dir_perms mounton }; +allow vold mnt_user_file:lnk_file create_file_perms; +allow vold mnt_user_file:file create_file_perms; + +# Manage per-user pass_through primary symlinks +allow vold mnt_pass_through_file:dir { create_dir_perms mounton }; +allow vold mnt_pass_through_file:lnk_file create_file_perms; + +# Allow to create and mount expanded storage +allow vold mnt_expand_file:dir { create_dir_perms mounton }; +allow vold apk_data_file:dir { create getattr setattr }; +allow vold shell_data_file:dir { create getattr setattr }; + +# Allow to mount incremental file system on /data/incremental and create files +allow vold apk_data_file:dir { mounton rw_dir_perms }; +# Allow to create and write files in /data/incremental +allow vold apk_data_file:file rw_file_perms; +# Allow to bind-mount incremental file system on /data/app/vmdl*.tmp and read files +allow vold apk_tmp_file:dir { mounton r_dir_perms }; +# Allow to read incremental control file and call selinux restorecon on it +allow vold incremental_control_file:file { r_file_perms relabelto }; + +allow vold tmpfs:filesystem { mount unmount }; +allow vold tmpfs:dir create_dir_perms; +allow vold tmpfs:dir mounton; +allow vold self:global_capability_class_set { net_admin dac_override dac_read_search mknod sys_admin chown fowner fsetid }; +allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow vold loop_control_device:chr_file rw_file_perms; +allow vold loop_device:blk_file { create setattr unlink rw_file_perms }; +allowxperm vold loop_device:blk_file ioctl { + LOOP_CLR_FD + LOOP_CTL_GET_FREE + LOOP_GET_STATUS64 + LOOP_SET_FD + LOOP_SET_STATUS64 +}; +allow vold vold_device:blk_file { create setattr unlink rw_file_perms }; +allowxperm vold vold_device:blk_file ioctl { BLKDISCARD BLKGETSIZE }; +allow vold dm_device:chr_file rw_file_perms; +allow vold dm_device:blk_file rw_file_perms; +allowxperm vold dm_device:blk_file ioctl BLKSECDISCARD; +# For vold Process::killProcessesWithOpenFiles function. +allow vold domain:dir r_dir_perms; +allow vold domain:{ file lnk_file } r_file_perms; +allow vold domain:process { signal sigkill }; +allow vold self:global_capability_class_set { sys_ptrace kill }; + +allow vold kmsg_device:chr_file rw_file_perms; + +# Run fsck in the fsck domain. +allow vold fsck_exec:file { r_file_perms execute }; + +# Log fsck results +allow vold fscklogs:dir rw_dir_perms; +allow vold fscklogs:file create_file_perms; + +# +# Rules to support encrypted fs support. +# + +# Unmount and mount the fs. +allow vold labeledfs:filesystem { mount unmount remount }; + +# Access /efs/userdata_footer. +# XXX Split into a separate type? +allow vold efs_file:file rw_file_perms; + +# Create and mount on /data/tmp_mnt and management of expansion mounts +allow vold { + system_data_file + system_data_root_file +}:dir { create rw_dir_perms mounton setattr rmdir }; +allow vold system_data_file:lnk_file getattr; + +# Vold create users in /data/vendor_{ce,de}/[0-9]+ +allow vold vendor_data_file:dir create_dir_perms; + +# for secdiscard +allow vold system_data_file:file read; + +# Set scheduling policy of kernel processes +allow vold kernel:process setsched; + +# Property Service +set_prop(vold, vold_prop) +set_prop(vold, exported_vold_prop) +set_prop(vold, exported2_vold_prop) +set_prop(vold, powerctl_prop) +set_prop(vold, ctl_fuse_prop) +set_prop(vold, restorecon_prop) +set_prop(vold, ota_prop) +set_prop(vold, boottime_prop) +set_prop(vold, boottime_public_prop) +get_prop(vold, storage_config_prop) + +# ASEC +allow vold asec_image_file:file create_file_perms; +allow vold asec_image_file:dir rw_dir_perms; +allow vold asec_apk_file:dir { create_dir_perms mounton relabelfrom relabelto }; +allow vold asec_public_file:dir { relabelto setattr }; +allow vold asec_apk_file:file { r_file_perms setattr relabelfrom relabelto }; +allow vold asec_public_file:file { relabelto setattr }; +# restorecon files in asec containers created on 4.2 or earlier. +allow vold unlabeled:dir { r_dir_perms setattr relabelfrom }; +allow vold unlabeled:file { r_file_perms setattr relabelfrom }; + +# Handle wake locks (used for device encryption) +wakelock_use(vold) + +# Allow vold to publish a binder service and make binder calls. +binder_use(vold) +add_service(vold, vold_service) + +# Allow vold to call into the system server so it can check permissions. +binder_call(vold, system_server) +allow vold permission_service:service_manager find; + +# talk to batteryservice +binder_call(vold, healthd) + +# talk to keymaster +hal_client_domain(vold, hal_keymaster) + +# talk to health storage HAL +hal_client_domain(vold, hal_health_storage) + +# talk to bootloader HAL +full_treble_only(`hal_client_domain(vold, hal_bootctl)') + +# Access userdata block device. +allow vold userdata_block_device:blk_file rw_file_perms; +allowxperm vold userdata_block_device:blk_file ioctl BLKSECDISCARD; + +# Access metadata block device used for encryption meta-data. +allow vold metadata_block_device:blk_file rw_file_perms; + +# Allow vold to manipulate /data/unencrypted +allow vold unencrypted_data_file:{ file } create_file_perms; +allow vold unencrypted_data_file:dir create_dir_perms; + +# Write to /proc/sys/vm/drop_caches +allow vold proc_drop_caches:file w_file_perms; + +# Give vold a place where only vold can store files; everyone else is off limits +allow vold vold_data_file:dir create_dir_perms; +allow vold vold_data_file:file create_file_perms; + +# And a similar place in the metadata partition +allow vold vold_metadata_file:dir create_dir_perms; +allow vold vold_metadata_file:file create_file_perms; + +# linux keyring configuration +allow vold init:key { write search setattr }; +allow vold vold:key { write search setattr }; + +# vold temporarily changes its priority when running benchmarks +allow vold self:global_capability_class_set sys_nice; + +# vold needs to chroot into app namespaces to remount when runtime permissions change +allow vold self:global_capability_class_set sys_chroot; +allow vold storage_file:dir mounton; + +# For AppFuse. +allow vold fuse_device:chr_file rw_file_perms; +allow vold fuse:filesystem { relabelfrom }; +allow vold app_fusefs:filesystem { relabelfrom relabelto }; +allow vold app_fusefs:filesystem { mount unmount }; +allow vold app_fuse_file:dir rw_dir_perms; +allow vold app_fuse_file:file { read write open getattr append }; + +# MoveTask.cpp executes cp and rm +allow vold toolbox_exec:file rx_file_perms; + +# Prepare profile dir for users. +allow vold user_profile_data_file:dir create_dir_perms; + +# Raw writes to misc block device +allow vold misc_block_device:blk_file w_file_perms; + +# vold might need to search or mount /mnt/vendor/* +allow vold mnt_vendor_file:dir search; + +dontaudit vold self:global_capability_class_set sys_resource; + +# vold needs to know whether we're running a GSI. +allow vold gsi_metadata_file:dir r_dir_perms; +allow vold gsi_metadata_file:file r_file_perms; + +neverallow { + domain + -vold + -vold_prepare_subdirs +} vold_data_file:dir ~{ open create read getattr setattr search relabelfrom relabelto ioctl }; + +neverallow { + domain + -init + -vold + -vold_prepare_subdirs +} vold_data_file:dir *; + +neverallow { + domain + -init + -vold +} vold_metadata_file:dir *; + +neverallow { + domain + -kernel + -vold + -vold_prepare_subdirs +} vold_data_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { + domain + -init + -vold + -vold_prepare_subdirs +} vold_metadata_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { + domain + -init + -kernel + -vold + -vold_prepare_subdirs +} { vold_data_file vold_metadata_file }:notdevfile_class_set *; + +neverallow { domain -vold -init } restorecon_prop:property_service set; + +neverallow { + domain + -system_server + -vdc + -vold + -update_verifier + -apexd +} vold_service:service_manager find; + +neverallow vold { + domain + -hal_health_storage_server + -hal_keymaster_server + -system_suspend_server + -hal_bootctl_server + -healthd + -hwservicemanager + -iorapd_service + -servicemanager + -system_server + userdebug_or_eng(`-su') +}:binder call; + +neverallow vold fsck_exec:file execute_no_trans; +neverallow { domain -init } vold:process { transition dyntransition }; +neverallow vold *:process ptrace; +neverallow vold *:rawip_socket *; diff --git a/prebuilts/api/30.0/public/vold_prepare_subdirs.te b/prebuilts/api/30.0/public/vold_prepare_subdirs.te new file mode 100644 index 000000000..3087fa861 --- /dev/null +++ b/prebuilts/api/30.0/public/vold_prepare_subdirs.te @@ -0,0 +1,6 @@ +# SELinux directory creation and labelling for vold-managed directories + +type vold_prepare_subdirs, domain; +type vold_prepare_subdirs_exec, system_file_type, exec_type, file_type; + +typeattribute vold_prepare_subdirs coredomain; diff --git a/prebuilts/api/30.0/public/vr_hwc.te b/prebuilts/api/30.0/public/vr_hwc.te new file mode 100644 index 000000000..c14688703 --- /dev/null +++ b/prebuilts/api/30.0/public/vr_hwc.te @@ -0,0 +1,33 @@ +type vr_hwc, domain; +type vr_hwc_exec, system_file_type, exec_type, file_type; + +# Get buffer metadata. +hal_client_domain(vr_hwc, hal_graphics_allocator) + +binder_use(vr_hwc) +binder_service(vr_hwc) + +binder_call(vr_hwc, surfaceflinger) +# Needed to check for app permissions. +binder_call(vr_hwc, system_server) + +add_service(vr_hwc, vr_hwc_service) + +# Hosts the VR HWC implementation and provides a simple Binder interface for VR +# Window Manager to receive the layers/buffers. +hwbinder_use(vr_hwc) + +# Load vendor libraries. +allow vr_hwc system_file:dir r_dir_perms; + +allow vr_hwc ion_device:chr_file r_file_perms; + +# Allow connection to VR DisplayClient to get the primary display metadata +# (ie: size). +pdx_client(vr_hwc, display_client) + +# Requires access to the permission service to validate that clients have the +# appropriate VR permissions. +allow vr_hwc permission_service:service_manager find; + +allow vr_hwc vrflinger_vsync_service:service_manager find; diff --git a/prebuilts/api/30.0/public/watchdogd.te b/prebuilts/api/30.0/public/watchdogd.te new file mode 100644 index 000000000..72e368564 --- /dev/null +++ b/prebuilts/api/30.0/public/watchdogd.te @@ -0,0 +1,6 @@ +# watchdogd seclabel is specified in init..rc +type watchdogd, domain; +type watchdogd_exec, system_file_type, exec_type, file_type; + +allow watchdogd watchdog_device:chr_file rw_file_perms; +allow watchdogd kmsg_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/public/webview_zygote.te b/prebuilts/api/30.0/public/webview_zygote.te new file mode 100644 index 000000000..ace3a013e --- /dev/null +++ b/prebuilts/api/30.0/public/webview_zygote.te @@ -0,0 +1,6 @@ +# webview_zygote is an auxiliary zygote process that is used to spawn +# isolated_app processes for rendering untrusted web content. + +type webview_zygote, domain; +type webview_zygote_exec, exec_type, file_type; +type webview_zygote_tmpfs, file_type; diff --git a/prebuilts/api/30.0/public/wificond.te b/prebuilts/api/30.0/public/wificond.te new file mode 100644 index 000000000..b429884c5 --- /dev/null +++ b/prebuilts/api/30.0/public/wificond.te @@ -0,0 +1,42 @@ +# wificond +type wificond, domain; +type wificond_exec, system_file_type, exec_type, file_type; + +binder_use(wificond) +binder_call(wificond, system_server) +binder_call(wificond, keystore) + +add_service(wificond, wifinl80211_service) + +set_prop(wificond, exported_wifi_prop) +set_prop(wificond, wifi_prop) +set_prop(wificond, ctl_default_prop) + +# create sockets to set interfaces up and down +allow wificond self:udp_socket create_socket_perms; +# setting interface state up/down is a privileged ioctl +allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR }; +allow wificond self:global_capability_class_set { net_admin net_raw }; +# allow wificond to speak to nl80211 in the kernel +allow wificond self:netlink_socket create_socket_perms_no_ioctl; +# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets +allow wificond self:netlink_generic_socket create_socket_perms_no_ioctl; + +r_dir_file(wificond, proc_net_type) + +# allow wificond to check permission for dumping logs +allow wificond permission_service:service_manager find; + +# dumpstate support +allow wificond dumpstate:fd use; +allow wificond dumpstate:fifo_file write; + +#### Offer the Wifi Keystore HwBinder service ### +hwbinder_use(wificond) +get_prop(wificond, hwservicemanager_prop) +typeattribute wificond wifi_keystore_service_server; +add_hwservice(wificond, system_wifi_keystore_hwservice) + +# Allow keystore binder access to serve the HwBinder service. +allow wificond keystore_service:service_manager find; +allow wificond keystore:keystore_key get; diff --git a/prebuilts/api/30.0/public/wpantund.te b/prebuilts/api/30.0/public/wpantund.te new file mode 100644 index 000000000..8ddd6935d --- /dev/null +++ b/prebuilts/api/30.0/public/wpantund.te @@ -0,0 +1,29 @@ +type wpantund, domain; +type wpantund_exec, system_file_type, exec_type, file_type; + +hal_client_domain(wpantund, hal_lowpan) +net_domain(wpantund) + +binder_use(wpantund) +binder_call(wpantund, system_server) + +# wpantund needs to be able to check in with the lowpan_service +allow wpantund lowpan_service:service_manager find; + +# Allow wpantund to call any callbacks that have been registered with it. +# Generally, only privileged apps are able to register callbacks with +# wpantund, so we are limiting the scope for callbacks to only privileged +# apps. We also add shell to allow the command-line utility `lowpanctl` +# to work properly from `adb shell`. +allow wpantund {priv_app shell}:binder call; + +# create sockets to set interfaces up and down, add multicast groups, etc. +allow wpantund self:udp_socket create_socket_perms; + +# setting interface state up/down and changing MTU are privileged ioctls +allowxperm wpantund self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFMTU }; + +# Allow us to bring up a TUN network interface. +allow wpantund tun_device:chr_file rw_file_perms; +allow wpantund self:global_capability_class_set { net_admin net_raw }; +allow wpantund self:tun_socket create; diff --git a/prebuilts/api/30.0/public/zygote.te b/prebuilts/api/30.0/public/zygote.te new file mode 100644 index 000000000..071354e82 --- /dev/null +++ b/prebuilts/api/30.0/public/zygote.te @@ -0,0 +1,4 @@ +# zygote +type zygote, domain; +type zygote_tmpfs, file_type; +type zygote_exec, system_file_type, exec_type, file_type; From 836124e880c3c61efbab85971df0430c96ba9633 Mon Sep 17 00:00:00 2001 From: Svet Ganov Date: Wed, 29 Apr 2020 17:36:45 -0700 Subject: [PATCH 101/163] Updading selinux policy for R * Update se policy prebuilts Test: build + boot bug:150281259 Exempt-From-Owner-Approval: merge conflict resolution Change-Id: I0a0e94bc230f7726e7a9dd84b17c3a90e5601120 Merged-In: I0a0e94bc230f7726e7a9dd84b17c3a90e5601120 --- prebuilts/api/30.0/private/access_vectors | 741 +++++ prebuilts/api/30.0/private/adbd.te | 200 ++ .../api/30.0/private/aidl_lazy_test_server.te | 5 + .../30.0/private/apex_test_prepostinstall.te | 20 + prebuilts/api/30.0/private/apexd.te | 157 + prebuilts/api/30.0/private/app.te | 37 + prebuilts/api/30.0/private/app_neverallows.te | 259 ++ prebuilts/api/30.0/private/app_zygote.te | 167 + .../30.0/private/art_apex_boot_integrity.te | 28 + .../api/30.0/private/art_apex_postinstall.te | 31 + .../api/30.0/private/art_apex_preinstall.te | 33 + prebuilts/api/30.0/private/asan_extract.te | 8 + prebuilts/api/30.0/private/atrace.te | 80 + prebuilts/api/30.0/private/attributes | 1 + prebuilts/api/30.0/private/audioserver.te | 100 + prebuilts/api/30.0/private/auditctl.te | 18 + .../private/automotive_display_service.te | 33 + .../private/binder_in_vendor_violators.te | 1 + .../api/30.0/private/binderservicedomain.te | 22 + prebuilts/api/30.0/private/blank_screen.te | 6 + prebuilts/api/30.0/private/blkid.te | 22 + prebuilts/api/30.0/private/blkid_untrusted.te | 37 + prebuilts/api/30.0/private/bluetooth.te | 86 + prebuilts/api/30.0/private/bluetoothdomain.te | 2 + prebuilts/api/30.0/private/bootanim.te | 9 + prebuilts/api/30.0/private/bootstat.te | 3 + .../api/30.0/private/boringssl_self_test.te | 74 + prebuilts/api/30.0/private/bpfloader.te | 40 + prebuilts/api/30.0/private/bufferhubd.te | 3 + prebuilts/api/30.0/private/bug_map | 33 + prebuilts/api/30.0/private/cameraserver.te | 6 + prebuilts/api/30.0/private/charger.te | 1 + prebuilts/api/30.0/private/clatd.te | 36 + .../api/30.0/private/compat/26.0/26.0.cil | 786 +++++ .../30.0/private/compat/26.0/26.0.compat.cil | 5 + .../30.0/private/compat/26.0/26.0.ignore.cil | 229 ++ .../api/30.0/private/compat/27.0/27.0.cil | 1507 +++++++++ .../30.0/private/compat/27.0/27.0.compat.cil | 5 + .../30.0/private/compat/27.0/27.0.ignore.cil | 206 ++ .../api/30.0/private/compat/28.0/28.0.cil | 1744 +++++++++++ .../30.0/private/compat/28.0/28.0.compat.cil | 5 + .../30.0/private/compat/28.0/28.0.ignore.cil | 159 + .../api/30.0/private/compat/29.0/29.0.cil | 1970 ++++++++++++ .../30.0/private/compat/29.0/29.0.compat.cil | 3 + .../30.0/private/compat/29.0/29.0.ignore.cil | 120 + prebuilts/api/30.0/private/coredomain.te | 198 ++ prebuilts/api/30.0/private/cppreopts.te | 31 + prebuilts/api/30.0/private/crash_dump.te | 49 + prebuilts/api/30.0/private/credstore.te | 6 + prebuilts/api/30.0/private/derive_sdk.te | 12 + prebuilts/api/30.0/private/dex2oat.te | 84 + prebuilts/api/30.0/private/dexoptanalyzer.te | 35 + prebuilts/api/30.0/private/dhcp.te | 4 + prebuilts/api/30.0/private/dnsmasq.te | 1 + prebuilts/api/30.0/private/domain.te | 371 +++ prebuilts/api/30.0/private/drmserver.te | 7 + prebuilts/api/30.0/private/dumpstate.te | 62 + prebuilts/api/30.0/private/ephemeral_app.te | 99 + prebuilts/api/30.0/private/fastbootd.te | 1 + prebuilts/api/30.0/private/file.te | 28 + prebuilts/api/30.0/private/file_contexts | 733 +++++ prebuilts/api/30.0/private/file_contexts_asan | 14 + .../api/30.0/private/file_contexts_overlayfs | 9 + prebuilts/api/30.0/private/fingerprintd.te | 3 + .../api/30.0/private/flags_health_check.te | 3 + prebuilts/api/30.0/private/fs_use | 26 + prebuilts/api/30.0/private/fsck.te | 5 + prebuilts/api/30.0/private/fsck_untrusted.te | 1 + prebuilts/api/30.0/private/fsverity_init.te | 26 + prebuilts/api/30.0/private/fwk_bufferhub.te | 8 + prebuilts/api/30.0/private/gatekeeperd.te | 3 + prebuilts/api/30.0/private/genfs_contexts | 319 ++ prebuilts/api/30.0/private/gmscore_app.te | 129 + prebuilts/api/30.0/private/gpuservice.te | 48 + prebuilts/api/30.0/private/gsid.te | 180 ++ .../api/30.0/private/hal_allocator_default.te | 5 + prebuilts/api/30.0/private/hal_lazy_test.te | 3 + prebuilts/api/30.0/private/halclientdomain.te | 13 + prebuilts/api/30.0/private/halserverdomain.te | 12 + prebuilts/api/30.0/private/healthd.te | 6 + prebuilts/api/30.0/private/heapprofd.te | 76 + .../api/30.0/private/hidl_lazy_test_server.te | 8 + prebuilts/api/30.0/private/hwservice.te | 1 + prebuilts/api/30.0/private/hwservice_contexts | 86 + .../api/30.0/private/hwservicemanager.te | 8 + prebuilts/api/30.0/private/idmap.te | 3 + prebuilts/api/30.0/private/incident.te | 37 + prebuilts/api/30.0/private/incident_helper.te | 14 + prebuilts/api/30.0/private/incidentd.te | 214 ++ prebuilts/api/30.0/private/init.te | 60 + .../api/30.0/private/initial_sid_contexts | 27 + prebuilts/api/30.0/private/initial_sids | 35 + prebuilts/api/30.0/private/inputflinger.te | 3 + prebuilts/api/30.0/private/installd.te | 45 + .../api/30.0/private/iorap_inode2filename.te | 9 + .../api/30.0/private/iorap_prefecherd.te | 4 + prebuilts/api/30.0/private/iorapd.te | 10 + prebuilts/api/30.0/private/isolated_app.te | 152 + prebuilts/api/30.0/private/iw.te | 4 + prebuilts/api/30.0/private/kernel.te | 8 + prebuilts/api/30.0/private/keys.conf | 28 + prebuilts/api/30.0/private/keystore.te | 15 + prebuilts/api/30.0/private/linkerconfig.te | 19 + prebuilts/api/30.0/private/llkd.te | 53 + prebuilts/api/30.0/private/lmkd.te | 3 + prebuilts/api/30.0/private/logd.te | 38 + prebuilts/api/30.0/private/logpersist.te | 29 + prebuilts/api/30.0/private/lpdumpd.te | 42 + .../api/30.0/private/mac_permissions.xml | 62 + prebuilts/api/30.0/private/mdnsd.te | 12 + prebuilts/api/30.0/private/mediadrmserver.te | 8 + prebuilts/api/30.0/private/mediaextractor.te | 7 + prebuilts/api/30.0/private/mediametrics.te | 3 + prebuilts/api/30.0/private/mediaprovider.te | 44 + .../api/30.0/private/mediaprovider_app.te | 42 + prebuilts/api/30.0/private/mediaserver.te | 14 + prebuilts/api/30.0/private/mediaswcodec.te | 4 + .../api/30.0/private/mediatranscoding.te | 3 + .../30.0/private/migrate_legacy_obb_data.te | 28 + prebuilts/api/30.0/private/mls | 107 + prebuilts/api/30.0/private/mls_decl | 10 + prebuilts/api/30.0/private/mls_macros | 54 + prebuilts/api/30.0/private/modprobe.te | 1 + prebuilts/api/30.0/private/mtp.te | 3 + prebuilts/api/30.0/private/netd.te | 30 + .../api/30.0/private/netutils_wrapper.te | 44 + prebuilts/api/30.0/private/network_stack.te | 38 + prebuilts/api/30.0/private/nfc.te | 33 + prebuilts/api/30.0/private/notify_traceur.te | 12 + .../api/30.0/private/otapreopt_chroot.te | 74 + prebuilts/api/30.0/private/otapreopt_slot.te | 28 + prebuilts/api/30.0/private/perfetto.te | 85 + prebuilts/api/30.0/private/performanced.te | 3 + .../30.0/private/permissioncontroller_app.te | 38 + prebuilts/api/30.0/private/platform_app.te | 102 + .../api/30.0/private/policy_capabilities | 20 + prebuilts/api/30.0/private/port_contexts | 3 + prebuilts/api/30.0/private/postinstall.te | 3 + .../api/30.0/private/postinstall_dexopt.te | 75 + prebuilts/api/30.0/private/ppp.te | 3 + prebuilts/api/30.0/private/preloads_copy.te | 18 + .../api/30.0/private/preopt2cachename.te | 17 + prebuilts/api/30.0/private/priv_app.te | 222 ++ prebuilts/api/30.0/private/profman.te | 1 + prebuilts/api/30.0/private/property_contexts | 258 ++ prebuilts/api/30.0/private/racoon.te | 3 + prebuilts/api/30.0/private/radio.te | 25 + prebuilts/api/30.0/private/recovery.te | 1 + .../api/30.0/private/recovery_persist.te | 11 + .../api/30.0/private/recovery_refresh.te | 10 + prebuilts/api/30.0/private/roles_decl | 1 + prebuilts/api/30.0/private/rs.te | 39 + prebuilts/api/30.0/private/rss_hwm_reset.te | 14 + prebuilts/api/30.0/private/runas.te | 4 + prebuilts/api/30.0/private/runas_app.te | 32 + prebuilts/api/30.0/private/sdcardd.te | 3 + prebuilts/api/30.0/private/seapp_contexts | 175 ++ prebuilts/api/30.0/private/secure_element.te | 14 + prebuilts/api/30.0/private/security_classes | 160 + prebuilts/api/30.0/private/service.te | 8 + prebuilts/api/30.0/private/service_contexts | 249 ++ prebuilts/api/30.0/private/servicemanager.te | 7 + prebuilts/api/30.0/private/sgdisk.te | 1 + prebuilts/api/30.0/private/shared_relro.te | 5 + prebuilts/api/30.0/private/shell.te | 92 + prebuilts/api/30.0/private/simpleperf.te | 37 + .../api/30.0/private/simpleperf_app_runner.te | 3 + prebuilts/api/30.0/private/slideshow.te | 1 + prebuilts/api/30.0/private/snapshotctl.te | 45 + prebuilts/api/30.0/private/stats.te | 55 + prebuilts/api/30.0/private/statsd.te | 23 + prebuilts/api/30.0/private/storaged.te | 67 + prebuilts/api/30.0/private/su.te | 23 + prebuilts/api/30.0/private/surfaceflinger.te | 142 + prebuilts/api/30.0/private/system_app.te | 171 ++ prebuilts/api/30.0/private/system_server.te | 1164 +++++++ .../api/30.0/private/system_server_startup.te | 16 + prebuilts/api/30.0/private/system_suspend.te | 26 + prebuilts/api/30.0/private/technical_debt.cil | 65 + prebuilts/api/30.0/private/tombstoned.te | 3 + prebuilts/api/30.0/private/toolbox.te | 3 + prebuilts/api/30.0/private/traced.te | 106 + prebuilts/api/30.0/private/traced_perf.te | 58 + prebuilts/api/30.0/private/traced_probes.te | 129 + prebuilts/api/30.0/private/traceur_app.te | 22 + prebuilts/api/30.0/private/tzdatacheck.te | 3 + prebuilts/api/30.0/private/ueventd.te | 3 + prebuilts/api/30.0/private/uncrypt.te | 3 + prebuilts/api/30.0/private/untrusted_app.te | 16 + .../api/30.0/private/untrusted_app_25.te | 53 + .../api/30.0/private/untrusted_app_27.te | 41 + .../api/30.0/private/untrusted_app_29.te | 19 + .../api/30.0/private/untrusted_app_all.te | 175 ++ prebuilts/api/30.0/private/update_engine.te | 7 + .../api/30.0/private/update_engine_common.te | 5 + prebuilts/api/30.0/private/update_verifier.te | 3 + prebuilts/api/30.0/private/usbd.te | 12 + prebuilts/api/30.0/private/users | 1 + prebuilts/api/30.0/private/vdc.te | 3 + prebuilts/api/30.0/private/vendor_init.te | 7 + prebuilts/api/30.0/private/viewcompiler.te | 25 + .../api/30.0/private/virtual_touchpad.te | 3 + prebuilts/api/30.0/private/vold.te | 19 + .../api/30.0/private/vold_prepare_subdirs.te | 45 + prebuilts/api/30.0/private/vr_hwc.te | 6 + .../api/30.0/private/vzwomatrigger_app.te | 6 + .../api/30.0/private/wait_for_keymaster.te | 9 + prebuilts/api/30.0/private/watchdogd.te | 3 + prebuilts/api/30.0/private/webview_zygote.te | 153 + prebuilts/api/30.0/private/wificond.te | 3 + prebuilts/api/30.0/private/wpantund.te | 3 + prebuilts/api/30.0/private/zygote.te | 239 ++ prebuilts/api/30.0/public/adbd.te | 11 + .../api/30.0/public/aidl_lazy_test_server.te | 9 + prebuilts/api/30.0/public/apexd.te | 15 + prebuilts/api/30.0/public/app.te | 598 ++++ prebuilts/api/30.0/public/app_zygote.te | 6 + prebuilts/api/30.0/public/asan_extract.te | 36 + prebuilts/api/30.0/public/attributes | 365 +++ prebuilts/api/30.0/public/audioserver.te | 6 + prebuilts/api/30.0/public/blkid.te | 2 + prebuilts/api/30.0/public/blkid_untrusted.te | 2 + prebuilts/api/30.0/public/bluetooth.te | 2 + prebuilts/api/30.0/public/bootanim.te | 42 + prebuilts/api/30.0/public/bootstat.te | 64 + prebuilts/api/30.0/public/bufferhubd.te | 25 + .../api/30.0/public/camera_service_server.te | 1 + prebuilts/api/30.0/public/cameraserver.te | 74 + prebuilts/api/30.0/public/charger.te | 48 + prebuilts/api/30.0/public/crash_dump.te | 68 + prebuilts/api/30.0/public/credstore.te | 16 + prebuilts/api/30.0/public/device.te | 114 + prebuilts/api/30.0/public/dhcp.te | 30 + .../api/30.0/public/display_service_server.te | 1 + prebuilts/api/30.0/public/dnsmasq.te | 28 + prebuilts/api/30.0/public/domain.te | 1416 +++++++++ prebuilts/api/30.0/public/drmserver.te | 59 + prebuilts/api/30.0/public/dumpstate.te | 357 +++ prebuilts/api/30.0/public/e2fs.te | 26 + prebuilts/api/30.0/public/ephemeral_app.te | 14 + prebuilts/api/30.0/public/fastbootd.te | 133 + prebuilts/api/30.0/public/file.te | 543 ++++ prebuilts/api/30.0/public/fingerprintd.te | 26 + .../api/30.0/public/flags_health_check.te | 35 + prebuilts/api/30.0/public/fsck.te | 68 + prebuilts/api/30.0/public/fsck_untrusted.te | 49 + prebuilts/api/30.0/public/fwk_bufferhub.te | 4 + prebuilts/api/30.0/public/gatekeeperd.te | 41 + prebuilts/api/30.0/public/global_macros | 51 + prebuilts/api/30.0/public/gmscore_app.te | 5 + prebuilts/api/30.0/public/gpuservice.te | 2 + prebuilts/api/30.0/public/hal_allocator.te | 6 + prebuilts/api/30.0/public/hal_atrace.te | 4 + prebuilts/api/30.0/public/hal_audio.te | 41 + prebuilts/api/30.0/public/hal_audiocontrol.te | 5 + prebuilts/api/30.0/public/hal_authsecret.te | 4 + prebuilts/api/30.0/public/hal_bluetooth.te | 32 + prebuilts/api/30.0/public/hal_bootctl.te | 5 + .../api/30.0/public/hal_broadcastradio.te | 4 + prebuilts/api/30.0/public/hal_camera.te | 36 + prebuilts/api/30.0/public/hal_can.te | 9 + prebuilts/api/30.0/public/hal_cas.te | 34 + prebuilts/api/30.0/public/hal_codec2.te | 25 + prebuilts/api/30.0/public/hal_configstore.te | 69 + .../api/30.0/public/hal_confirmationui.te | 4 + prebuilts/api/30.0/public/hal_contexthub.te | 5 + prebuilts/api/30.0/public/hal_drm.te | 52 + prebuilts/api/30.0/public/hal_dumpstate.te | 10 + prebuilts/api/30.0/public/hal_evs.te | 5 + prebuilts/api/30.0/public/hal_face.te | 12 + prebuilts/api/30.0/public/hal_fingerprint.te | 16 + prebuilts/api/30.0/public/hal_gatekeeper.te | 7 + prebuilts/api/30.0/public/hal_gnss.te | 5 + .../api/30.0/public/hal_graphics_allocator.te | 13 + .../api/30.0/public/hal_graphics_composer.te | 31 + prebuilts/api/30.0/public/hal_health.te | 27 + .../api/30.0/public/hal_health_storage.te | 5 + prebuilts/api/30.0/public/hal_identity.te | 7 + .../api/30.0/public/hal_input_classifier.te | 4 + prebuilts/api/30.0/public/hal_ir.te | 5 + prebuilts/api/30.0/public/hal_keymaster.te | 7 + prebuilts/api/30.0/public/hal_light.te | 19 + prebuilts/api/30.0/public/hal_lowpan.te | 20 + prebuilts/api/30.0/public/hal_memtrack.te | 4 + .../api/30.0/public/hal_neuralnetworks.te | 27 + prebuilts/api/30.0/public/hal_neverallows.te | 61 + prebuilts/api/30.0/public/hal_nfc.te | 11 + prebuilts/api/30.0/public/hal_oemlock.te | 4 + prebuilts/api/30.0/public/hal_omx.te | 49 + prebuilts/api/30.0/public/hal_power.te | 10 + prebuilts/api/30.0/public/hal_power_stats.te | 5 + prebuilts/api/30.0/public/hal_rebootescrow.te | 7 + .../api/30.0/public/hal_secure_element.te | 5 + prebuilts/api/30.0/public/hal_sensors.te | 14 + prebuilts/api/30.0/public/hal_telephony.te | 42 + .../api/30.0/public/hal_tetheroffload.te | 8 + prebuilts/api/30.0/public/hal_thermal.te | 5 + prebuilts/api/30.0/public/hal_tv_cec.te | 5 + prebuilts/api/30.0/public/hal_tv_input.te | 5 + prebuilts/api/30.0/public/hal_tv_tuner.te | 4 + prebuilts/api/30.0/public/hal_usb.te | 18 + prebuilts/api/30.0/public/hal_usb_gadget.te | 13 + prebuilts/api/30.0/public/hal_vehicle.te | 6 + prebuilts/api/30.0/public/hal_vibrator.te | 16 + prebuilts/api/30.0/public/hal_vr.te | 5 + prebuilts/api/30.0/public/hal_weaver.te | 4 + prebuilts/api/30.0/public/hal_wifi.te | 31 + prebuilts/api/30.0/public/hal_wifi_hostapd.te | 27 + .../api/30.0/public/hal_wifi_supplicant.te | 28 + prebuilts/api/30.0/public/healthd.te | 56 + prebuilts/api/30.0/public/heapprofd.te | 1 + prebuilts/api/30.0/public/hwservice.te | 102 + prebuilts/api/30.0/public/hwservicemanager.te | 22 + prebuilts/api/30.0/public/idmap.te | 31 + prebuilts/api/30.0/public/incident.te | 8 + prebuilts/api/30.0/public/incident_helper.te | 5 + prebuilts/api/30.0/public/incidentd.te | 3 + prebuilts/api/30.0/public/init.te | 634 ++++ prebuilts/api/30.0/public/inputflinger.te | 15 + prebuilts/api/30.0/public/installd.te | 190 ++ prebuilts/api/30.0/public/ioctl_defines | 2728 +++++++++++++++++ prebuilts/api/30.0/public/ioctl_macros | 68 + .../api/30.0/public/iorap_inode2filename.te | 77 + .../api/30.0/public/iorap_prefetcherd.te | 54 + prebuilts/api/30.0/public/iorapd.te | 85 + prebuilts/api/30.0/public/isolated_app.te | 9 + prebuilts/api/30.0/public/kernel.te | 136 + prebuilts/api/30.0/public/keystore.te | 36 + prebuilts/api/30.0/public/llkd.te | 3 + prebuilts/api/30.0/public/lmkd.te | 70 + prebuilts/api/30.0/public/logd.te | 73 + prebuilts/api/30.0/public/logpersist.te | 30 + prebuilts/api/30.0/public/mdnsd.te | 2 + prebuilts/api/30.0/public/mediadrmserver.te | 33 + prebuilts/api/30.0/public/mediaextractor.te | 70 + prebuilts/api/30.0/public/mediametrics.te | 44 + prebuilts/api/30.0/public/mediaprovider.te | 6 + prebuilts/api/30.0/public/mediaserver.te | 144 + prebuilts/api/30.0/public/mediaswcodec.te | 27 + prebuilts/api/30.0/public/mediatranscoding.te | 26 + prebuilts/api/30.0/public/modprobe.te | 9 + prebuilts/api/30.0/public/mtp.te | 11 + prebuilts/api/30.0/public/net.te | 39 + prebuilts/api/30.0/public/netd.te | 185 ++ prebuilts/api/30.0/public/netutils_wrapper.te | 4 + prebuilts/api/30.0/public/network_stack.te | 2 + prebuilts/api/30.0/public/neverallow_macros | 15 + prebuilts/api/30.0/public/nfc.te | 2 + prebuilts/api/30.0/public/perfetto.te | 1 + prebuilts/api/30.0/public/performanced.te | 30 + prebuilts/api/30.0/public/platform_app.te | 5 + prebuilts/api/30.0/public/postinstall.te | 45 + prebuilts/api/30.0/public/ppp.te | 23 + prebuilts/api/30.0/public/priv_app.te | 5 + prebuilts/api/30.0/public/profman.te | 29 + prebuilts/api/30.0/public/property.te | 601 ++++ prebuilts/api/30.0/public/property_contexts | 468 +++ prebuilts/api/30.0/public/racoon.te | 34 + prebuilts/api/30.0/public/radio.te | 45 + prebuilts/api/30.0/public/recovery.te | 184 ++ prebuilts/api/30.0/public/recovery_persist.te | 32 + prebuilts/api/30.0/public/recovery_refresh.te | 24 + prebuilts/api/30.0/public/roles | 1 + prebuilts/api/30.0/public/rs.te | 2 + prebuilts/api/30.0/public/rss_hwm_reset.te | 2 + prebuilts/api/30.0/public/runas.te | 43 + prebuilts/api/30.0/public/runas_app.te | 1 + .../30.0/public/scheduler_service_server.te | 1 + prebuilts/api/30.0/public/sdcardd.te | 45 + prebuilts/api/30.0/public/secure_element.te | 2 + .../api/30.0/public/sensor_service_server.te | 1 + prebuilts/api/30.0/public/service.te | 225 ++ prebuilts/api/30.0/public/servicemanager.te | 27 + prebuilts/api/30.0/public/sgdisk.te | 34 + prebuilts/api/30.0/public/shared_relro.te | 11 + prebuilts/api/30.0/public/shell.te | 265 ++ prebuilts/api/30.0/public/simpleperf.te | 1 + .../api/30.0/public/simpleperf_app_runner.te | 43 + prebuilts/api/30.0/public/slideshow.te | 14 + .../api/30.0/public/stats_service_server.te | 1 + prebuilts/api/30.0/public/statsd.te | 78 + prebuilts/api/30.0/public/su.te | 106 + prebuilts/api/30.0/public/surfaceflinger.te | 3 + prebuilts/api/30.0/public/system_app.te | 7 + prebuilts/api/30.0/public/system_server.te | 6 + .../api/30.0/public/system_suspend_server.te | 6 + prebuilts/api/30.0/public/te_macros | 923 ++++++ prebuilts/api/30.0/public/tee.te | 11 + prebuilts/api/30.0/public/tombstoned.te | 17 + prebuilts/api/30.0/public/toolbox.te | 38 + prebuilts/api/30.0/public/traced.te | 2 + prebuilts/api/30.0/public/traced_perf.te | 1 + prebuilts/api/30.0/public/traced_probes.te | 1 + prebuilts/api/30.0/public/traceur_app.te | 32 + prebuilts/api/30.0/public/tzdatacheck.te | 18 + prebuilts/api/30.0/public/ueventd.te | 83 + prebuilts/api/30.0/public/uncrypt.te | 42 + prebuilts/api/30.0/public/untrusted_app.te | 30 + prebuilts/api/30.0/public/update_engine.te | 84 + .../api/30.0/public/update_engine_common.te | 86 + prebuilts/api/30.0/public/update_verifier.te | 39 + prebuilts/api/30.0/public/usbd.te | 5 + prebuilts/api/30.0/public/vdc.te | 20 + prebuilts/api/30.0/public/vendor_init.te | 278 ++ .../api/30.0/public/vendor_misc_writer.te | 13 + prebuilts/api/30.0/public/vendor_shell.te | 19 + prebuilts/api/30.0/public/vendor_toolbox.te | 16 + prebuilts/api/30.0/public/virtual_touchpad.te | 16 + prebuilts/api/30.0/public/vndservice.te | 2 + .../api/30.0/public/vndservicemanager.te | 2 + prebuilts/api/30.0/public/vold.te | 368 +++ .../api/30.0/public/vold_prepare_subdirs.te | 6 + prebuilts/api/30.0/public/vr_hwc.te | 33 + prebuilts/api/30.0/public/watchdogd.te | 6 + prebuilts/api/30.0/public/webview_zygote.te | 6 + prebuilts/api/30.0/public/wificond.te | 42 + prebuilts/api/30.0/public/wpantund.te | 29 + prebuilts/api/30.0/public/zygote.te | 4 + 418 files changed, 33102 insertions(+) create mode 100644 prebuilts/api/30.0/private/access_vectors create mode 100644 prebuilts/api/30.0/private/adbd.te create mode 100644 prebuilts/api/30.0/private/aidl_lazy_test_server.te create mode 100644 prebuilts/api/30.0/private/apex_test_prepostinstall.te create mode 100644 prebuilts/api/30.0/private/apexd.te create mode 100644 prebuilts/api/30.0/private/app.te create mode 100644 prebuilts/api/30.0/private/app_neverallows.te create mode 100644 prebuilts/api/30.0/private/app_zygote.te create mode 100644 prebuilts/api/30.0/private/art_apex_boot_integrity.te create mode 100644 prebuilts/api/30.0/private/art_apex_postinstall.te create mode 100644 prebuilts/api/30.0/private/art_apex_preinstall.te create mode 100644 prebuilts/api/30.0/private/asan_extract.te create mode 100644 prebuilts/api/30.0/private/atrace.te create mode 100644 prebuilts/api/30.0/private/attributes create mode 100644 prebuilts/api/30.0/private/audioserver.te create mode 100644 prebuilts/api/30.0/private/auditctl.te create mode 100644 prebuilts/api/30.0/private/automotive_display_service.te create mode 100644 prebuilts/api/30.0/private/binder_in_vendor_violators.te create mode 100644 prebuilts/api/30.0/private/binderservicedomain.te create mode 100644 prebuilts/api/30.0/private/blank_screen.te create mode 100644 prebuilts/api/30.0/private/blkid.te create mode 100644 prebuilts/api/30.0/private/blkid_untrusted.te create mode 100644 prebuilts/api/30.0/private/bluetooth.te create mode 100644 prebuilts/api/30.0/private/bluetoothdomain.te create mode 100644 prebuilts/api/30.0/private/bootanim.te create mode 100644 prebuilts/api/30.0/private/bootstat.te create mode 100644 prebuilts/api/30.0/private/boringssl_self_test.te create mode 100644 prebuilts/api/30.0/private/bpfloader.te create mode 100644 prebuilts/api/30.0/private/bufferhubd.te create mode 100644 prebuilts/api/30.0/private/bug_map create mode 100644 prebuilts/api/30.0/private/cameraserver.te create mode 100644 prebuilts/api/30.0/private/charger.te create mode 100644 prebuilts/api/30.0/private/clatd.te create mode 100644 prebuilts/api/30.0/private/compat/26.0/26.0.cil create mode 100644 prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil create mode 100644 prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil create mode 100644 prebuilts/api/30.0/private/compat/27.0/27.0.cil create mode 100644 prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil create mode 100644 prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil create mode 100644 prebuilts/api/30.0/private/compat/28.0/28.0.cil create mode 100644 prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil create mode 100644 prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil create mode 100644 prebuilts/api/30.0/private/compat/29.0/29.0.cil create mode 100644 prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil create mode 100644 prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil create mode 100644 prebuilts/api/30.0/private/coredomain.te create mode 100644 prebuilts/api/30.0/private/cppreopts.te create mode 100644 prebuilts/api/30.0/private/crash_dump.te create mode 100644 prebuilts/api/30.0/private/credstore.te create mode 100644 prebuilts/api/30.0/private/derive_sdk.te create mode 100644 prebuilts/api/30.0/private/dex2oat.te create mode 100644 prebuilts/api/30.0/private/dexoptanalyzer.te create mode 100644 prebuilts/api/30.0/private/dhcp.te create mode 100644 prebuilts/api/30.0/private/dnsmasq.te create mode 100644 prebuilts/api/30.0/private/domain.te create mode 100644 prebuilts/api/30.0/private/drmserver.te create mode 100644 prebuilts/api/30.0/private/dumpstate.te create mode 100644 prebuilts/api/30.0/private/ephemeral_app.te create mode 100644 prebuilts/api/30.0/private/fastbootd.te create mode 100644 prebuilts/api/30.0/private/file.te create mode 100644 prebuilts/api/30.0/private/file_contexts create mode 100644 prebuilts/api/30.0/private/file_contexts_asan create mode 100644 prebuilts/api/30.0/private/file_contexts_overlayfs create mode 100644 prebuilts/api/30.0/private/fingerprintd.te create mode 100644 prebuilts/api/30.0/private/flags_health_check.te create mode 100644 prebuilts/api/30.0/private/fs_use create mode 100644 prebuilts/api/30.0/private/fsck.te create mode 100644 prebuilts/api/30.0/private/fsck_untrusted.te create mode 100644 prebuilts/api/30.0/private/fsverity_init.te create mode 100644 prebuilts/api/30.0/private/fwk_bufferhub.te create mode 100644 prebuilts/api/30.0/private/gatekeeperd.te create mode 100644 prebuilts/api/30.0/private/genfs_contexts create mode 100644 prebuilts/api/30.0/private/gmscore_app.te create mode 100644 prebuilts/api/30.0/private/gpuservice.te create mode 100644 prebuilts/api/30.0/private/gsid.te create mode 100644 prebuilts/api/30.0/private/hal_allocator_default.te create mode 100644 prebuilts/api/30.0/private/hal_lazy_test.te create mode 100644 prebuilts/api/30.0/private/halclientdomain.te create mode 100644 prebuilts/api/30.0/private/halserverdomain.te create mode 100644 prebuilts/api/30.0/private/healthd.te create mode 100644 prebuilts/api/30.0/private/heapprofd.te create mode 100644 prebuilts/api/30.0/private/hidl_lazy_test_server.te create mode 100644 prebuilts/api/30.0/private/hwservice.te create mode 100644 prebuilts/api/30.0/private/hwservice_contexts create mode 100644 prebuilts/api/30.0/private/hwservicemanager.te create mode 100644 prebuilts/api/30.0/private/idmap.te create mode 100644 prebuilts/api/30.0/private/incident.te create mode 100644 prebuilts/api/30.0/private/incident_helper.te create mode 100644 prebuilts/api/30.0/private/incidentd.te create mode 100644 prebuilts/api/30.0/private/init.te create mode 100644 prebuilts/api/30.0/private/initial_sid_contexts create mode 100644 prebuilts/api/30.0/private/initial_sids create mode 100644 prebuilts/api/30.0/private/inputflinger.te create mode 100644 prebuilts/api/30.0/private/installd.te create mode 100644 prebuilts/api/30.0/private/iorap_inode2filename.te create mode 100644 prebuilts/api/30.0/private/iorap_prefecherd.te create mode 100644 prebuilts/api/30.0/private/iorapd.te create mode 100644 prebuilts/api/30.0/private/isolated_app.te create mode 100644 prebuilts/api/30.0/private/iw.te create mode 100644 prebuilts/api/30.0/private/kernel.te create mode 100644 prebuilts/api/30.0/private/keys.conf create mode 100644 prebuilts/api/30.0/private/keystore.te create mode 100644 prebuilts/api/30.0/private/linkerconfig.te create mode 100644 prebuilts/api/30.0/private/llkd.te create mode 100644 prebuilts/api/30.0/private/lmkd.te create mode 100644 prebuilts/api/30.0/private/logd.te create mode 100644 prebuilts/api/30.0/private/logpersist.te create mode 100644 prebuilts/api/30.0/private/lpdumpd.te create mode 100644 prebuilts/api/30.0/private/mac_permissions.xml create mode 100644 prebuilts/api/30.0/private/mdnsd.te create mode 100644 prebuilts/api/30.0/private/mediadrmserver.te create mode 100644 prebuilts/api/30.0/private/mediaextractor.te create mode 100644 prebuilts/api/30.0/private/mediametrics.te create mode 100644 prebuilts/api/30.0/private/mediaprovider.te create mode 100644 prebuilts/api/30.0/private/mediaprovider_app.te create mode 100644 prebuilts/api/30.0/private/mediaserver.te create mode 100644 prebuilts/api/30.0/private/mediaswcodec.te create mode 100644 prebuilts/api/30.0/private/mediatranscoding.te create mode 100644 prebuilts/api/30.0/private/migrate_legacy_obb_data.te create mode 100644 prebuilts/api/30.0/private/mls create mode 100644 prebuilts/api/30.0/private/mls_decl create mode 100644 prebuilts/api/30.0/private/mls_macros create mode 100644 prebuilts/api/30.0/private/modprobe.te create mode 100644 prebuilts/api/30.0/private/mtp.te create mode 100644 prebuilts/api/30.0/private/netd.te create mode 100644 prebuilts/api/30.0/private/netutils_wrapper.te create mode 100644 prebuilts/api/30.0/private/network_stack.te create mode 100644 prebuilts/api/30.0/private/nfc.te create mode 100644 prebuilts/api/30.0/private/notify_traceur.te create mode 100644 prebuilts/api/30.0/private/otapreopt_chroot.te create mode 100644 prebuilts/api/30.0/private/otapreopt_slot.te create mode 100644 prebuilts/api/30.0/private/perfetto.te create mode 100644 prebuilts/api/30.0/private/performanced.te create mode 100644 prebuilts/api/30.0/private/permissioncontroller_app.te create mode 100644 prebuilts/api/30.0/private/platform_app.te create mode 100644 prebuilts/api/30.0/private/policy_capabilities create mode 100644 prebuilts/api/30.0/private/port_contexts create mode 100644 prebuilts/api/30.0/private/postinstall.te create mode 100644 prebuilts/api/30.0/private/postinstall_dexopt.te create mode 100644 prebuilts/api/30.0/private/ppp.te create mode 100644 prebuilts/api/30.0/private/preloads_copy.te create mode 100644 prebuilts/api/30.0/private/preopt2cachename.te create mode 100644 prebuilts/api/30.0/private/priv_app.te create mode 100644 prebuilts/api/30.0/private/profman.te create mode 100644 prebuilts/api/30.0/private/property_contexts create mode 100644 prebuilts/api/30.0/private/racoon.te create mode 100644 prebuilts/api/30.0/private/radio.te create mode 100644 prebuilts/api/30.0/private/recovery.te create mode 100644 prebuilts/api/30.0/private/recovery_persist.te create mode 100644 prebuilts/api/30.0/private/recovery_refresh.te create mode 100644 prebuilts/api/30.0/private/roles_decl create mode 100644 prebuilts/api/30.0/private/rs.te create mode 100644 prebuilts/api/30.0/private/rss_hwm_reset.te create mode 100644 prebuilts/api/30.0/private/runas.te create mode 100644 prebuilts/api/30.0/private/runas_app.te create mode 100644 prebuilts/api/30.0/private/sdcardd.te create mode 100644 prebuilts/api/30.0/private/seapp_contexts create mode 100644 prebuilts/api/30.0/private/secure_element.te create mode 100644 prebuilts/api/30.0/private/security_classes create mode 100644 prebuilts/api/30.0/private/service.te create mode 100644 prebuilts/api/30.0/private/service_contexts create mode 100644 prebuilts/api/30.0/private/servicemanager.te create mode 100644 prebuilts/api/30.0/private/sgdisk.te create mode 100644 prebuilts/api/30.0/private/shared_relro.te create mode 100644 prebuilts/api/30.0/private/shell.te create mode 100644 prebuilts/api/30.0/private/simpleperf.te create mode 100644 prebuilts/api/30.0/private/simpleperf_app_runner.te create mode 100644 prebuilts/api/30.0/private/slideshow.te create mode 100644 prebuilts/api/30.0/private/snapshotctl.te create mode 100644 prebuilts/api/30.0/private/stats.te create mode 100644 prebuilts/api/30.0/private/statsd.te create mode 100644 prebuilts/api/30.0/private/storaged.te create mode 100644 prebuilts/api/30.0/private/su.te create mode 100644 prebuilts/api/30.0/private/surfaceflinger.te create mode 100644 prebuilts/api/30.0/private/system_app.te create mode 100644 prebuilts/api/30.0/private/system_server.te create mode 100644 prebuilts/api/30.0/private/system_server_startup.te create mode 100644 prebuilts/api/30.0/private/system_suspend.te create mode 100644 prebuilts/api/30.0/private/technical_debt.cil create mode 100644 prebuilts/api/30.0/private/tombstoned.te create mode 100644 prebuilts/api/30.0/private/toolbox.te create mode 100644 prebuilts/api/30.0/private/traced.te create mode 100644 prebuilts/api/30.0/private/traced_perf.te create mode 100644 prebuilts/api/30.0/private/traced_probes.te create mode 100644 prebuilts/api/30.0/private/traceur_app.te create mode 100644 prebuilts/api/30.0/private/tzdatacheck.te create mode 100644 prebuilts/api/30.0/private/ueventd.te create mode 100644 prebuilts/api/30.0/private/uncrypt.te create mode 100644 prebuilts/api/30.0/private/untrusted_app.te create mode 100644 prebuilts/api/30.0/private/untrusted_app_25.te create mode 100644 prebuilts/api/30.0/private/untrusted_app_27.te create mode 100644 prebuilts/api/30.0/private/untrusted_app_29.te create mode 100644 prebuilts/api/30.0/private/untrusted_app_all.te create mode 100644 prebuilts/api/30.0/private/update_engine.te create mode 100644 prebuilts/api/30.0/private/update_engine_common.te create mode 100644 prebuilts/api/30.0/private/update_verifier.te create mode 100644 prebuilts/api/30.0/private/usbd.te create mode 100644 prebuilts/api/30.0/private/users create mode 100644 prebuilts/api/30.0/private/vdc.te create mode 100644 prebuilts/api/30.0/private/vendor_init.te create mode 100644 prebuilts/api/30.0/private/viewcompiler.te create mode 100644 prebuilts/api/30.0/private/virtual_touchpad.te create mode 100644 prebuilts/api/30.0/private/vold.te create mode 100644 prebuilts/api/30.0/private/vold_prepare_subdirs.te create mode 100644 prebuilts/api/30.0/private/vr_hwc.te create mode 100644 prebuilts/api/30.0/private/vzwomatrigger_app.te create mode 100644 prebuilts/api/30.0/private/wait_for_keymaster.te create mode 100644 prebuilts/api/30.0/private/watchdogd.te create mode 100644 prebuilts/api/30.0/private/webview_zygote.te create mode 100644 prebuilts/api/30.0/private/wificond.te create mode 100644 prebuilts/api/30.0/private/wpantund.te create mode 100644 prebuilts/api/30.0/private/zygote.te create mode 100644 prebuilts/api/30.0/public/adbd.te create mode 100644 prebuilts/api/30.0/public/aidl_lazy_test_server.te create mode 100644 prebuilts/api/30.0/public/apexd.te create mode 100644 prebuilts/api/30.0/public/app.te create mode 100644 prebuilts/api/30.0/public/app_zygote.te create mode 100644 prebuilts/api/30.0/public/asan_extract.te create mode 100644 prebuilts/api/30.0/public/attributes create mode 100644 prebuilts/api/30.0/public/audioserver.te create mode 100644 prebuilts/api/30.0/public/blkid.te create mode 100644 prebuilts/api/30.0/public/blkid_untrusted.te create mode 100644 prebuilts/api/30.0/public/bluetooth.te create mode 100644 prebuilts/api/30.0/public/bootanim.te create mode 100644 prebuilts/api/30.0/public/bootstat.te create mode 100644 prebuilts/api/30.0/public/bufferhubd.te create mode 100644 prebuilts/api/30.0/public/camera_service_server.te create mode 100644 prebuilts/api/30.0/public/cameraserver.te create mode 100644 prebuilts/api/30.0/public/charger.te create mode 100644 prebuilts/api/30.0/public/crash_dump.te create mode 100644 prebuilts/api/30.0/public/credstore.te create mode 100644 prebuilts/api/30.0/public/device.te create mode 100644 prebuilts/api/30.0/public/dhcp.te create mode 100644 prebuilts/api/30.0/public/display_service_server.te create mode 100644 prebuilts/api/30.0/public/dnsmasq.te create mode 100644 prebuilts/api/30.0/public/domain.te create mode 100644 prebuilts/api/30.0/public/drmserver.te create mode 100644 prebuilts/api/30.0/public/dumpstate.te create mode 100644 prebuilts/api/30.0/public/e2fs.te create mode 100644 prebuilts/api/30.0/public/ephemeral_app.te create mode 100644 prebuilts/api/30.0/public/fastbootd.te create mode 100644 prebuilts/api/30.0/public/file.te create mode 100644 prebuilts/api/30.0/public/fingerprintd.te create mode 100644 prebuilts/api/30.0/public/flags_health_check.te create mode 100644 prebuilts/api/30.0/public/fsck.te create mode 100644 prebuilts/api/30.0/public/fsck_untrusted.te create mode 100644 prebuilts/api/30.0/public/fwk_bufferhub.te create mode 100644 prebuilts/api/30.0/public/gatekeeperd.te create mode 100644 prebuilts/api/30.0/public/global_macros create mode 100644 prebuilts/api/30.0/public/gmscore_app.te create mode 100644 prebuilts/api/30.0/public/gpuservice.te create mode 100644 prebuilts/api/30.0/public/hal_allocator.te create mode 100644 prebuilts/api/30.0/public/hal_atrace.te create mode 100644 prebuilts/api/30.0/public/hal_audio.te create mode 100644 prebuilts/api/30.0/public/hal_audiocontrol.te create mode 100644 prebuilts/api/30.0/public/hal_authsecret.te create mode 100644 prebuilts/api/30.0/public/hal_bluetooth.te create mode 100644 prebuilts/api/30.0/public/hal_bootctl.te create mode 100644 prebuilts/api/30.0/public/hal_broadcastradio.te create mode 100644 prebuilts/api/30.0/public/hal_camera.te create mode 100644 prebuilts/api/30.0/public/hal_can.te create mode 100644 prebuilts/api/30.0/public/hal_cas.te create mode 100644 prebuilts/api/30.0/public/hal_codec2.te create mode 100644 prebuilts/api/30.0/public/hal_configstore.te create mode 100644 prebuilts/api/30.0/public/hal_confirmationui.te create mode 100644 prebuilts/api/30.0/public/hal_contexthub.te create mode 100644 prebuilts/api/30.0/public/hal_drm.te create mode 100644 prebuilts/api/30.0/public/hal_dumpstate.te create mode 100644 prebuilts/api/30.0/public/hal_evs.te create mode 100644 prebuilts/api/30.0/public/hal_face.te create mode 100644 prebuilts/api/30.0/public/hal_fingerprint.te create mode 100644 prebuilts/api/30.0/public/hal_gatekeeper.te create mode 100644 prebuilts/api/30.0/public/hal_gnss.te create mode 100644 prebuilts/api/30.0/public/hal_graphics_allocator.te create mode 100644 prebuilts/api/30.0/public/hal_graphics_composer.te create mode 100644 prebuilts/api/30.0/public/hal_health.te create mode 100644 prebuilts/api/30.0/public/hal_health_storage.te create mode 100644 prebuilts/api/30.0/public/hal_identity.te create mode 100644 prebuilts/api/30.0/public/hal_input_classifier.te create mode 100644 prebuilts/api/30.0/public/hal_ir.te create mode 100644 prebuilts/api/30.0/public/hal_keymaster.te create mode 100644 prebuilts/api/30.0/public/hal_light.te create mode 100644 prebuilts/api/30.0/public/hal_lowpan.te create mode 100644 prebuilts/api/30.0/public/hal_memtrack.te create mode 100644 prebuilts/api/30.0/public/hal_neuralnetworks.te create mode 100644 prebuilts/api/30.0/public/hal_neverallows.te create mode 100644 prebuilts/api/30.0/public/hal_nfc.te create mode 100644 prebuilts/api/30.0/public/hal_oemlock.te create mode 100644 prebuilts/api/30.0/public/hal_omx.te create mode 100644 prebuilts/api/30.0/public/hal_power.te create mode 100644 prebuilts/api/30.0/public/hal_power_stats.te create mode 100644 prebuilts/api/30.0/public/hal_rebootescrow.te create mode 100644 prebuilts/api/30.0/public/hal_secure_element.te create mode 100644 prebuilts/api/30.0/public/hal_sensors.te create mode 100644 prebuilts/api/30.0/public/hal_telephony.te create mode 100644 prebuilts/api/30.0/public/hal_tetheroffload.te create mode 100644 prebuilts/api/30.0/public/hal_thermal.te create mode 100644 prebuilts/api/30.0/public/hal_tv_cec.te create mode 100644 prebuilts/api/30.0/public/hal_tv_input.te create mode 100644 prebuilts/api/30.0/public/hal_tv_tuner.te create mode 100644 prebuilts/api/30.0/public/hal_usb.te create mode 100644 prebuilts/api/30.0/public/hal_usb_gadget.te create mode 100644 prebuilts/api/30.0/public/hal_vehicle.te create mode 100644 prebuilts/api/30.0/public/hal_vibrator.te create mode 100644 prebuilts/api/30.0/public/hal_vr.te create mode 100644 prebuilts/api/30.0/public/hal_weaver.te create mode 100644 prebuilts/api/30.0/public/hal_wifi.te create mode 100644 prebuilts/api/30.0/public/hal_wifi_hostapd.te create mode 100644 prebuilts/api/30.0/public/hal_wifi_supplicant.te create mode 100644 prebuilts/api/30.0/public/healthd.te create mode 100644 prebuilts/api/30.0/public/heapprofd.te create mode 100644 prebuilts/api/30.0/public/hwservice.te create mode 100644 prebuilts/api/30.0/public/hwservicemanager.te create mode 100644 prebuilts/api/30.0/public/idmap.te create mode 100644 prebuilts/api/30.0/public/incident.te create mode 100644 prebuilts/api/30.0/public/incident_helper.te create mode 100644 prebuilts/api/30.0/public/incidentd.te create mode 100644 prebuilts/api/30.0/public/init.te create mode 100644 prebuilts/api/30.0/public/inputflinger.te create mode 100644 prebuilts/api/30.0/public/installd.te create mode 100644 prebuilts/api/30.0/public/ioctl_defines create mode 100644 prebuilts/api/30.0/public/ioctl_macros create mode 100644 prebuilts/api/30.0/public/iorap_inode2filename.te create mode 100644 prebuilts/api/30.0/public/iorap_prefetcherd.te create mode 100644 prebuilts/api/30.0/public/iorapd.te create mode 100644 prebuilts/api/30.0/public/isolated_app.te create mode 100644 prebuilts/api/30.0/public/kernel.te create mode 100644 prebuilts/api/30.0/public/keystore.te create mode 100644 prebuilts/api/30.0/public/llkd.te create mode 100644 prebuilts/api/30.0/public/lmkd.te create mode 100644 prebuilts/api/30.0/public/logd.te create mode 100644 prebuilts/api/30.0/public/logpersist.te create mode 100644 prebuilts/api/30.0/public/mdnsd.te create mode 100644 prebuilts/api/30.0/public/mediadrmserver.te create mode 100644 prebuilts/api/30.0/public/mediaextractor.te create mode 100644 prebuilts/api/30.0/public/mediametrics.te create mode 100644 prebuilts/api/30.0/public/mediaprovider.te create mode 100644 prebuilts/api/30.0/public/mediaserver.te create mode 100644 prebuilts/api/30.0/public/mediaswcodec.te create mode 100644 prebuilts/api/30.0/public/mediatranscoding.te create mode 100644 prebuilts/api/30.0/public/modprobe.te create mode 100644 prebuilts/api/30.0/public/mtp.te create mode 100644 prebuilts/api/30.0/public/net.te create mode 100644 prebuilts/api/30.0/public/netd.te create mode 100644 prebuilts/api/30.0/public/netutils_wrapper.te create mode 100644 prebuilts/api/30.0/public/network_stack.te create mode 100644 prebuilts/api/30.0/public/neverallow_macros create mode 100644 prebuilts/api/30.0/public/nfc.te create mode 100644 prebuilts/api/30.0/public/perfetto.te create mode 100644 prebuilts/api/30.0/public/performanced.te create mode 100644 prebuilts/api/30.0/public/platform_app.te create mode 100644 prebuilts/api/30.0/public/postinstall.te create mode 100644 prebuilts/api/30.0/public/ppp.te create mode 100644 prebuilts/api/30.0/public/priv_app.te create mode 100644 prebuilts/api/30.0/public/profman.te create mode 100644 prebuilts/api/30.0/public/property.te create mode 100644 prebuilts/api/30.0/public/property_contexts create mode 100644 prebuilts/api/30.0/public/racoon.te create mode 100644 prebuilts/api/30.0/public/radio.te create mode 100644 prebuilts/api/30.0/public/recovery.te create mode 100644 prebuilts/api/30.0/public/recovery_persist.te create mode 100644 prebuilts/api/30.0/public/recovery_refresh.te create mode 100644 prebuilts/api/30.0/public/roles create mode 100644 prebuilts/api/30.0/public/rs.te create mode 100644 prebuilts/api/30.0/public/rss_hwm_reset.te create mode 100644 prebuilts/api/30.0/public/runas.te create mode 100644 prebuilts/api/30.0/public/runas_app.te create mode 100644 prebuilts/api/30.0/public/scheduler_service_server.te create mode 100644 prebuilts/api/30.0/public/sdcardd.te create mode 100644 prebuilts/api/30.0/public/secure_element.te create mode 100644 prebuilts/api/30.0/public/sensor_service_server.te create mode 100644 prebuilts/api/30.0/public/service.te create mode 100644 prebuilts/api/30.0/public/servicemanager.te create mode 100644 prebuilts/api/30.0/public/sgdisk.te create mode 100644 prebuilts/api/30.0/public/shared_relro.te create mode 100644 prebuilts/api/30.0/public/shell.te create mode 100644 prebuilts/api/30.0/public/simpleperf.te create mode 100644 prebuilts/api/30.0/public/simpleperf_app_runner.te create mode 100644 prebuilts/api/30.0/public/slideshow.te create mode 100644 prebuilts/api/30.0/public/stats_service_server.te create mode 100644 prebuilts/api/30.0/public/statsd.te create mode 100644 prebuilts/api/30.0/public/su.te create mode 100644 prebuilts/api/30.0/public/surfaceflinger.te create mode 100644 prebuilts/api/30.0/public/system_app.te create mode 100644 prebuilts/api/30.0/public/system_server.te create mode 100644 prebuilts/api/30.0/public/system_suspend_server.te create mode 100644 prebuilts/api/30.0/public/te_macros create mode 100644 prebuilts/api/30.0/public/tee.te create mode 100644 prebuilts/api/30.0/public/tombstoned.te create mode 100644 prebuilts/api/30.0/public/toolbox.te create mode 100644 prebuilts/api/30.0/public/traced.te create mode 100644 prebuilts/api/30.0/public/traced_perf.te create mode 100644 prebuilts/api/30.0/public/traced_probes.te create mode 100644 prebuilts/api/30.0/public/traceur_app.te create mode 100644 prebuilts/api/30.0/public/tzdatacheck.te create mode 100644 prebuilts/api/30.0/public/ueventd.te create mode 100644 prebuilts/api/30.0/public/uncrypt.te create mode 100644 prebuilts/api/30.0/public/untrusted_app.te create mode 100644 prebuilts/api/30.0/public/update_engine.te create mode 100644 prebuilts/api/30.0/public/update_engine_common.te create mode 100644 prebuilts/api/30.0/public/update_verifier.te create mode 100644 prebuilts/api/30.0/public/usbd.te create mode 100644 prebuilts/api/30.0/public/vdc.te create mode 100644 prebuilts/api/30.0/public/vendor_init.te create mode 100644 prebuilts/api/30.0/public/vendor_misc_writer.te create mode 100644 prebuilts/api/30.0/public/vendor_shell.te create mode 100644 prebuilts/api/30.0/public/vendor_toolbox.te create mode 100644 prebuilts/api/30.0/public/virtual_touchpad.te create mode 100644 prebuilts/api/30.0/public/vndservice.te create mode 100644 prebuilts/api/30.0/public/vndservicemanager.te create mode 100644 prebuilts/api/30.0/public/vold.te create mode 100644 prebuilts/api/30.0/public/vold_prepare_subdirs.te create mode 100644 prebuilts/api/30.0/public/vr_hwc.te create mode 100644 prebuilts/api/30.0/public/watchdogd.te create mode 100644 prebuilts/api/30.0/public/webview_zygote.te create mode 100644 prebuilts/api/30.0/public/wificond.te create mode 100644 prebuilts/api/30.0/public/wpantund.te create mode 100644 prebuilts/api/30.0/public/zygote.te diff --git a/prebuilts/api/30.0/private/access_vectors b/prebuilts/api/30.0/private/access_vectors new file mode 100644 index 000000000..4144be85f --- /dev/null +++ b/prebuilts/api/30.0/private/access_vectors @@ -0,0 +1,741 @@ +# +# Define common prefixes for access vectors +# +# common common_name { permission_name ... } + + +# +# Define a common prefix for file access vectors. +# + +common file +{ + ioctl + read + write + create + getattr + setattr + lock + relabelfrom + relabelto + append + map + unlink + link + rename + execute + quotaon + mounton + audit_access + open + execmod + watch + watch_mount + watch_sb + watch_with_perm + watch_reads +} + + +# +# Define a common prefix for socket access vectors. +# + +common socket +{ +# inherited from file + ioctl + read + write + create + getattr + setattr + lock + relabelfrom + relabelto + append + map +# socket-specific + bind + connect + listen + accept + getopt + setopt + shutdown + recvfrom + sendto + name_bind +} + +# +# Define a common prefix for ipc access vectors. +# + +common ipc +{ + create + destroy + getattr + setattr + read + write + associate + unix_read + unix_write +} + +# +# Define a common for capability access vectors. +# +common cap +{ + # The capabilities are defined in include/linux/capability.h + # Capabilities >= 32 are defined in the cap2 common. + # Care should be taken to ensure that these are consistent with + # those definitions. (Order matters) + + chown + dac_override + dac_read_search + fowner + fsetid + kill + setgid + setuid + setpcap + linux_immutable + net_bind_service + net_broadcast + net_admin + net_raw + ipc_lock + ipc_owner + sys_module + sys_rawio + sys_chroot + sys_ptrace + sys_pacct + sys_admin + sys_boot + sys_nice + sys_resource + sys_time + sys_tty_config + mknod + lease + audit_write + audit_control + setfcap +} + +common cap2 +{ + mac_override # unused by SELinux + mac_admin + syslog + wake_alarm + block_suspend + audit_read +} + +# +# Define the access vectors. +# +# class class_name [ inherits common_name ] { permission_name ... } + + +# +# Define the access vector interpretation for file-related objects. +# + +class filesystem +{ + mount + remount + unmount + getattr + relabelfrom + relabelto + associate + quotamod + quotaget + watch +} + +class dir +inherits file +{ + add_name + remove_name + reparent + search + rmdir +} + +class file +inherits file +{ + execute_no_trans + entrypoint +} + +class lnk_file +inherits file + +class chr_file +inherits file +{ + execute_no_trans + entrypoint +} + +class blk_file +inherits file + +class sock_file +inherits file + +class fifo_file +inherits file + +class fd +{ + use +} + + +# +# Define the access vector interpretation for network-related objects. +# + +class socket +inherits socket + +class tcp_socket +inherits socket +{ + node_bind + name_connect +} + +class udp_socket +inherits socket +{ + node_bind +} + +class rawip_socket +inherits socket +{ + node_bind +} + +class node +{ + recvfrom + sendto +} + +class netif +{ + ingress + egress +} + +class netlink_socket +inherits socket + +class packet_socket +inherits socket + +class key_socket +inherits socket + +class unix_stream_socket +inherits socket +{ + connectto +} + +class unix_dgram_socket +inherits socket + +# +# Define the access vector interpretation for process-related objects +# + +class process +{ + fork + transition + sigchld # commonly granted from child to parent + sigkill # cannot be caught or ignored + sigstop # cannot be caught or ignored + signull # for kill(pid, 0) + signal # all other signals + ptrace + getsched + setsched + getsession + getpgid + setpgid + getcap + setcap + share + getattr + setexec + setfscreate + noatsecure + siginh + setrlimit + rlimitinh + dyntransition + setcurrent + execmem + execstack + execheap + setkeycreate + setsockcreate + getrlimit +} + +class process2 +{ + nnp_transition + nosuid_transition +} + +# +# Define the access vector interpretation for ipc-related objects +# + +class ipc +inherits ipc + +class sem +inherits ipc + +class msgq +inherits ipc +{ + enqueue +} + +class msg +{ + send + receive +} + +class shm +inherits ipc +{ + lock +} + + +# +# Define the access vector interpretation for the security server. +# + +class security +{ + compute_av + compute_create + compute_member + check_context + load_policy + compute_relabel + compute_user + setenforce # was avc_toggle in system class + setbool + setsecparam + setcheckreqprot + read_policy + validate_trans +} + + +# +# Define the access vector interpretation for system operations. +# + +class system +{ + ipc_info + syslog_read + syslog_mod + syslog_console + module_request + module_load +} + +# +# Define the access vector interpretation for controlling capabilities +# + +class capability +inherits cap + +class capability2 +inherits cap2 + +# +# Extended Netlink classes +# +class netlink_route_socket +inherits socket +{ + nlmsg_read + nlmsg_write + nlmsg_readpriv +} + +class netlink_tcpdiag_socket +inherits socket +{ + nlmsg_read + nlmsg_write +} + +class netlink_nflog_socket +inherits socket + +class netlink_xfrm_socket +inherits socket +{ + nlmsg_read + nlmsg_write +} + +class netlink_selinux_socket +inherits socket + +class netlink_audit_socket +inherits socket +{ + nlmsg_read + nlmsg_write + nlmsg_relay + nlmsg_readpriv + nlmsg_tty_audit +} + +class netlink_dnrt_socket +inherits socket + +# Define the access vector interpretation for controlling +# access to IPSec network data by association +# +class association +{ + sendto + recvfrom + setcontext + polmatch +} + +# Updated Netlink class for KOBJECT_UEVENT family. +class netlink_kobject_uevent_socket +inherits socket + +class appletalk_socket +inherits socket + +class packet +{ + send + recv + relabelto + forward_in + forward_out +} + +class key +{ + view + read + write + search + link + setattr + create +} + +class dccp_socket +inherits socket +{ + node_bind + name_connect +} + +class memprotect +{ + mmap_zero +} + +# network peer labels +class peer +{ + recv +} + +class kernel_service +{ + use_as_override + create_files_as +} + +class tun_socket +inherits socket +{ + attach_queue +} + +class binder +{ + impersonate + call + set_context_mgr + transfer +} + +class netlink_iscsi_socket +inherits socket + +class netlink_fib_lookup_socket +inherits socket + +class netlink_connector_socket +inherits socket + +class netlink_netfilter_socket +inherits socket + +class netlink_generic_socket +inherits socket + +class netlink_scsitransport_socket +inherits socket + +class netlink_rdma_socket +inherits socket + +class netlink_crypto_socket +inherits socket + +class infiniband_pkey +{ + access +} + +class infiniband_endport +{ + manage_subnet +} + +# +# Define the access vector interpretation for controlling capabilities +# in user namespaces +# + +class cap_userns +inherits cap + +class cap2_userns +inherits cap2 + + +# +# Define the access vector interpretation for the new socket classes +# enabled by the extended_socket_class policy capability. +# + +# +# The next two classes were previously mapped to rawip_socket and therefore +# have the same definition as rawip_socket (until further permissions +# are defined). +# +class sctp_socket +inherits socket +{ + node_bind + name_connect + association +} + +class icmp_socket +inherits socket +{ + node_bind +} + +# +# The remaining network socket classes were previously +# mapped to the socket class and therefore have the +# same definition as socket. +# + +class ax25_socket +inherits socket + +class ipx_socket +inherits socket + +class netrom_socket +inherits socket + +class atmpvc_socket +inherits socket + +class x25_socket +inherits socket + +class rose_socket +inherits socket + +class decnet_socket +inherits socket + +class atmsvc_socket +inherits socket + +class rds_socket +inherits socket + +class irda_socket +inherits socket + +class pppox_socket +inherits socket + +class llc_socket +inherits socket + +class can_socket +inherits socket + +class tipc_socket +inherits socket + +class bluetooth_socket +inherits socket + +class iucv_socket +inherits socket + +class rxrpc_socket +inherits socket + +class isdn_socket +inherits socket + +class phonet_socket +inherits socket + +class ieee802154_socket +inherits socket + +class caif_socket +inherits socket + +class alg_socket +inherits socket + +class nfc_socket +inherits socket + +class vsock_socket +inherits socket + +class kcm_socket +inherits socket + +class qipcrtr_socket +inherits socket + +class smc_socket +inherits socket + +class bpf +{ + map_create + map_read + map_write + prog_load + prog_run +} + +class property_service +{ + set +} + +class service_manager +{ + add + find + list +} + +class hwservice_manager +{ + add + find + list +} + +class keystore_key +{ + get_state + get + insert + delete + exist + list + reset + password + lock + unlock + is_empty + sign + verify + grant + duplicate + clear_uid + add_auth + user_changed + gen_unique_id +} + +class drmservice { + consumeRights + setPlaybackStatus + openDecryptSession + closeDecryptSession + initializeDecryptUnit + decrypt + finalizeDecryptUnit + pread +} + +class xdp_socket +inherits socket + +class perf_event +{ + open + cpu + kernel + tracepoint + read + write +} + +class lockdown +{ + integrity + confidentiality +} diff --git a/prebuilts/api/30.0/private/adbd.te b/prebuilts/api/30.0/private/adbd.te new file mode 100644 index 000000000..89fa1f9e2 --- /dev/null +++ b/prebuilts/api/30.0/private/adbd.te @@ -0,0 +1,200 @@ +### ADB daemon + +typeattribute adbd coredomain; +typeattribute adbd mlstrustedsubject; + +init_daemon_domain(adbd) + +domain_auto_trans(adbd, shell_exec, shell) + +userdebug_or_eng(` + allow adbd self:process setcurrent; + allow adbd su:process dyntransition; +') + +# When 'adb shell' is executed in recovery mode, adbd explicitly +# switches into shell domain using setcon() because the shell executable +# is not labeled as shell but as rootfs. +recovery_only(` + domain_trans(adbd, rootfs, shell) + allow adbd shell:process dyntransition; + + # Allows reboot fastboot to enter fastboot directly + unix_socket_connect(adbd, recovery, recovery) +') + +# Control Perfetto traced and obtain traces from it. +# Needed to allow port forwarding directly to traced. +unix_socket_connect(adbd, traced_consumer, traced) + +# Do not sanitize the environment or open fds of the shell. Allow signaling +# created processes. +allow adbd shell:process { noatsecure signal }; + +# Set UID and GID to shell. Set supplementary groups. +allow adbd self:global_capability_class_set { setuid setgid }; + +# Drop capabilities from bounding set on user builds. +allow adbd self:global_capability_class_set setpcap; + +# ignore spurious denials for adbd when disk space is low. +dontaudit adbd self:global_capability_class_set sys_resource; + +# adbd probes for vsock support. Do not generate denials when +# this occurs. (b/123569840) +dontaudit adbd self:{ socket vsock_socket } create; + +# Create and use network sockets. +net_domain(adbd) + +# Access /dev/usb-ffs/adb/ep0 +allow adbd functionfs:dir search; +allow adbd functionfs:file rw_file_perms; +allowxperm adbd functionfs:file ioctl { + FUNCTIONFS_ENDPOINT_DESC + FUNCTIONFS_CLEAR_HALT +}; + +# Use a pseudo tty. +allow adbd devpts:chr_file rw_file_perms; + +# adb push/pull /data/local/tmp. +allow adbd shell_data_file:dir create_dir_perms; +allow adbd shell_data_file:file create_file_perms; + +# adb pull /data/local/traces/* +allow adbd trace_data_file:dir r_dir_perms; +allow adbd trace_data_file:file r_file_perms; + +# adb pull /data/misc/profman. +allow adbd profman_dump_data_file:dir r_dir_perms; +allow adbd profman_dump_data_file:file r_file_perms; + +# adb push/pull sdcard. +allow adbd tmpfs:dir search; +allow adbd rootfs:lnk_file r_file_perms; # /sdcard symlink +allow adbd tmpfs:lnk_file r_file_perms; # /mnt/sdcard symlink +allow adbd sdcard_type:dir create_dir_perms; +allow adbd sdcard_type:file create_file_perms; + +# adb pull /data/anr/traces.txt +allow adbd anr_data_file:dir r_dir_perms; +allow adbd anr_data_file:file r_file_perms; + +# Set service.adb.*, sys.powerctl, and sys.usb.ffs.ready properties. +set_prop(adbd, shell_prop) +set_prop(adbd, powerctl_prop) +set_prop(adbd, ffs_prop) +set_prop(adbd, exported_ffs_prop) + +# Set service.adb.tls.port, persist.adb.wifi. properties +set_prop(adbd, adbd_prop) + +# Access device logging gating property +get_prop(adbd, device_logging_prop) + +# Read device's serial number from system properties +get_prop(adbd, serialno_prop) + +# Read whether or not Test Harness Mode is enabled +get_prop(adbd, test_harness_prop) + +# Read persist.adb.tls_server.enable property +get_prop(adbd, system_adbd_prop) + +# Read device's overlayfs related properties and files +userdebug_or_eng(` + get_prop(adbd, persistent_properties_ready_prop) + r_dir_file(adbd, sysfs_dt_firmware_android) +') + +# Run /system/bin/bu +allow adbd system_file:file rx_file_perms; + +# Perform binder IPC to surfaceflinger (screencap) +# XXX Run screencap in a separate domain? +binder_use(adbd) +binder_call(adbd, surfaceflinger) +binder_call(adbd, gpuservice) +# b/13188914 +allow adbd gpu_device:chr_file rw_file_perms; +allow adbd ion_device:chr_file rw_file_perms; +r_dir_file(adbd, system_file) + +# Needed for various screenshots +hal_client_domain(adbd, hal_graphics_allocator) + +# Read /data/misc/adb/adb_keys. +allow adbd adb_keys_file:dir search; +allow adbd adb_keys_file:file r_file_perms; + +userdebug_or_eng(` + # Write debugging information to /data/adb + # when persist.adb.trace_mask is set + # https://code.google.com/p/android/issues/detail?id=72895 + allow adbd adb_data_file:dir rw_dir_perms; + allow adbd adb_data_file:file create_file_perms; +') + +# ndk-gdb invokes adb forward to forward the gdbserver socket. +allow adbd app_data_file:dir search; +allow adbd app_data_file:sock_file write; +allow adbd appdomain:unix_stream_socket connectto; + +# ndk-gdb invokes adb pull of app_process, linker, and libc.so. +allow adbd zygote_exec:file r_file_perms; +allow adbd system_file:file r_file_perms; + +# Allow pulling the SELinux policy for CTS purposes +allow adbd selinuxfs:dir r_dir_perms; +allow adbd selinuxfs:file r_file_perms; +allow adbd kernel:security read_policy; +allow adbd service_contexts_file:file r_file_perms; +allow adbd file_contexts_file:file r_file_perms; +allow adbd seapp_contexts_file:file r_file_perms; +allow adbd property_contexts_file:file r_file_perms; +allow adbd sepolicy_file:file r_file_perms; + +# Allow pulling config.gz for CTS purposes +allow adbd config_gz:file r_file_perms; + +allow adbd gpu_service:service_manager find; +allow adbd surfaceflinger_service:service_manager find; +allow adbd bootchart_data_file:dir search; +allow adbd bootchart_data_file:file r_file_perms; + +# Allow access to external storage; we have several visible mount points under /storage +# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary +allow adbd storage_file:dir r_dir_perms; +allow adbd storage_file:lnk_file r_file_perms; +allow adbd mnt_user_file:dir r_dir_perms; +allow adbd mnt_user_file:lnk_file r_file_perms; + +# Access to /data/media. +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow adbd media_rw_data_file:dir create_dir_perms; +allow adbd media_rw_data_file:file create_file_perms; + +r_dir_file(adbd, apk_data_file) + +allow adbd rootfs:dir r_dir_perms; + +# Allow to pull Perfetto traces. +allow adbd perfetto_traces_data_file:file r_file_perms; +allow adbd perfetto_traces_data_file:dir r_dir_perms; + +# Connect to shell and use a socket transferred from it. +# Used for e.g. abb. +allow adbd shell:unix_stream_socket { read write shutdown }; +allow adbd shell:fd use; + +### +### Neverallow rules +### + +# No transitions from adbd to non-shell, non-crash_dump domains. adbd only ever +# transitions to the shell domain (except when it crashes). In particular, we +# never want to see a transition from adbd to su (aka "adb root") +neverallow adbd { domain -crash_dump -shell }:process transition; +neverallow adbd { domain userdebug_or_eng(`-su') recovery_only(`-shell') }:process dyntransition; diff --git a/prebuilts/api/30.0/private/aidl_lazy_test_server.te b/prebuilts/api/30.0/private/aidl_lazy_test_server.te new file mode 100644 index 000000000..33efde06b --- /dev/null +++ b/prebuilts/api/30.0/private/aidl_lazy_test_server.te @@ -0,0 +1,5 @@ +userdebug_or_eng(` + typeattribute aidl_lazy_test_server coredomain; + + init_daemon_domain(aidl_lazy_test_server) +') diff --git a/prebuilts/api/30.0/private/apex_test_prepostinstall.te b/prebuilts/api/30.0/private/apex_test_prepostinstall.te new file mode 100644 index 000000000..f1bc2145e --- /dev/null +++ b/prebuilts/api/30.0/private/apex_test_prepostinstall.te @@ -0,0 +1,20 @@ +# APEX pre- & post-install test. +# +# Allow to run pre- and post-install hooks for APEX test modules +# in debuggable builds. + +type apex_test_prepostinstall, domain, coredomain; +type apex_test_prepostinstall_exec, system_file_type, exec_type, file_type; + +userdebug_or_eng(` + # /dev/zero + allow apex_test_prepostinstall apexd:fd use; + # Logwrapper. + create_pty(apex_test_prepostinstall) + # Logwrapper executing sh. + allow apex_test_prepostinstall shell_exec:file rx_file_perms; + # Logwrapper exec. + allow apex_test_prepostinstall system_file:file execute_no_trans; + # Ls. + allow apex_test_prepostinstall toolbox_exec:file rx_file_perms; +') diff --git a/prebuilts/api/30.0/private/apexd.te b/prebuilts/api/30.0/private/apexd.te new file mode 100644 index 000000000..9e702dd91 --- /dev/null +++ b/prebuilts/api/30.0/private/apexd.te @@ -0,0 +1,157 @@ +typeattribute apexd coredomain; + +init_daemon_domain(apexd) + +# Allow creating, reading and writing of APEX files/dirs in the APEX data dir +allow apexd apex_data_file:dir create_dir_perms; +allow apexd apex_data_file:file create_file_perms; + +# Allow creating, reading and writing of APEX files/dirs in the APEX metadata dir +allow apexd metadata_file:dir search; +allow apexd apex_metadata_file:dir create_dir_perms; +allow apexd apex_metadata_file:file create_file_perms; + +# Allow apexd to create files and directories for snapshots of apex data +allow apexd apex_permission_data_file:dir { create_dir_perms relabelto }; +allow apexd apex_permission_data_file:file { create_file_perms relabelto }; +allow apexd apex_module_data_file:dir { create_dir_perms relabelfrom }; +allow apexd apex_module_data_file:file { create_file_perms relabelfrom }; +allow apexd apex_rollback_data_file:dir create_dir_perms; +allow apexd apex_rollback_data_file:file create_file_perms; +allow apexd apex_wifi_data_file:dir { create_dir_perms relabelto }; +allow apexd apex_wifi_data_file:file { create_file_perms relabelto }; + +# Allow apexd to read directories under /data/misc_de in order to snapshot and +# restore apex data for all users. +allow apexd system_data_file:dir r_dir_perms; + +# allow apexd to create loop devices with /dev/loop-control +allow apexd loop_control_device:chr_file rw_file_perms; +# allow apexd to access loop devices +allow apexd loop_device:blk_file rw_file_perms; +allowxperm apexd loop_device:blk_file ioctl { + LOOP_GET_STATUS64 + LOOP_SET_STATUS64 + LOOP_SET_FD + LOOP_SET_BLOCK_SIZE + LOOP_SET_DIRECT_IO + LOOP_CLR_FD + BLKFLSBUF +}; +# allow apexd to access /dev/block +allow apexd block_device:dir r_dir_perms; + +# allow apexd to access /dev/block/dm-* (device-mapper entries) +allow apexd dm_device:chr_file rw_file_perms; +allow apexd dm_device:blk_file rw_file_perms; + +# sys_admin is required to access the device-mapper and mount +# dac_override, chown, and fowner are needed for snapshot and restore +allow apexd self:global_capability_class_set { sys_admin chown dac_override dac_read_search fowner }; + +# Note: fsetid is deliberately not included above. fsetid checks are +# triggered by chmod on a directory or file owned by a group other +# than one of the groups assigned to the current process to see if +# the setgid bit should be cleared, regardless of whether the setgid +# bit was even set. We do not appear to truly need this capability +# for apexd to operate. +dontaudit apexd self:global_capability_class_set fsetid; + +# allow apexd to create a mount point in /apex +allow apexd apex_mnt_dir:dir create_dir_perms; +# allow apexd to mount in /apex +allow apexd apex_mnt_dir:filesystem { mount unmount }; +allow apexd apex_mnt_dir:dir mounton; +# allow apexd to create symlinks in /apex +allow apexd apex_mnt_dir:lnk_file create_file_perms; +# allow apexd to unlink apex files in /data/apex/active +# note that apexd won't be able to unlink files in /data/app-staging/session_XXXX, +# because it doesn't have write permission for staging_data_file object. +allow apexd staging_data_file:file unlink; + +# allow apexd to read files from /data/app-staging and hardlink them to /data/apex. +allow apexd staging_data_file:dir r_dir_perms; +allow apexd staging_data_file:file { r_file_perms link }; + +# allow apexd to read files from /vendor/apex +allow apexd vendor_apex_file:dir r_dir_perms; +allow apexd vendor_apex_file:file r_file_perms; + +# Unmount and mount filesystems +allow apexd labeledfs:filesystem { mount unmount }; + +# /sys directory tree traversal +allow apexd sysfs_type:dir search; +# Configure read-ahead of dm-verity and loop devices +# for dm-X +allow apexd sysfs_dm:dir r_dir_perms; +allow apexd sysfs_dm:file rw_file_perms; +# for loopX +allow apexd sysfs_loop:dir r_dir_perms; +allow apexd sysfs_loop:file rw_file_perms; + +# Allow apexd to log to the kernel. +allow apexd kmsg_device:chr_file w_file_perms; + +# Allow apexd to reboot device. Required for rollbacks of apexes that are +# not covered by rollback manager. +set_prop(apexd, powerctl_prop) + +# Allow apexd to stop itself +set_prop(apexd, ctl_apexd_prop) + +# Find the vold service, and call into vold to manage FS checkpoints +allow apexd vold_service:service_manager find; +binder_call(apexd, vold) + +# Apex pre- & post-install permission. + +# Allow self-execute for the fork mount helper. +allow apexd apexd_exec:file execute_no_trans; + +# Unshare and make / private so that hooks cannot influence the +# running system. +allow apexd rootfs:dir mounton; + +# Allow to execute shell for pre- and postinstall scripts. A transition +# rule is required, thus restricted to execute and not execute_no_trans. +allow apexd shell_exec:file { r_file_perms execute }; + +# apexd is using bootstrap bionic +allow apexd system_bootstrap_lib_file:dir r_dir_perms; +allow apexd system_bootstrap_lib_file:file { execute read open getattr map }; + +# Allow transition to ART APEX preinstall domain. +domain_auto_trans(apexd, art_apex_preinstall_exec, art_apex_preinstall) +# Allow transition to ART APEX postinstall domain. +domain_auto_trans(apexd, art_apex_postinstall_exec, art_apex_postinstall) + +# Allow transition to test APEX preinstall domain. +userdebug_or_eng(` + domain_auto_trans(apexd, apex_test_prepostinstall_exec, apex_test_prepostinstall) +') + +# Allow apexd to be invoked with logwrapper from init during userspace reboot. +allow apexd devpts:chr_file { read write }; + +# Allow apexd to create pts files via logwrap_fork_exec for its own use, to pass to +# other processes +create_pty(apexd) + +# Allow apexd to read file contexts when performing restorecon of snapshots. +allow apexd file_contexts_file:file r_file_perms; + +# Allow apexd to execute toybox for snapshot & restore +allow apexd toolbox_exec:file rx_file_perms; + +neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms; +neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms; +neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms; +neverallow { domain -apexd -init -kernel } apex_metadata_file:file no_w_file_perms; +neverallow { domain -apexd } apex_mnt_dir:lnk_file no_w_file_perms; + +neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:dir no_w_dir_perms; +neverallow { domain -apexd -init -vold_prepare_subdirs } apex_module_data_file:file no_w_file_perms; + +neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:dir no_w_dir_perms; +neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file:file no_w_file_perms; diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te new file mode 100644 index 000000000..a03bcb094 --- /dev/null +++ b/prebuilts/api/30.0/private/app.te @@ -0,0 +1,37 @@ +# Allow apps to read the Test Harness Mode property. This property is used in +# the implementation of ActivityManager.isDeviceInTestHarnessMode() +get_prop(appdomain, test_harness_prop) + +userdebug_or_eng(`perfetto_producer({ appdomain })') + +# Prevent apps from causing presubmit failures. +# Apps can cause selinux denials by accessing CE storage +# and/or external storage. In either case, the selinux denial is +# not the cause of the failure, but just a symptom that +# storage isn't ready. Many apps handle the failure appropriately. +# +# Apps cannot access external storage before it becomes available. +dontaudit appdomain storage_stub_file:dir getattr; +# Attempts to write to system_data_file is generally a sign +# that apps are attempting to access encrypted storage before +# the ACTION_USER_UNLOCKED intent is delivered. Apps are not +# allowed to write to CE storage before it's available. +# Attempting to do so will be blocked by both selinux and unix +# permissions. +dontaudit appdomain system_data_file:dir write; +# Apps should not be reading vendor-defined properties. +dontaudit appdomain vendor_default_prop:file read; + +neverallow appdomain system_server:udp_socket { + accept append bind create ioctl listen lock name_bind + relabelfrom relabelto setattr shutdown }; + +# Transition to a non-app domain. +# Exception for the shell and su domains, can transition to runas, etc. +# Exception for crash_dump to allow for app crash reporting. +# Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc) +# to allow renderscript to create privileged executable files. +neverallow { appdomain -shell userdebug_or_eng(`-su') } + { domain -appdomain -crash_dump -rs }:process { transition }; +neverallow { appdomain -shell userdebug_or_eng(`-su') } + { domain -appdomain }:process { dyntransition }; diff --git a/prebuilts/api/30.0/private/app_neverallows.te b/prebuilts/api/30.0/private/app_neverallows.te new file mode 100644 index 000000000..66e9f69d2 --- /dev/null +++ b/prebuilts/api/30.0/private/app_neverallows.te @@ -0,0 +1,259 @@ +### +### neverallow rules for untrusted app domains +### + +define(`all_untrusted_apps',`{ + ephemeral_app + isolated_app + mediaprovider + mediaprovider_app + untrusted_app + untrusted_app_25 + untrusted_app_27 + untrusted_app_29 + untrusted_app_all +}') +# Receive or send uevent messages. +neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *; + +# Receive or send generic netlink messages +neverallow all_untrusted_apps domain:netlink_socket *; + +# Too much leaky information in debugfs. It's a security +# best practice to ensure these files aren't readable. +neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read; +neverallow {all_untrusted_apps userdebug_or_eng(`-domain')} debugfs_type:{ file lnk_file } read; + +# Do not allow untrusted apps to register services. +# Only trusted components of Android should be registering +# services. +neverallow all_untrusted_apps service_manager_type:service_manager add; + +# Do not allow untrusted apps to use VendorBinder +neverallow all_untrusted_apps vndbinder_device:chr_file *; +neverallow all_untrusted_apps vndservice_manager_type:service_manager *; + +# Do not allow untrusted apps to connect to the property service +# or set properties. b/10243159 +neverallow { all_untrusted_apps -mediaprovider } property_socket:sock_file write; +neverallow { all_untrusted_apps -mediaprovider } init:unix_stream_socket connectto; +neverallow { all_untrusted_apps -mediaprovider } property_type:property_service set; + +# net.dns properties are not a public API. Disallow untrusted apps from reading this property. +neverallow { all_untrusted_apps } net_dns_prop:file read; + +# Shared libraries created by trusted components within an app home +# directory can be dlopen()ed. To maintain the W^X property, these files +# must never be writable to the app. +neverallow all_untrusted_apps app_exec_data_file:file + { append create link relabelfrom relabelto rename setattr write }; + +# Block calling execve() on files in an apps home directory. +# This is a W^X violation (loading executable code from a writable +# home directory). For compatibility, allow for targetApi <= 28. +# b/112357170 +neverallow { + all_untrusted_apps + -untrusted_app_25 + -untrusted_app_27 + -runas_app +} { app_data_file privapp_data_file }:file execute_no_trans; + +# Do not allow untrusted apps to invoke dex2oat. This was historically required +# by ART for compiling secondary dex files but has been removed in Q. +# Exempt legacy apps (targetApi<=28) for compatibility. +neverallow { + all_untrusted_apps + -untrusted_app_25 + -untrusted_app_27 +} dex2oat_exec:file no_x_file_perms; + +# Do not allow untrusted apps to be assigned mlstrustedsubject. +# This would undermine the per-user isolation model being +# enforced via levelFrom=user in seapp_contexts and the mls +# constraints. As there is no direct way to specify a neverallow +# on attribute assignment, this relies on the fact that fork +# permission only makes sense within a domain (hence should +# never be granted to any other domain within mlstrustedsubject) +# and an untrusted app is allowed fork permission to itself. +neverallow all_untrusted_apps mlstrustedsubject:process fork; + +# Do not allow untrusted apps to hard link to any files. +# In particular, if an untrusted app links to other app data +# files, installd will not be able to guarantee the deletion +# of the linked to file. Hard links also contribute to security +# bugs, so we want to ensure untrusted apps never have this +# capability. +neverallow all_untrusted_apps file_type:file link; + +# Do not allow untrusted apps to access network MAC address file +neverallow all_untrusted_apps sysfs_net:file no_rw_file_perms; + +# Do not allow any write access to files in /sys +neverallow all_untrusted_apps sysfs_type:file { no_w_file_perms no_x_file_perms }; + +# Apps may never access the default sysfs label. +neverallow all_untrusted_apps sysfs:file no_rw_file_perms; + +# Restrict socket ioctls. Either 1. disallow privileged ioctls, 2. disallow the +# ioctl permission, or 3. disallow the socket class. +neverallowxperm all_untrusted_apps domain:{ icmp_socket rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; +neverallow all_untrusted_apps *:{ netlink_route_socket netlink_selinux_socket } ioctl; +neverallow all_untrusted_apps *:{ + socket netlink_socket packet_socket key_socket appletalk_socket + netlink_tcpdiag_socket netlink_nflog_socket + netlink_xfrm_socket netlink_audit_socket + netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket + netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket + netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket + netlink_rdma_socket netlink_crypto_socket sctp_socket + ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket + atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket + bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket + alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket +} *; + +# Disallow sending RTM_GETLINK messages on netlink sockets. +neverallow { + all_untrusted_apps + -untrusted_app_25 + -untrusted_app_27 + -untrusted_app_29 +} domain:netlink_route_socket { bind nlmsg_readpriv }; + +# Do not allow untrusted apps access to /cache +neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:dir ~{ r_dir_perms }; +neverallow { all_untrusted_apps -mediaprovider } { cache_file cache_recovery_file }:file ~{ read getattr }; + +# Do not allow untrusted apps to create/unlink files outside of its sandbox, +# internal storage or sdcard. +# World accessible data locations allow application to fill the device +# with unaccounted for data. This data will not get removed during +# application un-installation. +neverallow { all_untrusted_apps -mediaprovider } { + fs_type + -sdcard_type + file_type + -app_data_file # The apps sandbox itself + -privapp_data_file + -app_exec_data_file # stored within the app sandbox directory + -media_rw_data_file # Internal storage. Known that apps can + # leave artfacts here after uninstall. + -user_profile_data_file # Access to profile files + userdebug_or_eng(` + -method_trace_data_file # only on ro.debuggable=1 + -coredump_file # userdebug/eng only + ') +}:dir_file_class_set { create unlink }; + +# No untrusted component except mediaprovider_app should be touching /dev/fuse +neverallow { all_untrusted_apps -mediaprovider_app } fuse_device:chr_file *; + +# Do not allow untrusted apps to directly open the tun_device +neverallow all_untrusted_apps tun_device:chr_file open; +# The tun_device ioctls below are not allowed, to prove equivalence +# to the kernel patch at +# https://android.googlesource.com/kernel/common/+/11cee2be0c2062ba88f04eb51196506f870a3b5d%5E%21 +neverallowxperm all_untrusted_apps tun_device:chr_file ioctl { + SIOCGIFHWADDR + SIOCSIFHWADDR + TUNATTACHFILTER + TUNDETACHFILTER + TUNGETFEATURES + TUNGETFILTER + TUNGETSNDBUF + TUNGETVNETHDRSZ + TUNSETDEBUG + TUNSETGROUP + TUNSETIFF + TUNSETLINK + TUNSETNOCSUM + TUNSETOFFLOAD + TUNSETOWNER + TUNSETPERSIST + TUNSETQUEUE + TUNSETSNDBUF + TUNSETTXFILTER + TUNSETVNETHDRSZ +}; + +# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553) +neverallow all_untrusted_apps anr_data_file:file ~{ open append }; +neverallow all_untrusted_apps anr_data_file:dir ~search; + +# Avoid reads from generically labeled /proc files +# Create a more specific label if needed +neverallow all_untrusted_apps { + proc + proc_asound + proc_kmsg + proc_loadavg + proc_mounts + proc_pagetypeinfo + proc_slabinfo + proc_stat + proc_swaps + proc_uptime + proc_version + proc_vmallocinfo + proc_vmstat +}:file { no_rw_file_perms no_x_file_perms }; + +# /proc/filesystems is accessible to mediaprovider_app only since it handles +# external storage +neverallow { all_untrusted_apps - mediaprovider_app } proc_filesystems:file { no_rw_file_perms no_x_file_perms }; + +# Avoid all access to kernel configuration +neverallow all_untrusted_apps config_gz:file { no_rw_file_perms no_x_file_perms }; + +# Do not allow untrusted apps access to preloads data files +neverallow all_untrusted_apps preloads_data_file:file no_rw_file_perms; + +# Locking of files on /system could lead to denial of service attacks +# against privileged system components +neverallow all_untrusted_apps system_file:file lock; + +# Do not permit untrusted apps to perform actions on HwBinder service_manager +# other than find actions for services listed below +neverallow all_untrusted_apps *:hwservice_manager ~find; + +# Do not permit access from apps which host arbitrary code to the protected HwBinder +# services. +# The two main reasons for this are: +# 1. Protected HwBinder servers do not perform client authentication because HIDL +# currently does not expose caller UID information and, even if it did, those +# HwBinder services either operate at a level below that of apps (e.g., HALs) +# or must not rely on app identity for authorization. Thus, to be safe, the +# default assumption is that every HwBinder service treats all its clients as +# equally authorized to perform operations offered by the service. +# 2. HAL servers (a subset of HwBinder services) contain code with higher +# incidence rate of security issues than system/core components and have +# access to lower layes of the stack (all the way down to hardware) thus +# increasing opportunities for bypassing the Android security model. +neverallow all_untrusted_apps protected_hwservice:hwservice_manager find; + +neverallow all_untrusted_apps { + vendor_service +}:service_manager find; + +# SELinux is not an API for untrusted apps to use +neverallow all_untrusted_apps selinuxfs:file no_rw_file_perms; + +# Access to /proc/tty/drivers, to allow apps to determine if they +# are running in an emulated environment. +# b/33214085 b/33814662 b/33791054 b/33211769 +# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java +# This will go away in a future Android release +neverallow { all_untrusted_apps -untrusted_app_25 } proc_tty_drivers:file r_file_perms; +neverallow all_untrusted_apps proc_tty_drivers:file ~r_file_perms; + +# Untrusted apps are not allowed to use cgroups. +neverallow all_untrusted_apps cgroup:file *; + +# /mnt/sdcard symlink was supposed to have been removed in Gingerbread. Apps +# must not use it. +neverallow { + all_untrusted_apps + -untrusted_app_25 + -untrusted_app_27 +} mnt_sdcard_file:lnk_file *; diff --git a/prebuilts/api/30.0/private/app_zygote.te b/prebuilts/api/30.0/private/app_zygote.te new file mode 100644 index 000000000..a826f7fc7 --- /dev/null +++ b/prebuilts/api/30.0/private/app_zygote.te @@ -0,0 +1,167 @@ +typeattribute app_zygote coredomain; + +###### +###### Policy below is different from regular zygote-spawned apps +###### + +# The app_zygote needs to be able to transition domains. +typeattribute app_zygote mlstrustedsubject; + +# Allow access to temporary files, which is normally permitted through +# a domain macro. +tmpfs_domain(app_zygote); + +# Set the UID/GID of the process. +# This will be further limited to a range of isolated UIDs with seccomp. +allow app_zygote self:global_capability_class_set { setgid setuid }; +# Drop capabilities from bounding set. +allow app_zygote self:global_capability_class_set setpcap; +# Switch SELinux context to isolated app domain. +allow app_zygote self:process setcurrent; +allow app_zygote isolated_app:process dyntransition; + +# For JIT +allow app_zygote self:process execmem; + +# Allow app_zygote to stat the files that it opens. It must +# be able to inspect them so that it can reopen them on fork +# if necessary: b/30963384. +allow app_zygote debugfs_trace_marker:file getattr; + +# get system_server process group +allow app_zygote system_server:process getpgid; + +# Interaction between the app_zygote and its children. +allow app_zygote isolated_app:process setpgid; + +# TODO (b/63631799) fix this access +dontaudit app_zygote mnt_expand_file:dir getattr; + +# Get seapp_contexts +allow app_zygote seapp_contexts_file:file r_file_perms; +# Check validity of SELinux context before use. +selinux_check_context(app_zygote) +# Check SELinux permissions. +selinux_check_access(app_zygote) + +###### +###### Policy below is shared with regular zygote-spawned apps +###### + +# Child of zygote. +allow app_zygote zygote:fd use; +allow app_zygote zygote:process sigchld; + +# For ART (read /data/dalvik-cache). +r_dir_file(app_zygote, dalvikcache_data_file); +allow app_zygote dalvikcache_data_file:file execute; + +# Allow reading/executing installed binaries to enable preloading +# application data +allow app_zygote apk_data_file:dir r_dir_perms; +allow app_zygote apk_data_file:file { r_file_perms execute }; + +# /oem accesses. +allow app_zygote oemfs:dir search; + +# Allow app_zygote access to /vendor/overlay +r_dir_file(app_zygote, vendor_overlay_file) + +allow app_zygote system_data_file:lnk_file r_file_perms; +allow app_zygote system_data_file:file { getattr read map }; + +# Send unsolicited message to system_server +unix_socket_send(app_zygote, system_unsolzygote, system_server) + +##### +##### Neverallow +##### + +# Only permit transition to isolated_app. +neverallow app_zygote { domain -isolated_app }:process dyntransition; + +# Only setcon() transitions, no exec() based transitions, except for crash_dump. +neverallow app_zygote { domain -crash_dump }:process transition; + +# Must not exec() a program without changing domains. +# Having said that, exec() above is not allowed. +neverallow app_zygote *:file execute_no_trans; + +# The only way to enter this domain is for the zygote to fork a new +# app_zygote child. +neverallow { domain -zygote } app_zygote:process dyntransition; + +# Disallow write access to properties. +neverallow app_zygote property_socket:sock_file write; +neverallow app_zygote property_type:property_service set; + +# Should not have any access to non-app data files. +neverallow app_zygote { + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file +}:file { rwx_file_perms }; + +neverallow app_zygote { + service_manager_type + -activity_service + -webviewupdate_service +}:service_manager find; + +# Isolated apps should not be able to access the driver directly. +neverallow app_zygote gpu_device:chr_file { rwx_file_perms }; + +# Do not allow app_zygote access to /cache. +neverallow app_zygote cache_file:dir ~{ r_dir_perms }; +neverallow app_zygote cache_file:file ~{ read getattr }; + +# Do not allow most socket access. This is socket_class_set, excluding unix_dgram_socket, +# unix_stream_socket, and netlink_selinux_socket. +neverallow app_zygote domain:{ + socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket + appletalk_socket netlink_route_socket netlink_tcpdiag_socket + netlink_nflog_socket netlink_xfrm_socket netlink_audit_socket + netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket + netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket + netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket + sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket + x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket + pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket + rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket + alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket +} *; + +# Only allow app_zygote to talk to the logd socket, and +# su/heapprofd/traced_perf on eng/userdebug. This is because +# cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS. +# Think twice before changing. +neverallow app_zygote { + domain + -app_zygote + -logd + -system_server + userdebug_or_eng(`-su') + userdebug_or_eng(`-heapprofd') + userdebug_or_eng(`-traced_perf') +}:unix_dgram_socket *; + +neverallow app_zygote { + domain + -app_zygote + userdebug_or_eng(`-su') + userdebug_or_eng(`-heapprofd') + userdebug_or_eng(`-traced_perf') +}:unix_stream_socket *; + +# Never allow ptrace +neverallow app_zygote *:process ptrace; + +# Do not allow access to Bluetooth-related system properties. +# neverallow rules for Bluetooth-related data files are listed above. +neverallow app_zygote { + bluetooth_a2dp_offload_prop + bluetooth_audio_hal_prop + bluetooth_prop + exported_bluetooth_prop +}:file create_file_perms; diff --git a/prebuilts/api/30.0/private/art_apex_boot_integrity.te b/prebuilts/api/30.0/private/art_apex_boot_integrity.te new file mode 100644 index 000000000..ba02083c3 --- /dev/null +++ b/prebuilts/api/30.0/private/art_apex_boot_integrity.te @@ -0,0 +1,28 @@ +# This command set checks the integrity of boot classpath ART +# artifacts in /data, potentially removing them. + +type art_apex_boot_integrity, domain, coredomain; +type art_apex_boot_integrity_exec, system_file_type, exec_type, file_type; + +# Technically not a daemon but we do want the transition from init domain to +# art_apex_boot_integrity to occur. +init_daemon_domain(art_apex_boot_integrity) + +# Read dalvik cache directories, remove entries. +allow art_apex_boot_integrity dalvikcache_data_file:dir { r_dir_perms write remove_name }; +# Read and possibly delete dalvik cache files. +allow art_apex_boot_integrity dalvikcache_data_file:file { r_file_perms unlink }; + +# Allow art_apex_boot_integrity to execute itself using #!/system/bin/sh +allow art_apex_boot_integrity shell_exec:file rx_file_perms; + +# Allow running the mv and rm/rmdir commands using art_apex_boot_integrity +# permissions. +allow art_apex_boot_integrity toolbox_exec:file rx_file_perms; + +# Fsverity in the same domain. +allow art_apex_boot_integrity system_file:file execute_no_trans; +# Fsverity work. +allowxperm art_apex_boot_integrity dalvikcache_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; diff --git a/prebuilts/api/30.0/private/art_apex_postinstall.te b/prebuilts/api/30.0/private/art_apex_postinstall.te new file mode 100644 index 000000000..576ed2006 --- /dev/null +++ b/prebuilts/api/30.0/private/art_apex_postinstall.te @@ -0,0 +1,31 @@ +# ART APEX postinstall. +# + +type art_apex_postinstall, domain, coredomain; +type art_apex_postinstall_exec, system_file_type, exec_type, file_type; + +# /system/bin/sh (see b/126787589). +allow art_apex_postinstall apexd:fd use; + +# Read temp dirs and files. Move directories. +allow art_apex_postinstall ota_data_file:dir { r_dir_perms write rename remove_name relabelfrom reparent }; +allow art_apex_postinstall ota_data_file:file { r_file_perms relabelfrom }; +# We're deleting the old /data/dalvik-cache/* and move the new ones +# over. +allow art_apex_postinstall dalvikcache_data_file:dir { create_dir_perms relabelto }; +allow art_apex_postinstall dalvikcache_data_file:file { r_file_perms unlink relabelto }; + +# Required for relabel. +allow art_apex_postinstall file_contexts_file:file r_file_perms; +allow art_apex_postinstall self:global_capability_class_set sys_admin; + +# Script helpers. +allow art_apex_postinstall shell_exec:file rx_file_perms; +allow art_apex_postinstall toolbox_exec:file rx_file_perms; + +# Fsverity in the same domain. +allow art_apex_postinstall system_file:file execute_no_trans; +# Fsverity work. +allowxperm art_apex_postinstall ota_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; diff --git a/prebuilts/api/30.0/private/art_apex_preinstall.te b/prebuilts/api/30.0/private/art_apex_preinstall.te new file mode 100644 index 000000000..12b102041 --- /dev/null +++ b/prebuilts/api/30.0/private/art_apex_preinstall.te @@ -0,0 +1,33 @@ +# ART APEX preinstall. +# + +type art_apex_preinstall, domain, coredomain; +type art_apex_preinstall_exec, system_file_type, exec_type, file_type; + +# /system/bin/sh (see b/126787589). +allow art_apex_preinstall apexd:fd use; + +# Create temp dirs and files under /data/ota. +allow art_apex_preinstall ota_data_file:dir create_dir_perms; +allow art_apex_preinstall ota_data_file:file create_file_perms; +# We mount /data/ota/dalvik-cache over /data/dalvik-cache in our +# mount namespace. +allow art_apex_preinstall dalvikcache_data_file:dir { r_dir_perms mounton }; +allow art_apex_preinstall self:capability sys_admin; + +# Script helpers. +allow art_apex_preinstall shell_exec:file rx_file_perms; +allow art_apex_preinstall toolbox_exec:file rx_file_perms; + +# Execute subscripts in the same domain. +allow art_apex_preinstall art_apex_preinstall_exec:file execute_no_trans; + +# Run dex2oat. +domain_auto_trans(art_apex_preinstall, dex2oat_exec, dex2oat) + +# Fsverity in the same domain. +allow art_apex_preinstall system_file:file execute_no_trans; +# Fsverity work. +allowxperm art_apex_preinstall ota_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; diff --git a/prebuilts/api/30.0/private/asan_extract.te b/prebuilts/api/30.0/private/asan_extract.te new file mode 100644 index 000000000..1c20d78ec --- /dev/null +++ b/prebuilts/api/30.0/private/asan_extract.te @@ -0,0 +1,8 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# Technically not a daemon but we do want the transition from init domain to +# asan_extract to occur. +with_asan(` +typeattribute asan_extract coredomain; +init_daemon_domain(asan_extract) +') diff --git a/prebuilts/api/30.0/private/atrace.te b/prebuilts/api/30.0/private/atrace.te new file mode 100644 index 000000000..ad7d177e6 --- /dev/null +++ b/prebuilts/api/30.0/private/atrace.te @@ -0,0 +1,80 @@ +# Domain for atrace process. +# It is spawned either by traced_probes or by init for the boottrace service. + +type atrace, domain, coredomain; +type atrace_exec, exec_type, file_type, system_file_type; + +# boottrace services uses /data/misc/boottrace/categories +allow atrace boottrace_data_file:dir search; +allow atrace boottrace_data_file:file r_file_perms; + +# Allow atrace to access tracefs. +allow atrace debugfs_tracing:dir r_dir_perms; +allow atrace debugfs_tracing:file rw_file_perms; +allow atrace debugfs_trace_marker:file getattr; + +# Allow atrace to write data when a pipe is used for stdout/stderr +# This is used by Perfetto to capture the output on error in atrace. +allow atrace traced_probes:fd use; +allow atrace traced_probes:fifo_file write; + +# atrace sets debug.atrace.* properties +set_prop(atrace, debug_prop) + +# atrace pokes all the binder-enabled processes at startup with a +# SYSPROPS_TRANSACTION, to tell them to reload the debug.atrace.* properties. + +# Allow discovery of binder services. +allow atrace { + service_manager_type + -apex_service + -incident_service + -iorapd_service + -netd_service + -dnsresolver_service + -stats_service + -dumpstate_service + -installd_service + -vold_service + -lpdump_service + -default_android_service +}:service_manager { find }; +allow atrace servicemanager:service_manager list; + +# Allow notifying the processes hosting specific binder services that +# trace-related system properties have changed. +binder_use(atrace) +allow atrace healthd:binder call; +allow atrace surfaceflinger:binder call; +allow atrace system_server:binder call; +allow atrace cameraserver:binder call; + +# Similarly, on debug builds, allow specific HALs to be notified that +# trace-related system properties have changed. +userdebug_or_eng(` + # List HAL interfaces. + allow atrace hwservicemanager:hwservice_manager list; + # Notify the camera HAL. + hal_client_domain(atrace, hal_camera) + hal_client_domain(atrace, hal_vibrator) +') + +# Remove logspam from notification attempts to non-whitelisted services. +dontaudit atrace hwservice_manager_type:hwservice_manager find; +dontaudit atrace service_manager_type:service_manager find; +dontaudit atrace domain:binder call; + +# atrace can call atrace HAL +hal_client_domain(atrace, hal_atrace) + +get_prop(atrace, hwservicemanager_prop) + +userdebug_or_eng(` + # atrace is generally invoked as a standalone binary from shell or perf + # daemons like Perfetto traced_probes. However, in userdebug builds, there is + # a further option to run atrace as an init daemon for boot tracing. + init_daemon_domain(atrace) + + allow atrace debugfs_tracing_debug:dir r_dir_perms; + allow atrace debugfs_tracing_debug:file rw_file_perms; +') diff --git a/prebuilts/api/30.0/private/attributes b/prebuilts/api/30.0/private/attributes new file mode 100644 index 000000000..e01b2126a --- /dev/null +++ b/prebuilts/api/30.0/private/attributes @@ -0,0 +1 @@ +hal_attribute(lazy_test); diff --git a/prebuilts/api/30.0/private/audioserver.te b/prebuilts/api/30.0/private/audioserver.te new file mode 100644 index 000000000..067152fb7 --- /dev/null +++ b/prebuilts/api/30.0/private/audioserver.te @@ -0,0 +1,100 @@ +# audioserver - audio services daemon + +typeattribute audioserver coredomain; + +type audioserver_exec, exec_type, file_type, system_file_type; +init_daemon_domain(audioserver) +tmpfs_domain(audioserver) + +r_dir_file(audioserver, sdcard_type) + +binder_use(audioserver) +binder_call(audioserver, binderservicedomain) +binder_call(audioserver, appdomain) +binder_service(audioserver) + +hal_client_domain(audioserver, hal_allocator) +# /system/lib64/hw for always-passthrough Allocator HAL ashmem / mapper .so +r_dir_file(audioserver, system_file) + +hal_client_domain(audioserver, hal_audio) + +userdebug_or_eng(` + # used for TEE sink - pcm capture for debug. + allow audioserver media_data_file:dir create_dir_perms; + allow audioserver audioserver_data_file:dir create_dir_perms; + allow audioserver audioserver_data_file:file create_file_perms; + + # ptrace to processes in the same domain for memory leak detection + allow audioserver self:process ptrace; +') + +add_service(audioserver, audioserver_service) +allow audioserver activity_service:service_manager find; +allow audioserver appops_service:service_manager find; +allow audioserver batterystats_service:service_manager find; +allow audioserver external_vibrator_service:service_manager find; +allow audioserver package_native_service:service_manager find; +allow audioserver permission_service:service_manager find; +allow audioserver power_service:service_manager find; +allow audioserver scheduling_policy_service:service_manager find; +allow audioserver mediametrics_service:service_manager find; +allow audioserver sensor_privacy_service:service_manager find; +allow audioserver soundtrigger_middleware_service:service_manager find; + +# Allow read/write access to bluetooth-specific properties +set_prop(audioserver, bluetooth_a2dp_offload_prop) +set_prop(audioserver, bluetooth_audio_hal_prop) +set_prop(audioserver, bluetooth_prop) +set_prop(audioserver, exported_bluetooth_prop) + +# Grant access to audio files to audioserver +allow audioserver audio_data_file:dir ra_dir_perms; +allow audioserver audio_data_file:file create_file_perms; + +# allow access to ALSA MMAP FDs for AAudio API +allow audioserver audio_device:chr_file { read write }; + +not_full_treble(`allow audioserver audio_device:dir r_dir_perms;') +not_full_treble(`allow audioserver audio_device:chr_file rw_file_perms;') + +# For A2DP bridge which is loaded directly into audioserver +unix_socket_connect(audioserver, bluetooth, bluetooth) + +# Allow shell commands from ADB and shell for CTS testing/dumping +allow audioserver adbd:fd use; +allow audioserver adbd:unix_stream_socket { read write }; +allow audioserver shell:fifo_file { read write }; + +# Allow shell commands from ADB for CTS testing/dumping +userdebug_or_eng(` + allow audioserver su:fd use; + allow audioserver su:fifo_file { read write }; + allow audioserver su:unix_stream_socket { read write }; +') + +# Allow write access to log tag property +set_prop(audioserver, log_tag_prop); + +### +### neverallow rules +### + +# audioserver should never execute any executable without a +# domain transition +neverallow audioserver { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow audioserver domain:{ tcp_socket udp_socket rawip_socket } *; + +# Allow using wake locks +wakelock_use(audioserver) diff --git a/prebuilts/api/30.0/private/auditctl.te b/prebuilts/api/30.0/private/auditctl.te new file mode 100644 index 000000000..f634d3d1d --- /dev/null +++ b/prebuilts/api/30.0/private/auditctl.te @@ -0,0 +1,18 @@ +# +# /system/bin/auditctl executed for logd +# +# Performs maintenance of the kernel auditing system, including +# setting rate limits on SELinux denials. +# + +type auditctl, domain, coredomain; +type auditctl_exec, file_type, system_file_type, exec_type; + +# Uncomment the line below to put this domain into permissive +# mode. This helps speed SELinux policy development. +# userdebug_or_eng(`permissive auditctl;') + +init_daemon_domain(auditctl) + +allow auditctl self:global_capability_class_set audit_control; +allow auditctl self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; diff --git a/prebuilts/api/30.0/private/automotive_display_service.te b/prebuilts/api/30.0/private/automotive_display_service.te new file mode 100644 index 000000000..fa11ca424 --- /dev/null +++ b/prebuilts/api/30.0/private/automotive_display_service.te @@ -0,0 +1,33 @@ +# Display proxy service for Automotive +type automotive_display_service, domain, coredomain; +type automotive_display_service_exec, system_file_type, exec_type, file_type; + +typeattribute automotive_display_service automotive_display_service_server; + +# Allow to add a display service to the manager +add_hwservice(automotive_display_service, fwk_automotive_display_hwservice); + +# Allow init to launch automotive display service +init_daemon_domain(automotive_display_service) + +# Allow to use Binder IPC for SurfaceFlinger. +binder_use(automotive_display_service) + +# Allow to use HwBinder IPC for HAL implementations. +hwbinder_use(automotive_display_service) +hal_client_domain(automotive_display_service, hal_graphics_composer) + +# Allow to read the target property. +get_prop(automotive_display_service, hwservicemanager_prop) + +# Allow to find SurfaceFlinger. +allow automotive_display_service surfaceflinger_service:service_manager find; + +# Allow client domain to do binder IPC to serverdomain. +binder_call(automotive_display_service, surfaceflinger) + +# Allow to use a graphics mapper +allow automotive_display_service hal_graphics_mapper_hwservice:hwservice_manager find; + +# Allow to use hidl token service +allow automotive_display_service hidl_token_hwservice:hwservice_manager find; diff --git a/prebuilts/api/30.0/private/binder_in_vendor_violators.te b/prebuilts/api/30.0/private/binder_in_vendor_violators.te new file mode 100644 index 000000000..4a1218e1d --- /dev/null +++ b/prebuilts/api/30.0/private/binder_in_vendor_violators.te @@ -0,0 +1 @@ +allow binder_in_vendor_violators binder_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/private/binderservicedomain.te b/prebuilts/api/30.0/private/binderservicedomain.te new file mode 100644 index 000000000..0891ee5b2 --- /dev/null +++ b/prebuilts/api/30.0/private/binderservicedomain.te @@ -0,0 +1,22 @@ +# Rules common to all binder service domains + +# Allow dumpstate and incidentd to collect information from binder services +allow binderservicedomain { dumpstate incidentd }:fd use; +allow binderservicedomain { dumpstate incidentd }:unix_stream_socket { read write getopt getattr }; +allow binderservicedomain { dumpstate incidentd }:fifo_file { getattr write }; +allow binderservicedomain shell_data_file:file { getattr write }; + +# Allow dumpsys to work from adb shell or the serial console +allow binderservicedomain devpts:chr_file rw_file_perms; +allow binderservicedomain console_device:chr_file rw_file_perms; + +# Receive and write to a pipe received over Binder from an app. +allow binderservicedomain appdomain:fd use; +allow binderservicedomain appdomain:fifo_file write; + +# allow all services to run permission checks +allow binderservicedomain permission_service:service_manager find; + +allow binderservicedomain keystore:keystore_key { get_state get insert delete exist list sign verify }; + +use_keystore(binderservicedomain) diff --git a/prebuilts/api/30.0/private/blank_screen.te b/prebuilts/api/30.0/private/blank_screen.te new file mode 100644 index 000000000..51310d180 --- /dev/null +++ b/prebuilts/api/30.0/private/blank_screen.te @@ -0,0 +1,6 @@ +type blank_screen, domain, coredomain; +type blank_screen_exec, exec_type, file_type, system_file_type; + +init_daemon_domain(blank_screen) + +hal_client_domain(blank_screen, hal_light) diff --git a/prebuilts/api/30.0/private/blkid.te b/prebuilts/api/30.0/private/blkid.te new file mode 100644 index 000000000..4e972ab95 --- /dev/null +++ b/prebuilts/api/30.0/private/blkid.te @@ -0,0 +1,22 @@ +# blkid called from vold + +typeattribute blkid coredomain; + +type blkid_exec, system_file_type, exec_type, file_type; + +# Allowed read-only access to encrypted devices to extract UUID/label +allow blkid block_device:dir search; +allow blkid userdata_block_device:blk_file r_file_perms; +allow blkid dm_device:blk_file r_file_perms; + +# Allow stdin/out back to vold +allow blkid vold:fd use; +allow blkid vold:fifo_file { read write getattr }; + +# For blkid launched through popen() +allow blkid blkid_exec:file rx_file_perms; + +# Only allow entry from vold +neverallow { domain -vold } blkid:process transition; +neverallow * blkid:process dyntransition; +neverallow blkid { file_type fs_type -blkid_exec -shell_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/private/blkid_untrusted.te b/prebuilts/api/30.0/private/blkid_untrusted.te new file mode 100644 index 000000000..125677157 --- /dev/null +++ b/prebuilts/api/30.0/private/blkid_untrusted.te @@ -0,0 +1,37 @@ +# blkid for untrusted block devices + +typeattribute blkid_untrusted coredomain; + +# Allowed read-only access to vold block devices to extract UUID/label +allow blkid_untrusted block_device:dir search; +allow blkid_untrusted vold_device:blk_file r_file_perms; + +# Allow stdin/out back to vold +allow blkid_untrusted vold:fd use; +allow blkid_untrusted vold:fifo_file { read write getattr }; + +# For blkid launched through popen() +allow blkid_untrusted blkid_exec:file rx_file_perms; + +### +### neverallow rules +### + +# Untrusted blkid should never be run on block devices holding sensitive data +neverallow blkid_untrusted { + boot_block_device + frp_block_device + metadata_block_device + recovery_block_device + root_block_device + swap_block_device + system_block_device + userdata_block_device + cache_block_device + dm_device +}:blk_file no_rw_file_perms; + +# Only allow entry from vold via blkid binary +neverallow { domain -vold } blkid_untrusted:process transition; +neverallow * blkid_untrusted:process dyntransition; +neverallow blkid_untrusted { file_type fs_type -blkid_exec -shell_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/private/bluetooth.te b/prebuilts/api/30.0/private/bluetooth.te new file mode 100644 index 000000000..1680361e5 --- /dev/null +++ b/prebuilts/api/30.0/private/bluetooth.te @@ -0,0 +1,86 @@ +# bluetooth app + +typeattribute bluetooth coredomain; + +app_domain(bluetooth) +net_domain(bluetooth) + +# Socket creation under /data/misc/bluedroid. +type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket; + +# Allow access to net_admin ioctls +allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls; + +wakelock_use(bluetooth); + +# Data file accesses. +allow bluetooth bluetooth_data_file:dir create_dir_perms; +allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms; +allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms; +allow bluetooth bluetooth_logs_data_file:file create_file_perms; + +# Socket creation under /data/misc/bluedroid. +allow bluetooth bluetooth_socket:sock_file create_file_perms; + +allow bluetooth self:global_capability_class_set net_admin; +allow bluetooth self:global_capability2_class_set wake_alarm; + +# tethering +allow bluetooth self:packet_socket create_socket_perms_no_ioctl; +allow bluetooth self:global_capability_class_set { net_admin net_raw net_bind_service }; +allow bluetooth self:tun_socket create_socket_perms_no_ioctl; +allow bluetooth tun_device:chr_file rw_file_perms; +allowxperm bluetooth tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF }; +allow bluetooth efs_file:dir search; + +# allow Bluetooth to access uhid device for HID profile +allow bluetooth uhid_device:chr_file rw_file_perms; + +# proc access. +allow bluetooth proc_bluetooth_writable:file rw_file_perms; + +# Allow write access to bluetooth specific properties +set_prop(bluetooth, binder_cache_bluetooth_server_prop); +neverallow { domain -bluetooth -init } + binder_cache_bluetooth_server_prop:property_service set; +set_prop(bluetooth, bluetooth_a2dp_offload_prop) +set_prop(bluetooth, bluetooth_audio_hal_prop) +set_prop(bluetooth, bluetooth_prop) +set_prop(bluetooth, exported_bluetooth_prop) +set_prop(bluetooth, pan_result_prop) + +allow bluetooth audioserver_service:service_manager find; +allow bluetooth bluetooth_service:service_manager find; +allow bluetooth drmserver_service:service_manager find; +allow bluetooth mediaserver_service:service_manager find; +allow bluetooth radio_service:service_manager find; +allow bluetooth app_api_service:service_manager find; +allow bluetooth system_api_service:service_manager find; +allow bluetooth network_stack_service:service_manager find; + +# already open bugreport file descriptors may be shared with +# the bluetooth process, from a file in +# /data/data/com.android.shell/files/bugreports/bugreport-*. +allow bluetooth shell_data_file:file read; + +# Bluetooth audio needs RT scheduling to meet deadlines, allow sys_nice +allow bluetooth self:global_capability_class_set sys_nice; + +hal_client_domain(bluetooth, hal_bluetooth) +hal_client_domain(bluetooth, hal_telephony) + +# Bluetooth A2DP offload requires binding with audio HAL +hal_client_domain(bluetooth, hal_audio) + +read_runtime_log_tags(bluetooth) + +### +### Neverallow rules +### +### These are things that the bluetooth app should NEVER be able to do +### + +# Superuser capabilities. +# Bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend and sys_nice. +neverallow bluetooth self:global_capability_class_set ~{ net_admin net_raw net_bind_service sys_nice}; +neverallow bluetooth self:global_capability2_class_set ~{ wake_alarm block_suspend }; diff --git a/prebuilts/api/30.0/private/bluetoothdomain.te b/prebuilts/api/30.0/private/bluetoothdomain.te new file mode 100644 index 000000000..fe4f0e663 --- /dev/null +++ b/prebuilts/api/30.0/private/bluetoothdomain.te @@ -0,0 +1,2 @@ +# Allow clients to use a socket provided by the bluetooth app. +allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown }; diff --git a/prebuilts/api/30.0/private/bootanim.te b/prebuilts/api/30.0/private/bootanim.te new file mode 100644 index 000000000..47405601d --- /dev/null +++ b/prebuilts/api/30.0/private/bootanim.te @@ -0,0 +1,9 @@ +typeattribute bootanim coredomain; + +init_daemon_domain(bootanim) + +# b/68864350 +dontaudit bootanim unlabeled:dir search; + +# Bootanim should not be reading default vendor-defined properties. +dontaudit bootanim vendor_default_prop:file read; diff --git a/prebuilts/api/30.0/private/bootstat.te b/prebuilts/api/30.0/private/bootstat.te new file mode 100644 index 000000000..806144cf6 --- /dev/null +++ b/prebuilts/api/30.0/private/bootstat.te @@ -0,0 +1,3 @@ +typeattribute bootstat coredomain; + +init_daemon_domain(bootstat) diff --git a/prebuilts/api/30.0/private/boringssl_self_test.te b/prebuilts/api/30.0/private/boringssl_self_test.te new file mode 100644 index 000000000..50fc1fc1c --- /dev/null +++ b/prebuilts/api/30.0/private/boringssl_self_test.te @@ -0,0 +1,74 @@ +# System and vendor domains for BoringSSL self test binaries. +# +# For FIPS compliance, all processes linked against libcrypto perform a startup +# self test which computes a hash of the BoringSSL Crypto Module (BCM) and, at least once +# per device boot, also run a series of Known Answer Tests (KAT) to verify functionality. +# +# The KATs are expensive, and to ensure they are run as few times as possible, they +# are skipped if a marker file exists in /dev/boringssl/selftest whose name is +# the hash of the BCM that was computed earlier. The files are zero length and their contents +# should never be read or written. To avoid giving arbitrary processes access to /dev/boringssl +# to create these marker files, there are dedicated self test binaries which this policy +# gives access to and which are run during early-init. +# +# Due to build skew, the version of libcrypto in /vendor may have a different hash than +# the system one. To cater for this there are vendor variants of the self test binaries +# which also have permission to write to the same files in /dev/boringssl. In the case where +# vendor and system libcrypto have the same hash, there will be a race to create the file, +# but this is harmless. +# +# If the self tests fail, then the device should reboot into firmware and for this reason +# the system boringssl_self_test domain needs to be in coredomain. As vendor domains +# are not allowed in coredomain, this means that the vendor self tests cannot trigger a +# reboot. However every binary linked against the vendor libcrypto will abort on startup, +# so in practice the device will crash anyway in this unlikely scenario. + +# System boringssl_self_test domain +type boringssl_self_test, domain, coredomain; +type boringssl_self_test_exec, system_file_type, exec_type, file_type; + +# Vendor boringssl_self_test domain +type vendor_boringssl_self_test, domain; +type vendor_boringssl_self_test_exec, vendor_file_type, exec_type, file_type; + +# Switch to boringssl_self_test security domain when running boringssl_self_test_exec +init_daemon_domain(boringssl_self_test) + +# Switch to vendor_boringssl_self_test security domain when running vendor_boringssl_self_test_exec +init_daemon_domain(vendor_boringssl_self_test) + +# Marker files, common to both domains, indicating KAT have been performed on a particular libcrypto +# +# The files are zero length so there is no issue if both vendor and system code +# try to create the same file simultaneously. One will succeed and the other will fail +# silently, i.e. still indicate success. Similar harmless naming collisions will happen in the +# system domain e.g. when system and APEX copies of libcrypto are identical. +type boringssl_self_test_marker, file_type; + +# Allow self test binaries to create/check for the existence of boringssl_self_test_marker files +allow { boringssl_self_test vendor_boringssl_self_test } + boringssl_self_test_marker:file create_file_perms; +allow { boringssl_self_test vendor_boringssl_self_test } + boringssl_self_test_marker:dir ra_dir_perms; + +# Allow self test binaries to write their stdout/stderr messages to kmsg_debug +allow { boringssl_self_test vendor_boringssl_self_test } + kmsg_debug_device:chr_file { w_file_perms getattr ioctl }; + +# No other process should be able to create marker files because their existence causes the +# boringssl KAT to be skipped. +neverallow { + domain + -vendor_boringssl_self_test + -boringssl_self_test + -init + -vendor_init +} boringssl_self_test_marker:file no_rw_file_perms; + +neverallow { + domain + -vendor_boringssl_self_test + -boringssl_self_test + -init + -vendor_init +} boringssl_self_test_marker:dir write; diff --git a/prebuilts/api/30.0/private/bpfloader.te b/prebuilts/api/30.0/private/bpfloader.te new file mode 100644 index 000000000..249f3df72 --- /dev/null +++ b/prebuilts/api/30.0/private/bpfloader.te @@ -0,0 +1,40 @@ +# bpf program loader +type bpfloader, domain; +type bpfloader_exec, system_file_type, exec_type, file_type; +typeattribute bpfloader coredomain; + +# These permissions are required to pin ebpf maps & programs. +allow bpfloader fs_bpf:dir { search write add_name }; +allow bpfloader fs_bpf:file { create setattr }; + +# Allow bpfloader to create bpf maps and programs. +allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run }; + +allow bpfloader self:capability { chown sys_admin }; + +### +### Neverallow rules +### + +# TODO: get rid of init & vendor_init +neverallow { domain -init -vendor_init } fs_bpf:dir setattr; +neverallow { domain -bpfloader } fs_bpf:dir { write add_name }; +neverallow domain fs_bpf:dir { reparent rename rmdir }; + +# TODO: get rid of init & vendor_init +neverallow { domain -bpfloader -init -vendor_init } fs_bpf:file setattr; +neverallow { domain -bpfloader } fs_bpf:file create; +neverallow domain fs_bpf:file { rename unlink }; + +neverallow { domain -bpfloader } *:bpf { map_create prog_load }; +neverallow { domain -bpfloader -netd -netutils_wrapper -system_server } *:bpf prog_run; +neverallow { domain -bpfloader -netd -system_server } *:bpf { map_read map_write }; + +neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans }; + +neverallow bpfloader domain:{ tcp_socket udp_socket rawip_socket } *; + +# No domain should be allowed to ptrace bpfloader +neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace; + +set_prop(bpfloader, bpf_progs_loaded_prop) diff --git a/prebuilts/api/30.0/private/bufferhubd.te b/prebuilts/api/30.0/private/bufferhubd.te new file mode 100644 index 000000000..012eb2027 --- /dev/null +++ b/prebuilts/api/30.0/private/bufferhubd.te @@ -0,0 +1,3 @@ +typeattribute bufferhubd coredomain; + +init_daemon_domain(bufferhubd) diff --git a/prebuilts/api/30.0/private/bug_map b/prebuilts/api/30.0/private/bug_map new file mode 100644 index 000000000..60c2f15b4 --- /dev/null +++ b/prebuilts/api/30.0/private/bug_map @@ -0,0 +1,33 @@ +dnsmasq netd fifo_file b/77868789 +dnsmasq netd unix_stream_socket b/77868789 +gmscore_app system_data_file dir b/146166941 +init app_data_file file b/77873135 +init cache_file blk_file b/77873135 +init logpersist file b/77873135 +init nativetest_data_file dir b/77873135 +init pstorefs dir b/77873135 +init shell_data_file dir b/77873135 +init shell_data_file file b/77873135 +init shell_data_file lnk_file b/77873135 +init shell_data_file sock_file b/77873135 +init system_data_file chr_file b/77873135 +isolated_app privapp_data_file dir b/119596573 +isolated_app app_data_file dir b/120394782 +mediaextractor app_data_file file b/77923736 +mediaextractor radio_data_file file b/77923736 +mediaprovider cache_file blk_file b/77925342 +mediaprovider mnt_media_rw_file dir b/77925342 +mediaprovider shell_data_file dir b/77925342 +mediaswcodec ashmem_device chr_file b/142679232 +netd priv_app unix_stream_socket b/77870037 +netd untrusted_app unix_stream_socket b/77870037 +netd untrusted_app_25 unix_stream_socket b/77870037 +netd untrusted_app_27 unix_stream_socket b/77870037 +platform_app nfc_data_file dir b/74331887 +system_server crash_dump process b/73128755 +system_server overlayfs_file file b/142390309 +system_server sdcardfs file b/77856826 +system_server storage_stub_file dir b/145267097 +system_server zygote process b/77856826 +vold system_data_file file b/124108085 +zygote untrusted_app_25 process b/77925912 diff --git a/prebuilts/api/30.0/private/cameraserver.te b/prebuilts/api/30.0/private/cameraserver.te new file mode 100644 index 000000000..2be3c9ea3 --- /dev/null +++ b/prebuilts/api/30.0/private/cameraserver.te @@ -0,0 +1,6 @@ +typeattribute cameraserver coredomain; + +typeattribute cameraserver camera_service_server; + +init_daemon_domain(cameraserver) +tmpfs_domain(cameraserver) diff --git a/prebuilts/api/30.0/private/charger.te b/prebuilts/api/30.0/private/charger.te new file mode 100644 index 000000000..65109deff --- /dev/null +++ b/prebuilts/api/30.0/private/charger.te @@ -0,0 +1 @@ +typeattribute charger coredomain; diff --git a/prebuilts/api/30.0/private/clatd.te b/prebuilts/api/30.0/private/clatd.te new file mode 100644 index 000000000..0fa774a27 --- /dev/null +++ b/prebuilts/api/30.0/private/clatd.te @@ -0,0 +1,36 @@ +# 464xlat daemon +type clatd, domain, coredomain; +type clatd_exec, system_file_type, exec_type, file_type; + +net_domain(clatd) + +r_dir_file(clatd, proc_net_type) +userdebug_or_eng(` + auditallow clatd proc_net_type:{ dir file lnk_file } { getattr open read }; +') + +# Access objects inherited from netd. +allow clatd netd:fd use; +allow clatd netd:fifo_file { read write }; +# TODO: Check whether some or all of these sockets should be close-on-exec. +allow clatd netd:netlink_kobject_uevent_socket { read write }; +allow clatd netd:netlink_nflog_socket { read write }; +allow clatd netd:netlink_route_socket { read write }; +allow clatd netd:udp_socket { read write }; +allow clatd netd:unix_stream_socket { read write }; +allow clatd netd:unix_dgram_socket { read write }; + +allow clatd self:global_capability_class_set { net_admin net_raw setuid setgid }; + +# clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks +# capable(CAP_IPC_LOCK), and then checks to see the requested amount is +# under RLIMIT_MEMLOCK. If the latter check succeeds clatd won't have +# needed CAP_IPC_LOCK. But this is not guaranteed to succeed on all devices +# so we permit any requests we see from clatd asking for this capability. +# See https://android-review.googlesource.com/127940 and +# https://b.corp.google.com/issues/21736319 +allow clatd self:global_capability_class_set ipc_lock; + +allow clatd self:netlink_route_socket nlmsg_write; +allow clatd self:{ packet_socket rawip_socket } create_socket_perms_no_ioctl; +allow clatd tun_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.cil new file mode 100644 index 000000000..498bca5a7 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/26.0/26.0.cil @@ -0,0 +1,786 @@ +;; attributes removed from current policy +(typeattribute hal_wifi_keystore) +(typeattribute hal_wifi_keystore_client) +(typeattribute hal_wifi_keystore_server) +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) + +;; types removed from current policy +(type untrusted_v2_app) +(type asan_reboot_prop) +(type commontime_management_service) +(type hal_wifi_offload_hwservice) +(type log_device) +(type mediacasserver_service) +(type mediacodec) +(type mediacodec_exec) +(type qtaguid_proc) +(type reboot_data_file) +(type tracing_shell_writable) +(type tracing_shell_writable_debug) +(type vold_socket) +(type webview_zygote_socket) +(type rild) +(type netd_socket) + +(typeattributeset accessibility_service_26_0 (accessibility_service)) +(typeattributeset account_service_26_0 (account_service)) +(typeattributeset activity_service_26_0 (activity_service)) +(typeattributeset adbd_26_0 (adbd)) +(typeattributeset adb_data_file_26_0 (adb_data_file)) +(typeattributeset adbd_socket_26_0 (adbd_socket)) +(typeattributeset adb_keys_file_26_0 (adb_keys_file)) +(typeattributeset alarm_device_26_0 (alarm_device)) +(typeattributeset alarm_service_26_0 (alarm_service)) +(typeattributeset anr_data_file_26_0 (anr_data_file)) +(typeattributeset apk_data_file_26_0 (apk_data_file)) +(typeattributeset apk_private_data_file_26_0 (apk_private_data_file)) +(typeattributeset apk_private_tmp_file_26_0 (apk_private_tmp_file)) +(typeattributeset apk_tmp_file_26_0 (apk_tmp_file)) +(typeattributeset app_data_file_26_0 (app_data_file privapp_data_file)) +(typeattributeset app_fuse_file_26_0 (app_fuse_file)) +(typeattributeset app_fusefs_26_0 (app_fusefs)) +(typeattributeset appops_service_26_0 (appops_service)) +(typeattributeset appwidget_service_26_0 (appwidget_service)) +(typeattributeset asan_reboot_prop_26_0 (asan_reboot_prop)) +(typeattributeset asec_apk_file_26_0 (asec_apk_file)) +(typeattributeset asec_image_file_26_0 (asec_image_file)) +(typeattributeset asec_public_file_26_0 (asec_public_file)) +(typeattributeset ashmem_device_26_0 (ashmem_device)) +(typeattributeset assetatlas_service_26_0 (assetatlas_service)) +(typeattributeset audio_data_file_26_0 (audio_data_file)) +(typeattributeset audio_device_26_0 (audio_device)) +(typeattributeset audiohal_data_file_26_0 (audiohal_data_file)) +(typeattributeset audio_prop_26_0 (audio_prop)) +(typeattributeset audio_seq_device_26_0 (audio_seq_device)) +(typeattributeset audioserver_26_0 (audioserver)) +(typeattributeset audioserver_data_file_26_0 (audioserver_data_file)) +(typeattributeset audioserver_service_26_0 (audioserver_service)) +(typeattributeset audio_service_26_0 (audio_service)) +(typeattributeset audio_timer_device_26_0 (audio_timer_device)) +(typeattributeset autofill_service_26_0 (autofill_service)) +(typeattributeset backup_data_file_26_0 (backup_data_file)) +(typeattributeset backup_service_26_0 (backup_service)) +(typeattributeset batteryproperties_service_26_0 (batteryproperties_service)) +(typeattributeset battery_service_26_0 (battery_service)) +(typeattributeset batterystats_service_26_0 (batterystats_service)) +(typeattributeset binder_device_26_0 (binder_device)) +(typeattributeset binfmt_miscfs_26_0 (binfmt_miscfs)) +(typeattributeset blkid_26_0 (blkid)) +(typeattributeset blkid_untrusted_26_0 (blkid_untrusted)) +(typeattributeset block_device_26_0 (block_device)) +(typeattributeset bluetooth_26_0 (bluetooth)) +(typeattributeset bluetooth_data_file_26_0 (bluetooth_data_file)) +(typeattributeset bluetooth_efs_file_26_0 (bluetooth_efs_file)) +(typeattributeset bluetooth_logs_data_file_26_0 (bluetooth_logs_data_file)) +(typeattributeset bluetooth_manager_service_26_0 (bluetooth_manager_service)) +(typeattributeset bluetooth_prop_26_0 (bluetooth_prop)) +(typeattributeset bluetooth_service_26_0 (bluetooth_service)) +(typeattributeset bluetooth_socket_26_0 (bluetooth_socket)) +(typeattributeset bootanim_26_0 (bootanim)) +(typeattributeset bootanim_exec_26_0 (bootanim_exec)) +(typeattributeset boot_block_device_26_0 (boot_block_device)) +(typeattributeset bootchart_data_file_26_0 (bootchart_data_file)) +(typeattributeset bootstat_26_0 (bootstat)) +(typeattributeset bootstat_data_file_26_0 (bootstat_data_file)) +(typeattributeset bootstat_exec_26_0 (bootstat_exec)) +(typeattributeset boottime_prop_26_0 (boottime_prop)) +(typeattributeset boottrace_data_file_26_0 (boottrace_data_file)) +(typeattributeset bufferhubd_26_0 (bufferhubd)) +(typeattributeset bufferhubd_exec_26_0 (bufferhubd_exec)) +(typeattributeset cache_backup_file_26_0 (cache_backup_file)) +(typeattributeset cache_block_device_26_0 (cache_block_device)) +(typeattributeset cache_file_26_0 (cache_file)) +(typeattributeset cache_private_backup_file_26_0 (cache_private_backup_file)) +(typeattributeset cache_recovery_file_26_0 (cache_recovery_file)) +(typeattributeset camera_data_file_26_0 (camera_data_file)) +(typeattributeset camera_device_26_0 (camera_device)) +(typeattributeset cameraproxy_service_26_0 (cameraproxy_service)) +(typeattributeset cameraserver_26_0 (cameraserver)) +(typeattributeset cameraserver_exec_26_0 (cameraserver_exec)) +(typeattributeset cameraserver_service_26_0 (cameraserver_service)) +(typeattributeset cgroup_26_0 (cgroup)) +(typeattributeset charger_26_0 (charger)) +(typeattributeset clatd_26_0 (clatd)) +(typeattributeset clatd_exec_26_0 (clatd_exec)) +(typeattributeset clipboard_service_26_0 (clipboard_service)) +(typeattributeset commontime_management_service_26_0 (commontime_management_service)) +(typeattributeset companion_device_service_26_0 (companion_device_service)) +(typeattributeset configfs_26_0 (configfs)) +(typeattributeset config_prop_26_0 (config_prop)) +(typeattributeset connectivity_service_26_0 (connectivity_service)) +(typeattributeset connmetrics_service_26_0 (connmetrics_service)) +(typeattributeset console_device_26_0 (console_device)) +(typeattributeset consumer_ir_service_26_0 (consumer_ir_service)) +(typeattributeset content_service_26_0 (content_service)) +(typeattributeset contexthub_service_26_0 (contexthub_service)) +(typeattributeset coredump_file_26_0 (coredump_file)) +(typeattributeset country_detector_service_26_0 (country_detector_service)) +(typeattributeset coverage_service_26_0 (coverage_service)) +(typeattributeset cppreopt_prop_26_0 (cppreopt_prop)) +(typeattributeset cppreopts_26_0 (cppreopts)) +(typeattributeset cppreopts_exec_26_0 (cppreopts_exec)) +(typeattributeset cpuctl_device_26_0 (cpuctl_device)) +(typeattributeset cpuinfo_service_26_0 (cpuinfo_service)) +(typeattributeset crash_dump_26_0 (crash_dump)) +(typeattributeset crash_dump_exec_26_0 (crash_dump_exec)) +(typeattributeset ctl_bootanim_prop_26_0 (ctl_bootanim_prop)) +(typeattributeset ctl_bugreport_prop_26_0 (ctl_bugreport_prop)) +(typeattributeset ctl_console_prop_26_0 (ctl_console_prop)) +(typeattributeset ctl_default_prop_26_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop)) +(typeattributeset ctl_dumpstate_prop_26_0 (ctl_dumpstate_prop)) +(typeattributeset ctl_fuse_prop_26_0 (ctl_fuse_prop)) +(typeattributeset ctl_mdnsd_prop_26_0 (ctl_mdnsd_prop)) +(typeattributeset ctl_rildaemon_prop_26_0 (ctl_rildaemon_prop)) +(typeattributeset dalvikcache_data_file_26_0 (dalvikcache_data_file)) +(typeattributeset dalvik_prop_26_0 (dalvik_prop)) +(typeattributeset dbinfo_service_26_0 (dbinfo_service)) +(typeattributeset debugfs_26_0 + ( debugfs + debugfs_wakeup_sources + )) +(typeattributeset debugfs_mmc_26_0 (debugfs_mmc)) +(typeattributeset debugfs_trace_marker_26_0 (debugfs_trace_marker)) +(typeattributeset debugfs_tracing_26_0 (debugfs_tracing)) +(typeattributeset debugfs_tracing_instances_26_0 (debugfs_tracing_instances)) +(typeattributeset debugfs_wifi_tracing_26_0 (debugfs_wifi_tracing)) +(typeattributeset debuggerd_prop_26_0 (debuggerd_prop)) +(typeattributeset debug_prop_26_0 (debug_prop)) +(typeattributeset default_android_hwservice_26_0 (default_android_hwservice)) +(typeattributeset default_android_service_26_0 (default_android_service)) +(typeattributeset default_android_vndservice_26_0 (default_android_vndservice)) +(typeattributeset default_prop_26_0 + ( default_prop pm_prop)) +(typeattributeset device_26_0 (device)) +(typeattributeset device_identifiers_service_26_0 (device_identifiers_service)) +(typeattributeset deviceidle_service_26_0 (deviceidle_service)) +(typeattributeset device_logging_prop_26_0 (device_logging_prop)) +(typeattributeset device_policy_service_26_0 (device_policy_service)) +(typeattributeset devicestoragemonitor_service_26_0 (devicestoragemonitor_service)) +(typeattributeset devpts_26_0 (devpts)) +(typeattributeset dex2oat_26_0 (dex2oat)) +(typeattributeset dex2oat_exec_26_0 (dex2oat_exec)) +(typeattributeset dhcp_26_0 (dhcp)) +(typeattributeset dhcp_data_file_26_0 (dhcp_data_file)) +(typeattributeset dhcp_exec_26_0 (dhcp_exec)) +(typeattributeset dhcp_prop_26_0 (dhcp_prop)) +(typeattributeset diskstats_service_26_0 (diskstats_service)) +(typeattributeset display_service_26_0 (display_service)) +(typeattributeset dm_device_26_0 (dm_device)) +(typeattributeset dnsmasq_26_0 (dnsmasq)) +(typeattributeset dnsmasq_exec_26_0 (dnsmasq_exec)) +(typeattributeset dnsproxyd_socket_26_0 (dnsproxyd_socket)) +(typeattributeset DockObserver_service_26_0 (DockObserver_service)) +(typeattributeset dreams_service_26_0 (dreams_service)) +(typeattributeset drm_data_file_26_0 (drm_data_file)) +(typeattributeset drmserver_26_0 (drmserver)) +(typeattributeset drmserver_exec_26_0 (drmserver_exec)) +(typeattributeset drmserver_service_26_0 (drmserver_service)) +(typeattributeset drmserver_socket_26_0 (drmserver_socket)) +(typeattributeset dropbox_service_26_0 (dropbox_service)) +(typeattributeset dumpstate_26_0 (dumpstate)) +(typeattributeset dumpstate_exec_26_0 (dumpstate_exec)) +(typeattributeset dumpstate_options_prop_26_0 (dumpstate_options_prop)) +(typeattributeset dumpstate_prop_26_0 (dumpstate_prop)) +(typeattributeset dumpstate_service_26_0 (dumpstate_service)) +(typeattributeset dumpstate_socket_26_0 (dumpstate_socket)) +(typeattributeset efs_file_26_0 (efs_file)) +(typeattributeset ephemeral_app_26_0 (ephemeral_app)) +(typeattributeset ethernet_service_26_0 (ethernet_service)) +(typeattributeset ffs_prop_26_0 (ffs_prop)) +(typeattributeset file_contexts_file_26_0 (file_contexts_file)) +(typeattributeset fingerprintd_26_0 (fingerprintd)) +(typeattributeset fingerprintd_data_file_26_0 (fingerprintd_data_file)) +(typeattributeset fingerprintd_exec_26_0 (fingerprintd_exec)) +(typeattributeset fingerprintd_service_26_0 (fingerprintd_service)) +(typeattributeset fingerprint_prop_26_0 (fingerprint_prop)) +(typeattributeset fingerprint_service_26_0 (fingerprint_service)) +(typeattributeset firstboot_prop_26_0 (firstboot_prop)) +(typeattributeset font_service_26_0 (font_service)) +(typeattributeset frp_block_device_26_0 (frp_block_device)) +(typeattributeset fsck_26_0 (fsck)) +(typeattributeset fsck_exec_26_0 (fsck_exec)) +(typeattributeset fscklogs_26_0 (fscklogs)) +(typeattributeset fsck_untrusted_26_0 (fsck_untrusted)) +(typeattributeset full_device_26_0 (full_device)) +(typeattributeset functionfs_26_0 (functionfs)) +(typeattributeset fuse_26_0 (fuse)) +(typeattributeset fuse_device_26_0 (fuse_device)) +(typeattributeset fwk_display_hwservice_26_0 (fwk_display_hwservice)) +(typeattributeset fwk_scheduler_hwservice_26_0 (fwk_scheduler_hwservice)) +(typeattributeset fwk_sensor_hwservice_26_0 (fwk_sensor_hwservice)) +(typeattributeset fwmarkd_socket_26_0 (fwmarkd_socket)) +(typeattributeset gatekeeperd_26_0 (gatekeeperd)) +(typeattributeset gatekeeper_data_file_26_0 (gatekeeper_data_file)) +(typeattributeset gatekeeperd_exec_26_0 (gatekeeperd_exec)) +(typeattributeset gatekeeper_service_26_0 (gatekeeper_service)) +(typeattributeset gfxinfo_service_26_0 (gfxinfo_service)) +(typeattributeset gps_control_26_0 (gps_control)) +(typeattributeset gpu_device_26_0 (gpu_device)) +(typeattributeset gpu_service_26_0 (gpu_service)) +(typeattributeset graphics_device_26_0 (graphics_device)) +(typeattributeset graphicsstats_service_26_0 (graphicsstats_service)) +(typeattributeset hal_audio_hwservice_26_0 (hal_audio_hwservice)) +(typeattributeset hal_bluetooth_hwservice_26_0 (hal_bluetooth_hwservice)) +(typeattributeset hal_bootctl_hwservice_26_0 (hal_bootctl_hwservice)) +(typeattributeset hal_camera_hwservice_26_0 (hal_camera_hwservice)) +(typeattributeset hal_configstore_ISurfaceFlingerConfigs_26_0 (hal_configstore_ISurfaceFlingerConfigs)) +(typeattributeset hal_contexthub_hwservice_26_0 (hal_contexthub_hwservice)) +(typeattributeset hal_drm_hwservice_26_0 (hal_drm_hwservice)) +(typeattributeset hal_dumpstate_hwservice_26_0 (hal_dumpstate_hwservice)) +(typeattributeset hal_fingerprint_hwservice_26_0 (hal_fingerprint_hwservice)) +(typeattributeset hal_fingerprint_service_26_0 (hal_fingerprint_service)) +(typeattributeset hal_gatekeeper_hwservice_26_0 (hal_gatekeeper_hwservice)) +(typeattributeset hal_gnss_hwservice_26_0 (hal_gnss_hwservice)) +(typeattributeset hal_graphics_allocator_hwservice_26_0 (hal_graphics_allocator_hwservice)) +(typeattributeset hal_graphics_composer_hwservice_26_0 (hal_graphics_composer_hwservice)) +(typeattributeset hal_graphics_mapper_hwservice_26_0 (hal_graphics_mapper_hwservice)) +(typeattributeset hal_health_hwservice_26_0 (hal_health_hwservice)) +(typeattributeset hal_ir_hwservice_26_0 (hal_ir_hwservice)) +(typeattributeset hal_keymaster_hwservice_26_0 (hal_keymaster_hwservice)) +(typeattributeset hal_light_hwservice_26_0 (hal_light_hwservice)) +(typeattributeset hal_memtrack_hwservice_26_0 (hal_memtrack_hwservice)) +(typeattributeset hal_nfc_hwservice_26_0 (hal_nfc_hwservice)) +(typeattributeset hal_oemlock_hwservice_26_0 (hal_oemlock_hwservice)) +(typeattributeset hal_omx_hwservice_26_0 (hal_omx_hwservice)) +(typeattributeset hal_power_hwservice_26_0 (hal_power_hwservice)) +(typeattributeset hal_renderscript_hwservice_26_0 (hal_renderscript_hwservice)) +(typeattributeset hal_sensors_hwservice_26_0 (hal_sensors_hwservice)) +(typeattributeset hal_telephony_hwservice_26_0 (hal_telephony_hwservice)) +(typeattributeset hal_thermal_hwservice_26_0 (hal_thermal_hwservice)) +(typeattributeset hal_tv_cec_hwservice_26_0 (hal_tv_cec_hwservice)) +(typeattributeset hal_tv_input_hwservice_26_0 (hal_tv_input_hwservice)) +(typeattributeset hal_usb_hwservice_26_0 (hal_usb_hwservice)) +(typeattributeset hal_vibrator_hwservice_26_0 (hal_vibrator_hwservice)) +(typeattributeset hal_vr_hwservice_26_0 (hal_vr_hwservice)) +(typeattributeset hal_weaver_hwservice_26_0 (hal_weaver_hwservice)) +(typeattributeset hal_wifi_hwservice_26_0 (hal_wifi_hwservice)) +(typeattributeset hal_wifi_supplicant_hwservice_26_0 (hal_wifi_supplicant_hwservice)) +(typeattributeset hardware_properties_service_26_0 (hardware_properties_service)) +(typeattributeset hardware_service_26_0 (hardware_service)) +(typeattributeset hci_attach_dev_26_0 (hci_attach_dev)) +(typeattributeset hdmi_control_service_26_0 (hdmi_control_service)) +(typeattributeset healthd_26_0 (healthd)) +(typeattributeset healthd_exec_26_0 (healthd_exec)) +(typeattributeset heapdump_data_file_26_0 (heapdump_data_file)) +(typeattributeset hidl_allocator_hwservice_26_0 (hidl_allocator_hwservice)) +(typeattributeset hidl_base_hwservice_26_0 (hidl_base_hwservice)) +(typeattributeset hidl_manager_hwservice_26_0 (hidl_manager_hwservice)) +(typeattributeset hidl_memory_hwservice_26_0 (hidl_memory_hwservice)) +(typeattributeset hidl_token_hwservice_26_0 (hidl_token_hwservice)) +(typeattributeset hwbinder_device_26_0 (hwbinder_device)) +(typeattributeset hw_random_device_26_0 (hw_random_device)) +(typeattributeset hwservice_contexts_file_26_0 (hwservice_contexts_file)) +(typeattributeset hwservicemanager_26_0 (hwservicemanager)) +(typeattributeset hwservicemanager_exec_26_0 (hwservicemanager_exec)) +(typeattributeset hwservicemanager_prop_26_0 (hwservicemanager_prop)) +(typeattributeset i2c_device_26_0 (i2c_device)) +(typeattributeset icon_file_26_0 (icon_file)) +(typeattributeset idmap_26_0 (idmap)) +(typeattributeset idmap_exec_26_0 (idmap_exec)) +(typeattributeset iio_device_26_0 (iio_device)) +(typeattributeset imms_service_26_0 (imms_service)) +(typeattributeset incident_26_0 (incident)) +(typeattributeset incidentd_26_0 (incidentd)) +(typeattributeset incident_data_file_26_0 (incident_data_file)) +(typeattributeset incident_service_26_0 (incident_service)) +(typeattributeset init_26_0 (init)) +(typeattributeset init_exec_26_0 (init_exec watchdogd_exec)) +(typeattributeset inotify_26_0 (inotify)) +(typeattributeset input_device_26_0 (input_device)) +(typeattributeset inputflinger_26_0 (inputflinger)) +(typeattributeset inputflinger_exec_26_0 (inputflinger_exec)) +(typeattributeset inputflinger_service_26_0 (inputflinger_service)) +(typeattributeset input_method_service_26_0 (input_method_service)) +(typeattributeset input_service_26_0 (input_service)) +(typeattributeset installd_26_0 (installd)) +(typeattributeset install_data_file_26_0 (install_data_file)) +(typeattributeset installd_exec_26_0 (installd_exec)) +(typeattributeset installd_service_26_0 (installd_service)) +(typeattributeset install_recovery_26_0 (install_recovery)) +(typeattributeset install_recovery_exec_26_0 (install_recovery_exec)) +(typeattributeset ion_device_26_0 (ion_device)) +(typeattributeset IProxyService_service_26_0 (IProxyService_service)) +(typeattributeset ipsec_service_26_0 (ipsec_service)) +(typeattributeset isolated_app_26_0 (isolated_app)) +(typeattributeset jobscheduler_service_26_0 (jobscheduler_service)) +(typeattributeset kernel_26_0 (kernel)) +(typeattributeset keychain_data_file_26_0 (keychain_data_file)) +(typeattributeset keychord_device_26_0 (keychord_device)) +(typeattributeset keystore_26_0 (keystore)) +(typeattributeset keystore_data_file_26_0 (keystore_data_file)) +(typeattributeset keystore_exec_26_0 (keystore_exec)) +(typeattributeset keystore_service_26_0 (keystore_service)) +(typeattributeset kmem_device_26_0 (kmem_device)) +(typeattributeset kmsg_device_26_0 (kmsg_device)) +(typeattributeset labeledfs_26_0 (labeledfs)) +(typeattributeset launcherapps_service_26_0 (launcherapps_service)) +(typeattributeset lmkd_26_0 (lmkd)) +(typeattributeset lmkd_exec_26_0 (lmkd_exec)) +(typeattributeset lmkd_socket_26_0 (lmkd_socket)) +(typeattributeset location_service_26_0 (location_service)) +(typeattributeset lock_settings_service_26_0 (lock_settings_service)) +(typeattributeset logcat_exec_26_0 (logcat_exec)) +(typeattributeset logd_26_0 (logd)) +(typeattributeset log_device_26_0 (log_device)) +(typeattributeset logd_exec_26_0 (logd_exec)) +(typeattributeset logd_prop_26_0 (logd_prop)) +(typeattributeset logdr_socket_26_0 (logdr_socket)) +(typeattributeset logd_socket_26_0 (logd_socket)) +(typeattributeset logdw_socket_26_0 (logdw_socket)) +(typeattributeset logpersist_26_0 (logpersist)) +(typeattributeset logpersistd_logging_prop_26_0 (logpersistd_logging_prop)) +(typeattributeset log_prop_26_0 (log_prop)) +(typeattributeset log_tag_prop_26_0 (log_tag_prop)) +(typeattributeset loop_control_device_26_0 (loop_control_device)) +(typeattributeset loop_device_26_0 (loop_device)) +(typeattributeset mac_perms_file_26_0 (mac_perms_file)) +(typeattributeset mdnsd_26_0 (mdnsd)) +(typeattributeset mdnsd_socket_26_0 (mdnsd_socket)) +(typeattributeset mdns_socket_26_0 (mdns_socket)) +(typeattributeset mediacasserver_service_26_0 (mediacasserver_service)) +(typeattributeset hal_omx_server (mediacodec_26_0)) +(typeattributeset mediacodec_26_0 (mediacodec)) +(typeattributeset mediacodec_exec_26_0 (mediacodec_exec)) +(typeattributeset mediacodec_service_26_0 (mediacodec_service)) +(typeattributeset media_data_file_26_0 (media_data_file)) +(typeattributeset mediadrmserver_26_0 (mediadrmserver)) +(typeattributeset mediadrmserver_exec_26_0 (mediadrmserver_exec)) +(typeattributeset mediadrmserver_service_26_0 (mediadrmserver_service)) +(typeattributeset mediaextractor_26_0 (mediaextractor)) +(typeattributeset mediaextractor_exec_26_0 (mediaextractor_exec)) +(typeattributeset mediaextractor_service_26_0 (mediaextractor_service)) +(typeattributeset mediametrics_26_0 (mediametrics)) +(typeattributeset mediametrics_exec_26_0 (mediametrics_exec)) +(typeattributeset mediametrics_service_26_0 (mediametrics_service)) +(typeattributeset media_projection_service_26_0 (media_projection_service)) +(typeattributeset media_router_service_26_0 (media_router_service)) +(typeattributeset media_rw_data_file_26_0 (media_rw_data_file)) +(typeattributeset mediaserver_26_0 (mediaserver)) +(typeattributeset mediaserver_exec_26_0 (mediaserver_exec)) +(typeattributeset mediaserver_service_26_0 (mediaserver_service)) +(typeattributeset media_session_service_26_0 (media_session_service)) +(typeattributeset meminfo_service_26_0 (meminfo_service)) +(typeattributeset metadata_block_device_26_0 (metadata_block_device)) +(typeattributeset method_trace_data_file_26_0 (method_trace_data_file)) +(typeattributeset midi_service_26_0 (midi_service)) +(typeattributeset misc_block_device_26_0 (misc_block_device)) +(typeattributeset misc_logd_file_26_0 (misc_logd_file)) +(typeattributeset misc_user_data_file_26_0 (misc_user_data_file)) +(typeattributeset mmc_prop_26_0 (mmc_prop)) +(typeattributeset mnt_expand_file_26_0 (mnt_expand_file)) +(typeattributeset mnt_media_rw_file_26_0 (mnt_media_rw_file)) +(typeattributeset mnt_media_rw_stub_file_26_0 (mnt_media_rw_stub_file)) +(typeattributeset mnt_user_file_26_0 (mnt_user_file)) +(typeattributeset modprobe_26_0 (modprobe)) +(typeattributeset mount_service_26_0 (mount_service)) +(typeattributeset mqueue_26_0 (mqueue)) +(typeattributeset mtd_device_26_0 (mtd_device)) +(typeattributeset mtp_26_0 (mtp)) +(typeattributeset mtp_device_26_0 (mtp_device)) +(typeattributeset mtpd_socket_26_0 (mtpd_socket)) +(typeattributeset mtp_exec_26_0 (mtp_exec)) +(typeattributeset nativetest_data_file_26_0 (nativetest_data_file)) +(typeattributeset netd_26_0 (netd)) +(typeattributeset net_data_file_26_0 (net_data_file)) +(typeattributeset netd_exec_26_0 (netd_exec)) +(typeattributeset netd_listener_service_26_0 (netd_listener_service)) +(typeattributeset net_dns_prop_26_0 (net_dns_prop)) +(typeattributeset netd_service_26_0 (netd_service)) +(typeattributeset netd_socket_26_0 (netd_socket)) +(typeattributeset netif_26_0 (netif)) +(typeattributeset netpolicy_service_26_0 (netpolicy_service)) +(typeattributeset net_radio_prop_26_0 (net_radio_prop)) +(typeattributeset netstats_service_26_0 (netstats_service)) +(typeattributeset netutils_wrapper_26_0 (netutils_wrapper)) +(typeattributeset netutils_wrapper_exec_26_0 (netutils_wrapper_exec)) +(typeattributeset network_management_service_26_0 (network_management_service)) +(typeattributeset network_score_service_26_0 (network_score_service)) +(typeattributeset network_time_update_service_26_0 (network_time_update_service)) +(typeattributeset nfc_26_0 (nfc)) +(typeattributeset nfc_data_file_26_0 (nfc_data_file)) +(typeattributeset nfc_device_26_0 (nfc_device)) +(typeattributeset nfc_prop_26_0 (nfc_prop)) +(typeattributeset nfc_service_26_0 (nfc_service)) +(typeattributeset node_26_0 (node)) +(typeattributeset notification_service_26_0 (notification_service)) +(typeattributeset null_device_26_0 (null_device)) +(typeattributeset oemfs_26_0 (oemfs)) +(typeattributeset oem_lock_service_26_0 (oem_lock_service)) +(typeattributeset ota_data_file_26_0 (ota_data_file)) +(typeattributeset otadexopt_service_26_0 (otadexopt_service)) +(typeattributeset ota_package_file_26_0 (ota_package_file)) +(typeattributeset otapreopt_chroot_26_0 (otapreopt_chroot)) +(typeattributeset otapreopt_chroot_exec_26_0 (otapreopt_chroot_exec)) +(typeattributeset otapreopt_slot_26_0 (otapreopt_slot)) +(typeattributeset otapreopt_slot_exec_26_0 (otapreopt_slot_exec)) +(typeattributeset overlay_prop_26_0 (overlay_prop)) +(typeattributeset overlay_service_26_0 (overlay_service)) +(typeattributeset owntty_device_26_0 (owntty_device)) +(typeattributeset package_service_26_0 (package_service)) +(typeattributeset pan_result_prop_26_0 (pan_result_prop)) +(typeattributeset pdx_bufferhub_client_channel_socket_26_0 (pdx_bufferhub_client_channel_socket)) +(typeattributeset pdx_bufferhub_client_endpoint_socket_26_0 (pdx_bufferhub_client_endpoint_socket)) +(typeattributeset pdx_bufferhub_dir_26_0 (pdx_bufferhub_dir)) +(typeattributeset pdx_display_client_channel_socket_26_0 (pdx_display_client_channel_socket)) +(typeattributeset pdx_display_client_endpoint_socket_26_0 (pdx_display_client_endpoint_socket)) +(typeattributeset pdx_display_dir_26_0 (pdx_display_dir)) +(typeattributeset pdx_display_manager_channel_socket_26_0 (pdx_display_manager_channel_socket)) +(typeattributeset pdx_display_manager_endpoint_socket_26_0 (pdx_display_manager_endpoint_socket)) +(typeattributeset pdx_display_screenshot_channel_socket_26_0 (pdx_display_screenshot_channel_socket)) +(typeattributeset pdx_display_screenshot_endpoint_socket_26_0 (pdx_display_screenshot_endpoint_socket)) +(typeattributeset pdx_display_vsync_channel_socket_26_0 (pdx_display_vsync_channel_socket)) +(typeattributeset pdx_display_vsync_endpoint_socket_26_0 (pdx_display_vsync_endpoint_socket)) +(typeattributeset pdx_performance_client_channel_socket_26_0 (pdx_performance_client_channel_socket)) +(typeattributeset pdx_performance_client_endpoint_socket_26_0 (pdx_performance_client_endpoint_socket)) +(typeattributeset pdx_performance_dir_26_0 (pdx_performance_dir)) +(typeattributeset performanced_26_0 (performanced)) +(typeattributeset performanced_exec_26_0 (performanced_exec)) +(typeattributeset permission_service_26_0 (permission_service)) +(typeattributeset persist_debug_prop_26_0 (persist_debug_prop)) +(typeattributeset persistent_data_block_service_26_0 (persistent_data_block_service)) +(typeattributeset persistent_properties_ready_prop_26_0 (persistent_properties_ready_prop)) +(typeattributeset pinner_service_26_0 (pinner_service)) +(typeattributeset pipefs_26_0 (pipefs)) +(typeattributeset platform_app_26_0 (platform_app)) +(typeattributeset pmsg_device_26_0 (pmsg_device)) +(typeattributeset port_26_0 (port)) +(typeattributeset port_device_26_0 (port_device)) +(typeattributeset postinstall_26_0 (postinstall)) +(typeattributeset postinstall_dexopt_26_0 (postinstall_dexopt)) +(typeattributeset postinstall_file_26_0 (postinstall_file)) +(typeattributeset postinstall_mnt_dir_26_0 (postinstall_mnt_dir)) +(typeattributeset powerctl_prop_26_0 (powerctl_prop)) +(typeattributeset power_service_26_0 (power_service)) +(typeattributeset ppp_26_0 (ppp)) +(typeattributeset ppp_device_26_0 (ppp_device)) +(typeattributeset ppp_exec_26_0 (ppp_exec)) +(typeattributeset preloads_data_file_26_0 (preloads_data_file)) +(typeattributeset preloads_media_file_26_0 (preloads_media_file)) +(typeattributeset preopt2cachename_26_0 (preopt2cachename)) +(typeattributeset preopt2cachename_exec_26_0 (preopt2cachename_exec)) +(typeattributeset print_service_26_0 (print_service)) +(typeattributeset priv_app_26_0 (mediaprovider priv_app)) +(typeattributeset proc_26_0 + ( proc + proc_abi + proc_asound + proc_buddyinfo + proc_cmdline + proc_dirty + proc_diskstats + proc_extra_free_kbytes + proc_filesystems + proc_hostname + proc_hung_task + proc_kmsg + proc_loadavg + proc_max_map_count + proc_min_free_order_shift + proc_mounts + proc_page_cluster + proc_pagetypeinfo + proc_panic + proc_pid_max + proc_pipe_conf + proc_random + proc_sched + proc_slabinfo + proc_swaps + proc_uid_time_in_state + proc_uid_concurrent_active_time + proc_uid_concurrent_policy_time + proc_uid_cpupower + proc_uptime + proc_version + proc_vmallocinfo + proc_vmstat)) +(typeattributeset proc_bluetooth_writable_26_0 (proc_bluetooth_writable)) +(typeattributeset proc_cpuinfo_26_0 (proc_cpuinfo)) +(typeattributeset proc_drop_caches_26_0 (proc_drop_caches)) +(typeattributeset processinfo_service_26_0 (processinfo_service)) +(typeattributeset proc_interrupts_26_0 (proc_interrupts)) +(typeattributeset proc_iomem_26_0 (proc_iomem)) +(typeattributeset proc_meminfo_26_0 (proc_meminfo)) +(typeattributeset proc_misc_26_0 (proc_misc)) +(typeattributeset proc_modules_26_0 (proc_modules)) +(typeattributeset proc_net_26_0 + ( proc_net + proc_net_tcp_udp + proc_qtaguid_stat)) +(typeattributeset proc_overcommit_memory_26_0 (proc_overcommit_memory)) +(typeattributeset proc_perf_26_0 (proc_perf)) +(typeattributeset proc_security_26_0 (proc_security)) +(typeattributeset proc_stat_26_0 (proc_stat)) +(typeattributeset procstats_service_26_0 (procstats_service)) +(typeattributeset proc_sysrq_26_0 (proc_sysrq)) +(typeattributeset proc_timer_26_0 (proc_timer)) +(typeattributeset proc_tty_drivers_26_0 (proc_tty_drivers)) +(typeattributeset proc_uid_cputime_removeuid_26_0 (proc_uid_cputime_removeuid)) +(typeattributeset proc_uid_cputime_showstat_26_0 (proc_uid_cputime_showstat)) +(typeattributeset proc_uid_io_stats_26_0 (proc_uid_io_stats)) +(typeattributeset proc_uid_procstat_set_26_0 (proc_uid_procstat_set)) +(typeattributeset proc_zoneinfo_26_0 (proc_zoneinfo)) +(typeattributeset profman_26_0 (profman)) +(typeattributeset profman_dump_data_file_26_0 (profman_dump_data_file)) +(typeattributeset profman_exec_26_0 (profman_exec)) +(typeattributeset properties_device_26_0 (properties_device)) +(typeattributeset properties_serial_26_0 (properties_serial)) +(typeattributeset property_contexts_file_26_0 (property_contexts_file)) +(typeattributeset property_data_file_26_0 (property_data_file)) +(typeattributeset property_socket_26_0 (property_socket)) +(typeattributeset pstorefs_26_0 (pstorefs)) +(typeattributeset ptmx_device_26_0 (ptmx_device)) +(typeattributeset qtaguid_device_26_0 (qtaguid_device)) +(typeattributeset qtaguid_proc_26_0 + ( qtaguid_proc + proc_qtaguid_ctrl)) +(typeattributeset racoon_26_0 (racoon)) +(typeattributeset racoon_exec_26_0 (racoon_exec)) +(typeattributeset racoon_socket_26_0 (racoon_socket)) +(typeattributeset radio_26_0 (radio)) +(typeattributeset radio_data_file_26_0 (radio_data_file)) +(typeattributeset radio_device_26_0 (radio_device)) +(typeattributeset radio_prop_26_0 (radio_prop)) +(typeattributeset radio_service_26_0 (radio_service)) +(typeattributeset ram_device_26_0 (ram_device)) +(typeattributeset random_device_26_0 (random_device)) +(typeattributeset reboot_data_file_26_0 (reboot_data_file)) +(typeattributeset recovery_26_0 (recovery)) +(typeattributeset recovery_block_device_26_0 (recovery_block_device)) +(typeattributeset recovery_data_file_26_0 (recovery_data_file)) +(typeattributeset recovery_persist_26_0 (recovery_persist)) +(typeattributeset recovery_persist_exec_26_0 (recovery_persist_exec)) +(typeattributeset recovery_refresh_26_0 (recovery_refresh)) +(typeattributeset recovery_refresh_exec_26_0 (recovery_refresh_exec)) +(typeattributeset recovery_service_26_0 (recovery_service)) +(typeattributeset registry_service_26_0 (registry_service)) +(typeattributeset resourcecache_data_file_26_0 (resourcecache_data_file)) +(typeattributeset restorecon_prop_26_0 (restorecon_prop)) +(typeattributeset restrictions_service_26_0 (restrictions_service)) +(typeattributeset rild_26_0 (rild)) +(typeattributeset rild_debug_socket_26_0 (rild_debug_socket)) +(typeattributeset rild_socket_26_0 (rild_socket)) +(typeattributeset ringtone_file_26_0 (ringtone_file)) +(typeattributeset root_block_device_26_0 (root_block_device)) +(typeattributeset rootfs_26_0 (rootfs)) +(typeattributeset rpmsg_device_26_0 (rpmsg_device)) +(typeattributeset rtc_device_26_0 (rtc_device)) +(typeattributeset rttmanager_service_26_0 (rttmanager_service)) +(typeattributeset runas_26_0 (runas)) +(typeattributeset runas_exec_26_0 (runas_exec)) +(typeattributeset runtime_event_log_tags_file_26_0 (runtime_event_log_tags_file)) +(typeattributeset safemode_prop_26_0 (safemode_prop)) +(typeattributeset same_process_hal_file_26_0 + ( same_process_hal_file + vendor_public_lib_file)) +(typeattributeset samplingprofiler_service_26_0 (samplingprofiler_service)) +(typeattributeset scheduling_policy_service_26_0 (scheduling_policy_service)) +(typeattributeset sdcardd_26_0 (sdcardd)) +(typeattributeset sdcardd_exec_26_0 (sdcardd_exec)) +(typeattributeset sdcardfs_26_0 (sdcardfs)) +(typeattributeset seapp_contexts_file_26_0 (seapp_contexts_file)) +(typeattributeset search_service_26_0 (search_service)) +(typeattributeset sec_key_att_app_id_provider_service_26_0 (sec_key_att_app_id_provider_service)) +(typeattributeset selinuxfs_26_0 (selinuxfs)) +(typeattributeset sensors_device_26_0 (sensors_device)) +(typeattributeset sensorservice_service_26_0 (sensorservice_service)) +(typeattributeset sepolicy_file_26_0 (sepolicy_file)) +(typeattributeset serial_device_26_0 (serial_device)) +(typeattributeset serialno_prop_26_0 (serialno_prop)) +(typeattributeset serial_service_26_0 (serial_service)) +(typeattributeset service_contexts_file_26_0 (service_contexts_file nonplat_service_contexts_file)) +(typeattributeset servicediscovery_service_26_0 (servicediscovery_service)) +(typeattributeset servicemanager_26_0 (servicemanager)) +(typeattributeset servicemanager_exec_26_0 (servicemanager_exec)) +(typeattributeset settings_service_26_0 (settings_service)) +(typeattributeset sgdisk_26_0 (sgdisk)) +(typeattributeset sgdisk_exec_26_0 (sgdisk_exec)) +(typeattributeset shared_relro_26_0 (shared_relro)) +(typeattributeset shared_relro_file_26_0 (shared_relro_file)) +(typeattributeset shell_26_0 (shell)) +(typeattributeset shell_data_file_26_0 (shell_data_file)) +(typeattributeset shell_exec_26_0 (shell_exec)) +(typeattributeset shell_prop_26_0 (shell_prop)) +(typeattributeset shm_26_0 (shm)) +(typeattributeset shortcut_manager_icons_26_0 (shortcut_manager_icons)) +(typeattributeset shortcut_service_26_0 (shortcut_service)) +(typeattributeset slideshow_26_0 (slideshow)) +(typeattributeset socket_device_26_0 (socket_device)) +(typeattributeset sockfs_26_0 (sockfs)) +(typeattributeset statusbar_service_26_0 (statusbar_service)) +(typeattributeset storaged_service_26_0 (storaged_service)) +(typeattributeset storage_file_26_0 (storage_file)) +(typeattributeset storagestats_service_26_0 (storagestats_service)) +(typeattributeset storage_stub_file_26_0 (storage_stub_file)) +(typeattributeset su_26_0 (su)) +(typeattributeset su_exec_26_0 (su_exec)) +(typeattributeset surfaceflinger_26_0 (surfaceflinger)) +(typeattributeset surfaceflinger_service_26_0 (surfaceflinger_service)) +(typeattributeset swap_block_device_26_0 (swap_block_device)) +(typeattributeset sysfs_26_0 + ( sysfs + sysfs_android_usb + sysfs_dm + sysfs_dt_firmware_android + sysfs_ipv4 + sysfs_kernel_notes + sysfs_loop + sysfs_net + sysfs_power + sysfs_rtc + sysfs_switch + sysfs_wakeup_reasons)) +(typeattributeset sysfs_batteryinfo_26_0 (sysfs_batteryinfo)) +(typeattributeset sysfs_bluetooth_writable_26_0 (sysfs_bluetooth_writable)) +(typeattributeset sysfs_devices_system_cpu_26_0 (sysfs_devices_system_cpu)) +(typeattributeset sysfs_hwrandom_26_0 (sysfs_hwrandom)) +(typeattributeset sysfs_leds_26_0 (sysfs_leds)) +(typeattributeset sysfs_lowmemorykiller_26_0 (sysfs_lowmemorykiller)) +(typeattributeset sysfs_mac_address_26_0 (sysfs_mac_address)) +(typeattributeset sysfs_nfc_power_writable_26_0 (sysfs_nfc_power_writable)) +(typeattributeset sysfs_thermal_26_0 (sysfs_thermal)) +(typeattributeset sysfs_uio_26_0 (sysfs_uio)) +(typeattributeset sysfs_usb_26_0 (sysfs_usb)) +(typeattributeset sysfs_vibrator_26_0 (sysfs_vibrator)) +(typeattributeset sysfs_wake_lock_26_0 (sysfs_wake_lock)) +(typeattributeset sysfs_wlan_fwpath_26_0 (sysfs_wlan_fwpath)) +(typeattributeset sysfs_zram_26_0 (sysfs_zram)) +(typeattributeset sysfs_zram_uevent_26_0 (sysfs_zram_uevent)) +(typeattributeset system_app_26_0 (system_app)) +(typeattributeset system_app_data_file_26_0 (system_app_data_file)) +(typeattributeset system_app_service_26_0 (system_app_service)) +(typeattributeset system_block_device_26_0 (system_block_device)) +(typeattributeset system_data_file_26_0 + ( system_data_file + dropbox_data_file + vendor_data_file)) +(typeattributeset system_file_26_0 + ( system_file + system_lib_file + system_linker_config_file + system_linker_exec + system_seccomp_policy_file + system_security_cacerts_file + system_zoneinfo_file +)) +(typeattributeset systemkeys_data_file_26_0 (systemkeys_data_file)) +(typeattributeset system_ndebug_socket_26_0 (system_ndebug_socket)) +(typeattributeset system_prop_26_0 (system_prop)) +(typeattributeset system_radio_prop_26_0 (system_radio_prop)) +(typeattributeset system_server_26_0 (system_server)) +(typeattributeset system_wifi_keystore_hwservice_26_0 (system_wifi_keystore_hwservice)) +(typeattributeset system_wpa_socket_26_0 (system_wpa_socket)) +(typeattributeset task_service_26_0 (task_service)) +(typeattributeset tee_26_0 (tee)) +(typeattributeset tee_data_file_26_0 (tee_data_file)) +(typeattributeset tee_device_26_0 (tee_device)) +(typeattributeset telecom_service_26_0 (telecom_service)) +(typeattributeset textclassification_service_26_0 (textclassification_service)) +(typeattributeset textclassifier_data_file_26_0 (textclassifier_data_file)) +(typeattributeset textservices_service_26_0 (textservices_service)) +(typeattributeset tmpfs_26_0 (tmpfs)) +(typeattributeset tombstoned_26_0 (tombstoned)) +(typeattributeset tombstone_data_file_26_0 (tombstone_data_file)) +(typeattributeset tombstoned_crash_socket_26_0 (tombstoned_crash_socket)) +(typeattributeset tombstoned_exec_26_0 (tombstoned_exec)) +(typeattributeset tombstoned_intercept_socket_26_0 (tombstoned_intercept_socket)) +(typeattributeset toolbox_26_0 (toolbox)) +(typeattributeset toolbox_exec_26_0 (toolbox_exec)) +(typeattributeset tracing_shell_writable_26_0 (debugfs_tracing tracing_shell_writable)) +(typeattributeset tracing_shell_writable_debug_26_0 (debugfs_tracing_debug tracing_shell_writable_debug)) +(typeattributeset trust_service_26_0 (trust_service)) +(typeattributeset tty_device_26_0 (tty_device)) +(typeattributeset tun_device_26_0 (tun_device)) +(typeattributeset tv_input_service_26_0 (tv_input_service)) +(typeattributeset tzdatacheck_26_0 (tzdatacheck)) +(typeattributeset tzdatacheck_exec_26_0 (tzdatacheck_exec)) +(typeattributeset ueventd_26_0 (ueventd)) +(typeattributeset uhid_device_26_0 (uhid_device)) +(typeattributeset uimode_service_26_0 (uimode_service)) +(typeattributeset uio_device_26_0 (uio_device)) +(typeattributeset uncrypt_26_0 (uncrypt)) +(typeattributeset uncrypt_exec_26_0 (uncrypt_exec)) +(typeattributeset uncrypt_socket_26_0 (uncrypt_socket)) +(typeattributeset unencrypted_data_file_26_0 (unencrypted_data_file)) +(typeattributeset unlabeled_26_0 (unlabeled)) +(typeattributeset untrusted_app_25_26_0 (untrusted_app_25)) +(typeattributeset untrusted_app_26_0 + ( untrusted_app + untrusted_app_27)) +(typeattributeset untrusted_v2_app_26_0 (untrusted_v2_app)) +(typeattributeset update_engine_26_0 (update_engine)) +(typeattributeset update_engine_data_file_26_0 (update_engine_data_file)) +(typeattributeset update_engine_exec_26_0 (update_engine_exec)) +(typeattributeset update_engine_service_26_0 (update_engine_service)) +(typeattributeset updatelock_service_26_0 (updatelock_service)) +(typeattributeset update_verifier_26_0 (update_verifier)) +(typeattributeset update_verifier_exec_26_0 (update_verifier_exec)) +(typeattributeset usagestats_service_26_0 (usagestats_service)) +(typeattributeset usbaccessory_device_26_0 (usbaccessory_device)) +(typeattributeset usb_device_26_0 (usb_device)) +(typeattributeset usbfs_26_0 (usbfs)) +(typeattributeset usb_service_26_0 (usb_service)) +(typeattributeset userdata_block_device_26_0 (userdata_block_device)) +(typeattributeset usermodehelper_26_0 (sysfs_usermodehelper usermodehelper)) +(typeattributeset user_profile_data_file_26_0 (user_profile_data_file)) +(typeattributeset user_service_26_0 (user_service)) +(typeattributeset vcs_device_26_0 (vcs_device)) +(typeattributeset vdc_26_0 (vdc)) +(typeattributeset vdc_exec_26_0 (vdc_exec)) +(typeattributeset vendor_app_file_26_0 (vendor_app_file)) +(typeattributeset vendor_configs_file_26_0 (vendor_configs_file)) +(typeattributeset vendor_file_26_0 (vendor_file)) +(typeattributeset vendor_framework_file_26_0 (vendor_framework_file)) +(typeattributeset vendor_hal_file_26_0 (vendor_hal_file)) +(typeattributeset vendor_overlay_file_26_0 (vendor_overlay_file)) +(typeattributeset vendor_shell_exec_26_0 (vendor_shell_exec)) +(typeattributeset vendor_toolbox_exec_26_0 (vendor_toolbox_exec)) +(typeattributeset vfat_26_0 (vfat)) +(typeattributeset vibrator_service_26_0 (vibrator_service)) +(typeattributeset video_device_26_0 (video_device)) +(typeattributeset virtual_touchpad_26_0 (virtual_touchpad)) +(typeattributeset virtual_touchpad_exec_26_0 (virtual_touchpad_exec)) +(typeattributeset virtual_touchpad_service_26_0 (virtual_touchpad_service)) +(typeattributeset vndbinder_device_26_0 (vndbinder_device)) +(typeattributeset vndk_sp_file_26_0 (vndk_sp_file)) +(typeattributeset vndservice_contexts_file_26_0 (vndservice_contexts_file)) +(typeattributeset vndservicemanager_26_0 (vndservicemanager)) +(typeattributeset voiceinteraction_service_26_0 (voiceinteraction_service)) +(typeattributeset vold_26_0 (vold)) +(typeattributeset vold_data_file_26_0 (vold_data_file)) +(typeattributeset vold_device_26_0 (vold_device)) +(typeattributeset vold_exec_26_0 (vold_exec)) +(typeattributeset vold_prop_26_0 (vold_prop)) +(typeattributeset vold_socket_26_0 (vold_socket)) +(typeattributeset vpn_data_file_26_0 (vpn_data_file)) +(typeattributeset vr_hwc_26_0 (vr_hwc)) +(typeattributeset vr_hwc_exec_26_0 (vr_hwc_exec)) +(typeattributeset vr_hwc_service_26_0 (vr_hwc_service)) +(typeattributeset vr_manager_service_26_0 (vr_manager_service)) +(typeattributeset wallpaper_file_26_0 (wallpaper_file)) +(typeattributeset wallpaper_service_26_0 (wallpaper_service)) +(typeattributeset watchdogd_26_0 (watchdogd)) +(typeattributeset watchdog_device_26_0 (watchdog_device)) +(typeattributeset webviewupdate_service_26_0 (webviewupdate_service)) +(typeattributeset webview_zygote_26_0 (webview_zygote)) +(typeattributeset webview_zygote_exec_26_0 (webview_zygote_exec)) +(typeattributeset webview_zygote_socket_26_0 (webview_zygote_socket)) +(typeattributeset wifiaware_service_26_0 (wifiaware_service)) +(typeattributeset wificond_26_0 (wificond)) +(typeattributeset wificond_exec_26_0 (wificond_exec)) +(typeattributeset wificond_service_26_0 (wificond_service)) +(typeattributeset wifi_data_file_26_0 (wifi_data_file)) +(typeattributeset wifi_log_prop_26_0 (wifi_log_prop)) +(typeattributeset wifip2p_service_26_0 (wifip2p_service)) +(typeattributeset wifi_prop_26_0 (wifi_prop)) +(typeattributeset wifiscanner_service_26_0 (wifiscanner_service)) +(typeattributeset wifi_service_26_0 (wifi_service)) +(typeattributeset window_service_26_0 (window_service)) +(typeattributeset wpa_socket_26_0 (wpa_socket)) +(typeattributeset zero_device_26_0 (zero_device)) +(typeattributeset zoneinfo_data_file_26_0 (zoneinfo_data_file)) +(typeattributeset zygote_26_0 (zygote)) +(typeattributeset zygote_exec_26_0 (zygote_exec)) +(typeattributeset zygote_socket_26_0 (zygote_socket)) diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil new file mode 100644 index 000000000..30af58c42 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/26.0/26.0.compat.cil @@ -0,0 +1,5 @@ +(typeattribute vendordomain) +(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) +(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff)))) +(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff)))) +(allow vendordomain self (netlink_route_socket (nlmsg_readpriv))) diff --git a/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil new file mode 100644 index 000000000..b395855af --- /dev/null +++ b/prebuilts/api/30.0/private/compat/26.0/26.0.ignore.cil @@ -0,0 +1,229 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + activity_task_service + adb_service + adbd_exec + app_binding_service + apex_data_file + apex_metadata_file + apex_mnt_dir + apex_service + apexd + apexd_exec + apexd_prop + apexd_tmpfs + app_zygote + atrace + binder_calls_stats_service + biometric_service + bootloader_boot_reason_prop + blank_screen + blank_screen_exec + blank_screen_tmpfs + bluetooth_a2dp_offload_prop + bpfloader + bpfloader_exec + broadcastradio_service + cgroup_bpf + charger_exec + color_display_service + content_capture_service + crossprofileapps_service + ctl_apexd_prop + ctl_interface_restart_prop + ctl_interface_start_prop + ctl_interface_stop_prop + ctl_sigstop_prop + device_config_boot_count_prop + device_config_reset_performed_prop + device_config_netd_native_prop + dnsresolver_service + e2fs + e2fs_exec + exfat + exported_audio_prop + exported_bluetooth_prop + exported_config_prop + exported_dalvik_prop + exported_default_prop + exported_dumpstate_prop + exported_ffs_prop + exported_fingerprint_prop + exported_overlay_prop + exported_pm_prop + exported_radio_prop + exported_secure_prop + exported_system_prop + exported_system_radio_prop + exported_vold_prop + exported_wifi_prop + exported2_config_prop + exported2_default_prop + exported2_radio_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_radio_prop + exported3_system_prop + fastbootd + fingerprint_vendor_data_file + flags_health_check + flags_health_check_exec + fs_bpf + fwk_stats_hwservice + hal_atrace_hwservice + hal_audiocontrol_hwservice + hal_authsecret_hwservice + hal_broadcastradio_hwservice + hal_cas_hwservice + hal_codec2_hwservice + hal_confirmationui_hwservice + hal_evs_hwservice + hal_health_storage_hwservice + hal_lowpan_hwservice + hal_neuralnetworks_hwservice + hal_secure_element_hwservice + hal_tetheroffload_hwservice + hal_wifi_hostapd_hwservice + hal_usb_gadget_hwservice + hal_vehicle_hwservice + hal_wifi_offload_hwservice + heapprofd + heapprofd_exec + heapprofd_socket + incident_helper + incident_helper_exec + iorapd + iorapd_data_file + iorapd_exec + iorapd_service + iorapd_tmpfs + kmsg_debug_device + last_boot_reason_prop + llkd + llkd_exec + llkd_prop + llkd_tmpfs + looper_stats_service + lowpan_device + lowpan_prop + lowpan_service + mediaswcodec + mediaswcodec_exec + mediaswcodec_tmpfs + mediaextractor_update_service + mediaprovider_tmpfs + metadata_bootstat_file + metadata_file + mnt_product_file + mnt_vendor_file + netd_stable_secret_prop + network_stack + network_stack_service + network_watchlist_data_file + network_watchlist_service + overlayfs_file + package_native_service + perfetto + perfetto_exec + perfetto_tmpfs + perfetto_traces_data_file + property_info + recovery_socket + role_service + runas_app + art_apex_dir + runtime_service + secure_element + secure_element_device + secure_element_tmpfs + secure_element_service + server_configurable_flags_data_file + simpleperf_app_runner + simpleperf_app_runner_exec + slice_service + socket_hook_prop + staging_data_file + stats + stats_data_file + stats_exec + stats_service + statsd + statsd_exec + statsd_tmpfs + statsdw + statsdw_socket + statscompanion_service + storaged_data_file + super_block_device + sysfs_fs_ext4_features + system_boot_reason_prop + system_bootstrap_lib_file + system_lmk_prop + system_net_netd_hwservice + system_update_service + test_boot_reason_prop + thermal_service + thermalcallback_hwservice + thermalserviced + thermalserviced_exec + thermalserviced_tmpfs + time_prop + timedetector_service + timezone_service + tombstoned_java_trace_socket + tombstone_wifi_data_file + trace_data_file + traceur_app + traceur_app_tmpfs + traced + traced_consumer_socket + traced_enabled_prop + traced_exec + traced_probes + traced_probes_exec + traced_probes_tmpfs + traced_producer_socket + traced_tmpfs + untrusted_app_all_devpts + update_engine_log_data_file + vendor_default_prop + vendor_security_patch_level_prop + uri_grants_service + usbd + usbd_exec + usbd_tmpfs + vendor_apex_file + vendor_init + vendor_shell + vendor_socket_hook_prop + vndk_prop + vold_metadata_file + vold_prepare_subdirs + vold_prepare_subdirs_exec + vold_service + vrflinger_vsync_service + wait_for_keymaster + wait_for_keymaster_exec + wait_for_keymaster_tmpfs + watchdogd_tmpfs + wpantund + wpantund_exec + wpantund_service + wpantund_tmpfs + wm_trace_data_file)) + +;; private_objects - a collection of types that were labeled differently in +;; older policy, but that should not remain accessible to vendor policy. +;; Thus, these types are also not mapped, but recorded for checkapi tests +(type priv_objects) +(typeattribute priv_objects) +(typeattributeset priv_objects + ( priv_objects + adbd_tmpfs + untrusted_app_27_tmpfs)) diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.cil new file mode 100644 index 000000000..0d883c0c7 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/27.0/27.0.cil @@ -0,0 +1,1507 @@ +;; attributes removed from current policy +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) + +;; types removed from current policy +(type commontime_management_service) +(type hal_wifi_offload_hwservice) +(type mediacodec) +(type mediacodec_exec) +(type netd_socket) +(type qtaguid_proc) +(type reboot_data_file) +(type rild) +(type untrusted_v2_app) +(type webview_zygote_socket) +(type vold_socket) + +(expandtypeattribute (accessibility_service_27_0) true) +(expandtypeattribute (account_service_27_0) true) +(expandtypeattribute (activity_service_27_0) true) +(expandtypeattribute (adbd_27_0) true) +(expandtypeattribute (adb_data_file_27_0) true) +(expandtypeattribute (adbd_exec_27_0) true) +(expandtypeattribute (adbd_socket_27_0) true) +(expandtypeattribute (adb_keys_file_27_0) true) +(expandtypeattribute (alarm_device_27_0) true) +(expandtypeattribute (alarm_service_27_0) true) +(expandtypeattribute (anr_data_file_27_0) true) +(expandtypeattribute (apk_data_file_27_0) true) +(expandtypeattribute (apk_private_data_file_27_0) true) +(expandtypeattribute (apk_private_tmp_file_27_0) true) +(expandtypeattribute (apk_tmp_file_27_0) true) +(expandtypeattribute (app_data_file_27_0) true) +(expandtypeattribute (app_fuse_file_27_0) true) +(expandtypeattribute (app_fusefs_27_0) true) +(expandtypeattribute (appops_service_27_0) true) +(expandtypeattribute (appwidget_service_27_0) true) +(expandtypeattribute (asec_apk_file_27_0) true) +(expandtypeattribute (asec_image_file_27_0) true) +(expandtypeattribute (asec_public_file_27_0) true) +(expandtypeattribute (ashmem_device_27_0) true) +(expandtypeattribute (assetatlas_service_27_0) true) +(expandtypeattribute (audio_data_file_27_0) true) +(expandtypeattribute (audio_device_27_0) true) +(expandtypeattribute (audiohal_data_file_27_0) true) +(expandtypeattribute (audio_prop_27_0) true) +(expandtypeattribute (audio_seq_device_27_0) true) +(expandtypeattribute (audioserver_27_0) true) +(expandtypeattribute (audioserver_data_file_27_0) true) +(expandtypeattribute (audioserver_service_27_0) true) +(expandtypeattribute (audio_service_27_0) true) +(expandtypeattribute (audio_timer_device_27_0) true) +(expandtypeattribute (autofill_service_27_0) true) +(expandtypeattribute (backup_data_file_27_0) true) +(expandtypeattribute (backup_service_27_0) true) +(expandtypeattribute (batteryproperties_service_27_0) true) +(expandtypeattribute (battery_service_27_0) true) +(expandtypeattribute (batterystats_service_27_0) true) +(expandtypeattribute (binder_device_27_0) true) +(expandtypeattribute (binfmt_miscfs_27_0) true) +(expandtypeattribute (blkid_27_0) true) +(expandtypeattribute (blkid_untrusted_27_0) true) +(expandtypeattribute (block_device_27_0) true) +(expandtypeattribute (bluetooth_27_0) true) +(expandtypeattribute (bluetooth_data_file_27_0) true) +(expandtypeattribute (bluetooth_efs_file_27_0) true) +(expandtypeattribute (bluetooth_logs_data_file_27_0) true) +(expandtypeattribute (bluetooth_manager_service_27_0) true) +(expandtypeattribute (bluetooth_prop_27_0) true) +(expandtypeattribute (bluetooth_service_27_0) true) +(expandtypeattribute (bluetooth_socket_27_0) true) +(expandtypeattribute (bootanim_27_0) true) +(expandtypeattribute (bootanim_exec_27_0) true) +(expandtypeattribute (boot_block_device_27_0) true) +(expandtypeattribute (bootchart_data_file_27_0) true) +(expandtypeattribute (bootstat_27_0) true) +(expandtypeattribute (bootstat_data_file_27_0) true) +(expandtypeattribute (bootstat_exec_27_0) true) +(expandtypeattribute (boottime_prop_27_0) true) +(expandtypeattribute (boottrace_data_file_27_0) true) +(expandtypeattribute (broadcastradio_service_27_0) true) +(expandtypeattribute (bufferhubd_27_0) true) +(expandtypeattribute (bufferhubd_exec_27_0) true) +(expandtypeattribute (cache_backup_file_27_0) true) +(expandtypeattribute (cache_block_device_27_0) true) +(expandtypeattribute (cache_file_27_0) true) +(expandtypeattribute (cache_private_backup_file_27_0) true) +(expandtypeattribute (cache_recovery_file_27_0) true) +(expandtypeattribute (camera_data_file_27_0) true) +(expandtypeattribute (camera_device_27_0) true) +(expandtypeattribute (cameraproxy_service_27_0) true) +(expandtypeattribute (cameraserver_27_0) true) +(expandtypeattribute (cameraserver_exec_27_0) true) +(expandtypeattribute (cameraserver_service_27_0) true) +(expandtypeattribute (cgroup_27_0) true) +(expandtypeattribute (charger_27_0) true) +(expandtypeattribute (clatd_27_0) true) +(expandtypeattribute (clatd_exec_27_0) true) +(expandtypeattribute (clipboard_service_27_0) true) +(expandtypeattribute (commontime_management_service_27_0) true) +(expandtypeattribute (companion_device_service_27_0) true) +(expandtypeattribute (configfs_27_0) true) +(expandtypeattribute (config_prop_27_0) true) +(expandtypeattribute (connectivity_service_27_0) true) +(expandtypeattribute (connmetrics_service_27_0) true) +(expandtypeattribute (console_device_27_0) true) +(expandtypeattribute (consumer_ir_service_27_0) true) +(expandtypeattribute (content_service_27_0) true) +(expandtypeattribute (contexthub_service_27_0) true) +(expandtypeattribute (coredump_file_27_0) true) +(expandtypeattribute (country_detector_service_27_0) true) +(expandtypeattribute (coverage_service_27_0) true) +(expandtypeattribute (cppreopt_prop_27_0) true) +(expandtypeattribute (cppreopts_27_0) true) +(expandtypeattribute (cppreopts_exec_27_0) true) +(expandtypeattribute (cpuctl_device_27_0) true) +(expandtypeattribute (cpuinfo_service_27_0) true) +(expandtypeattribute (crash_dump_27_0) true) +(expandtypeattribute (crash_dump_exec_27_0) true) +(expandtypeattribute (ctl_bootanim_prop_27_0) true) +(expandtypeattribute (ctl_bugreport_prop_27_0) true) +(expandtypeattribute (ctl_console_prop_27_0) true) +(expandtypeattribute (ctl_default_prop_27_0) true) +(expandtypeattribute (ctl_dumpstate_prop_27_0) true) +(expandtypeattribute (ctl_fuse_prop_27_0) true) +(expandtypeattribute (ctl_mdnsd_prop_27_0) true) +(expandtypeattribute (ctl_rildaemon_prop_27_0) true) +(expandtypeattribute (dalvikcache_data_file_27_0) true) +(expandtypeattribute (dalvik_prop_27_0) true) +(expandtypeattribute (dbinfo_service_27_0) true) +(expandtypeattribute (debugfs_27_0) true) +(expandtypeattribute (debugfs_mmc_27_0) true) +(expandtypeattribute (debugfs_trace_marker_27_0) true) +(expandtypeattribute (debugfs_tracing_27_0) true) +(expandtypeattribute (debugfs_tracing_debug_27_0) true) +(expandtypeattribute (debugfs_tracing_instances_27_0) true) +(expandtypeattribute (debugfs_wifi_tracing_27_0) true) +(expandtypeattribute (debuggerd_prop_27_0) true) +(expandtypeattribute (debug_prop_27_0) true) +(expandtypeattribute (default_android_hwservice_27_0) true) +(expandtypeattribute (default_android_service_27_0) true) +(expandtypeattribute (default_android_vndservice_27_0) true) +(expandtypeattribute (default_prop_27_0) true) +(expandtypeattribute (device_27_0) true) +(expandtypeattribute (device_identifiers_service_27_0) true) +(expandtypeattribute (deviceidle_service_27_0) true) +(expandtypeattribute (device_logging_prop_27_0) true) +(expandtypeattribute (device_policy_service_27_0) true) +(expandtypeattribute (devicestoragemonitor_service_27_0) true) +(expandtypeattribute (devpts_27_0) true) +(expandtypeattribute (dex2oat_27_0) true) +(expandtypeattribute (dex2oat_exec_27_0) true) +(expandtypeattribute (dhcp_27_0) true) +(expandtypeattribute (dhcp_data_file_27_0) true) +(expandtypeattribute (dhcp_exec_27_0) true) +(expandtypeattribute (dhcp_prop_27_0) true) +(expandtypeattribute (diskstats_service_27_0) true) +(expandtypeattribute (display_service_27_0) true) +(expandtypeattribute (dm_device_27_0) true) +(expandtypeattribute (dnsmasq_27_0) true) +(expandtypeattribute (dnsmasq_exec_27_0) true) +(expandtypeattribute (dnsproxyd_socket_27_0) true) +(expandtypeattribute (DockObserver_service_27_0) true) +(expandtypeattribute (dreams_service_27_0) true) +(expandtypeattribute (drm_data_file_27_0) true) +(expandtypeattribute (drmserver_27_0) true) +(expandtypeattribute (drmserver_exec_27_0) true) +(expandtypeattribute (drmserver_service_27_0) true) +(expandtypeattribute (drmserver_socket_27_0) true) +(expandtypeattribute (dropbox_service_27_0) true) +(expandtypeattribute (dumpstate_27_0) true) +(expandtypeattribute (dumpstate_exec_27_0) true) +(expandtypeattribute (dumpstate_options_prop_27_0) true) +(expandtypeattribute (dumpstate_prop_27_0) true) +(expandtypeattribute (dumpstate_service_27_0) true) +(expandtypeattribute (dumpstate_socket_27_0) true) +(expandtypeattribute (e2fs_27_0) true) +(expandtypeattribute (e2fs_exec_27_0) true) +(expandtypeattribute (efs_file_27_0) true) +(expandtypeattribute (ephemeral_app_27_0) true) +(expandtypeattribute (ethernet_service_27_0) true) +(expandtypeattribute (ffs_prop_27_0) true) +(expandtypeattribute (file_contexts_file_27_0) true) +(expandtypeattribute (fingerprintd_27_0) true) +(expandtypeattribute (fingerprintd_data_file_27_0) true) +(expandtypeattribute (fingerprintd_exec_27_0) true) +(expandtypeattribute (fingerprintd_service_27_0) true) +(expandtypeattribute (fingerprint_prop_27_0) true) +(expandtypeattribute (fingerprint_service_27_0) true) +(expandtypeattribute (firstboot_prop_27_0) true) +(expandtypeattribute (font_service_27_0) true) +(expandtypeattribute (frp_block_device_27_0) true) +(expandtypeattribute (fsck_27_0) true) +(expandtypeattribute (fsck_exec_27_0) true) +(expandtypeattribute (fscklogs_27_0) true) +(expandtypeattribute (fsck_untrusted_27_0) true) +(expandtypeattribute (full_device_27_0) true) +(expandtypeattribute (functionfs_27_0) true) +(expandtypeattribute (fuse_27_0) true) +(expandtypeattribute (fuse_device_27_0) true) +(expandtypeattribute (fwk_display_hwservice_27_0) true) +(expandtypeattribute (fwk_scheduler_hwservice_27_0) true) +(expandtypeattribute (fwk_sensor_hwservice_27_0) true) +(expandtypeattribute (fwmarkd_socket_27_0) true) +(expandtypeattribute (gatekeeperd_27_0) true) +(expandtypeattribute (gatekeeper_data_file_27_0) true) +(expandtypeattribute (gatekeeperd_exec_27_0) true) +(expandtypeattribute (gatekeeper_service_27_0) true) +(expandtypeattribute (gfxinfo_service_27_0) true) +(expandtypeattribute (gps_control_27_0) true) +(expandtypeattribute (gpu_device_27_0) true) +(expandtypeattribute (gpu_service_27_0) true) +(expandtypeattribute (graphics_device_27_0) true) +(expandtypeattribute (graphicsstats_service_27_0) true) +(expandtypeattribute (hal_audio_hwservice_27_0) true) +(expandtypeattribute (hal_bluetooth_hwservice_27_0) true) +(expandtypeattribute (hal_bootctl_hwservice_27_0) true) +(expandtypeattribute (hal_broadcastradio_hwservice_27_0) true) +(expandtypeattribute (hal_camera_hwservice_27_0) true) +(expandtypeattribute (hal_cas_hwservice_27_0) true) +(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_27_0) true) +(expandtypeattribute (hal_contexthub_hwservice_27_0) true) +(expandtypeattribute (hal_drm_hwservice_27_0) true) +(expandtypeattribute (hal_dumpstate_hwservice_27_0) true) +(expandtypeattribute (hal_fingerprint_hwservice_27_0) true) +(expandtypeattribute (hal_fingerprint_service_27_0) true) +(expandtypeattribute (hal_gatekeeper_hwservice_27_0) true) +(expandtypeattribute (hal_gnss_hwservice_27_0) true) +(expandtypeattribute (hal_graphics_allocator_hwservice_27_0) true) +(expandtypeattribute (hal_graphics_composer_hwservice_27_0) true) +(expandtypeattribute (hal_graphics_mapper_hwservice_27_0) true) +(expandtypeattribute (hal_health_hwservice_27_0) true) +(expandtypeattribute (hal_ir_hwservice_27_0) true) +(expandtypeattribute (hal_keymaster_hwservice_27_0) true) +(expandtypeattribute (hal_light_hwservice_27_0) true) +(expandtypeattribute (hal_memtrack_hwservice_27_0) true) +(expandtypeattribute (hal_neuralnetworks_hwservice_27_0) true) +(expandtypeattribute (hal_nfc_hwservice_27_0) true) +(expandtypeattribute (hal_oemlock_hwservice_27_0) true) +(expandtypeattribute (hal_omx_hwservice_27_0) true) +(expandtypeattribute (hal_power_hwservice_27_0) true) +(expandtypeattribute (hal_renderscript_hwservice_27_0) true) +(expandtypeattribute (hal_sensors_hwservice_27_0) true) +(expandtypeattribute (hal_telephony_hwservice_27_0) true) +(expandtypeattribute (hal_tetheroffload_hwservice_27_0) true) +(expandtypeattribute (hal_thermal_hwservice_27_0) true) +(expandtypeattribute (hal_tv_cec_hwservice_27_0) true) +(expandtypeattribute (hal_tv_input_hwservice_27_0) true) +(expandtypeattribute (hal_usb_hwservice_27_0) true) +(expandtypeattribute (hal_vibrator_hwservice_27_0) true) +(expandtypeattribute (hal_vr_hwservice_27_0) true) +(expandtypeattribute (hal_weaver_hwservice_27_0) true) +(expandtypeattribute (hal_wifi_hwservice_27_0) true) +(expandtypeattribute (hal_wifi_offload_hwservice_27_0) true) +(expandtypeattribute (hal_wifi_supplicant_hwservice_27_0) true) +(expandtypeattribute (hardware_properties_service_27_0) true) +(expandtypeattribute (hardware_service_27_0) true) +(expandtypeattribute (hci_attach_dev_27_0) true) +(expandtypeattribute (hdmi_control_service_27_0) true) +(expandtypeattribute (healthd_27_0) true) +(expandtypeattribute (healthd_exec_27_0) true) +(expandtypeattribute (heapdump_data_file_27_0) true) +(expandtypeattribute (hidl_allocator_hwservice_27_0) true) +(expandtypeattribute (hidl_base_hwservice_27_0) true) +(expandtypeattribute (hidl_manager_hwservice_27_0) true) +(expandtypeattribute (hidl_memory_hwservice_27_0) true) +(expandtypeattribute (hidl_token_hwservice_27_0) true) +(expandtypeattribute (hwbinder_device_27_0) true) +(expandtypeattribute (hw_random_device_27_0) true) +(expandtypeattribute (hwservice_contexts_file_27_0) true) +(expandtypeattribute (hwservicemanager_27_0) true) +(expandtypeattribute (hwservicemanager_exec_27_0) true) +(expandtypeattribute (hwservicemanager_prop_27_0) true) +(expandtypeattribute (i2c_device_27_0) true) +(expandtypeattribute (icon_file_27_0) true) +(expandtypeattribute (idmap_27_0) true) +(expandtypeattribute (idmap_exec_27_0) true) +(expandtypeattribute (iio_device_27_0) true) +(expandtypeattribute (imms_service_27_0) true) +(expandtypeattribute (incident_27_0) true) +(expandtypeattribute (incidentd_27_0) true) +(expandtypeattribute (incident_data_file_27_0) true) +(expandtypeattribute (incident_service_27_0) true) +(expandtypeattribute (init_27_0) true) +(expandtypeattribute (init_exec_27_0) true) +(expandtypeattribute (inotify_27_0) true) +(expandtypeattribute (input_device_27_0) true) +(expandtypeattribute (inputflinger_27_0) true) +(expandtypeattribute (inputflinger_exec_27_0) true) +(expandtypeattribute (inputflinger_service_27_0) true) +(expandtypeattribute (input_method_service_27_0) true) +(expandtypeattribute (input_service_27_0) true) +(expandtypeattribute (installd_27_0) true) +(expandtypeattribute (install_data_file_27_0) true) +(expandtypeattribute (installd_exec_27_0) true) +(expandtypeattribute (installd_service_27_0) true) +(expandtypeattribute (install_recovery_27_0) true) +(expandtypeattribute (install_recovery_exec_27_0) true) +(expandtypeattribute (ion_device_27_0) true) +(expandtypeattribute (IProxyService_service_27_0) true) +(expandtypeattribute (ipsec_service_27_0) true) +(expandtypeattribute (isolated_app_27_0) true) +(expandtypeattribute (jobscheduler_service_27_0) true) +(expandtypeattribute (kernel_27_0) true) +(expandtypeattribute (keychain_data_file_27_0) true) +(expandtypeattribute (keychord_device_27_0) true) +(expandtypeattribute (keystore_27_0) true) +(expandtypeattribute (keystore_data_file_27_0) true) +(expandtypeattribute (keystore_exec_27_0) true) +(expandtypeattribute (keystore_service_27_0) true) +(expandtypeattribute (kmem_device_27_0) true) +(expandtypeattribute (kmsg_debug_device_27_0) true) +(expandtypeattribute (kmsg_device_27_0) true) +(expandtypeattribute (labeledfs_27_0) true) +(expandtypeattribute (launcherapps_service_27_0) true) +(expandtypeattribute (lmkd_27_0) true) +(expandtypeattribute (lmkd_exec_27_0) true) +(expandtypeattribute (lmkd_socket_27_0) true) +(expandtypeattribute (location_service_27_0) true) +(expandtypeattribute (lock_settings_service_27_0) true) +(expandtypeattribute (logcat_exec_27_0) true) +(expandtypeattribute (logd_27_0) true) +(expandtypeattribute (logd_exec_27_0) true) +(expandtypeattribute (logd_prop_27_0) true) +(expandtypeattribute (logdr_socket_27_0) true) +(expandtypeattribute (logd_socket_27_0) true) +(expandtypeattribute (logdw_socket_27_0) true) +(expandtypeattribute (logpersist_27_0) true) +(expandtypeattribute (logpersistd_logging_prop_27_0) true) +(expandtypeattribute (log_prop_27_0) true) +(expandtypeattribute (log_tag_prop_27_0) true) +(expandtypeattribute (loop_control_device_27_0) true) +(expandtypeattribute (loop_device_27_0) true) +(expandtypeattribute (mac_perms_file_27_0) true) +(expandtypeattribute (mdnsd_27_0) true) +(expandtypeattribute (mdnsd_socket_27_0) true) +(expandtypeattribute (mdns_socket_27_0) true) +(expandtypeattribute (mediacodec_27_0) true) +(expandtypeattribute (mediacodec_exec_27_0) true) +(expandtypeattribute (mediacodec_service_27_0) true) +(expandtypeattribute (media_data_file_27_0) true) +(expandtypeattribute (mediadrmserver_27_0) true) +(expandtypeattribute (mediadrmserver_exec_27_0) true) +(expandtypeattribute (mediadrmserver_service_27_0) true) +(expandtypeattribute (mediaextractor_27_0) true) +(expandtypeattribute (mediaextractor_exec_27_0) true) +(expandtypeattribute (mediaextractor_service_27_0) true) +(expandtypeattribute (mediametrics_27_0) true) +(expandtypeattribute (mediametrics_exec_27_0) true) +(expandtypeattribute (mediametrics_service_27_0) true) +(expandtypeattribute (media_projection_service_27_0) true) +(expandtypeattribute (mediaprovider_27_0) true) +(expandtypeattribute (media_router_service_27_0) true) +(expandtypeattribute (media_rw_data_file_27_0) true) +(expandtypeattribute (mediaserver_27_0) true) +(expandtypeattribute (mediaserver_exec_27_0) true) +(expandtypeattribute (mediaserver_service_27_0) true) +(expandtypeattribute (media_session_service_27_0) true) +(expandtypeattribute (meminfo_service_27_0) true) +(expandtypeattribute (metadata_block_device_27_0) true) +(expandtypeattribute (method_trace_data_file_27_0) true) +(expandtypeattribute (midi_service_27_0) true) +(expandtypeattribute (misc_block_device_27_0) true) +(expandtypeattribute (misc_logd_file_27_0) true) +(expandtypeattribute (misc_user_data_file_27_0) true) +(expandtypeattribute (mmc_prop_27_0) true) +(expandtypeattribute (mnt_expand_file_27_0) true) +(expandtypeattribute (mnt_media_rw_file_27_0) true) +(expandtypeattribute (mnt_media_rw_stub_file_27_0) true) +(expandtypeattribute (mnt_user_file_27_0) true) +(expandtypeattribute (modprobe_27_0) true) +(expandtypeattribute (mount_service_27_0) true) +(expandtypeattribute (mqueue_27_0) true) +(expandtypeattribute (mtd_device_27_0) true) +(expandtypeattribute (mtp_27_0) true) +(expandtypeattribute (mtp_device_27_0) true) +(expandtypeattribute (mtpd_socket_27_0) true) +(expandtypeattribute (mtp_exec_27_0) true) +(expandtypeattribute (nativetest_data_file_27_0) true) +(expandtypeattribute (netd_27_0) true) +(expandtypeattribute (net_data_file_27_0) true) +(expandtypeattribute (netd_exec_27_0) true) +(expandtypeattribute (netd_listener_service_27_0) true) +(expandtypeattribute (net_dns_prop_27_0) true) +(expandtypeattribute (netd_service_27_0) true) +(expandtypeattribute (netd_socket_27_0) true) +(expandtypeattribute (netd_stable_secret_prop_27_0) true) +(expandtypeattribute (netif_27_0) true) +(expandtypeattribute (netpolicy_service_27_0) true) +(expandtypeattribute (net_radio_prop_27_0) true) +(expandtypeattribute (netstats_service_27_0) true) +(expandtypeattribute (netutils_wrapper_27_0) true) +(expandtypeattribute (netutils_wrapper_exec_27_0) true) +(expandtypeattribute (network_management_service_27_0) true) +(expandtypeattribute (network_score_service_27_0) true) +(expandtypeattribute (network_time_update_service_27_0) true) +(expandtypeattribute (nfc_27_0) true) +(expandtypeattribute (nfc_data_file_27_0) true) +(expandtypeattribute (nfc_device_27_0) true) +(expandtypeattribute (nfc_prop_27_0) true) +(expandtypeattribute (nfc_service_27_0) true) +(expandtypeattribute (node_27_0) true) +(expandtypeattribute (nonplat_service_contexts_file_27_0) true) +(expandtypeattribute (notification_service_27_0) true) +(expandtypeattribute (null_device_27_0) true) +(expandtypeattribute (oemfs_27_0) true) +(expandtypeattribute (oem_lock_service_27_0) true) +(expandtypeattribute (ota_data_file_27_0) true) +(expandtypeattribute (otadexopt_service_27_0) true) +(expandtypeattribute (ota_package_file_27_0) true) +(expandtypeattribute (otapreopt_chroot_27_0) true) +(expandtypeattribute (otapreopt_chroot_exec_27_0) true) +(expandtypeattribute (otapreopt_slot_27_0) true) +(expandtypeattribute (otapreopt_slot_exec_27_0) true) +(expandtypeattribute (overlay_prop_27_0) true) +(expandtypeattribute (overlay_service_27_0) true) +(expandtypeattribute (owntty_device_27_0) true) +(expandtypeattribute (package_native_service_27_0) true) +(expandtypeattribute (package_service_27_0) true) +(expandtypeattribute (pan_result_prop_27_0) true) +(expandtypeattribute (pdx_bufferhub_client_channel_socket_27_0) true) +(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_bufferhub_dir_27_0) true) +(expandtypeattribute (pdx_display_client_channel_socket_27_0) true) +(expandtypeattribute (pdx_display_client_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_display_dir_27_0) true) +(expandtypeattribute (pdx_display_manager_channel_socket_27_0) true) +(expandtypeattribute (pdx_display_manager_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_display_screenshot_channel_socket_27_0) true) +(expandtypeattribute (pdx_display_screenshot_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_display_vsync_channel_socket_27_0) true) +(expandtypeattribute (pdx_display_vsync_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_performance_client_channel_socket_27_0) true) +(expandtypeattribute (pdx_performance_client_endpoint_socket_27_0) true) +(expandtypeattribute (pdx_performance_dir_27_0) true) +(expandtypeattribute (performanced_27_0) true) +(expandtypeattribute (performanced_exec_27_0) true) +(expandtypeattribute (permission_service_27_0) true) +(expandtypeattribute (persist_debug_prop_27_0) true) +(expandtypeattribute (persistent_data_block_service_27_0) true) +(expandtypeattribute (persistent_properties_ready_prop_27_0) true) +(expandtypeattribute (pinner_service_27_0) true) +(expandtypeattribute (pipefs_27_0) true) +(expandtypeattribute (platform_app_27_0) true) +(expandtypeattribute (pmsg_device_27_0) true) +(expandtypeattribute (port_27_0) true) +(expandtypeattribute (port_device_27_0) true) +(expandtypeattribute (postinstall_27_0) true) +(expandtypeattribute (postinstall_dexopt_27_0) true) +(expandtypeattribute (postinstall_file_27_0) true) +(expandtypeattribute (postinstall_mnt_dir_27_0) true) +(expandtypeattribute (powerctl_prop_27_0) true) +(expandtypeattribute (power_service_27_0) true) +(expandtypeattribute (ppp_27_0) true) +(expandtypeattribute (ppp_device_27_0) true) +(expandtypeattribute (ppp_exec_27_0) true) +(expandtypeattribute (preloads_data_file_27_0) true) +(expandtypeattribute (preloads_media_file_27_0) true) +(expandtypeattribute (preopt2cachename_27_0) true) +(expandtypeattribute (preopt2cachename_exec_27_0) true) +(expandtypeattribute (print_service_27_0) true) +(expandtypeattribute (priv_app_27_0) true) +(expandtypeattribute (proc_27_0) true) +(expandtypeattribute (proc_bluetooth_writable_27_0) true) +(expandtypeattribute (proc_cpuinfo_27_0) true) +(expandtypeattribute (proc_drop_caches_27_0) true) +(expandtypeattribute (processinfo_service_27_0) true) +(expandtypeattribute (proc_interrupts_27_0) true) +(expandtypeattribute (proc_iomem_27_0) true) +(expandtypeattribute (proc_meminfo_27_0) true) +(expandtypeattribute (proc_misc_27_0) true) +(expandtypeattribute (proc_modules_27_0) true) +(expandtypeattribute (proc_net_27_0) true) +(expandtypeattribute (proc_overcommit_memory_27_0) true) +(expandtypeattribute (proc_perf_27_0) true) +(expandtypeattribute (proc_security_27_0) true) +(expandtypeattribute (proc_stat_27_0) true) +(expandtypeattribute (procstats_service_27_0) true) +(expandtypeattribute (proc_sysrq_27_0) true) +(expandtypeattribute (proc_timer_27_0) true) +(expandtypeattribute (proc_tty_drivers_27_0) true) +(expandtypeattribute (proc_uid_cputime_removeuid_27_0) true) +(expandtypeattribute (proc_uid_cputime_showstat_27_0) true) +(expandtypeattribute (proc_uid_io_stats_27_0) true) +(expandtypeattribute (proc_uid_procstat_set_27_0) true) +(expandtypeattribute (proc_uid_time_in_state_27_0) true) +(expandtypeattribute (proc_zoneinfo_27_0) true) +(expandtypeattribute (profman_27_0) true) +(expandtypeattribute (profman_dump_data_file_27_0) true) +(expandtypeattribute (profman_exec_27_0) true) +(expandtypeattribute (properties_device_27_0) true) +(expandtypeattribute (properties_serial_27_0) true) +(expandtypeattribute (property_contexts_file_27_0) true) +(expandtypeattribute (property_data_file_27_0) true) +(expandtypeattribute (property_socket_27_0) true) +(expandtypeattribute (pstorefs_27_0) true) +(expandtypeattribute (ptmx_device_27_0) true) +(expandtypeattribute (qtaguid_device_27_0) true) +(expandtypeattribute (qtaguid_proc_27_0) true) +(expandtypeattribute (racoon_27_0) true) +(expandtypeattribute (racoon_exec_27_0) true) +(expandtypeattribute (racoon_socket_27_0) true) +(expandtypeattribute (radio_27_0) true) +(expandtypeattribute (radio_data_file_27_0) true) +(expandtypeattribute (radio_device_27_0) true) +(expandtypeattribute (radio_prop_27_0) true) +(expandtypeattribute (radio_service_27_0) true) +(expandtypeattribute (ram_device_27_0) true) +(expandtypeattribute (random_device_27_0) true) +(expandtypeattribute (reboot_data_file_27_0) true) +(expandtypeattribute (recovery_27_0) true) +(expandtypeattribute (recovery_block_device_27_0) true) +(expandtypeattribute (recovery_data_file_27_0) true) +(expandtypeattribute (recovery_persist_27_0) true) +(expandtypeattribute (recovery_persist_exec_27_0) true) +(expandtypeattribute (recovery_refresh_27_0) true) +(expandtypeattribute (recovery_refresh_exec_27_0) true) +(expandtypeattribute (recovery_service_27_0) true) +(expandtypeattribute (registry_service_27_0) true) +(expandtypeattribute (resourcecache_data_file_27_0) true) +(expandtypeattribute (restorecon_prop_27_0) true) +(expandtypeattribute (restrictions_service_27_0) true) +(expandtypeattribute (rild_27_0) true) +(expandtypeattribute (rild_debug_socket_27_0) true) +(expandtypeattribute (rild_socket_27_0) true) +(expandtypeattribute (ringtone_file_27_0) true) +(expandtypeattribute (root_block_device_27_0) true) +(expandtypeattribute (rootfs_27_0) true) +(expandtypeattribute (rpmsg_device_27_0) true) +(expandtypeattribute (rtc_device_27_0) true) +(expandtypeattribute (rttmanager_service_27_0) true) +(expandtypeattribute (runas_27_0) true) +(expandtypeattribute (runas_exec_27_0) true) +(expandtypeattribute (runtime_event_log_tags_file_27_0) true) +(expandtypeattribute (safemode_prop_27_0) true) +(expandtypeattribute (same_process_hal_file_27_0) true) +(expandtypeattribute (samplingprofiler_service_27_0) true) +(expandtypeattribute (scheduling_policy_service_27_0) true) +(expandtypeattribute (sdcardd_27_0) true) +(expandtypeattribute (sdcardd_exec_27_0) true) +(expandtypeattribute (sdcardfs_27_0) true) +(expandtypeattribute (seapp_contexts_file_27_0) true) +(expandtypeattribute (search_service_27_0) true) +(expandtypeattribute (sec_key_att_app_id_provider_service_27_0) true) +(expandtypeattribute (selinuxfs_27_0) true) +(expandtypeattribute (sensors_device_27_0) true) +(expandtypeattribute (sensorservice_service_27_0) true) +(expandtypeattribute (sepolicy_file_27_0) true) +(expandtypeattribute (serial_device_27_0) true) +(expandtypeattribute (serialno_prop_27_0) true) +(expandtypeattribute (serial_service_27_0) true) +(expandtypeattribute (service_contexts_file_27_0) true) +(expandtypeattribute (servicediscovery_service_27_0) true) +(expandtypeattribute (servicemanager_27_0) true) +(expandtypeattribute (servicemanager_exec_27_0) true) +(expandtypeattribute (settings_service_27_0) true) +(expandtypeattribute (sgdisk_27_0) true) +(expandtypeattribute (sgdisk_exec_27_0) true) +(expandtypeattribute (shared_relro_27_0) true) +(expandtypeattribute (shared_relro_file_27_0) true) +(expandtypeattribute (shell_27_0) true) +(expandtypeattribute (shell_data_file_27_0) true) +(expandtypeattribute (shell_exec_27_0) true) +(expandtypeattribute (shell_prop_27_0) true) +(expandtypeattribute (shm_27_0) true) +(expandtypeattribute (shortcut_manager_icons_27_0) true) +(expandtypeattribute (shortcut_service_27_0) true) +(expandtypeattribute (slideshow_27_0) true) +(expandtypeattribute (socket_device_27_0) true) +(expandtypeattribute (sockfs_27_0) true) +(expandtypeattribute (statusbar_service_27_0) true) +(expandtypeattribute (storaged_service_27_0) true) +(expandtypeattribute (storage_file_27_0) true) +(expandtypeattribute (storagestats_service_27_0) true) +(expandtypeattribute (storage_stub_file_27_0) true) +(expandtypeattribute (su_27_0) true) +(expandtypeattribute (su_exec_27_0) true) +(expandtypeattribute (surfaceflinger_27_0) true) +(expandtypeattribute (surfaceflinger_service_27_0) true) +(expandtypeattribute (swap_block_device_27_0) true) +(expandtypeattribute (sysfs_27_0) true) +(expandtypeattribute (sysfs_batteryinfo_27_0) true) +(expandtypeattribute (sysfs_bluetooth_writable_27_0) true) +(expandtypeattribute (sysfs_devices_system_cpu_27_0) true) +(expandtypeattribute (sysfs_fs_ext4_features_27_0) true) +(expandtypeattribute (sysfs_hwrandom_27_0) true) +(expandtypeattribute (sysfs_leds_27_0) true) +(expandtypeattribute (sysfs_lowmemorykiller_27_0) true) +(expandtypeattribute (sysfs_mac_address_27_0) true) +(expandtypeattribute (sysfs_nfc_power_writable_27_0) true) +(expandtypeattribute (sysfs_thermal_27_0) true) +(expandtypeattribute (sysfs_uio_27_0) true) +(expandtypeattribute (sysfs_usb_27_0) true) +(expandtypeattribute (sysfs_usermodehelper_27_0) true) +(expandtypeattribute (sysfs_vibrator_27_0) true) +(expandtypeattribute (sysfs_wake_lock_27_0) true) +(expandtypeattribute (sysfs_wlan_fwpath_27_0) true) +(expandtypeattribute (sysfs_zram_27_0) true) +(expandtypeattribute (sysfs_zram_uevent_27_0) true) +(expandtypeattribute (system_app_27_0) true) +(expandtypeattribute (system_app_data_file_27_0) true) +(expandtypeattribute (system_app_service_27_0) true) +(expandtypeattribute (system_block_device_27_0) true) +(expandtypeattribute (system_data_file_27_0) true) +(expandtypeattribute (system_file_27_0) true) +(expandtypeattribute (systemkeys_data_file_27_0) true) +(expandtypeattribute (system_ndebug_socket_27_0) true) +(expandtypeattribute (system_net_netd_hwservice_27_0) true) +(expandtypeattribute (system_prop_27_0) true) +(expandtypeattribute (system_radio_prop_27_0) true) +(expandtypeattribute (system_server_27_0) true) +(expandtypeattribute (system_wifi_keystore_hwservice_27_0) true) +(expandtypeattribute (system_wpa_socket_27_0) true) +(expandtypeattribute (task_service_27_0) true) +(expandtypeattribute (tee_27_0) true) +(expandtypeattribute (tee_data_file_27_0) true) +(expandtypeattribute (tee_device_27_0) true) +(expandtypeattribute (telecom_service_27_0) true) +(expandtypeattribute (textclassification_service_27_0) true) +(expandtypeattribute (textclassifier_data_file_27_0) true) +(expandtypeattribute (textservices_service_27_0) true) +(expandtypeattribute (thermalcallback_hwservice_27_0) true) +(expandtypeattribute (thermal_service_27_0) true) +(expandtypeattribute (thermalserviced_27_0) true) +(expandtypeattribute (thermalserviced_exec_27_0) true) +(expandtypeattribute (timezone_service_27_0) true) +(expandtypeattribute (tmpfs_27_0) true) +(expandtypeattribute (tombstoned_27_0) true) +(expandtypeattribute (tombstone_data_file_27_0) true) +(expandtypeattribute (tombstoned_crash_socket_27_0) true) +(expandtypeattribute (tombstoned_exec_27_0) true) +(expandtypeattribute (tombstoned_intercept_socket_27_0) true) +(expandtypeattribute (tombstoned_java_trace_socket_27_0) true) +(expandtypeattribute (toolbox_27_0) true) +(expandtypeattribute (toolbox_exec_27_0) true) +(expandtypeattribute (trust_service_27_0) true) +(expandtypeattribute (tty_device_27_0) true) +(expandtypeattribute (tun_device_27_0) true) +(expandtypeattribute (tv_input_service_27_0) true) +(expandtypeattribute (tzdatacheck_27_0) true) +(expandtypeattribute (tzdatacheck_exec_27_0) true) +(expandtypeattribute (ueventd_27_0) true) +(expandtypeattribute (uhid_device_27_0) true) +(expandtypeattribute (uimode_service_27_0) true) +(expandtypeattribute (uio_device_27_0) true) +(expandtypeattribute (uncrypt_27_0) true) +(expandtypeattribute (uncrypt_exec_27_0) true) +(expandtypeattribute (uncrypt_socket_27_0) true) +(expandtypeattribute (unencrypted_data_file_27_0) true) +(expandtypeattribute (unlabeled_27_0) true) +(expandtypeattribute (untrusted_app_25_27_0) true) +(expandtypeattribute (untrusted_app_27_0) true) +(expandtypeattribute (untrusted_v2_app_27_0) true) +(expandtypeattribute (update_engine_27_0) true) +(expandtypeattribute (update_engine_data_file_27_0) true) +(expandtypeattribute (update_engine_exec_27_0) true) +(expandtypeattribute (update_engine_service_27_0) true) +(expandtypeattribute (updatelock_service_27_0) true) +(expandtypeattribute (update_verifier_27_0) true) +(expandtypeattribute (update_verifier_exec_27_0) true) +(expandtypeattribute (usagestats_service_27_0) true) +(expandtypeattribute (usbaccessory_device_27_0) true) +(expandtypeattribute (usb_device_27_0) true) +(expandtypeattribute (usbfs_27_0) true) +(expandtypeattribute (usb_service_27_0) true) +(expandtypeattribute (userdata_block_device_27_0) true) +(expandtypeattribute (usermodehelper_27_0) true) +(expandtypeattribute (user_profile_data_file_27_0) true) +(expandtypeattribute (user_service_27_0) true) +(expandtypeattribute (vcs_device_27_0) true) +(expandtypeattribute (vdc_27_0) true) +(expandtypeattribute (vdc_exec_27_0) true) +(expandtypeattribute (vendor_app_file_27_0) true) +(expandtypeattribute (vendor_configs_file_27_0) true) +(expandtypeattribute (vendor_file_27_0) true) +(expandtypeattribute (vendor_framework_file_27_0) true) +(expandtypeattribute (vendor_hal_file_27_0) true) +(expandtypeattribute (vendor_overlay_file_27_0) true) +(expandtypeattribute (vendor_shell_exec_27_0) true) +(expandtypeattribute (vendor_toolbox_exec_27_0) true) +(expandtypeattribute (vfat_27_0) true) +(expandtypeattribute (vibrator_service_27_0) true) +(expandtypeattribute (video_device_27_0) true) +(expandtypeattribute (virtual_touchpad_27_0) true) +(expandtypeattribute (virtual_touchpad_exec_27_0) true) +(expandtypeattribute (virtual_touchpad_service_27_0) true) +(expandtypeattribute (vndbinder_device_27_0) true) +(expandtypeattribute (vndk_sp_file_27_0) true) +(expandtypeattribute (vndservice_contexts_file_27_0) true) +(expandtypeattribute (vndservicemanager_27_0) true) +(expandtypeattribute (voiceinteraction_service_27_0) true) +(expandtypeattribute (vold_27_0) true) +(expandtypeattribute (vold_data_file_27_0) true) +(expandtypeattribute (vold_device_27_0) true) +(expandtypeattribute (vold_exec_27_0) true) +(expandtypeattribute (vold_prop_27_0) true) +(expandtypeattribute (vold_socket_27_0) true) +(expandtypeattribute (vpn_data_file_27_0) true) +(expandtypeattribute (vr_hwc_27_0) true) +(expandtypeattribute (vr_hwc_exec_27_0) true) +(expandtypeattribute (vr_hwc_service_27_0) true) +(expandtypeattribute (vr_manager_service_27_0) true) +(expandtypeattribute (wallpaper_file_27_0) true) +(expandtypeattribute (wallpaper_service_27_0) true) +(expandtypeattribute (watchdogd_27_0) true) +(expandtypeattribute (watchdog_device_27_0) true) +(expandtypeattribute (webviewupdate_service_27_0) true) +(expandtypeattribute (webview_zygote_27_0) true) +(expandtypeattribute (webview_zygote_exec_27_0) true) +(expandtypeattribute (webview_zygote_socket_27_0) true) +(expandtypeattribute (wifiaware_service_27_0) true) +(expandtypeattribute (wificond_27_0) true) +(expandtypeattribute (wificond_exec_27_0) true) +(expandtypeattribute (wificond_service_27_0) true) +(expandtypeattribute (wifi_data_file_27_0) true) +(expandtypeattribute (wifi_log_prop_27_0) true) +(expandtypeattribute (wifip2p_service_27_0) true) +(expandtypeattribute (wifi_prop_27_0) true) +(expandtypeattribute (wifiscanner_service_27_0) true) +(expandtypeattribute (wifi_service_27_0) true) +(expandtypeattribute (window_service_27_0) true) +(expandtypeattribute (wpa_socket_27_0) true) +(expandtypeattribute (zero_device_27_0) true) +(expandtypeattribute (zoneinfo_data_file_27_0) true) +(expandtypeattribute (zygote_27_0) true) +(expandtypeattribute (zygote_exec_27_0) true) +(expandtypeattribute (zygote_socket_27_0) true) +(typeattributeset accessibility_service_27_0 (accessibility_service)) +(typeattributeset account_service_27_0 (account_service)) +(typeattributeset activity_service_27_0 (activity_service)) +(typeattributeset adbd_27_0 (adbd)) +(typeattributeset adb_data_file_27_0 (adb_data_file)) +(typeattributeset adbd_exec_27_0 (adbd_exec)) +(typeattributeset adbd_socket_27_0 (adbd_socket)) +(typeattributeset adb_keys_file_27_0 (adb_keys_file)) +(typeattributeset alarm_device_27_0 (alarm_device)) +(typeattributeset alarm_service_27_0 (alarm_service)) +(typeattributeset anr_data_file_27_0 (anr_data_file)) +(typeattributeset apk_data_file_27_0 (apk_data_file)) +(typeattributeset apk_private_data_file_27_0 (apk_private_data_file)) +(typeattributeset apk_private_tmp_file_27_0 (apk_private_tmp_file)) +(typeattributeset apk_tmp_file_27_0 (apk_tmp_file)) +(typeattributeset app_data_file_27_0 (app_data_file privapp_data_file)) +(typeattributeset app_fuse_file_27_0 (app_fuse_file)) +(typeattributeset app_fusefs_27_0 (app_fusefs)) +(typeattributeset appops_service_27_0 (appops_service)) +(typeattributeset appwidget_service_27_0 (appwidget_service)) +(typeattributeset asec_apk_file_27_0 (asec_apk_file)) +(typeattributeset asec_image_file_27_0 (asec_image_file)) +(typeattributeset asec_public_file_27_0 (asec_public_file)) +(typeattributeset ashmem_device_27_0 (ashmem_device)) +(typeattributeset assetatlas_service_27_0 (assetatlas_service)) +(typeattributeset audio_data_file_27_0 (audio_data_file)) +(typeattributeset audio_device_27_0 (audio_device)) +(typeattributeset audiohal_data_file_27_0 (audiohal_data_file)) +(typeattributeset audio_prop_27_0 (audio_prop)) +(typeattributeset audio_seq_device_27_0 (audio_seq_device)) +(typeattributeset audioserver_27_0 (audioserver)) +(typeattributeset audioserver_data_file_27_0 (audioserver_data_file)) +(typeattributeset audioserver_service_27_0 (audioserver_service)) +(typeattributeset audio_service_27_0 (audio_service)) +(typeattributeset audio_timer_device_27_0 (audio_timer_device)) +(typeattributeset autofill_service_27_0 (autofill_service)) +(typeattributeset backup_data_file_27_0 (backup_data_file)) +(typeattributeset backup_service_27_0 (backup_service)) +(typeattributeset batteryproperties_service_27_0 (batteryproperties_service)) +(typeattributeset battery_service_27_0 (battery_service)) +(typeattributeset batterystats_service_27_0 (batterystats_service)) +(typeattributeset binder_device_27_0 (binder_device)) +(typeattributeset binfmt_miscfs_27_0 (binfmt_miscfs)) +(typeattributeset blkid_27_0 (blkid)) +(typeattributeset blkid_untrusted_27_0 (blkid_untrusted)) +(typeattributeset block_device_27_0 (block_device)) +(typeattributeset bluetooth_27_0 (bluetooth)) +(typeattributeset bluetooth_data_file_27_0 (bluetooth_data_file)) +(typeattributeset bluetooth_efs_file_27_0 (bluetooth_efs_file)) +(typeattributeset bluetooth_logs_data_file_27_0 (bluetooth_logs_data_file)) +(typeattributeset bluetooth_manager_service_27_0 (bluetooth_manager_service)) +(typeattributeset bluetooth_prop_27_0 (bluetooth_prop)) +(typeattributeset bluetooth_service_27_0 (bluetooth_service)) +(typeattributeset bluetooth_socket_27_0 (bluetooth_socket)) +(typeattributeset bootanim_27_0 (bootanim)) +(typeattributeset bootanim_exec_27_0 (bootanim_exec)) +(typeattributeset boot_block_device_27_0 (boot_block_device)) +(typeattributeset bootchart_data_file_27_0 (bootchart_data_file)) +(typeattributeset bootstat_27_0 (bootstat)) +(typeattributeset bootstat_data_file_27_0 (bootstat_data_file)) +(typeattributeset bootstat_exec_27_0 (bootstat_exec)) +(typeattributeset boottime_prop_27_0 (boottime_prop)) +(typeattributeset boottrace_data_file_27_0 (boottrace_data_file)) +(typeattributeset broadcastradio_service_27_0 (broadcastradio_service)) +(typeattributeset bufferhubd_27_0 (bufferhubd)) +(typeattributeset bufferhubd_exec_27_0 (bufferhubd_exec)) +(typeattributeset cache_backup_file_27_0 (cache_backup_file)) +(typeattributeset cache_block_device_27_0 (cache_block_device)) +(typeattributeset cache_file_27_0 (cache_file)) +(typeattributeset cache_private_backup_file_27_0 (cache_private_backup_file)) +(typeattributeset cache_recovery_file_27_0 (cache_recovery_file)) +(typeattributeset camera_data_file_27_0 (camera_data_file)) +(typeattributeset camera_device_27_0 (camera_device)) +(typeattributeset cameraproxy_service_27_0 (cameraproxy_service)) +(typeattributeset cameraserver_27_0 (cameraserver)) +(typeattributeset cameraserver_exec_27_0 (cameraserver_exec)) +(typeattributeset cameraserver_service_27_0 (cameraserver_service)) +(typeattributeset cgroup_27_0 (cgroup)) +(typeattributeset charger_27_0 (charger)) +(typeattributeset clatd_27_0 (clatd)) +(typeattributeset clatd_exec_27_0 (clatd_exec)) +(typeattributeset clipboard_service_27_0 (clipboard_service)) +(typeattributeset commontime_management_service_27_0 (commontime_management_service)) +(typeattributeset companion_device_service_27_0 (companion_device_service)) +(typeattributeset configfs_27_0 (configfs)) +(typeattributeset config_prop_27_0 (config_prop)) +(typeattributeset connectivity_service_27_0 (connectivity_service)) +(typeattributeset connmetrics_service_27_0 (connmetrics_service)) +(typeattributeset console_device_27_0 (console_device)) +(typeattributeset consumer_ir_service_27_0 (consumer_ir_service)) +(typeattributeset content_service_27_0 (content_service)) +(typeattributeset contexthub_service_27_0 (contexthub_service)) +(typeattributeset coredump_file_27_0 (coredump_file)) +(typeattributeset country_detector_service_27_0 (country_detector_service)) +(typeattributeset coverage_service_27_0 (coverage_service)) +(typeattributeset cppreopt_prop_27_0 (cppreopt_prop)) +(typeattributeset cppreopts_27_0 (cppreopts)) +(typeattributeset cppreopts_exec_27_0 (cppreopts_exec)) +(typeattributeset cpuctl_device_27_0 (cpuctl_device)) +(typeattributeset cpuinfo_service_27_0 (cpuinfo_service)) +(typeattributeset crash_dump_27_0 (crash_dump)) +(typeattributeset crash_dump_exec_27_0 (crash_dump_exec)) +(typeattributeset ctl_bootanim_prop_27_0 (ctl_bootanim_prop)) +(typeattributeset ctl_bugreport_prop_27_0 (ctl_bugreport_prop)) +(typeattributeset ctl_console_prop_27_0 (ctl_console_prop)) +(typeattributeset ctl_default_prop_27_0 (ctl_default_prop ctl_restart_prop ctl_start_prop ctl_stop_prop ctl_adbd_prop)) +(typeattributeset ctl_dumpstate_prop_27_0 (ctl_dumpstate_prop)) +(typeattributeset ctl_fuse_prop_27_0 (ctl_fuse_prop)) +(typeattributeset ctl_mdnsd_prop_27_0 (ctl_mdnsd_prop)) +(typeattributeset ctl_rildaemon_prop_27_0 (ctl_rildaemon_prop)) +(typeattributeset dalvikcache_data_file_27_0 (dalvikcache_data_file)) +(typeattributeset dalvik_prop_27_0 (dalvik_prop)) +(typeattributeset dbinfo_service_27_0 (dbinfo_service)) +(typeattributeset debugfs_27_0 + ( debugfs + debugfs_wakeup_sources)) +(typeattributeset debugfs_mmc_27_0 (debugfs_mmc)) +(typeattributeset debugfs_trace_marker_27_0 (debugfs_trace_marker)) +(typeattributeset debugfs_tracing_27_0 (debugfs_tracing)) +(typeattributeset debugfs_tracing_debug_27_0 (debugfs_tracing_debug)) +(typeattributeset debugfs_tracing_instances_27_0 (debugfs_tracing_instances)) +(typeattributeset debugfs_wifi_tracing_27_0 (debugfs_wifi_tracing)) +(typeattributeset debuggerd_prop_27_0 (debuggerd_prop)) +(typeattributeset debug_prop_27_0 (debug_prop)) +(typeattributeset default_android_hwservice_27_0 (default_android_hwservice)) +(typeattributeset default_android_service_27_0 (default_android_service)) +(typeattributeset default_android_vndservice_27_0 (default_android_vndservice)) +(typeattributeset default_prop_27_0 + ( default_prop + pm_prop)) +(typeattributeset device_27_0 (device)) +(typeattributeset device_identifiers_service_27_0 (device_identifiers_service)) +(typeattributeset deviceidle_service_27_0 (deviceidle_service)) +(typeattributeset device_logging_prop_27_0 (device_logging_prop)) +(typeattributeset device_policy_service_27_0 (device_policy_service)) +(typeattributeset devicestoragemonitor_service_27_0 (devicestoragemonitor_service)) +(typeattributeset devpts_27_0 (devpts)) +(typeattributeset dex2oat_27_0 (dex2oat)) +(typeattributeset dex2oat_exec_27_0 (dex2oat_exec)) +(typeattributeset dhcp_27_0 (dhcp)) +(typeattributeset dhcp_data_file_27_0 (dhcp_data_file)) +(typeattributeset dhcp_exec_27_0 (dhcp_exec)) +(typeattributeset dhcp_prop_27_0 (dhcp_prop)) +(typeattributeset diskstats_service_27_0 (diskstats_service)) +(typeattributeset display_service_27_0 (display_service)) +(typeattributeset dm_device_27_0 (dm_device)) +(typeattributeset dnsmasq_27_0 (dnsmasq)) +(typeattributeset dnsmasq_exec_27_0 (dnsmasq_exec)) +(typeattributeset dnsproxyd_socket_27_0 (dnsproxyd_socket)) +(typeattributeset DockObserver_service_27_0 (DockObserver_service)) +(typeattributeset dreams_service_27_0 (dreams_service)) +(typeattributeset drm_data_file_27_0 (drm_data_file)) +(typeattributeset drmserver_27_0 (drmserver)) +(typeattributeset drmserver_exec_27_0 (drmserver_exec)) +(typeattributeset drmserver_service_27_0 (drmserver_service)) +(typeattributeset drmserver_socket_27_0 (drmserver_socket)) +(typeattributeset dropbox_service_27_0 (dropbox_service)) +(typeattributeset dumpstate_27_0 (dumpstate)) +(typeattributeset dumpstate_exec_27_0 (dumpstate_exec)) +(typeattributeset dumpstate_options_prop_27_0 (dumpstate_options_prop)) +(typeattributeset dumpstate_prop_27_0 (dumpstate_prop)) +(typeattributeset dumpstate_service_27_0 (dumpstate_service)) +(typeattributeset dumpstate_socket_27_0 (dumpstate_socket)) +(typeattributeset e2fs_27_0 (e2fs)) +(typeattributeset e2fs_exec_27_0 (e2fs_exec)) +(typeattributeset efs_file_27_0 (efs_file)) +(typeattributeset ephemeral_app_27_0 (ephemeral_app)) +(typeattributeset ethernet_service_27_0 (ethernet_service)) +(typeattributeset ffs_prop_27_0 (ffs_prop)) +(typeattributeset file_contexts_file_27_0 (file_contexts_file)) +(typeattributeset fingerprintd_27_0 (fingerprintd)) +(typeattributeset fingerprintd_data_file_27_0 (fingerprintd_data_file)) +(typeattributeset fingerprintd_exec_27_0 (fingerprintd_exec)) +(typeattributeset fingerprintd_service_27_0 (fingerprintd_service)) +(typeattributeset fingerprint_prop_27_0 (fingerprint_prop)) +(typeattributeset fingerprint_service_27_0 (fingerprint_service)) +(typeattributeset firstboot_prop_27_0 (firstboot_prop)) +(typeattributeset font_service_27_0 (font_service)) +(typeattributeset frp_block_device_27_0 (frp_block_device)) +(typeattributeset fsck_27_0 (fsck)) +(typeattributeset fsck_exec_27_0 (fsck_exec)) +(typeattributeset fscklogs_27_0 (fscklogs)) +(typeattributeset fsck_untrusted_27_0 (fsck_untrusted)) +(typeattributeset full_device_27_0 (full_device)) +(typeattributeset functionfs_27_0 (functionfs)) +(typeattributeset fuse_27_0 (fuse)) +(typeattributeset fuse_device_27_0 (fuse_device)) +(typeattributeset fwk_display_hwservice_27_0 (fwk_display_hwservice)) +(typeattributeset fwk_scheduler_hwservice_27_0 (fwk_scheduler_hwservice)) +(typeattributeset fwk_sensor_hwservice_27_0 (fwk_sensor_hwservice)) +(typeattributeset fwmarkd_socket_27_0 (fwmarkd_socket)) +(typeattributeset gatekeeperd_27_0 (gatekeeperd)) +(typeattributeset gatekeeper_data_file_27_0 (gatekeeper_data_file)) +(typeattributeset gatekeeperd_exec_27_0 (gatekeeperd_exec)) +(typeattributeset gatekeeper_service_27_0 (gatekeeper_service)) +(typeattributeset gfxinfo_service_27_0 (gfxinfo_service)) +(typeattributeset gps_control_27_0 (gps_control)) +(typeattributeset gpu_device_27_0 (gpu_device)) +(typeattributeset gpu_service_27_0 (gpu_service)) +(typeattributeset graphics_device_27_0 (graphics_device)) +(typeattributeset graphicsstats_service_27_0 (graphicsstats_service)) +(typeattributeset hal_audio_hwservice_27_0 (hal_audio_hwservice)) +(typeattributeset hal_bluetooth_hwservice_27_0 (hal_bluetooth_hwservice)) +(typeattributeset hal_bootctl_hwservice_27_0 (hal_bootctl_hwservice)) +(typeattributeset hal_broadcastradio_hwservice_27_0 (hal_broadcastradio_hwservice)) +(typeattributeset hal_camera_hwservice_27_0 (hal_camera_hwservice)) +(typeattributeset hal_cas_hwservice_27_0 (hal_cas_hwservice)) +(typeattributeset hal_configstore_ISurfaceFlingerConfigs_27_0 (hal_configstore_ISurfaceFlingerConfigs)) +(typeattributeset hal_contexthub_hwservice_27_0 (hal_contexthub_hwservice)) +(typeattributeset hal_drm_hwservice_27_0 (hal_drm_hwservice)) +(typeattributeset hal_dumpstate_hwservice_27_0 (hal_dumpstate_hwservice)) +(typeattributeset hal_fingerprint_hwservice_27_0 (hal_fingerprint_hwservice)) +(typeattributeset hal_fingerprint_service_27_0 (hal_fingerprint_service)) +(typeattributeset hal_gatekeeper_hwservice_27_0 (hal_gatekeeper_hwservice)) +(typeattributeset hal_gnss_hwservice_27_0 (hal_gnss_hwservice)) +(typeattributeset hal_graphics_allocator_hwservice_27_0 (hal_graphics_allocator_hwservice)) +(typeattributeset hal_graphics_composer_hwservice_27_0 (hal_graphics_composer_hwservice)) +(typeattributeset hal_graphics_mapper_hwservice_27_0 (hal_graphics_mapper_hwservice)) +(typeattributeset hal_health_hwservice_27_0 (hal_health_hwservice)) +(typeattributeset hal_ir_hwservice_27_0 (hal_ir_hwservice)) +(typeattributeset hal_keymaster_hwservice_27_0 (hal_keymaster_hwservice)) +(typeattributeset hal_light_hwservice_27_0 (hal_light_hwservice)) +(typeattributeset hal_memtrack_hwservice_27_0 (hal_memtrack_hwservice)) +(typeattributeset hal_neuralnetworks_hwservice_27_0 (hal_neuralnetworks_hwservice)) +(typeattributeset hal_nfc_hwservice_27_0 (hal_nfc_hwservice)) +(typeattributeset hal_oemlock_hwservice_27_0 (hal_oemlock_hwservice)) +(typeattributeset hal_omx_hwservice_27_0 (hal_omx_hwservice)) +(typeattributeset hal_power_hwservice_27_0 (hal_power_hwservice)) +(typeattributeset hal_renderscript_hwservice_27_0 (hal_renderscript_hwservice)) +(typeattributeset hal_sensors_hwservice_27_0 (hal_sensors_hwservice)) +(typeattributeset hal_telephony_hwservice_27_0 (hal_telephony_hwservice)) +(typeattributeset hal_tetheroffload_hwservice_27_0 (hal_tetheroffload_hwservice)) +(typeattributeset hal_thermal_hwservice_27_0 (hal_thermal_hwservice)) +(typeattributeset hal_tv_cec_hwservice_27_0 (hal_tv_cec_hwservice)) +(typeattributeset hal_tv_input_hwservice_27_0 (hal_tv_input_hwservice)) +(typeattributeset hal_usb_hwservice_27_0 (hal_usb_hwservice)) +(typeattributeset hal_vibrator_hwservice_27_0 (hal_vibrator_hwservice)) +(typeattributeset hal_vr_hwservice_27_0 (hal_vr_hwservice)) +(typeattributeset hal_weaver_hwservice_27_0 (hal_weaver_hwservice)) +(typeattributeset hal_wifi_hwservice_27_0 (hal_wifi_hwservice)) +(typeattributeset hal_wifi_offload_hwservice_27_0 (hal_wifi_offload_hwservice)) +(typeattributeset hal_wifi_supplicant_hwservice_27_0 (hal_wifi_supplicant_hwservice)) +(typeattributeset hardware_properties_service_27_0 (hardware_properties_service)) +(typeattributeset hardware_service_27_0 (hardware_service)) +(typeattributeset hci_attach_dev_27_0 (hci_attach_dev)) +(typeattributeset hdmi_control_service_27_0 (hdmi_control_service)) +(typeattributeset healthd_27_0 (healthd)) +(typeattributeset healthd_exec_27_0 (healthd_exec)) +(typeattributeset heapdump_data_file_27_0 (heapdump_data_file)) +(typeattributeset hidl_allocator_hwservice_27_0 (hidl_allocator_hwservice)) +(typeattributeset hidl_base_hwservice_27_0 (hidl_base_hwservice)) +(typeattributeset hidl_manager_hwservice_27_0 (hidl_manager_hwservice)) +(typeattributeset hidl_memory_hwservice_27_0 (hidl_memory_hwservice)) +(typeattributeset hidl_token_hwservice_27_0 (hidl_token_hwservice)) +(typeattributeset hwbinder_device_27_0 (hwbinder_device)) +(typeattributeset hw_random_device_27_0 (hw_random_device)) +(typeattributeset hwservice_contexts_file_27_0 (hwservice_contexts_file)) +(typeattributeset hwservicemanager_27_0 (hwservicemanager)) +(typeattributeset hwservicemanager_exec_27_0 (hwservicemanager_exec)) +(typeattributeset hwservicemanager_prop_27_0 (hwservicemanager_prop)) +(typeattributeset i2c_device_27_0 (i2c_device)) +(typeattributeset icon_file_27_0 (icon_file)) +(typeattributeset idmap_27_0 (idmap)) +(typeattributeset idmap_exec_27_0 (idmap_exec)) +(typeattributeset iio_device_27_0 (iio_device)) +(typeattributeset imms_service_27_0 (imms_service)) +(typeattributeset incident_27_0 (incident)) +(typeattributeset incidentd_27_0 (incidentd)) +(typeattributeset incident_data_file_27_0 (incident_data_file)) +(typeattributeset incident_service_27_0 (incident_service)) +(typeattributeset init_27_0 (init)) +(typeattributeset init_exec_27_0 (init_exec watchdogd_exec)) +(typeattributeset inotify_27_0 (inotify)) +(typeattributeset input_device_27_0 (input_device)) +(typeattributeset inputflinger_27_0 (inputflinger)) +(typeattributeset inputflinger_exec_27_0 (inputflinger_exec)) +(typeattributeset inputflinger_service_27_0 (inputflinger_service)) +(typeattributeset input_method_service_27_0 (input_method_service)) +(typeattributeset input_service_27_0 (input_service)) +(typeattributeset installd_27_0 (installd)) +(typeattributeset install_data_file_27_0 (install_data_file)) +(typeattributeset installd_exec_27_0 (installd_exec)) +(typeattributeset installd_service_27_0 (installd_service)) +(typeattributeset install_recovery_27_0 (install_recovery)) +(typeattributeset install_recovery_exec_27_0 (install_recovery_exec)) +(typeattributeset ion_device_27_0 (ion_device)) +(typeattributeset IProxyService_service_27_0 (IProxyService_service)) +(typeattributeset ipsec_service_27_0 (ipsec_service)) +(typeattributeset isolated_app_27_0 (isolated_app)) +(typeattributeset jobscheduler_service_27_0 (jobscheduler_service)) +(typeattributeset kernel_27_0 (kernel)) +(typeattributeset keychain_data_file_27_0 (keychain_data_file)) +(typeattributeset keychord_device_27_0 (keychord_device)) +(typeattributeset keystore_27_0 (keystore)) +(typeattributeset keystore_data_file_27_0 (keystore_data_file)) +(typeattributeset keystore_exec_27_0 (keystore_exec)) +(typeattributeset keystore_service_27_0 (keystore_service)) +(typeattributeset kmem_device_27_0 (kmem_device)) +(typeattributeset kmsg_debug_device_27_0 (kmsg_debug_device)) +(typeattributeset kmsg_device_27_0 (kmsg_device)) +(typeattributeset labeledfs_27_0 (labeledfs)) +(typeattributeset launcherapps_service_27_0 (launcherapps_service)) +(typeattributeset lmkd_27_0 (lmkd)) +(typeattributeset lmkd_exec_27_0 (lmkd_exec)) +(typeattributeset lmkd_socket_27_0 (lmkd_socket)) +(typeattributeset location_service_27_0 (location_service)) +(typeattributeset lock_settings_service_27_0 (lock_settings_service)) +(typeattributeset logcat_exec_27_0 (logcat_exec)) +(typeattributeset logd_27_0 (logd)) +(typeattributeset logd_exec_27_0 (logd_exec)) +(typeattributeset logd_prop_27_0 (logd_prop)) +(typeattributeset logdr_socket_27_0 (logdr_socket)) +(typeattributeset logd_socket_27_0 (logd_socket)) +(typeattributeset logdw_socket_27_0 (logdw_socket)) +(typeattributeset logpersist_27_0 (logpersist)) +(typeattributeset logpersistd_logging_prop_27_0 (logpersistd_logging_prop)) +(typeattributeset log_prop_27_0 (log_prop)) +(typeattributeset log_tag_prop_27_0 (log_tag_prop)) +(typeattributeset loop_control_device_27_0 (loop_control_device)) +(typeattributeset loop_device_27_0 (loop_device)) +(typeattributeset mac_perms_file_27_0 (mac_perms_file)) +(typeattributeset mdnsd_27_0 (mdnsd)) +(typeattributeset mdnsd_socket_27_0 (mdnsd_socket)) +(typeattributeset mdns_socket_27_0 (mdns_socket)) +(typeattributeset hal_omx_server (mediacodec_27_0)) +(typeattributeset mediacodec_27_0 (mediacodec)) +(typeattributeset mediacodec_exec_27_0 (mediacodec_exec)) +(typeattributeset mediacodec_service_27_0 (mediacodec_service)) +(typeattributeset media_data_file_27_0 (media_data_file)) +(typeattributeset mediadrmserver_27_0 (mediadrmserver)) +(typeattributeset mediadrmserver_exec_27_0 (mediadrmserver_exec)) +(typeattributeset mediadrmserver_service_27_0 (mediadrmserver_service)) +(typeattributeset mediaextractor_27_0 (mediaextractor)) +(typeattributeset mediaextractor_exec_27_0 (mediaextractor_exec)) +(typeattributeset mediaextractor_service_27_0 (mediaextractor_service)) +(typeattributeset mediametrics_27_0 (mediametrics)) +(typeattributeset mediametrics_exec_27_0 (mediametrics_exec)) +(typeattributeset mediametrics_service_27_0 (mediametrics_service)) +(typeattributeset media_projection_service_27_0 (media_projection_service)) +(typeattributeset mediaprovider_27_0 (mediaprovider)) +(typeattributeset media_router_service_27_0 (media_router_service)) +(typeattributeset media_rw_data_file_27_0 (media_rw_data_file)) +(typeattributeset mediaserver_27_0 (mediaserver)) +(typeattributeset mediaserver_exec_27_0 (mediaserver_exec)) +(typeattributeset mediaserver_service_27_0 (mediaserver_service)) +(typeattributeset media_session_service_27_0 (media_session_service)) +(typeattributeset meminfo_service_27_0 (meminfo_service)) +(typeattributeset metadata_block_device_27_0 (metadata_block_device)) +(typeattributeset method_trace_data_file_27_0 (method_trace_data_file)) +(typeattributeset midi_service_27_0 (midi_service)) +(typeattributeset misc_block_device_27_0 (misc_block_device)) +(typeattributeset misc_logd_file_27_0 (misc_logd_file)) +(typeattributeset misc_user_data_file_27_0 (misc_user_data_file)) +(typeattributeset mmc_prop_27_0 (mmc_prop)) +(typeattributeset mnt_expand_file_27_0 (mnt_expand_file)) +(typeattributeset mnt_media_rw_file_27_0 (mnt_media_rw_file)) +(typeattributeset mnt_media_rw_stub_file_27_0 (mnt_media_rw_stub_file)) +(typeattributeset mnt_user_file_27_0 (mnt_user_file)) +(typeattributeset modprobe_27_0 (modprobe)) +(typeattributeset mount_service_27_0 (mount_service)) +(typeattributeset mqueue_27_0 (mqueue)) +(typeattributeset mtd_device_27_0 (mtd_device)) +(typeattributeset mtp_27_0 (mtp)) +(typeattributeset mtp_device_27_0 (mtp_device)) +(typeattributeset mtpd_socket_27_0 (mtpd_socket)) +(typeattributeset mtp_exec_27_0 (mtp_exec)) +(typeattributeset nativetest_data_file_27_0 (nativetest_data_file)) +(typeattributeset netd_27_0 (netd)) +(typeattributeset net_data_file_27_0 (net_data_file)) +(typeattributeset netd_exec_27_0 (netd_exec)) +(typeattributeset netd_listener_service_27_0 (netd_listener_service)) +(typeattributeset net_dns_prop_27_0 (net_dns_prop)) +(typeattributeset netd_service_27_0 (netd_service)) +(typeattributeset netd_socket_27_0 (netd_socket)) +(typeattributeset netd_stable_secret_prop_27_0 (netd_stable_secret_prop)) +(typeattributeset netif_27_0 (netif)) +(typeattributeset netpolicy_service_27_0 (netpolicy_service)) +(typeattributeset net_radio_prop_27_0 (net_radio_prop)) +(typeattributeset netstats_service_27_0 (netstats_service)) +(typeattributeset netutils_wrapper_27_0 (netutils_wrapper)) +(typeattributeset netutils_wrapper_exec_27_0 (netutils_wrapper_exec)) +(typeattributeset network_management_service_27_0 (network_management_service)) +(typeattributeset network_score_service_27_0 (network_score_service)) +(typeattributeset network_time_update_service_27_0 (network_time_update_service)) +(typeattributeset nfc_27_0 (nfc)) +(typeattributeset nfc_data_file_27_0 (nfc_data_file)) +(typeattributeset nfc_device_27_0 (nfc_device)) +(typeattributeset nfc_prop_27_0 (nfc_prop)) +(typeattributeset nfc_service_27_0 (nfc_service)) +(typeattributeset node_27_0 (node)) +(typeattributeset nonplat_service_contexts_file_27_0 (nonplat_service_contexts_file)) +(typeattributeset notification_service_27_0 (notification_service)) +(typeattributeset null_device_27_0 (null_device)) +(typeattributeset oemfs_27_0 (oemfs)) +(typeattributeset oem_lock_service_27_0 (oem_lock_service)) +(typeattributeset ota_data_file_27_0 (ota_data_file)) +(typeattributeset otadexopt_service_27_0 (otadexopt_service)) +(typeattributeset ota_package_file_27_0 (ota_package_file)) +(typeattributeset otapreopt_chroot_27_0 (otapreopt_chroot)) +(typeattributeset otapreopt_chroot_exec_27_0 (otapreopt_chroot_exec)) +(typeattributeset otapreopt_slot_27_0 (otapreopt_slot)) +(typeattributeset otapreopt_slot_exec_27_0 (otapreopt_slot_exec)) +(typeattributeset overlay_prop_27_0 (overlay_prop)) +(typeattributeset overlay_service_27_0 (overlay_service)) +(typeattributeset owntty_device_27_0 (owntty_device)) +(typeattributeset package_native_service_27_0 (package_native_service)) +(typeattributeset package_service_27_0 (package_service)) +(typeattributeset pan_result_prop_27_0 (pan_result_prop)) +(typeattributeset pdx_bufferhub_client_channel_socket_27_0 (pdx_bufferhub_client_channel_socket)) +(typeattributeset pdx_bufferhub_client_endpoint_socket_27_0 (pdx_bufferhub_client_endpoint_socket)) +(typeattributeset pdx_bufferhub_dir_27_0 (pdx_bufferhub_dir)) +(typeattributeset pdx_display_client_channel_socket_27_0 (pdx_display_client_channel_socket)) +(typeattributeset pdx_display_client_endpoint_socket_27_0 (pdx_display_client_endpoint_socket)) +(typeattributeset pdx_display_dir_27_0 (pdx_display_dir)) +(typeattributeset pdx_display_manager_channel_socket_27_0 (pdx_display_manager_channel_socket)) +(typeattributeset pdx_display_manager_endpoint_socket_27_0 (pdx_display_manager_endpoint_socket)) +(typeattributeset pdx_display_screenshot_channel_socket_27_0 (pdx_display_screenshot_channel_socket)) +(typeattributeset pdx_display_screenshot_endpoint_socket_27_0 (pdx_display_screenshot_endpoint_socket)) +(typeattributeset pdx_display_vsync_channel_socket_27_0 (pdx_display_vsync_channel_socket)) +(typeattributeset pdx_display_vsync_endpoint_socket_27_0 (pdx_display_vsync_endpoint_socket)) +(typeattributeset pdx_performance_client_channel_socket_27_0 (pdx_performance_client_channel_socket)) +(typeattributeset pdx_performance_client_endpoint_socket_27_0 (pdx_performance_client_endpoint_socket)) +(typeattributeset pdx_performance_dir_27_0 (pdx_performance_dir)) +(typeattributeset performanced_27_0 (performanced)) +(typeattributeset performanced_exec_27_0 (performanced_exec)) +(typeattributeset permission_service_27_0 (permission_service)) +(typeattributeset persist_debug_prop_27_0 (persist_debug_prop)) +(typeattributeset persistent_data_block_service_27_0 (persistent_data_block_service)) +(typeattributeset persistent_properties_ready_prop_27_0 (persistent_properties_ready_prop)) +(typeattributeset pinner_service_27_0 (pinner_service)) +(typeattributeset pipefs_27_0 (pipefs)) +(typeattributeset platform_app_27_0 (platform_app)) +(typeattributeset pmsg_device_27_0 (pmsg_device)) +(typeattributeset port_27_0 (port)) +(typeattributeset port_device_27_0 (port_device)) +(typeattributeset postinstall_27_0 (postinstall)) +(typeattributeset postinstall_dexopt_27_0 (postinstall_dexopt)) +(typeattributeset postinstall_file_27_0 (postinstall_file)) +(typeattributeset postinstall_mnt_dir_27_0 (postinstall_mnt_dir)) +(typeattributeset powerctl_prop_27_0 (powerctl_prop)) +(typeattributeset power_service_27_0 (power_service)) +(typeattributeset ppp_27_0 (ppp)) +(typeattributeset ppp_device_27_0 (ppp_device)) +(typeattributeset ppp_exec_27_0 (ppp_exec)) +(typeattributeset preloads_data_file_27_0 (preloads_data_file)) +(typeattributeset preloads_media_file_27_0 (preloads_media_file)) +(typeattributeset preopt2cachename_27_0 (preopt2cachename)) +(typeattributeset preopt2cachename_exec_27_0 (preopt2cachename_exec)) +(typeattributeset print_service_27_0 (print_service)) +(typeattributeset priv_app_27_0 (priv_app)) +(typeattributeset proc_27_0 + ( proc + proc_abi + proc_asound + proc_buddyinfo + proc_cmdline + proc_dirty + proc_diskstats + proc_extra_free_kbytes + proc_filesystems + proc_hostname + proc_hung_task + proc_kmsg + proc_loadavg + proc_max_map_count + proc_min_free_order_shift + proc_mounts + proc_page_cluster + proc_pagetypeinfo + proc_panic + proc_pid_max + proc_pipe_conf + proc_random + proc_sched + proc_slabinfo + proc_swaps + proc_uid_concurrent_active_time + proc_uid_concurrent_policy_time + proc_uid_cpupower + proc_uptime + proc_version + proc_vmallocinfo + proc_vmstat)) +(typeattributeset proc_bluetooth_writable_27_0 (proc_bluetooth_writable)) +(typeattributeset proc_cpuinfo_27_0 (proc_cpuinfo)) +(typeattributeset proc_drop_caches_27_0 (proc_drop_caches)) +(typeattributeset processinfo_service_27_0 (processinfo_service)) +(typeattributeset proc_interrupts_27_0 (proc_interrupts)) +(typeattributeset proc_iomem_27_0 (proc_iomem)) +(typeattributeset proc_meminfo_27_0 (proc_meminfo)) +(typeattributeset proc_misc_27_0 (proc_misc)) +(typeattributeset proc_modules_27_0 (proc_modules)) +(typeattributeset proc_net_27_0 + ( proc_net + proc_net_tcp_udp + proc_qtaguid_stat)) +(typeattributeset proc_overcommit_memory_27_0 (proc_overcommit_memory)) +(typeattributeset proc_perf_27_0 (proc_perf)) +(typeattributeset proc_security_27_0 (proc_security)) +(typeattributeset proc_stat_27_0 (proc_stat)) +(typeattributeset procstats_service_27_0 (procstats_service)) +(typeattributeset proc_sysrq_27_0 (proc_sysrq)) +(typeattributeset proc_timer_27_0 (proc_timer)) +(typeattributeset proc_tty_drivers_27_0 (proc_tty_drivers)) +(typeattributeset proc_uid_cputime_removeuid_27_0 (proc_uid_cputime_removeuid)) +(typeattributeset proc_uid_cputime_showstat_27_0 (proc_uid_cputime_showstat)) +(typeattributeset proc_uid_io_stats_27_0 (proc_uid_io_stats)) +(typeattributeset proc_uid_procstat_set_27_0 (proc_uid_procstat_set)) +(typeattributeset proc_uid_time_in_state_27_0 (proc_uid_time_in_state)) +(typeattributeset proc_zoneinfo_27_0 (proc_zoneinfo)) +(typeattributeset profman_27_0 (profman)) +(typeattributeset profman_dump_data_file_27_0 (profman_dump_data_file)) +(typeattributeset profman_exec_27_0 (profman_exec)) +(typeattributeset properties_device_27_0 (properties_device)) +(typeattributeset properties_serial_27_0 (properties_serial)) +(typeattributeset property_contexts_file_27_0 (property_contexts_file)) +(typeattributeset property_data_file_27_0 (property_data_file)) +(typeattributeset property_socket_27_0 (property_socket)) +(typeattributeset pstorefs_27_0 (pstorefs)) +(typeattributeset ptmx_device_27_0 (ptmx_device)) +(typeattributeset qtaguid_device_27_0 (qtaguid_device)) +(typeattributeset qtaguid_proc_27_0 + ( proc_qtaguid_ctrl + qtaguid_proc)) +(typeattributeset racoon_27_0 (racoon)) +(typeattributeset racoon_exec_27_0 (racoon_exec)) +(typeattributeset racoon_socket_27_0 (racoon_socket)) +(typeattributeset radio_27_0 (radio)) +(typeattributeset radio_data_file_27_0 (radio_data_file)) +(typeattributeset radio_device_27_0 (radio_device)) +(typeattributeset radio_prop_27_0 (radio_prop)) +(typeattributeset radio_service_27_0 (radio_service)) +(typeattributeset ram_device_27_0 (ram_device)) +(typeattributeset random_device_27_0 (random_device)) +(typeattributeset reboot_data_file_27_0 (reboot_data_file)) +(typeattributeset recovery_27_0 (recovery)) +(typeattributeset recovery_block_device_27_0 (recovery_block_device)) +(typeattributeset recovery_data_file_27_0 (recovery_data_file)) +(typeattributeset recovery_persist_27_0 (recovery_persist)) +(typeattributeset recovery_persist_exec_27_0 (recovery_persist_exec)) +(typeattributeset recovery_refresh_27_0 (recovery_refresh)) +(typeattributeset recovery_refresh_exec_27_0 (recovery_refresh_exec)) +(typeattributeset recovery_service_27_0 (recovery_service)) +(typeattributeset registry_service_27_0 (registry_service)) +(typeattributeset resourcecache_data_file_27_0 (resourcecache_data_file)) +(typeattributeset restorecon_prop_27_0 (restorecon_prop)) +(typeattributeset restrictions_service_27_0 (restrictions_service)) +(typeattributeset rild_27_0 (rild)) +(typeattributeset rild_debug_socket_27_0 (rild_debug_socket)) +(typeattributeset rild_socket_27_0 (rild_socket)) +(typeattributeset ringtone_file_27_0 (ringtone_file)) +(typeattributeset root_block_device_27_0 (root_block_device)) +(typeattributeset rootfs_27_0 (rootfs)) +(typeattributeset rpmsg_device_27_0 (rpmsg_device)) +(typeattributeset rtc_device_27_0 (rtc_device)) +(typeattributeset rttmanager_service_27_0 (rttmanager_service)) +(typeattributeset runas_27_0 (runas)) +(typeattributeset runas_exec_27_0 (runas_exec)) +(typeattributeset runtime_event_log_tags_file_27_0 (runtime_event_log_tags_file)) +(typeattributeset safemode_prop_27_0 (safemode_prop)) +(typeattributeset same_process_hal_file_27_0 + ( same_process_hal_file + vendor_public_lib_file)) +(typeattributeset samplingprofiler_service_27_0 (samplingprofiler_service)) +(typeattributeset scheduling_policy_service_27_0 (scheduling_policy_service)) +(typeattributeset sdcardd_27_0 (sdcardd)) +(typeattributeset sdcardd_exec_27_0 (sdcardd_exec)) +(typeattributeset sdcardfs_27_0 (sdcardfs)) +(typeattributeset seapp_contexts_file_27_0 (seapp_contexts_file)) +(typeattributeset search_service_27_0 (search_service)) +(typeattributeset sec_key_att_app_id_provider_service_27_0 (sec_key_att_app_id_provider_service)) +(typeattributeset selinuxfs_27_0 (selinuxfs)) +(typeattributeset sensors_device_27_0 (sensors_device)) +(typeattributeset sensorservice_service_27_0 (sensorservice_service)) +(typeattributeset sepolicy_file_27_0 (sepolicy_file)) +(typeattributeset serial_device_27_0 (serial_device)) +(typeattributeset serialno_prop_27_0 (serialno_prop)) +(typeattributeset serial_service_27_0 (serial_service)) +(typeattributeset service_contexts_file_27_0 (service_contexts_file)) +(typeattributeset servicediscovery_service_27_0 (servicediscovery_service)) +(typeattributeset servicemanager_27_0 (servicemanager)) +(typeattributeset servicemanager_exec_27_0 (servicemanager_exec)) +(typeattributeset settings_service_27_0 (settings_service)) +(typeattributeset sgdisk_27_0 (sgdisk)) +(typeattributeset sgdisk_exec_27_0 (sgdisk_exec)) +(typeattributeset shared_relro_27_0 (shared_relro)) +(typeattributeset shared_relro_file_27_0 (shared_relro_file)) +(typeattributeset shell_27_0 (shell)) +(typeattributeset shell_data_file_27_0 (shell_data_file)) +(typeattributeset shell_exec_27_0 (shell_exec)) +(typeattributeset shell_prop_27_0 (shell_prop)) +(typeattributeset shm_27_0 (shm)) +(typeattributeset shortcut_manager_icons_27_0 (shortcut_manager_icons)) +(typeattributeset shortcut_service_27_0 (shortcut_service)) +(typeattributeset slideshow_27_0 (slideshow)) +(typeattributeset socket_device_27_0 (socket_device)) +(typeattributeset sockfs_27_0 (sockfs)) +(typeattributeset statusbar_service_27_0 (statusbar_service)) +(typeattributeset storaged_service_27_0 (storaged_service)) +(typeattributeset storage_file_27_0 (storage_file)) +(typeattributeset storagestats_service_27_0 (storagestats_service)) +(typeattributeset storage_stub_file_27_0 (storage_stub_file)) +(typeattributeset su_27_0 (su)) +(typeattributeset su_exec_27_0 (su_exec)) +(typeattributeset surfaceflinger_27_0 (surfaceflinger)) +(typeattributeset surfaceflinger_service_27_0 (surfaceflinger_service)) +(typeattributeset swap_block_device_27_0 (swap_block_device)) +(typeattributeset sysfs_27_0 + ( sysfs + sysfs_android_usb + sysfs_dm + sysfs_dt_firmware_android + sysfs_ipv4 + sysfs_kernel_notes + sysfs_loop + sysfs_net + sysfs_power + sysfs_rtc + sysfs_switch + sysfs_wakeup_reasons)) +(typeattributeset sysfs_batteryinfo_27_0 (sysfs_batteryinfo)) +(typeattributeset sysfs_bluetooth_writable_27_0 (sysfs_bluetooth_writable)) +(typeattributeset sysfs_devices_system_cpu_27_0 (sysfs_devices_system_cpu)) +(typeattributeset sysfs_fs_ext4_features_27_0 (sysfs_fs_ext4_features)) +(typeattributeset sysfs_hwrandom_27_0 (sysfs_hwrandom)) +(typeattributeset sysfs_leds_27_0 (sysfs_leds)) +(typeattributeset sysfs_lowmemorykiller_27_0 (sysfs_lowmemorykiller)) +(typeattributeset sysfs_mac_address_27_0 (sysfs_mac_address)) +(typeattributeset sysfs_nfc_power_writable_27_0 (sysfs_nfc_power_writable)) +(typeattributeset sysfs_thermal_27_0 (sysfs_thermal)) +(typeattributeset sysfs_uio_27_0 (sysfs_uio)) +(typeattributeset sysfs_usb_27_0 (sysfs_usb)) +(typeattributeset sysfs_usermodehelper_27_0 (sysfs_usermodehelper)) +(typeattributeset sysfs_vibrator_27_0 (sysfs_vibrator)) +(typeattributeset sysfs_wake_lock_27_0 (sysfs_wake_lock)) +(typeattributeset sysfs_wlan_fwpath_27_0 (sysfs_wlan_fwpath)) +(typeattributeset sysfs_zram_27_0 (sysfs_zram)) +(typeattributeset sysfs_zram_uevent_27_0 (sysfs_zram_uevent)) +(typeattributeset system_app_27_0 (system_app)) +(typeattributeset system_app_data_file_27_0 (system_app_data_file)) +(typeattributeset system_app_service_27_0 (system_app_service)) +(typeattributeset system_block_device_27_0 (system_block_device)) +(typeattributeset system_data_file_27_0 + ( system_data_file + dropbox_data_file + vendor_data_file)) +(typeattributeset system_file_27_0 + ( system_file + system_lib_file + system_linker_config_file + system_linker_exec + system_seccomp_policy_file + system_security_cacerts_file + system_zoneinfo_file +)) +(typeattributeset systemkeys_data_file_27_0 (systemkeys_data_file)) +(typeattributeset system_ndebug_socket_27_0 (system_ndebug_socket)) +(typeattributeset system_net_netd_hwservice_27_0 (system_net_netd_hwservice)) +(typeattributeset system_prop_27_0 (system_prop)) +(typeattributeset system_radio_prop_27_0 (system_radio_prop)) +(typeattributeset system_server_27_0 (system_server)) +(typeattributeset system_wifi_keystore_hwservice_27_0 (system_wifi_keystore_hwservice)) +(typeattributeset system_wpa_socket_27_0 (system_wpa_socket)) +(typeattributeset task_service_27_0 (task_service)) +(typeattributeset tee_27_0 (tee)) +(typeattributeset tee_data_file_27_0 (tee_data_file)) +(typeattributeset tee_device_27_0 (tee_device)) +(typeattributeset telecom_service_27_0 (telecom_service)) +(typeattributeset textclassification_service_27_0 (textclassification_service)) +(typeattributeset textclassifier_data_file_27_0 (textclassifier_data_file)) +(typeattributeset textservices_service_27_0 (textservices_service)) +(typeattributeset thermalcallback_hwservice_27_0 (thermalcallback_hwservice)) +(typeattributeset thermal_service_27_0 (thermal_service)) +(typeattributeset thermalserviced_27_0 (thermalserviced)) +(typeattributeset thermalserviced_exec_27_0 (thermalserviced_exec)) +(typeattributeset timezone_service_27_0 (timezone_service)) +(typeattributeset tmpfs_27_0 (tmpfs)) +(typeattributeset tombstoned_27_0 (tombstoned)) +(typeattributeset tombstone_data_file_27_0 (tombstone_data_file)) +(typeattributeset tombstoned_crash_socket_27_0 (tombstoned_crash_socket)) +(typeattributeset tombstoned_exec_27_0 (tombstoned_exec)) +(typeattributeset tombstoned_intercept_socket_27_0 (tombstoned_intercept_socket)) +(typeattributeset tombstoned_java_trace_socket_27_0 (tombstoned_java_trace_socket)) +(typeattributeset toolbox_27_0 (toolbox)) +(typeattributeset toolbox_exec_27_0 (toolbox_exec)) +(typeattributeset trust_service_27_0 (trust_service)) +(typeattributeset tty_device_27_0 (tty_device)) +(typeattributeset tun_device_27_0 (tun_device)) +(typeattributeset tv_input_service_27_0 (tv_input_service)) +(typeattributeset tzdatacheck_27_0 (tzdatacheck)) +(typeattributeset tzdatacheck_exec_27_0 (tzdatacheck_exec)) +(typeattributeset ueventd_27_0 (ueventd)) +(typeattributeset uhid_device_27_0 (uhid_device)) +(typeattributeset uimode_service_27_0 (uimode_service)) +(typeattributeset uio_device_27_0 (uio_device)) +(typeattributeset uncrypt_27_0 (uncrypt)) +(typeattributeset uncrypt_exec_27_0 (uncrypt_exec)) +(typeattributeset uncrypt_socket_27_0 (uncrypt_socket)) +(typeattributeset unencrypted_data_file_27_0 (unencrypted_data_file)) +(typeattributeset unlabeled_27_0 (unlabeled)) +(typeattributeset untrusted_app_25_27_0 (untrusted_app_25)) +(typeattributeset untrusted_app_27_0 + ( untrusted_app + untrusted_app_27)) +(typeattributeset untrusted_v2_app_27_0 (untrusted_v2_app)) +(typeattributeset update_engine_27_0 (update_engine)) +(typeattributeset update_engine_data_file_27_0 (update_engine_data_file)) +(typeattributeset update_engine_exec_27_0 (update_engine_exec)) +(typeattributeset update_engine_service_27_0 (update_engine_service)) +(typeattributeset updatelock_service_27_0 (updatelock_service)) +(typeattributeset update_verifier_27_0 (update_verifier)) +(typeattributeset update_verifier_exec_27_0 (update_verifier_exec)) +(typeattributeset usagestats_service_27_0 (usagestats_service)) +(typeattributeset usbaccessory_device_27_0 (usbaccessory_device)) +(typeattributeset usb_device_27_0 (usb_device)) +(typeattributeset usbfs_27_0 (usbfs)) +(typeattributeset usb_service_27_0 (usb_service)) +(typeattributeset userdata_block_device_27_0 (userdata_block_device)) +(typeattributeset usermodehelper_27_0 (usermodehelper)) +(typeattributeset user_profile_data_file_27_0 (user_profile_data_file)) +(typeattributeset user_service_27_0 (user_service)) +(typeattributeset vcs_device_27_0 (vcs_device)) +(typeattributeset vdc_27_0 (vdc)) +(typeattributeset vdc_exec_27_0 (vdc_exec)) +(typeattributeset vendor_app_file_27_0 (vendor_app_file)) +(typeattributeset vendor_configs_file_27_0 (vendor_configs_file)) +(typeattributeset vendor_file_27_0 (vendor_file)) +(typeattributeset vendor_framework_file_27_0 (vendor_framework_file)) +(typeattributeset vendor_hal_file_27_0 (vendor_hal_file)) +(typeattributeset vendor_overlay_file_27_0 (vendor_overlay_file)) +(typeattributeset vendor_shell_exec_27_0 (vendor_shell_exec)) +(typeattributeset vendor_toolbox_exec_27_0 (vendor_toolbox_exec)) +(typeattributeset vfat_27_0 (vfat)) +(typeattributeset vibrator_service_27_0 (vibrator_service)) +(typeattributeset video_device_27_0 (video_device)) +(typeattributeset virtual_touchpad_27_0 (virtual_touchpad)) +(typeattributeset virtual_touchpad_exec_27_0 (virtual_touchpad_exec)) +(typeattributeset virtual_touchpad_service_27_0 (virtual_touchpad_service)) +(typeattributeset vndbinder_device_27_0 (vndbinder_device)) +(typeattributeset vndk_sp_file_27_0 (vndk_sp_file)) +(typeattributeset vndservice_contexts_file_27_0 (vndservice_contexts_file)) +(typeattributeset vndservicemanager_27_0 (vndservicemanager)) +(typeattributeset voiceinteraction_service_27_0 (voiceinteraction_service)) +(typeattributeset vold_27_0 (vold)) +(typeattributeset vold_data_file_27_0 (vold_data_file)) +(typeattributeset vold_device_27_0 (vold_device)) +(typeattributeset vold_exec_27_0 (vold_exec)) +(typeattributeset vold_prop_27_0 (vold_prop)) +(typeattributeset vold_socket_27_0 (vold_socket)) +(typeattributeset vpn_data_file_27_0 (vpn_data_file)) +(typeattributeset vr_hwc_27_0 (vr_hwc)) +(typeattributeset vr_hwc_exec_27_0 (vr_hwc_exec)) +(typeattributeset vr_hwc_service_27_0 (vr_hwc_service)) +(typeattributeset vr_manager_service_27_0 (vr_manager_service)) +(typeattributeset wallpaper_file_27_0 (wallpaper_file)) +(typeattributeset wallpaper_service_27_0 (wallpaper_service)) +(typeattributeset watchdogd_27_0 (watchdogd)) +(typeattributeset watchdog_device_27_0 (watchdog_device)) +(typeattributeset webviewupdate_service_27_0 (webviewupdate_service)) +(typeattributeset webview_zygote_27_0 (webview_zygote)) +(typeattributeset webview_zygote_exec_27_0 (webview_zygote_exec)) +(typeattributeset webview_zygote_socket_27_0 (webview_zygote_socket)) +(typeattributeset wifiaware_service_27_0 (wifiaware_service)) +(typeattributeset wificond_27_0 (wificond)) +(typeattributeset wificond_exec_27_0 (wificond_exec)) +(typeattributeset wificond_service_27_0 (wificond_service)) +(typeattributeset wifi_data_file_27_0 (wifi_data_file)) +(typeattributeset wifi_log_prop_27_0 (wifi_log_prop)) +(typeattributeset wifip2p_service_27_0 (wifip2p_service)) +(typeattributeset wifi_prop_27_0 (wifi_prop)) +(typeattributeset wifiscanner_service_27_0 (wifiscanner_service)) +(typeattributeset wifi_service_27_0 (wifi_service)) +(typeattributeset window_service_27_0 (window_service)) +(typeattributeset wpa_socket_27_0 (wpa_socket)) +(typeattributeset zero_device_27_0 (zero_device)) +(typeattributeset zoneinfo_data_file_27_0 (zoneinfo_data_file)) +(typeattributeset zygote_27_0 (zygote)) +(typeattributeset zygote_exec_27_0 (zygote_exec)) +(typeattributeset zygote_socket_27_0 (zygote_socket)) diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil new file mode 100644 index 000000000..30af58c42 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/27.0/27.0.compat.cil @@ -0,0 +1,5 @@ +(typeattribute vendordomain) +(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) +(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff)))) +(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff)))) +(allow vendordomain self (netlink_route_socket (nlmsg_readpriv))) diff --git a/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil new file mode 100644 index 000000000..cb500c9e0 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/27.0/27.0.ignore.cil @@ -0,0 +1,206 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + activity_task_service + adb_service + app_binding_service + apex_data_file + apex_metadata_file + apex_mnt_dir + apex_service + apexd + apexd_exec + apexd_prop + apexd_tmpfs + app_zygote + atrace + binder_calls_stats_service + biometric_service + blank_screen + blank_screen_exec + blank_screen_tmpfs + bootloader_boot_reason_prop + bluetooth_a2dp_offload_prop + bpfloader + bpfloader_exec + cgroup_bpf + charger_exec + color_display_service + content_capture_service + crossprofileapps_service + ctl_apexd_prop + ctl_interface_restart_prop + ctl_interface_start_prop + ctl_interface_stop_prop + ctl_sigstop_prop + device_config_boot_count_prop + device_config_reset_performed_prop + device_config_netd_native_prop + dnsresolver_service + exfat + exported2_config_prop + exported2_default_prop + exported2_radio_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_radio_prop + exported3_system_prop + exported_audio_prop + exported_bluetooth_prop + exported_config_prop + exported_dalvik_prop + exported_default_prop + exported_dumpstate_prop + exported_ffs_prop + exported_fingerprint_prop + exported_overlay_prop + exported_pm_prop + exported_radio_prop + exported_secure_prop + exported_system_prop + exported_system_radio_prop + exported_vold_prop + exported_wifi_prop + fastbootd + flags_health_check + flags_health_check_exec + fingerprint_vendor_data_file + fs_bpf + fwk_stats_hwservice + hal_atrace_hwservice + hal_audiocontrol_hwservice + hal_authsecret_hwservice + hal_codec2_hwservice + hal_confirmationui_hwservice + hal_evs_hwservice + hal_health_storage_hwservice + hal_lowpan_hwservice + hal_secure_element_hwservice + hal_usb_gadget_hwservice + hal_vehicle_hwservice + hal_wifi_hostapd_hwservice + heapprofd + heapprofd_exec + heapprofd_socket + incident_helper + incident_helper_exec + iorapd + iorapd_data_file + iorapd_exec + iorapd_service + iorapd_tmpfs + last_boot_reason_prop + llkd + llkd_exec + llkd_prop + llkd_tmpfs + looper_stats_service + lowpan_device + lowpan_prop + lowpan_service + mediaextractor_update_service + mediaswcodec + mediaswcodec_exec + mediaswcodec_tmpfs + metadata_bootstat_file + metadata_file + mnt_product_file + mnt_vendor_file + network_stack + network_stack_service + network_watchlist_data_file + network_watchlist_service + overlayfs_file + perfetto + perfetto_exec + perfetto_tmpfs + perfetto_traces_data_file + property_info + recovery_socket + role_service + runas_app + art_apex_dir + runtime_service + secure_element + secure_element_device + secure_element_service + secure_element_tmpfs + server_configurable_flags_data_file + simpleperf_app_runner + simpleperf_app_runner_exec + slice_service + socket_hook_prop + stats + stats_data_file + stats_exec + stats_service + statscompanion_service + statsd + statsd_exec + statsd_tmpfs + statsdw + statsdw_socket + storaged_data_file + super_block_device + staging_data_file + system_boot_reason_prop + system_bootstrap_lib_file + system_lmk_prop + system_update_service + test_boot_reason_prop + time_prop + timedetector_service + tombstone_wifi_data_file + trace_data_file + traced + traced_consumer_socket + traced_enabled_prop + traced_exec + traced_probes + traced_probes_exec + traced_probes_tmpfs + traced_producer_socket + traced_tmpfs + traceur_app + traceur_app_tmpfs + untrusted_app_all_devpts + update_engine_log_data_file + uri_grants_service + usbd + usbd_exec + usbd_tmpfs + vendor_apex_file + vendor_default_prop + vendor_init + vendor_security_patch_level_prop + vendor_shell + vendor_socket_hook_prop + vndk_prop + vold_metadata_file + vold_prepare_subdirs + vold_prepare_subdirs_exec + vold_service + vrflinger_vsync_service + wait_for_keymaster + wait_for_keymaster_exec + wait_for_keymaster_tmpfs + watchdogd_tmpfs + wm_trace_data_file + wpantund + wpantund_exec + wpantund_service + wpantund_tmpfs)) + +;; private_objects - a collection of types that were labeled differently in +;; older policy, but that should not remain accessible to vendor policy. +;; Thus, these types are also not mapped, but recorded for checkapi tests +(type priv_objects) +(typeattribute priv_objects) +(typeattributeset priv_objects + ( priv_objects + untrusted_app_27_tmpfs)) diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.cil new file mode 100644 index 000000000..321e9387e --- /dev/null +++ b/prebuilts/api/30.0/private/compat/28.0/28.0.cil @@ -0,0 +1,1744 @@ +;; attributes removed from current policy +(typeattribute hal_wifi_offload) +(typeattribute hal_wifi_offload_client) +(typeattribute hal_wifi_offload_server) + +;; types removed from current policy +(type alarm_device) +(type audio_seq_device) +(type audio_timer_device) +(type commontime_management_service) +(type cpuctl_device) +(type full_device) +(type hal_wifi_offload_hwservice) +(type i2c_device) +(type kmem_device) +(type mediacodec) +(type mediacodec_exec) +(type mediaextractor_update_service) +(type mtd_device) +(type netd_socket) +(type qtaguid_proc) +(type thermalcallback_hwservice) +(type thermalserviced) +(type thermalserviced_exec) +(type untrusted_v2_app) +(type vcs_device) + +;; Public 28.0 SEPolicy is divergent on different devices w.r.t +;; exported_audio_prop type. We need this typeattribute declaration so that the +;; mapping file compiles with vendor policies without exported_audio_prop type. +(typeattribute exported_audio_prop_28_0) + +(expandtypeattribute (accessibility_service_28_0) true) +(expandtypeattribute (account_service_28_0) true) +(expandtypeattribute (activity_service_28_0) true) +(expandtypeattribute (adbd_28_0) true) +(expandtypeattribute (adb_data_file_28_0) true) +(expandtypeattribute (adbd_exec_28_0) true) +(expandtypeattribute (adbd_socket_28_0) true) +(expandtypeattribute (adb_keys_file_28_0) true) +(expandtypeattribute (alarm_device_28_0) true) +(expandtypeattribute (alarm_service_28_0) true) +(expandtypeattribute (anr_data_file_28_0) true) +(expandtypeattribute (apk_data_file_28_0) true) +(expandtypeattribute (apk_private_data_file_28_0) true) +(expandtypeattribute (apk_private_tmp_file_28_0) true) +(expandtypeattribute (apk_tmp_file_28_0) true) +(expandtypeattribute (app_data_file_28_0) true) +(expandtypeattribute (app_fuse_file_28_0) true) +(expandtypeattribute (app_fusefs_28_0) true) +(expandtypeattribute (appops_service_28_0) true) +(expandtypeattribute (appwidget_service_28_0) true) +(expandtypeattribute (asec_apk_file_28_0) true) +(expandtypeattribute (asec_image_file_28_0) true) +(expandtypeattribute (asec_public_file_28_0) true) +(expandtypeattribute (ashmem_device_28_0) true) +(expandtypeattribute (assetatlas_service_28_0) true) +(expandtypeattribute (audio_data_file_28_0) true) +(expandtypeattribute (audio_device_28_0) true) +(expandtypeattribute (audiohal_data_file_28_0) true) +(expandtypeattribute (audio_prop_28_0) true) +(expandtypeattribute (audio_seq_device_28_0) true) +(expandtypeattribute (audioserver_28_0) true) +(expandtypeattribute (audioserver_data_file_28_0) true) +(expandtypeattribute (audioserver_service_28_0) true) +(expandtypeattribute (audio_service_28_0) true) +(expandtypeattribute (audio_timer_device_28_0) true) +(expandtypeattribute (autofill_service_28_0) true) +(expandtypeattribute (backup_data_file_28_0) true) +(expandtypeattribute (backup_service_28_0) true) +(expandtypeattribute (batteryproperties_service_28_0) true) +(expandtypeattribute (battery_service_28_0) true) +(expandtypeattribute (batterystats_service_28_0) true) +(expandtypeattribute (binder_calls_stats_service_28_0) true) +(expandtypeattribute (binder_device_28_0) true) +(expandtypeattribute (binfmt_miscfs_28_0) true) +(expandtypeattribute (blkid_28_0) true) +(expandtypeattribute (blkid_untrusted_28_0) true) +(expandtypeattribute (block_device_28_0) true) +(expandtypeattribute (bluetooth_28_0) true) +(expandtypeattribute (bluetooth_a2dp_offload_prop_28_0) true) +(expandtypeattribute (bluetooth_data_file_28_0) true) +(expandtypeattribute (bluetooth_efs_file_28_0) true) +(expandtypeattribute (bluetooth_logs_data_file_28_0) true) +(expandtypeattribute (bluetooth_manager_service_28_0) true) +(expandtypeattribute (bluetooth_prop_28_0) true) +(expandtypeattribute (bluetooth_service_28_0) true) +(expandtypeattribute (bluetooth_socket_28_0) true) +(expandtypeattribute (bootanim_28_0) true) +(expandtypeattribute (bootanim_exec_28_0) true) +(expandtypeattribute (boot_block_device_28_0) true) +(expandtypeattribute (bootchart_data_file_28_0) true) +(expandtypeattribute (bootloader_boot_reason_prop_28_0) true) +(expandtypeattribute (bootstat_28_0) true) +(expandtypeattribute (bootstat_data_file_28_0) true) +(expandtypeattribute (bootstat_exec_28_0) true) +(expandtypeattribute (boottime_prop_28_0) true) +(expandtypeattribute (boottrace_data_file_28_0) true) +(expandtypeattribute (broadcastradio_service_28_0) true) +(expandtypeattribute (bufferhubd_28_0) true) +(expandtypeattribute (bufferhubd_exec_28_0) true) +(expandtypeattribute (cache_backup_file_28_0) true) +(expandtypeattribute (cache_block_device_28_0) true) +(expandtypeattribute (cache_file_28_0) true) +(expandtypeattribute (cache_private_backup_file_28_0) true) +(expandtypeattribute (cache_recovery_file_28_0) true) +(expandtypeattribute (camera_data_file_28_0) true) +(expandtypeattribute (camera_device_28_0) true) +(expandtypeattribute (cameraproxy_service_28_0) true) +(expandtypeattribute (cameraserver_28_0) true) +(expandtypeattribute (cameraserver_exec_28_0) true) +(expandtypeattribute (cameraserver_service_28_0) true) +(expandtypeattribute (cgroup_28_0) true) +(expandtypeattribute (cgroup_bpf_28_0) true) +(expandtypeattribute (charger_28_0) true) +(expandtypeattribute (clatd_28_0) true) +(expandtypeattribute (clatd_exec_28_0) true) +(expandtypeattribute (clipboard_service_28_0) true) +(expandtypeattribute (commontime_management_service_28_0) true) +(expandtypeattribute (companion_device_service_28_0) true) +(expandtypeattribute (configfs_28_0) true) +(expandtypeattribute (config_prop_28_0) true) +(expandtypeattribute (connectivity_service_28_0) true) +(expandtypeattribute (connmetrics_service_28_0) true) +(expandtypeattribute (console_device_28_0) true) +(expandtypeattribute (consumer_ir_service_28_0) true) +(expandtypeattribute (content_service_28_0) true) +(expandtypeattribute (contexthub_service_28_0) true) +(expandtypeattribute (coredump_file_28_0) true) +(expandtypeattribute (country_detector_service_28_0) true) +(expandtypeattribute (coverage_service_28_0) true) +(expandtypeattribute (cppreopt_prop_28_0) true) +(expandtypeattribute (cppreopts_28_0) true) +(expandtypeattribute (cppreopts_exec_28_0) true) +(expandtypeattribute (cpuctl_device_28_0) true) +(expandtypeattribute (cpuinfo_service_28_0) true) +(expandtypeattribute (crash_dump_28_0) true) +(expandtypeattribute (crash_dump_exec_28_0) true) +(expandtypeattribute (crossprofileapps_service_28_0) true) +(expandtypeattribute (ctl_bootanim_prop_28_0) true) +(expandtypeattribute (ctl_bugreport_prop_28_0) true) +(expandtypeattribute (ctl_console_prop_28_0) true) +(expandtypeattribute (ctl_default_prop_28_0) true) +(expandtypeattribute (ctl_dumpstate_prop_28_0) true) +(expandtypeattribute (ctl_fuse_prop_28_0) true) +(expandtypeattribute (ctl_interface_restart_prop_28_0) true) +(expandtypeattribute (ctl_interface_start_prop_28_0) true) +(expandtypeattribute (ctl_interface_stop_prop_28_0) true) +(expandtypeattribute (ctl_mdnsd_prop_28_0) true) +(expandtypeattribute (ctl_restart_prop_28_0) true) +(expandtypeattribute (ctl_rildaemon_prop_28_0) true) +(expandtypeattribute (ctl_sigstop_prop_28_0) true) +(expandtypeattribute (ctl_start_prop_28_0) true) +(expandtypeattribute (ctl_stop_prop_28_0) true) +(expandtypeattribute (dalvikcache_data_file_28_0) true) +(expandtypeattribute (dalvik_prop_28_0) true) +(expandtypeattribute (dbinfo_service_28_0) true) +(expandtypeattribute (debugfs_28_0) true) +(expandtypeattribute (debugfs_mmc_28_0) true) +(expandtypeattribute (debugfs_trace_marker_28_0) true) +(expandtypeattribute (debugfs_tracing_28_0) true) +(expandtypeattribute (debugfs_tracing_debug_28_0) true) +(expandtypeattribute (debugfs_tracing_instances_28_0) true) +(expandtypeattribute (debugfs_wakeup_sources_28_0) true) +(expandtypeattribute (debugfs_wifi_tracing_28_0) true) +(expandtypeattribute (debuggerd_prop_28_0) true) +(expandtypeattribute (debug_prop_28_0) true) +(expandtypeattribute (default_android_hwservice_28_0) true) +(expandtypeattribute (default_android_service_28_0) true) +(expandtypeattribute (default_android_vndservice_28_0) true) +(expandtypeattribute (default_prop_28_0) true) +(expandtypeattribute (device_28_0) true) +(expandtypeattribute (device_identifiers_service_28_0) true) +(expandtypeattribute (deviceidle_service_28_0) true) +(expandtypeattribute (device_logging_prop_28_0) true) +(expandtypeattribute (device_policy_service_28_0) true) +(expandtypeattribute (devicestoragemonitor_service_28_0) true) +(expandtypeattribute (devpts_28_0) true) +(expandtypeattribute (dex2oat_28_0) true) +(expandtypeattribute (dex2oat_exec_28_0) true) +(expandtypeattribute (dhcp_28_0) true) +(expandtypeattribute (dhcp_data_file_28_0) true) +(expandtypeattribute (dhcp_exec_28_0) true) +(expandtypeattribute (dhcp_prop_28_0) true) +(expandtypeattribute (diskstats_service_28_0) true) +(expandtypeattribute (display_service_28_0) true) +(expandtypeattribute (dm_device_28_0) true) +(expandtypeattribute (dnsmasq_28_0) true) +(expandtypeattribute (dnsmasq_exec_28_0) true) +(expandtypeattribute (dnsproxyd_socket_28_0) true) +(expandtypeattribute (DockObserver_service_28_0) true) +(expandtypeattribute (dreams_service_28_0) true) +(expandtypeattribute (drm_data_file_28_0) true) +(expandtypeattribute (drmserver_28_0) true) +(expandtypeattribute (drmserver_exec_28_0) true) +(expandtypeattribute (drmserver_service_28_0) true) +(expandtypeattribute (drmserver_socket_28_0) true) +(expandtypeattribute (dropbox_service_28_0) true) +(expandtypeattribute (dumpstate_28_0) true) +(expandtypeattribute (dumpstate_exec_28_0) true) +(expandtypeattribute (dumpstate_options_prop_28_0) true) +(expandtypeattribute (dumpstate_prop_28_0) true) +(expandtypeattribute (dumpstate_service_28_0) true) +(expandtypeattribute (dumpstate_socket_28_0) true) +(expandtypeattribute (e2fs_28_0) true) +(expandtypeattribute (e2fs_exec_28_0) true) +(expandtypeattribute (efs_file_28_0) true) +(expandtypeattribute (ephemeral_app_28_0) true) +(expandtypeattribute (ethernet_service_28_0) true) +(expandtypeattribute (exfat_28_0) true) +(expandtypeattribute (exported2_config_prop_28_0) true) +(expandtypeattribute (exported2_default_prop_28_0) true) +(expandtypeattribute (exported2_radio_prop_28_0) true) +(expandtypeattribute (exported2_system_prop_28_0) true) +(expandtypeattribute (exported2_vold_prop_28_0) true) +(expandtypeattribute (exported3_default_prop_28_0) true) +(expandtypeattribute (exported3_radio_prop_28_0) true) +(expandtypeattribute (exported3_system_prop_28_0) true) +(expandtypeattribute (exported_audio_prop_28_0) true) +(expandtypeattribute (exported_bluetooth_prop_28_0) true) +(expandtypeattribute (exported_config_prop_28_0) true) +(expandtypeattribute (exported_dalvik_prop_28_0) true) +(expandtypeattribute (exported_default_prop_28_0) true) +(expandtypeattribute (exported_dumpstate_prop_28_0) true) +(expandtypeattribute (exported_ffs_prop_28_0) true) +(expandtypeattribute (exported_fingerprint_prop_28_0) true) +(expandtypeattribute (exported_overlay_prop_28_0) true) +(expandtypeattribute (exported_pm_prop_28_0) true) +(expandtypeattribute (exported_radio_prop_28_0) true) +(expandtypeattribute (exported_secure_prop_28_0) true) +(expandtypeattribute (exported_system_prop_28_0) true) +(expandtypeattribute (exported_system_radio_prop_28_0) true) +(expandtypeattribute (exported_vold_prop_28_0) true) +(expandtypeattribute (exported_wifi_prop_28_0) true) +(expandtypeattribute (ffs_prop_28_0) true) +(expandtypeattribute (file_contexts_file_28_0) true) +(expandtypeattribute (fingerprintd_28_0) true) +(expandtypeattribute (fingerprintd_data_file_28_0) true) +(expandtypeattribute (fingerprintd_exec_28_0) true) +(expandtypeattribute (fingerprintd_service_28_0) true) +(expandtypeattribute (fingerprint_prop_28_0) true) +(expandtypeattribute (fingerprint_service_28_0) true) +(expandtypeattribute (fingerprint_vendor_data_file_28_0) true) +(expandtypeattribute (firstboot_prop_28_0) true) +(expandtypeattribute (font_service_28_0) true) +(expandtypeattribute (frp_block_device_28_0) true) +(expandtypeattribute (fs_bpf_28_0) true) +(expandtypeattribute (fsck_28_0) true) +(expandtypeattribute (fsck_exec_28_0) true) +(expandtypeattribute (fscklogs_28_0) true) +(expandtypeattribute (fsck_untrusted_28_0) true) +(expandtypeattribute (full_device_28_0) true) +(expandtypeattribute (functionfs_28_0) true) +(expandtypeattribute (fuse_28_0) true) +(expandtypeattribute (fuse_device_28_0) true) +(expandtypeattribute (fwk_display_hwservice_28_0) true) +(expandtypeattribute (fwk_scheduler_hwservice_28_0) true) +(expandtypeattribute (fwk_sensor_hwservice_28_0) true) +(expandtypeattribute (fwmarkd_socket_28_0) true) +(expandtypeattribute (gatekeeperd_28_0) true) +(expandtypeattribute (gatekeeper_data_file_28_0) true) +(expandtypeattribute (gatekeeperd_exec_28_0) true) +(expandtypeattribute (gatekeeper_service_28_0) true) +(expandtypeattribute (gfxinfo_service_28_0) true) +(expandtypeattribute (gps_control_28_0) true) +(expandtypeattribute (gpu_device_28_0) true) +(expandtypeattribute (gpu_service_28_0) true) +(expandtypeattribute (graphics_device_28_0) true) +(expandtypeattribute (graphicsstats_service_28_0) true) +(expandtypeattribute (hal_audiocontrol_hwservice_28_0) true) +(expandtypeattribute (hal_audio_hwservice_28_0) true) +(expandtypeattribute (hal_authsecret_hwservice_28_0) true) +(expandtypeattribute (hal_bluetooth_hwservice_28_0) true) +(expandtypeattribute (hal_bootctl_hwservice_28_0) true) +(expandtypeattribute (hal_broadcastradio_hwservice_28_0) true) +(expandtypeattribute (hal_camera_hwservice_28_0) true) +(expandtypeattribute (hal_cas_hwservice_28_0) true) +(expandtypeattribute (hal_codec2_hwservice_28_0) true) +(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_28_0) true) +(expandtypeattribute (hal_confirmationui_hwservice_28_0) true) +(expandtypeattribute (hal_contexthub_hwservice_28_0) true) +(expandtypeattribute (hal_drm_hwservice_28_0) true) +(expandtypeattribute (hal_dumpstate_hwservice_28_0) true) +(expandtypeattribute (hal_evs_hwservice_28_0) true) +(expandtypeattribute (hal_fingerprint_hwservice_28_0) true) +(expandtypeattribute (hal_fingerprint_service_28_0) true) +(expandtypeattribute (hal_gatekeeper_hwservice_28_0) true) +(expandtypeattribute (hal_gnss_hwservice_28_0) true) +(expandtypeattribute (hal_graphics_allocator_hwservice_28_0) true) +(expandtypeattribute (hal_graphics_composer_hwservice_28_0) true) +(expandtypeattribute (hal_graphics_mapper_hwservice_28_0) true) +(expandtypeattribute (hal_health_hwservice_28_0) true) +(expandtypeattribute (hal_ir_hwservice_28_0) true) +(expandtypeattribute (hal_keymaster_hwservice_28_0) true) +(expandtypeattribute (hal_light_hwservice_28_0) true) +(expandtypeattribute (hal_lowpan_hwservice_28_0) true) +(expandtypeattribute (hal_memtrack_hwservice_28_0) true) +(expandtypeattribute (hal_neuralnetworks_hwservice_28_0) true) +(expandtypeattribute (hal_nfc_hwservice_28_0) true) +(expandtypeattribute (hal_oemlock_hwservice_28_0) true) +(expandtypeattribute (hal_omx_hwservice_28_0) true) +(expandtypeattribute (hal_power_hwservice_28_0) true) +(expandtypeattribute (hal_renderscript_hwservice_28_0) true) +(expandtypeattribute (hal_secure_element_hwservice_28_0) true) +(expandtypeattribute (hal_sensors_hwservice_28_0) true) +(expandtypeattribute (hal_telephony_hwservice_28_0) true) +(expandtypeattribute (hal_tetheroffload_hwservice_28_0) true) +(expandtypeattribute (hal_thermal_hwservice_28_0) true) +(expandtypeattribute (hal_tv_cec_hwservice_28_0) true) +(expandtypeattribute (hal_tv_input_hwservice_28_0) true) +(expandtypeattribute (hal_usb_gadget_hwservice_28_0) true) +(expandtypeattribute (hal_usb_hwservice_28_0) true) +(expandtypeattribute (hal_vehicle_hwservice_28_0) true) +(expandtypeattribute (hal_vibrator_hwservice_28_0) true) +(expandtypeattribute (hal_vr_hwservice_28_0) true) +(expandtypeattribute (hal_weaver_hwservice_28_0) true) +(expandtypeattribute (hal_wifi_hostapd_hwservice_28_0) true) +(expandtypeattribute (hal_wifi_hwservice_28_0) true) +(expandtypeattribute (hal_wifi_offload_hwservice_28_0) true) +(expandtypeattribute (hal_wifi_supplicant_hwservice_28_0) true) +(expandtypeattribute (hardware_properties_service_28_0) true) +(expandtypeattribute (hardware_service_28_0) true) +(expandtypeattribute (hci_attach_dev_28_0) true) +(expandtypeattribute (hdmi_control_service_28_0) true) +(expandtypeattribute (healthd_28_0) true) +(expandtypeattribute (healthd_exec_28_0) true) +(expandtypeattribute (heapdump_data_file_28_0) true) +(expandtypeattribute (hidl_allocator_hwservice_28_0) true) +(expandtypeattribute (hidl_base_hwservice_28_0) true) +(expandtypeattribute (hidl_manager_hwservice_28_0) true) +(expandtypeattribute (hidl_memory_hwservice_28_0) true) +(expandtypeattribute (hidl_token_hwservice_28_0) true) +(expandtypeattribute (hwbinder_device_28_0) true) +(expandtypeattribute (hw_random_device_28_0) true) +(expandtypeattribute (hwservice_contexts_file_28_0) true) +(expandtypeattribute (hwservicemanager_28_0) true) +(expandtypeattribute (hwservicemanager_exec_28_0) true) +(expandtypeattribute (hwservicemanager_prop_28_0) true) +(expandtypeattribute (i2c_device_28_0) true) +(expandtypeattribute (icon_file_28_0) true) +(expandtypeattribute (idmap_28_0) true) +(expandtypeattribute (idmap_exec_28_0) true) +(expandtypeattribute (iio_device_28_0) true) +(expandtypeattribute (imms_service_28_0) true) +(expandtypeattribute (incident_28_0) true) +(expandtypeattribute (incidentd_28_0) true) +(expandtypeattribute (incident_data_file_28_0) true) +(expandtypeattribute (incident_helper_28_0) true) +(expandtypeattribute (incident_service_28_0) true) +(expandtypeattribute (init_28_0) true) +(expandtypeattribute (init_exec_28_0) true) +(expandtypeattribute (inotify_28_0) true) +(expandtypeattribute (input_device_28_0) true) +(expandtypeattribute (inputflinger_28_0) true) +(expandtypeattribute (inputflinger_exec_28_0) true) +(expandtypeattribute (inputflinger_service_28_0) true) +(expandtypeattribute (input_method_service_28_0) true) +(expandtypeattribute (input_service_28_0) true) +(expandtypeattribute (installd_28_0) true) +(expandtypeattribute (install_data_file_28_0) true) +(expandtypeattribute (installd_exec_28_0) true) +(expandtypeattribute (installd_service_28_0) true) +(expandtypeattribute (install_recovery_28_0) true) +(expandtypeattribute (install_recovery_exec_28_0) true) +(expandtypeattribute (ion_device_28_0) true) +(expandtypeattribute (IProxyService_service_28_0) true) +(expandtypeattribute (ipsec_service_28_0) true) +(expandtypeattribute (isolated_app_28_0) true) +(expandtypeattribute (jobscheduler_service_28_0) true) +(expandtypeattribute (kernel_28_0) true) +(expandtypeattribute (keychain_data_file_28_0) true) +(expandtypeattribute (keychord_device_28_0) true) +(expandtypeattribute (keystore_28_0) true) +(expandtypeattribute (keystore_data_file_28_0) true) +(expandtypeattribute (keystore_exec_28_0) true) +(expandtypeattribute (keystore_service_28_0) true) +(expandtypeattribute (kmem_device_28_0) true) +(expandtypeattribute (kmsg_debug_device_28_0) true) +(expandtypeattribute (kmsg_device_28_0) true) +(expandtypeattribute (labeledfs_28_0) true) +(expandtypeattribute (last_boot_reason_prop_28_0) true) +(expandtypeattribute (launcherapps_service_28_0) true) +(expandtypeattribute (lmkd_28_0) true) +(expandtypeattribute (lmkd_exec_28_0) true) +(expandtypeattribute (lmkd_socket_28_0) true) +(expandtypeattribute (location_service_28_0) true) +(expandtypeattribute (lock_settings_service_28_0) true) +(expandtypeattribute (logcat_exec_28_0) true) +(expandtypeattribute (logd_28_0) true) +(expandtypeattribute (logd_exec_28_0) true) +(expandtypeattribute (logd_prop_28_0) true) +(expandtypeattribute (logdr_socket_28_0) true) +(expandtypeattribute (logd_socket_28_0) true) +(expandtypeattribute (logdw_socket_28_0) true) +(expandtypeattribute (logpersist_28_0) true) +(expandtypeattribute (logpersistd_logging_prop_28_0) true) +(expandtypeattribute (log_prop_28_0) true) +(expandtypeattribute (log_tag_prop_28_0) true) +(expandtypeattribute (loop_control_device_28_0) true) +(expandtypeattribute (loop_device_28_0) true) +(expandtypeattribute (lowpan_device_28_0) true) +(expandtypeattribute (lowpan_prop_28_0) true) +(expandtypeattribute (lowpan_service_28_0) true) +(expandtypeattribute (mac_perms_file_28_0) true) +(expandtypeattribute (mdnsd_28_0) true) +(expandtypeattribute (mdnsd_socket_28_0) true) +(expandtypeattribute (mdns_socket_28_0) true) +(expandtypeattribute (mediacodec_28_0) true) +(expandtypeattribute (mediacodec_exec_28_0) true) +(expandtypeattribute (mediacodec_service_28_0) true) +(expandtypeattribute (media_data_file_28_0) true) +(expandtypeattribute (mediadrmserver_28_0) true) +(expandtypeattribute (mediadrmserver_exec_28_0) true) +(expandtypeattribute (mediadrmserver_service_28_0) true) +(expandtypeattribute (mediaextractor_28_0) true) +(expandtypeattribute (mediaextractor_exec_28_0) true) +(expandtypeattribute (mediaextractor_service_28_0) true) +(expandtypeattribute (mediaextractor_update_service_28_0) true) +(expandtypeattribute (mediametrics_28_0) true) +(expandtypeattribute (mediametrics_exec_28_0) true) +(expandtypeattribute (mediametrics_service_28_0) true) +(expandtypeattribute (media_projection_service_28_0) true) +(expandtypeattribute (mediaprovider_28_0) true) +(expandtypeattribute (media_router_service_28_0) true) +(expandtypeattribute (media_rw_data_file_28_0) true) +(expandtypeattribute (mediaserver_28_0) true) +(expandtypeattribute (mediaserver_exec_28_0) true) +(expandtypeattribute (mediaserver_service_28_0) true) +(expandtypeattribute (media_session_service_28_0) true) +(expandtypeattribute (meminfo_service_28_0) true) +(expandtypeattribute (metadata_block_device_28_0) true) +(expandtypeattribute (metadata_file_28_0) true) +(expandtypeattribute (method_trace_data_file_28_0) true) +(expandtypeattribute (midi_service_28_0) true) +(expandtypeattribute (misc_block_device_28_0) true) +(expandtypeattribute (misc_logd_file_28_0) true) +(expandtypeattribute (misc_user_data_file_28_0) true) +(expandtypeattribute (mmc_prop_28_0) true) +(expandtypeattribute (mnt_expand_file_28_0) true) +(expandtypeattribute (mnt_media_rw_file_28_0) true) +(expandtypeattribute (mnt_media_rw_stub_file_28_0) true) +(expandtypeattribute (mnt_user_file_28_0) true) +(expandtypeattribute (mnt_vendor_file_28_0) true) +(expandtypeattribute (modprobe_28_0) true) +(expandtypeattribute (mount_service_28_0) true) +(expandtypeattribute (mqueue_28_0) true) +(expandtypeattribute (mtd_device_28_0) true) +(expandtypeattribute (mtp_28_0) true) +(expandtypeattribute (mtp_device_28_0) true) +(expandtypeattribute (mtpd_socket_28_0) true) +(expandtypeattribute (mtp_exec_28_0) true) +(expandtypeattribute (nativetest_data_file_28_0) true) +(expandtypeattribute (netd_28_0) true) +(expandtypeattribute (net_data_file_28_0) true) +(expandtypeattribute (netd_exec_28_0) true) +(expandtypeattribute (netd_listener_service_28_0) true) +(expandtypeattribute (net_dns_prop_28_0) true) +(expandtypeattribute (netd_service_28_0) true) +(expandtypeattribute (netd_socket_28_0) true) +(expandtypeattribute (netd_stable_secret_prop_28_0) true) +(expandtypeattribute (netif_28_0) true) +(expandtypeattribute (netpolicy_service_28_0) true) +(expandtypeattribute (net_radio_prop_28_0) true) +(expandtypeattribute (netstats_service_28_0) true) +(expandtypeattribute (netutils_wrapper_28_0) true) +(expandtypeattribute (netutils_wrapper_exec_28_0) true) +(expandtypeattribute (network_management_service_28_0) true) +(expandtypeattribute (network_score_service_28_0) true) +(expandtypeattribute (network_time_update_service_28_0) true) +(expandtypeattribute (network_watchlist_data_file_28_0) true) +(expandtypeattribute (network_watchlist_service_28_0) true) +(expandtypeattribute (nfc_28_0) true) +(expandtypeattribute (nfc_data_file_28_0) true) +(expandtypeattribute (nfc_device_28_0) true) +(expandtypeattribute (nfc_prop_28_0) true) +(expandtypeattribute (nfc_service_28_0) true) +(expandtypeattribute (node_28_0) true) +(expandtypeattribute (nonplat_service_contexts_file_28_0) true) +(expandtypeattribute (notification_service_28_0) true) +(expandtypeattribute (null_device_28_0) true) +(expandtypeattribute (oemfs_28_0) true) +(expandtypeattribute (oem_lock_service_28_0) true) +(expandtypeattribute (ota_data_file_28_0) true) +(expandtypeattribute (otadexopt_service_28_0) true) +(expandtypeattribute (ota_package_file_28_0) true) +(expandtypeattribute (otapreopt_chroot_28_0) true) +(expandtypeattribute (otapreopt_chroot_exec_28_0) true) +(expandtypeattribute (otapreopt_slot_28_0) true) +(expandtypeattribute (otapreopt_slot_exec_28_0) true) +(expandtypeattribute (overlay_prop_28_0) true) +(expandtypeattribute (overlay_service_28_0) true) +(expandtypeattribute (owntty_device_28_0) true) +(expandtypeattribute (package_native_service_28_0) true) +(expandtypeattribute (package_service_28_0) true) +(expandtypeattribute (pan_result_prop_28_0) true) +(expandtypeattribute (pdx_bufferhub_client_channel_socket_28_0) true) +(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_bufferhub_dir_28_0) true) +(expandtypeattribute (pdx_display_client_channel_socket_28_0) true) +(expandtypeattribute (pdx_display_client_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_display_dir_28_0) true) +(expandtypeattribute (pdx_display_manager_channel_socket_28_0) true) +(expandtypeattribute (pdx_display_manager_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_display_screenshot_channel_socket_28_0) true) +(expandtypeattribute (pdx_display_screenshot_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_display_vsync_channel_socket_28_0) true) +(expandtypeattribute (pdx_display_vsync_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_performance_client_channel_socket_28_0) true) +(expandtypeattribute (pdx_performance_client_endpoint_socket_28_0) true) +(expandtypeattribute (pdx_performance_dir_28_0) true) +(expandtypeattribute (performanced_28_0) true) +(expandtypeattribute (performanced_exec_28_0) true) +(expandtypeattribute (permission_service_28_0) true) +(expandtypeattribute (persist_debug_prop_28_0) true) +(expandtypeattribute (persistent_data_block_service_28_0) true) +(expandtypeattribute (persistent_properties_ready_prop_28_0) true) +(expandtypeattribute (pinner_service_28_0) true) +(expandtypeattribute (pipefs_28_0) true) +(expandtypeattribute (platform_app_28_0) true) +(expandtypeattribute (pm_prop_28_0) true) +(expandtypeattribute (pmsg_device_28_0) true) +(expandtypeattribute (port_28_0) true) +(expandtypeattribute (port_device_28_0) true) +(expandtypeattribute (postinstall_28_0) true) +(expandtypeattribute (postinstall_dexopt_28_0) true) +(expandtypeattribute (postinstall_file_28_0) true) +(expandtypeattribute (postinstall_mnt_dir_28_0) true) +(expandtypeattribute (powerctl_prop_28_0) true) +(expandtypeattribute (power_service_28_0) true) +(expandtypeattribute (ppp_28_0) true) +(expandtypeattribute (ppp_device_28_0) true) +(expandtypeattribute (ppp_exec_28_0) true) +(expandtypeattribute (preloads_data_file_28_0) true) +(expandtypeattribute (preloads_media_file_28_0) true) +(expandtypeattribute (preopt2cachename_28_0) true) +(expandtypeattribute (preopt2cachename_exec_28_0) true) +(expandtypeattribute (print_service_28_0) true) +(expandtypeattribute (priv_app_28_0) true) +(expandtypeattribute (proc_28_0) true) +(expandtypeattribute (proc_abi_28_0) true) +(expandtypeattribute (proc_asound_28_0) true) +(expandtypeattribute (proc_bluetooth_writable_28_0) true) +(expandtypeattribute (proc_buddyinfo_28_0) true) +(expandtypeattribute (proc_cmdline_28_0) true) +(expandtypeattribute (proc_cpuinfo_28_0) true) +(expandtypeattribute (proc_dirty_28_0) true) +(expandtypeattribute (proc_diskstats_28_0) true) +(expandtypeattribute (proc_drop_caches_28_0) true) +(expandtypeattribute (processinfo_service_28_0) true) +(expandtypeattribute (proc_extra_free_kbytes_28_0) true) +(expandtypeattribute (proc_filesystems_28_0) true) +(expandtypeattribute (proc_hostname_28_0) true) +(expandtypeattribute (proc_hung_task_28_0) true) +(expandtypeattribute (proc_interrupts_28_0) true) +(expandtypeattribute (proc_iomem_28_0) true) +(expandtypeattribute (proc_kmsg_28_0) true) +(expandtypeattribute (proc_loadavg_28_0) true) +(expandtypeattribute (proc_max_map_count_28_0) true) +(expandtypeattribute (proc_meminfo_28_0) true) +(expandtypeattribute (proc_min_free_order_shift_28_0) true) +(expandtypeattribute (proc_misc_28_0) true) +(expandtypeattribute (proc_modules_28_0) true) +(expandtypeattribute (proc_mounts_28_0) true) +(expandtypeattribute (proc_net_28_0) true) +(expandtypeattribute (proc_overcommit_memory_28_0) true) +(expandtypeattribute (proc_page_cluster_28_0) true) +(expandtypeattribute (proc_pagetypeinfo_28_0) true) +(expandtypeattribute (proc_panic_28_0) true) +(expandtypeattribute (proc_perf_28_0) true) +(expandtypeattribute (proc_pid_max_28_0) true) +(expandtypeattribute (proc_pipe_conf_28_0) true) +(expandtypeattribute (proc_qtaguid_stat_28_0) true) +(expandtypeattribute (proc_random_28_0) true) +(expandtypeattribute (proc_sched_28_0) true) +(expandtypeattribute (proc_security_28_0) true) +(expandtypeattribute (proc_stat_28_0) true) +(expandtypeattribute (procstats_service_28_0) true) +(expandtypeattribute (proc_swaps_28_0) true) +(expandtypeattribute (proc_sysrq_28_0) true) +(expandtypeattribute (proc_timer_28_0) true) +(expandtypeattribute (proc_tty_drivers_28_0) true) +(expandtypeattribute (proc_uid_concurrent_active_time_28_0) true) +(expandtypeattribute (proc_uid_concurrent_policy_time_28_0) true) +(expandtypeattribute (proc_uid_cpupower_28_0) true) +(expandtypeattribute (proc_uid_cputime_removeuid_28_0) true) +(expandtypeattribute (proc_uid_cputime_showstat_28_0) true) +(expandtypeattribute (proc_uid_io_stats_28_0) true) +(expandtypeattribute (proc_uid_procstat_set_28_0) true) +(expandtypeattribute (proc_uid_time_in_state_28_0) true) +(expandtypeattribute (proc_uptime_28_0) true) +(expandtypeattribute (proc_version_28_0) true) +(expandtypeattribute (proc_vmallocinfo_28_0) true) +(expandtypeattribute (proc_vmstat_28_0) true) +(expandtypeattribute (proc_zoneinfo_28_0) true) +(expandtypeattribute (profman_28_0) true) +(expandtypeattribute (profman_dump_data_file_28_0) true) +(expandtypeattribute (profman_exec_28_0) true) +(expandtypeattribute (properties_device_28_0) true) +(expandtypeattribute (properties_serial_28_0) true) +(expandtypeattribute (property_contexts_file_28_0) true) +(expandtypeattribute (property_data_file_28_0) true) +(expandtypeattribute (property_info_28_0) true) +(expandtypeattribute (property_socket_28_0) true) +(expandtypeattribute (pstorefs_28_0) true) +(expandtypeattribute (ptmx_device_28_0) true) +(expandtypeattribute (qtaguid_device_28_0) true) +(expandtypeattribute (qtaguid_proc_28_0) true) +(expandtypeattribute (racoon_28_0) true) +(expandtypeattribute (racoon_exec_28_0) true) +(expandtypeattribute (racoon_socket_28_0) true) +(expandtypeattribute (radio_28_0) true) +(expandtypeattribute (radio_data_file_28_0) true) +(expandtypeattribute (radio_device_28_0) true) +(expandtypeattribute (radio_prop_28_0) true) +(expandtypeattribute (radio_service_28_0) true) +(expandtypeattribute (ram_device_28_0) true) +(expandtypeattribute (random_device_28_0) true) +(expandtypeattribute (recovery_28_0) true) +(expandtypeattribute (recovery_block_device_28_0) true) +(expandtypeattribute (recovery_data_file_28_0) true) +(expandtypeattribute (recovery_persist_28_0) true) +(expandtypeattribute (recovery_persist_exec_28_0) true) +(expandtypeattribute (recovery_refresh_28_0) true) +(expandtypeattribute (recovery_refresh_exec_28_0) true) +(expandtypeattribute (recovery_service_28_0) true) +(expandtypeattribute (registry_service_28_0) true) +(expandtypeattribute (resourcecache_data_file_28_0) true) +(expandtypeattribute (restorecon_prop_28_0) true) +(expandtypeattribute (restrictions_service_28_0) true) +(expandtypeattribute (rild_debug_socket_28_0) true) +(expandtypeattribute (rild_socket_28_0) true) +(expandtypeattribute (ringtone_file_28_0) true) +(expandtypeattribute (root_block_device_28_0) true) +(expandtypeattribute (rootfs_28_0) true) +(expandtypeattribute (rpmsg_device_28_0) true) +(expandtypeattribute (rtc_device_28_0) true) +(expandtypeattribute (rttmanager_service_28_0) true) +(expandtypeattribute (runas_28_0) true) +(expandtypeattribute (runas_exec_28_0) true) +(expandtypeattribute (runtime_event_log_tags_file_28_0) true) +(expandtypeattribute (safemode_prop_28_0) true) +(expandtypeattribute (same_process_hal_file_28_0) true) +(expandtypeattribute (samplingprofiler_service_28_0) true) +(expandtypeattribute (scheduling_policy_service_28_0) true) +(expandtypeattribute (sdcardd_28_0) true) +(expandtypeattribute (sdcardd_exec_28_0) true) +(expandtypeattribute (sdcardfs_28_0) true) +(expandtypeattribute (seapp_contexts_file_28_0) true) +(expandtypeattribute (search_service_28_0) true) +(expandtypeattribute (sec_key_att_app_id_provider_service_28_0) true) +(expandtypeattribute (secure_element_28_0) true) +(expandtypeattribute (secure_element_device_28_0) true) +(expandtypeattribute (secure_element_service_28_0) true) +(expandtypeattribute (selinuxfs_28_0) true) +(expandtypeattribute (sensors_device_28_0) true) +(expandtypeattribute (sensorservice_service_28_0) true) +(expandtypeattribute (sepolicy_file_28_0) true) +(expandtypeattribute (serial_device_28_0) true) +(expandtypeattribute (serialno_prop_28_0) true) +(expandtypeattribute (serial_service_28_0) true) +(expandtypeattribute (service_contexts_file_28_0) true) +(expandtypeattribute (servicediscovery_service_28_0) true) +(expandtypeattribute (servicemanager_28_0) true) +(expandtypeattribute (servicemanager_exec_28_0) true) +(expandtypeattribute (settings_service_28_0) true) +(expandtypeattribute (sgdisk_28_0) true) +(expandtypeattribute (sgdisk_exec_28_0) true) +(expandtypeattribute (shared_relro_28_0) true) +(expandtypeattribute (shared_relro_file_28_0) true) +(expandtypeattribute (shell_28_0) true) +(expandtypeattribute (shell_data_file_28_0) true) +(expandtypeattribute (shell_exec_28_0) true) +(expandtypeattribute (shell_prop_28_0) true) +(expandtypeattribute (shm_28_0) true) +(expandtypeattribute (shortcut_manager_icons_28_0) true) +(expandtypeattribute (shortcut_service_28_0) true) +(expandtypeattribute (slice_service_28_0) true) +(expandtypeattribute (slideshow_28_0) true) +(expandtypeattribute (socket_device_28_0) true) +(expandtypeattribute (sockfs_28_0) true) +(expandtypeattribute (statusbar_service_28_0) true) +(expandtypeattribute (storaged_service_28_0) true) +(expandtypeattribute (storage_file_28_0) true) +(expandtypeattribute (storagestats_service_28_0) true) +(expandtypeattribute (storage_stub_file_28_0) true) +(expandtypeattribute (su_28_0) true) +(expandtypeattribute (su_exec_28_0) true) +(expandtypeattribute (surfaceflinger_28_0) true) +(expandtypeattribute (surfaceflinger_service_28_0) true) +(expandtypeattribute (swap_block_device_28_0) true) +(expandtypeattribute (sysfs_28_0) true) +(expandtypeattribute (sysfs_android_usb_28_0) true) +(expandtypeattribute (sysfs_batteryinfo_28_0) true) +(expandtypeattribute (sysfs_bluetooth_writable_28_0) true) +(expandtypeattribute (sysfs_devices_system_cpu_28_0) true) +(expandtypeattribute (sysfs_dm_28_0) true) +(expandtypeattribute (sysfs_dt_firmware_android_28_0) true) +(expandtypeattribute (sysfs_fs_ext4_features_28_0) true) +(expandtypeattribute (sysfs_hwrandom_28_0) true) +(expandtypeattribute (sysfs_ipv4_28_0) true) +(expandtypeattribute (sysfs_kernel_notes_28_0) true) +(expandtypeattribute (sysfs_leds_28_0) true) +(expandtypeattribute (sysfs_lowmemorykiller_28_0) true) +(expandtypeattribute (sysfs_mac_address_28_0) true) +(expandtypeattribute (sysfs_net_28_0) true) +(expandtypeattribute (sysfs_nfc_power_writable_28_0) true) +(expandtypeattribute (sysfs_power_28_0) true) +(expandtypeattribute (sysfs_rtc_28_0) true) +(expandtypeattribute (sysfs_switch_28_0) true) +(expandtypeattribute (sysfs_thermal_28_0) true) +(expandtypeattribute (sysfs_uio_28_0) true) +(expandtypeattribute (sysfs_usb_28_0) true) +(expandtypeattribute (sysfs_usermodehelper_28_0) true) +(expandtypeattribute (sysfs_vibrator_28_0) true) +(expandtypeattribute (sysfs_wake_lock_28_0) true) +(expandtypeattribute (sysfs_wakeup_reasons_28_0) true) +(expandtypeattribute (sysfs_wlan_fwpath_28_0) true) +(expandtypeattribute (sysfs_zram_28_0) true) +(expandtypeattribute (sysfs_zram_uevent_28_0) true) +(expandtypeattribute (system_app_28_0) true) +(expandtypeattribute (system_app_data_file_28_0) true) +(expandtypeattribute (system_app_service_28_0) true) +(expandtypeattribute (system_block_device_28_0) true) +(expandtypeattribute (system_boot_reason_prop_28_0) true) +(expandtypeattribute (system_data_file_28_0) true) +(expandtypeattribute (system_file_28_0) true) +(expandtypeattribute (systemkeys_data_file_28_0) true) +(expandtypeattribute (system_ndebug_socket_28_0) true) +(expandtypeattribute (system_net_netd_hwservice_28_0) true) +(expandtypeattribute (system_prop_28_0) true) +(expandtypeattribute (system_radio_prop_28_0) true) +(expandtypeattribute (system_server_28_0) true) +(expandtypeattribute (system_update_service_28_0) true) +(expandtypeattribute (system_wifi_keystore_hwservice_28_0) true) +(expandtypeattribute (system_wpa_socket_28_0) true) +(expandtypeattribute (task_service_28_0) true) +(expandtypeattribute (tee_28_0) true) +(expandtypeattribute (tee_data_file_28_0) true) +(expandtypeattribute (tee_device_28_0) true) +(expandtypeattribute (telecom_service_28_0) true) +(expandtypeattribute (test_boot_reason_prop_28_0) true) +(expandtypeattribute (textclassification_service_28_0) true) +(expandtypeattribute (textclassifier_data_file_28_0) true) +(expandtypeattribute (textservices_service_28_0) true) +(expandtypeattribute (thermalcallback_hwservice_28_0) true) +(expandtypeattribute (thermal_service_28_0) true) +(expandtypeattribute (timezone_service_28_0) true) +(expandtypeattribute (tmpfs_28_0) true) +(expandtypeattribute (tombstoned_28_0) true) +(expandtypeattribute (tombstone_data_file_28_0) true) +(expandtypeattribute (tombstoned_crash_socket_28_0) true) +(expandtypeattribute (tombstoned_exec_28_0) true) +(expandtypeattribute (tombstoned_intercept_socket_28_0) true) +(expandtypeattribute (tombstoned_java_trace_socket_28_0) true) +(expandtypeattribute (tombstone_wifi_data_file_28_0) true) +(expandtypeattribute (toolbox_28_0) true) +(expandtypeattribute (toolbox_exec_28_0) true) +(expandtypeattribute (trace_data_file_28_0) true) +(expandtypeattribute (traced_consumer_socket_28_0) true) +(expandtypeattribute (traced_enabled_prop_28_0) true) +(expandtypeattribute (traced_probes_28_0) true) +(expandtypeattribute (traced_producer_socket_28_0) true) +(expandtypeattribute (traceur_app_28_0) true) +(expandtypeattribute (trust_service_28_0) true) +(expandtypeattribute (tty_device_28_0) true) +(expandtypeattribute (tun_device_28_0) true) +(expandtypeattribute (tv_input_service_28_0) true) +(expandtypeattribute (tzdatacheck_28_0) true) +(expandtypeattribute (tzdatacheck_exec_28_0) true) +(expandtypeattribute (ueventd_28_0) true) +(expandtypeattribute (uhid_device_28_0) true) +(expandtypeattribute (uimode_service_28_0) true) +(expandtypeattribute (uio_device_28_0) true) +(expandtypeattribute (uncrypt_28_0) true) +(expandtypeattribute (uncrypt_exec_28_0) true) +(expandtypeattribute (uncrypt_socket_28_0) true) +(expandtypeattribute (unencrypted_data_file_28_0) true) +(expandtypeattribute (unlabeled_28_0) true) +(expandtypeattribute (untrusted_app_25_28_0) true) +(expandtypeattribute (untrusted_app_27_28_0) true) +(expandtypeattribute (untrusted_app_28_0) true) +(expandtypeattribute (untrusted_v2_app_28_0) true) +(expandtypeattribute (update_engine_28_0) true) +(expandtypeattribute (update_engine_data_file_28_0) true) +(expandtypeattribute (update_engine_exec_28_0) true) +(expandtypeattribute (update_engine_log_data_file_28_0) true) +(expandtypeattribute (update_engine_service_28_0) true) +(expandtypeattribute (updatelock_service_28_0) true) +(expandtypeattribute (update_verifier_28_0) true) +(expandtypeattribute (update_verifier_exec_28_0) true) +(expandtypeattribute (usagestats_service_28_0) true) +(expandtypeattribute (usbaccessory_device_28_0) true) +(expandtypeattribute (usbd_28_0) true) +(expandtypeattribute (usb_device_28_0) true) +(expandtypeattribute (usbd_exec_28_0) true) +(expandtypeattribute (usbfs_28_0) true) +(expandtypeattribute (usb_service_28_0) true) +(expandtypeattribute (userdata_block_device_28_0) true) +(expandtypeattribute (usermodehelper_28_0) true) +(expandtypeattribute (user_profile_data_file_28_0) true) +(expandtypeattribute (user_service_28_0) true) +(expandtypeattribute (vcs_device_28_0) true) +(expandtypeattribute (vdc_28_0) true) +(expandtypeattribute (vdc_exec_28_0) true) +(expandtypeattribute (vendor_app_file_28_0) true) +(expandtypeattribute (vendor_configs_file_28_0) true) +(expandtypeattribute (vendor_data_file_28_0) true) +(expandtypeattribute (vendor_default_prop_28_0) true) +(expandtypeattribute (vendor_file_28_0) true) +(expandtypeattribute (vendor_framework_file_28_0) true) +(expandtypeattribute (vendor_hal_file_28_0) true) +(expandtypeattribute (vendor_init_28_0) true) +(expandtypeattribute (vendor_overlay_file_28_0) true) +(expandtypeattribute (vendor_security_patch_level_prop_28_0) true) +(expandtypeattribute (vendor_shell_28_0) true) +(expandtypeattribute (vendor_shell_exec_28_0) true) +(expandtypeattribute (vendor_toolbox_exec_28_0) true) +(expandtypeattribute (vfat_28_0) true) +(expandtypeattribute (vibrator_service_28_0) true) +(expandtypeattribute (video_device_28_0) true) +(expandtypeattribute (virtual_touchpad_28_0) true) +(expandtypeattribute (virtual_touchpad_exec_28_0) true) +(expandtypeattribute (virtual_touchpad_service_28_0) true) +(expandtypeattribute (vndbinder_device_28_0) true) +(expandtypeattribute (vndk_sp_file_28_0) true) +(expandtypeattribute (vndservice_contexts_file_28_0) true) +(expandtypeattribute (vndservicemanager_28_0) true) +(expandtypeattribute (voiceinteraction_service_28_0) true) +(expandtypeattribute (vold_28_0) true) +(expandtypeattribute (vold_data_file_28_0) true) +(expandtypeattribute (vold_device_28_0) true) +(expandtypeattribute (vold_exec_28_0) true) +(expandtypeattribute (vold_metadata_file_28_0) true) +(expandtypeattribute (vold_prepare_subdirs_28_0) true) +(expandtypeattribute (vold_prepare_subdirs_exec_28_0) true) +(expandtypeattribute (vold_prop_28_0) true) +(expandtypeattribute (vold_service_28_0) true) +(expandtypeattribute (vpn_data_file_28_0) true) +(expandtypeattribute (vr_hwc_28_0) true) +(expandtypeattribute (vr_hwc_exec_28_0) true) +(expandtypeattribute (vr_hwc_service_28_0) true) +(expandtypeattribute (vr_manager_service_28_0) true) +(expandtypeattribute (wallpaper_file_28_0) true) +(expandtypeattribute (wallpaper_service_28_0) true) +(expandtypeattribute (watchdogd_28_0) true) +(expandtypeattribute (watchdog_device_28_0) true) +(expandtypeattribute (webviewupdate_service_28_0) true) +(expandtypeattribute (webview_zygote_28_0) true) +(expandtypeattribute (webview_zygote_exec_28_0) true) +(expandtypeattribute (wifiaware_service_28_0) true) +(expandtypeattribute (wificond_28_0) true) +(expandtypeattribute (wificond_exec_28_0) true) +(expandtypeattribute (wificond_service_28_0) true) +(expandtypeattribute (wifi_data_file_28_0) true) +(expandtypeattribute (wifi_log_prop_28_0) true) +(expandtypeattribute (wifip2p_service_28_0) true) +(expandtypeattribute (wifi_prop_28_0) true) +(expandtypeattribute (wifiscanner_service_28_0) true) +(expandtypeattribute (wifi_service_28_0) true) +(expandtypeattribute (window_service_28_0) true) +(expandtypeattribute (wpantund_28_0) true) +(expandtypeattribute (wpantund_exec_28_0) true) +(expandtypeattribute (wpantund_service_28_0) true) +(expandtypeattribute (wpa_socket_28_0) true) +(expandtypeattribute (zero_device_28_0) true) +(expandtypeattribute (zoneinfo_data_file_28_0) true) +(expandtypeattribute (zygote_28_0) true) +(expandtypeattribute (zygote_exec_28_0) true) +(expandtypeattribute (zygote_socket_28_0) true) +(typeattributeset accessibility_service_28_0 (accessibility_service)) +(typeattributeset account_service_28_0 (account_service)) +(typeattributeset activity_service_28_0 (activity_service)) +(typeattributeset adbd_28_0 (adbd)) +(typeattributeset adb_data_file_28_0 (adb_data_file)) +(typeattributeset adbd_exec_28_0 (adbd_exec)) +(typeattributeset adbd_socket_28_0 (adbd_socket)) +(typeattributeset adb_keys_file_28_0 (adb_keys_file)) +(typeattributeset alarm_device_28_0 (alarm_device)) +(typeattributeset alarm_service_28_0 (alarm_service)) +(typeattributeset anr_data_file_28_0 (anr_data_file)) +(typeattributeset apk_data_file_28_0 (apk_data_file)) +(typeattributeset apk_private_data_file_28_0 (apk_private_data_file)) +(typeattributeset apk_private_tmp_file_28_0 (apk_private_tmp_file)) +(typeattributeset apk_tmp_file_28_0 (apk_tmp_file)) +(typeattributeset app_data_file_28_0 (app_data_file privapp_data_file)) +(typeattributeset app_fuse_file_28_0 (app_fuse_file)) +(typeattributeset app_fusefs_28_0 (app_fusefs)) +(typeattributeset appops_service_28_0 (appops_service)) +(typeattributeset appwidget_service_28_0 (appwidget_service)) +(typeattributeset asec_apk_file_28_0 (asec_apk_file)) +(typeattributeset asec_image_file_28_0 (asec_image_file)) +(typeattributeset asec_public_file_28_0 (asec_public_file)) +(typeattributeset ashmem_device_28_0 (ashmem_device)) +(typeattributeset assetatlas_service_28_0 (assetatlas_service)) +(typeattributeset audio_data_file_28_0 (audio_data_file)) +(typeattributeset audio_device_28_0 (audio_device)) +(typeattributeset audiohal_data_file_28_0 (audiohal_data_file)) +(typeattributeset audio_prop_28_0 (audio_prop)) +(typeattributeset audio_seq_device_28_0 (audio_seq_device)) +(typeattributeset audioserver_28_0 (audioserver)) +(typeattributeset audioserver_data_file_28_0 (audioserver_data_file)) +(typeattributeset audioserver_service_28_0 (audioserver_service)) +(typeattributeset audio_service_28_0 (audio_service)) +(typeattributeset audio_timer_device_28_0 (audio_timer_device)) +(typeattributeset autofill_service_28_0 (autofill_service)) +(typeattributeset backup_data_file_28_0 (backup_data_file)) +(typeattributeset backup_service_28_0 (backup_service)) +(typeattributeset batteryproperties_service_28_0 (batteryproperties_service)) +(typeattributeset battery_service_28_0 (battery_service)) +(typeattributeset batterystats_service_28_0 (batterystats_service)) +(typeattributeset binder_calls_stats_service_28_0 (binder_calls_stats_service)) +(typeattributeset binder_device_28_0 (binder_device)) +(typeattributeset binfmt_miscfs_28_0 (binfmt_miscfs)) +(typeattributeset blkid_28_0 (blkid)) +(typeattributeset blkid_untrusted_28_0 (blkid_untrusted)) +(typeattributeset block_device_28_0 (block_device)) +(typeattributeset bluetooth_28_0 (bluetooth)) +(typeattributeset bluetooth_a2dp_offload_prop_28_0 (bluetooth_a2dp_offload_prop)) +(typeattributeset bluetooth_data_file_28_0 (bluetooth_data_file)) +(typeattributeset bluetooth_efs_file_28_0 (bluetooth_efs_file)) +(typeattributeset bluetooth_logs_data_file_28_0 (bluetooth_logs_data_file)) +(typeattributeset bluetooth_manager_service_28_0 (bluetooth_manager_service)) +(typeattributeset bluetooth_prop_28_0 (bluetooth_prop)) +(typeattributeset bluetooth_service_28_0 (bluetooth_service)) +(typeattributeset bluetooth_socket_28_0 (bluetooth_socket)) +(typeattributeset bootanim_28_0 (bootanim)) +(typeattributeset bootanim_exec_28_0 (bootanim_exec)) +(typeattributeset boot_block_device_28_0 (boot_block_device)) +(typeattributeset bootchart_data_file_28_0 (bootchart_data_file)) +(typeattributeset bootloader_boot_reason_prop_28_0 (bootloader_boot_reason_prop)) +(typeattributeset bootstat_28_0 (bootstat)) +(typeattributeset bootstat_data_file_28_0 (bootstat_data_file)) +(typeattributeset bootstat_exec_28_0 (bootstat_exec)) +(typeattributeset boottime_prop_28_0 (boottime_prop)) +(typeattributeset boottrace_data_file_28_0 (boottrace_data_file)) +(typeattributeset broadcastradio_service_28_0 (broadcastradio_service)) +(typeattributeset bufferhubd_28_0 (bufferhubd)) +(typeattributeset bufferhubd_exec_28_0 (bufferhubd_exec)) +(typeattributeset cache_backup_file_28_0 (cache_backup_file)) +(typeattributeset cache_block_device_28_0 (cache_block_device)) +(typeattributeset cache_file_28_0 (cache_file)) +(typeattributeset cache_private_backup_file_28_0 (cache_private_backup_file)) +(typeattributeset cache_recovery_file_28_0 (cache_recovery_file)) +(typeattributeset camera_data_file_28_0 (camera_data_file)) +(typeattributeset camera_device_28_0 (camera_device)) +(typeattributeset cameraproxy_service_28_0 (cameraproxy_service)) +(typeattributeset cameraserver_28_0 (cameraserver)) +(typeattributeset cameraserver_exec_28_0 (cameraserver_exec)) +(typeattributeset cameraserver_service_28_0 (cameraserver_service)) +(typeattributeset cgroup_28_0 (cgroup)) +(typeattributeset cgroup_bpf_28_0 (cgroup_bpf)) +(typeattributeset charger_28_0 (charger)) +(typeattributeset clatd_28_0 (clatd)) +(typeattributeset clatd_exec_28_0 (clatd_exec)) +(typeattributeset clipboard_service_28_0 (clipboard_service)) +(typeattributeset commontime_management_service_28_0 (commontime_management_service)) +(typeattributeset companion_device_service_28_0 (companion_device_service)) +(typeattributeset configfs_28_0 (configfs)) +(typeattributeset config_prop_28_0 (config_prop)) +(typeattributeset connectivity_service_28_0 (connectivity_service)) +(typeattributeset connmetrics_service_28_0 (connmetrics_service)) +(typeattributeset console_device_28_0 (console_device)) +(typeattributeset consumer_ir_service_28_0 (consumer_ir_service)) +(typeattributeset content_service_28_0 (content_service)) +(typeattributeset contexthub_service_28_0 (contexthub_service)) +(typeattributeset coredump_file_28_0 (coredump_file)) +(typeattributeset country_detector_service_28_0 (country_detector_service)) +(typeattributeset coverage_service_28_0 (coverage_service)) +(typeattributeset cppreopt_prop_28_0 (cppreopt_prop)) +(typeattributeset cppreopts_28_0 (cppreopts)) +(typeattributeset cppreopts_exec_28_0 (cppreopts_exec)) +(typeattributeset cpuctl_device_28_0 (cpuctl_device)) +(typeattributeset cpuinfo_service_28_0 (cpuinfo_service)) +(typeattributeset crash_dump_28_0 (crash_dump)) +(typeattributeset crash_dump_exec_28_0 (crash_dump_exec)) +(typeattributeset crossprofileapps_service_28_0 (crossprofileapps_service)) +(typeattributeset ctl_bootanim_prop_28_0 (ctl_bootanim_prop)) +(typeattributeset ctl_bugreport_prop_28_0 (ctl_bugreport_prop)) +(typeattributeset ctl_console_prop_28_0 (ctl_console_prop)) +(typeattributeset ctl_default_prop_28_0 + ( ctl_adbd_prop + ctl_default_prop)) +(typeattributeset ctl_dumpstate_prop_28_0 (ctl_dumpstate_prop)) +(typeattributeset ctl_fuse_prop_28_0 (ctl_fuse_prop)) +(typeattributeset ctl_interface_restart_prop_28_0 (ctl_interface_restart_prop)) +(typeattributeset ctl_interface_start_prop_28_0 (ctl_interface_start_prop)) +(typeattributeset ctl_interface_stop_prop_28_0 (ctl_interface_stop_prop)) +(typeattributeset ctl_mdnsd_prop_28_0 (ctl_mdnsd_prop)) +(typeattributeset ctl_restart_prop_28_0 (ctl_restart_prop)) +(typeattributeset ctl_rildaemon_prop_28_0 (ctl_rildaemon_prop)) +(typeattributeset ctl_sigstop_prop_28_0 (ctl_sigstop_prop)) +(typeattributeset ctl_start_prop_28_0 (ctl_start_prop)) +(typeattributeset ctl_stop_prop_28_0 (ctl_stop_prop)) +(typeattributeset dalvikcache_data_file_28_0 (dalvikcache_data_file)) +(typeattributeset dalvik_prop_28_0 (dalvik_prop)) +(typeattributeset dbinfo_service_28_0 (dbinfo_service)) +(typeattributeset debugfs_28_0 (debugfs)) +(typeattributeset debugfs_mmc_28_0 (debugfs_mmc)) +(typeattributeset debugfs_trace_marker_28_0 (debugfs_trace_marker)) +(typeattributeset debugfs_tracing_28_0 (debugfs_tracing)) +(typeattributeset debugfs_tracing_debug_28_0 (debugfs_tracing_debug)) +(typeattributeset debugfs_tracing_instances_28_0 (debugfs_tracing_instances)) +(typeattributeset debugfs_wakeup_sources_28_0 (debugfs_wakeup_sources)) +(typeattributeset debugfs_wifi_tracing_28_0 (debugfs_wifi_tracing)) +(typeattributeset debuggerd_prop_28_0 (debuggerd_prop)) +(typeattributeset debug_prop_28_0 (debug_prop)) +(typeattributeset default_android_hwservice_28_0 (default_android_hwservice)) +(typeattributeset default_android_service_28_0 (default_android_service)) +(typeattributeset default_android_vndservice_28_0 (default_android_vndservice)) +(typeattributeset default_prop_28_0 (default_prop)) +(typeattributeset device_28_0 (device)) +(typeattributeset device_identifiers_service_28_0 (device_identifiers_service)) +(typeattributeset deviceidle_service_28_0 (deviceidle_service)) +(typeattributeset device_logging_prop_28_0 (device_logging_prop)) +(typeattributeset device_policy_service_28_0 (device_policy_service)) +(typeattributeset devicestoragemonitor_service_28_0 (devicestoragemonitor_service)) +(typeattributeset devpts_28_0 (devpts)) +(typeattributeset dex2oat_28_0 (dex2oat)) +(typeattributeset dex2oat_exec_28_0 (dex2oat_exec)) +(typeattributeset dhcp_28_0 (dhcp)) +(typeattributeset dhcp_data_file_28_0 (dhcp_data_file)) +(typeattributeset dhcp_exec_28_0 (dhcp_exec)) +(typeattributeset dhcp_prop_28_0 (dhcp_prop)) +(typeattributeset diskstats_service_28_0 (diskstats_service)) +(typeattributeset display_service_28_0 (display_service)) +(typeattributeset dm_device_28_0 (dm_device)) +(typeattributeset dnsmasq_28_0 (dnsmasq)) +(typeattributeset dnsmasq_exec_28_0 (dnsmasq_exec)) +(typeattributeset dnsproxyd_socket_28_0 (dnsproxyd_socket)) +(typeattributeset DockObserver_service_28_0 (DockObserver_service)) +(typeattributeset dreams_service_28_0 (dreams_service)) +(typeattributeset drm_data_file_28_0 (drm_data_file)) +(typeattributeset drmserver_28_0 (drmserver)) +(typeattributeset drmserver_exec_28_0 (drmserver_exec)) +(typeattributeset drmserver_service_28_0 (drmserver_service)) +(typeattributeset drmserver_socket_28_0 (drmserver_socket)) +(typeattributeset dropbox_service_28_0 (dropbox_service)) +(typeattributeset dumpstate_28_0 (dumpstate)) +(typeattributeset dumpstate_exec_28_0 (dumpstate_exec)) +(typeattributeset dumpstate_options_prop_28_0 (dumpstate_options_prop)) +(typeattributeset dumpstate_prop_28_0 (dumpstate_prop)) +(typeattributeset dumpstate_service_28_0 (dumpstate_service)) +(typeattributeset dumpstate_socket_28_0 (dumpstate_socket)) +(typeattributeset e2fs_28_0 (e2fs)) +(typeattributeset e2fs_exec_28_0 (e2fs_exec)) +(typeattributeset efs_file_28_0 (efs_file)) +(typeattributeset ephemeral_app_28_0 (ephemeral_app)) +(typeattributeset ethernet_service_28_0 (ethernet_service)) +(typeattributeset exfat_28_0 (exfat)) +(typeattributeset exported2_config_prop_28_0 (exported2_config_prop)) +(typeattributeset exported2_default_prop_28_0 (exported2_default_prop)) +(typeattributeset exported2_radio_prop_28_0 (exported2_radio_prop)) +(typeattributeset exported2_system_prop_28_0 (exported2_system_prop)) +(typeattributeset exported2_vold_prop_28_0 (exported2_vold_prop)) +(typeattributeset exported3_default_prop_28_0 (exported3_default_prop)) +(typeattributeset exported3_radio_prop_28_0 (exported3_radio_prop)) +(typeattributeset exported3_system_prop_28_0 (exported3_system_prop)) +(typeattributeset exported_audio_prop_28_0 (exported_audio_prop)) +(typeattributeset exported_bluetooth_prop_28_0 (exported_bluetooth_prop)) +(typeattributeset exported_config_prop_28_0 (exported_config_prop)) +(typeattributeset exported_dalvik_prop_28_0 (exported_dalvik_prop)) +(typeattributeset exported_default_prop_28_0 (exported_default_prop)) +(typeattributeset exported_dumpstate_prop_28_0 (exported_dumpstate_prop)) +(typeattributeset exported_ffs_prop_28_0 (exported_ffs_prop)) +(typeattributeset exported_fingerprint_prop_28_0 (exported_fingerprint_prop)) +(typeattributeset exported_overlay_prop_28_0 (exported_overlay_prop)) +(typeattributeset exported_pm_prop_28_0 (exported_pm_prop)) +(typeattributeset exported_radio_prop_28_0 (exported_radio_prop)) +(typeattributeset exported_secure_prop_28_0 (exported_secure_prop)) +(typeattributeset exported_system_prop_28_0 (exported_system_prop)) +(typeattributeset exported_system_radio_prop_28_0 (exported_system_radio_prop)) +(typeattributeset exported_vold_prop_28_0 (exported_vold_prop)) +(typeattributeset exported_wifi_prop_28_0 (exported_wifi_prop)) +(typeattributeset ffs_prop_28_0 (ffs_prop)) +(typeattributeset file_contexts_file_28_0 (file_contexts_file)) +(typeattributeset fingerprintd_28_0 (fingerprintd)) +(typeattributeset fingerprintd_data_file_28_0 (fingerprintd_data_file)) +(typeattributeset fingerprintd_exec_28_0 (fingerprintd_exec)) +(typeattributeset fingerprintd_service_28_0 (fingerprintd_service)) +(typeattributeset fingerprint_prop_28_0 (fingerprint_prop)) +(typeattributeset fingerprint_service_28_0 (fingerprint_service)) +(typeattributeset fingerprint_vendor_data_file_28_0 (fingerprint_vendor_data_file)) +(typeattributeset firstboot_prop_28_0 (firstboot_prop)) +(typeattributeset font_service_28_0 (font_service)) +(typeattributeset frp_block_device_28_0 (frp_block_device)) +(typeattributeset fs_bpf_28_0 (fs_bpf)) +(typeattributeset fsck_28_0 (fsck)) +(typeattributeset fsck_exec_28_0 (fsck_exec)) +(typeattributeset fscklogs_28_0 (fscklogs)) +(typeattributeset fsck_untrusted_28_0 (fsck_untrusted)) +(typeattributeset full_device_28_0 (full_device)) +(typeattributeset functionfs_28_0 (functionfs)) +(typeattributeset fuse_28_0 (fuse)) +(typeattributeset fuse_device_28_0 (fuse_device)) +(typeattributeset fwk_display_hwservice_28_0 (fwk_display_hwservice)) +(typeattributeset fwk_scheduler_hwservice_28_0 (fwk_scheduler_hwservice)) +(typeattributeset fwk_sensor_hwservice_28_0 (fwk_sensor_hwservice)) +(typeattributeset fwmarkd_socket_28_0 (fwmarkd_socket)) +(typeattributeset gatekeeperd_28_0 (gatekeeperd)) +(typeattributeset gatekeeper_data_file_28_0 (gatekeeper_data_file)) +(typeattributeset gatekeeperd_exec_28_0 (gatekeeperd_exec)) +(typeattributeset gatekeeper_service_28_0 (gatekeeper_service)) +(typeattributeset gfxinfo_service_28_0 (gfxinfo_service)) +(typeattributeset gps_control_28_0 (gps_control)) +(typeattributeset gpu_device_28_0 (gpu_device)) +(typeattributeset gpu_service_28_0 (gpu_service)) +(typeattributeset graphics_device_28_0 (graphics_device)) +(typeattributeset graphicsstats_service_28_0 (graphicsstats_service)) +(typeattributeset hal_audiocontrol_hwservice_28_0 (hal_audiocontrol_hwservice)) +(typeattributeset hal_audio_hwservice_28_0 (hal_audio_hwservice)) +(typeattributeset hal_authsecret_hwservice_28_0 (hal_authsecret_hwservice)) +(typeattributeset hal_bluetooth_hwservice_28_0 (hal_bluetooth_hwservice)) +(typeattributeset hal_bootctl_hwservice_28_0 (hal_bootctl_hwservice)) +(typeattributeset hal_broadcastradio_hwservice_28_0 (hal_broadcastradio_hwservice)) +(typeattributeset hal_camera_hwservice_28_0 (hal_camera_hwservice)) +(typeattributeset hal_cas_hwservice_28_0 (hal_cas_hwservice)) +(typeattributeset hal_codec2_hwservice_28_0 (hal_codec2_hwservice)) +(typeattributeset hal_configstore_ISurfaceFlingerConfigs_28_0 (hal_configstore_ISurfaceFlingerConfigs)) +(typeattributeset hal_confirmationui_hwservice_28_0 (hal_confirmationui_hwservice)) +(typeattributeset hal_contexthub_hwservice_28_0 (hal_contexthub_hwservice)) +(typeattributeset hal_drm_hwservice_28_0 (hal_drm_hwservice)) +(typeattributeset hal_dumpstate_hwservice_28_0 (hal_dumpstate_hwservice)) +(typeattributeset hal_evs_hwservice_28_0 (hal_evs_hwservice)) +(typeattributeset hal_fingerprint_hwservice_28_0 (hal_fingerprint_hwservice)) +(typeattributeset hal_fingerprint_service_28_0 (hal_fingerprint_service)) +(typeattributeset hal_gatekeeper_hwservice_28_0 (hal_gatekeeper_hwservice)) +(typeattributeset hal_gnss_hwservice_28_0 (hal_gnss_hwservice)) +(typeattributeset hal_graphics_allocator_hwservice_28_0 (hal_graphics_allocator_hwservice)) +(typeattributeset hal_graphics_composer_hwservice_28_0 (hal_graphics_composer_hwservice)) +(typeattributeset hal_graphics_mapper_hwservice_28_0 (hal_graphics_mapper_hwservice)) +(typeattributeset hal_health_hwservice_28_0 (hal_health_hwservice)) +(typeattributeset hal_ir_hwservice_28_0 (hal_ir_hwservice)) +(typeattributeset hal_keymaster_hwservice_28_0 (hal_keymaster_hwservice)) +(typeattributeset hal_light_hwservice_28_0 (hal_light_hwservice)) +(typeattributeset hal_lowpan_hwservice_28_0 (hal_lowpan_hwservice)) +(typeattributeset hal_memtrack_hwservice_28_0 (hal_memtrack_hwservice)) +(typeattributeset hal_neuralnetworks_hwservice_28_0 (hal_neuralnetworks_hwservice)) +(typeattributeset hal_nfc_hwservice_28_0 (hal_nfc_hwservice)) +(typeattributeset hal_oemlock_hwservice_28_0 (hal_oemlock_hwservice)) +(typeattributeset hal_omx_hwservice_28_0 (hal_omx_hwservice)) +(typeattributeset hal_power_hwservice_28_0 (hal_power_hwservice)) +(typeattributeset hal_renderscript_hwservice_28_0 (hal_renderscript_hwservice)) +(typeattributeset hal_secure_element_hwservice_28_0 (hal_secure_element_hwservice)) +(typeattributeset hal_sensors_hwservice_28_0 (hal_sensors_hwservice)) +(typeattributeset hal_telephony_hwservice_28_0 (hal_telephony_hwservice)) +(typeattributeset hal_tetheroffload_hwservice_28_0 (hal_tetheroffload_hwservice)) +(typeattributeset hal_thermal_hwservice_28_0 (hal_thermal_hwservice)) +(typeattributeset hal_tv_cec_hwservice_28_0 (hal_tv_cec_hwservice)) +(typeattributeset hal_tv_input_hwservice_28_0 (hal_tv_input_hwservice)) +(typeattributeset hal_usb_gadget_hwservice_28_0 (hal_usb_gadget_hwservice)) +(typeattributeset hal_usb_hwservice_28_0 (hal_usb_hwservice)) +(typeattributeset hal_vehicle_hwservice_28_0 (hal_vehicle_hwservice)) +(typeattributeset hal_vibrator_hwservice_28_0 (hal_vibrator_hwservice)) +(typeattributeset hal_vr_hwservice_28_0 (hal_vr_hwservice)) +(typeattributeset hal_weaver_hwservice_28_0 (hal_weaver_hwservice)) +(typeattributeset hal_wifi_hostapd_hwservice_28_0 (hal_wifi_hostapd_hwservice)) +(typeattributeset hal_wifi_hwservice_28_0 (hal_wifi_hwservice)) +(typeattributeset hal_wifi_offload_hwservice_28_0 (hal_wifi_offload_hwservice)) +(typeattributeset hal_wifi_supplicant_hwservice_28_0 (hal_wifi_supplicant_hwservice)) +(typeattributeset hardware_properties_service_28_0 (hardware_properties_service)) +(typeattributeset hardware_service_28_0 (hardware_service)) +(typeattributeset hci_attach_dev_28_0 (hci_attach_dev)) +(typeattributeset hdmi_control_service_28_0 (hdmi_control_service)) +(typeattributeset healthd_28_0 (healthd)) +(typeattributeset healthd_exec_28_0 (healthd_exec)) +(typeattributeset heapdump_data_file_28_0 (heapdump_data_file)) +(typeattributeset hidl_allocator_hwservice_28_0 (hidl_allocator_hwservice)) +(typeattributeset hidl_base_hwservice_28_0 (hidl_base_hwservice)) +(typeattributeset hidl_manager_hwservice_28_0 (hidl_manager_hwservice)) +(typeattributeset hidl_memory_hwservice_28_0 (hidl_memory_hwservice)) +(typeattributeset hidl_token_hwservice_28_0 (hidl_token_hwservice)) +(typeattributeset hwbinder_device_28_0 (hwbinder_device)) +(typeattributeset hw_random_device_28_0 (hw_random_device)) +(typeattributeset hwservice_contexts_file_28_0 (hwservice_contexts_file)) +(typeattributeset hwservicemanager_28_0 (hwservicemanager)) +(typeattributeset hwservicemanager_exec_28_0 (hwservicemanager_exec)) +(typeattributeset hwservicemanager_prop_28_0 (hwservicemanager_prop)) +(typeattributeset i2c_device_28_0 (i2c_device)) +(typeattributeset icon_file_28_0 (icon_file)) +(typeattributeset idmap_28_0 (idmap)) +(typeattributeset idmap_exec_28_0 (idmap_exec)) +(typeattributeset iio_device_28_0 (iio_device)) +(typeattributeset imms_service_28_0 (imms_service)) +(typeattributeset incident_28_0 (incident)) +(typeattributeset incidentd_28_0 (incidentd)) +(typeattributeset incident_data_file_28_0 (incident_data_file)) +(typeattributeset incident_helper_28_0 (incident_helper)) +(typeattributeset incident_service_28_0 (incident_service)) +(typeattributeset init_28_0 (init)) +(typeattributeset init_exec_28_0 (init_exec watchdogd_exec)) +(typeattributeset inotify_28_0 (inotify)) +(typeattributeset input_device_28_0 (input_device)) +(typeattributeset inputflinger_28_0 (inputflinger)) +(typeattributeset inputflinger_exec_28_0 (inputflinger_exec)) +(typeattributeset inputflinger_service_28_0 (inputflinger_service)) +(typeattributeset input_method_service_28_0 (input_method_service)) +(typeattributeset input_service_28_0 (input_service)) +(typeattributeset installd_28_0 (installd)) +(typeattributeset install_data_file_28_0 (install_data_file)) +(typeattributeset installd_exec_28_0 (installd_exec)) +(typeattributeset installd_service_28_0 (installd_service)) +(typeattributeset install_recovery_28_0 (install_recovery)) +(typeattributeset install_recovery_exec_28_0 (install_recovery_exec)) +(typeattributeset ion_device_28_0 (ion_device)) +(typeattributeset IProxyService_service_28_0 (IProxyService_service)) +(typeattributeset ipsec_service_28_0 (ipsec_service)) +(typeattributeset isolated_app_28_0 (isolated_app)) +(typeattributeset jobscheduler_service_28_0 (jobscheduler_service)) +(typeattributeset kernel_28_0 (kernel)) +(typeattributeset keychain_data_file_28_0 (keychain_data_file)) +(typeattributeset keychord_device_28_0 (keychord_device)) +(typeattributeset keystore_28_0 (keystore)) +(typeattributeset keystore_data_file_28_0 (keystore_data_file)) +(typeattributeset keystore_exec_28_0 (keystore_exec)) +(typeattributeset keystore_service_28_0 (keystore_service)) +(typeattributeset kmem_device_28_0 (kmem_device)) +(typeattributeset kmsg_debug_device_28_0 (kmsg_debug_device)) +(typeattributeset kmsg_device_28_0 (kmsg_device)) +(typeattributeset labeledfs_28_0 (labeledfs)) +(typeattributeset last_boot_reason_prop_28_0 (last_boot_reason_prop)) +(typeattributeset launcherapps_service_28_0 (launcherapps_service)) +(typeattributeset lmkd_28_0 (lmkd)) +(typeattributeset lmkd_exec_28_0 (lmkd_exec)) +(typeattributeset lmkd_socket_28_0 (lmkd_socket)) +(typeattributeset location_service_28_0 (location_service)) +(typeattributeset lock_settings_service_28_0 (lock_settings_service)) +(typeattributeset logcat_exec_28_0 (logcat_exec)) +(typeattributeset logd_28_0 (logd)) +(typeattributeset logd_exec_28_0 (logd_exec)) +(typeattributeset logd_prop_28_0 (logd_prop)) +(typeattributeset logdr_socket_28_0 (logdr_socket)) +(typeattributeset logd_socket_28_0 (logd_socket)) +(typeattributeset logdw_socket_28_0 (logdw_socket)) +(typeattributeset logpersist_28_0 (logpersist)) +(typeattributeset logpersistd_logging_prop_28_0 (logpersistd_logging_prop)) +(typeattributeset log_prop_28_0 (log_prop)) +(typeattributeset log_tag_prop_28_0 (log_tag_prop)) +(typeattributeset loop_control_device_28_0 (loop_control_device)) +(typeattributeset loop_device_28_0 (loop_device)) +(typeattributeset lowpan_device_28_0 (lowpan_device)) +(typeattributeset lowpan_prop_28_0 (lowpan_prop)) +(typeattributeset lowpan_service_28_0 (lowpan_service)) +(typeattributeset mac_perms_file_28_0 (mac_perms_file)) +(typeattributeset mdnsd_28_0 (mdnsd)) +(typeattributeset mdnsd_socket_28_0 (mdnsd_socket)) +(typeattributeset mdns_socket_28_0 (mdns_socket)) +(typeattributeset hal_omx_server (mediacodec_28_0)) +(typeattributeset mediacodec_28_0 (mediacodec)) +(typeattributeset mediacodec_exec_28_0 (mediacodec_exec)) +(typeattributeset mediacodec_service_28_0 (mediacodec_service)) +(typeattributeset media_data_file_28_0 (media_data_file)) +(typeattributeset mediadrmserver_28_0 (mediadrmserver)) +(typeattributeset mediadrmserver_exec_28_0 (mediadrmserver_exec)) +(typeattributeset mediadrmserver_service_28_0 (mediadrmserver_service)) +(typeattributeset mediaextractor_28_0 (mediaextractor)) +(typeattributeset mediaextractor_exec_28_0 (mediaextractor_exec)) +(typeattributeset mediaextractor_service_28_0 (mediaextractor_service)) +(typeattributeset mediaextractor_update_service_28_0 (mediaextractor_update_service)) +(typeattributeset mediametrics_28_0 (mediametrics)) +(typeattributeset mediametrics_exec_28_0 (mediametrics_exec)) +(typeattributeset mediametrics_service_28_0 (mediametrics_service)) +(typeattributeset media_projection_service_28_0 (media_projection_service)) +(typeattributeset mediaprovider_28_0 (mediaprovider)) +(typeattributeset media_router_service_28_0 (media_router_service)) +(typeattributeset media_rw_data_file_28_0 (media_rw_data_file)) +(typeattributeset mediaserver_28_0 (mediaserver)) +(typeattributeset mediaserver_exec_28_0 (mediaserver_exec)) +(typeattributeset mediaserver_service_28_0 (mediaserver_service)) +(typeattributeset media_session_service_28_0 (media_session_service)) +(typeattributeset meminfo_service_28_0 (meminfo_service)) +(typeattributeset metadata_block_device_28_0 (metadata_block_device)) +(typeattributeset metadata_file_28_0 (metadata_file)) +(typeattributeset method_trace_data_file_28_0 (method_trace_data_file)) +(typeattributeset midi_service_28_0 (midi_service)) +(typeattributeset misc_block_device_28_0 (misc_block_device)) +(typeattributeset misc_logd_file_28_0 (misc_logd_file)) +(typeattributeset misc_user_data_file_28_0 (misc_user_data_file)) +(typeattributeset mmc_prop_28_0 (mmc_prop)) +(typeattributeset mnt_expand_file_28_0 (mnt_expand_file)) +(typeattributeset mnt_media_rw_file_28_0 (mnt_media_rw_file)) +(typeattributeset mnt_media_rw_stub_file_28_0 (mnt_media_rw_stub_file)) +(typeattributeset mnt_user_file_28_0 (mnt_user_file)) +(typeattributeset mnt_vendor_file_28_0 (mnt_vendor_file)) +(typeattributeset modprobe_28_0 (modprobe)) +(typeattributeset mount_service_28_0 (mount_service)) +(typeattributeset mqueue_28_0 (mqueue)) +(typeattributeset mtd_device_28_0 (mtd_device)) +(typeattributeset mtp_28_0 (mtp)) +(typeattributeset mtp_device_28_0 (mtp_device)) +(typeattributeset mtpd_socket_28_0 (mtpd_socket)) +(typeattributeset mtp_exec_28_0 (mtp_exec)) +(typeattributeset nativetest_data_file_28_0 (nativetest_data_file)) +(typeattributeset netd_28_0 (netd)) +(typeattributeset net_data_file_28_0 (net_data_file)) +(typeattributeset netd_exec_28_0 (netd_exec)) +(typeattributeset netd_listener_service_28_0 (netd_listener_service)) +(typeattributeset net_dns_prop_28_0 (net_dns_prop)) +(typeattributeset netd_service_28_0 (netd_service)) +(typeattributeset netd_socket_28_0 (netd_socket)) +(typeattributeset netd_stable_secret_prop_28_0 (netd_stable_secret_prop)) +(typeattributeset netif_28_0 (netif)) +(typeattributeset netpolicy_service_28_0 (netpolicy_service)) +(typeattributeset net_radio_prop_28_0 (net_radio_prop)) +(typeattributeset netstats_service_28_0 (netstats_service)) +(typeattributeset netutils_wrapper_28_0 (netutils_wrapper)) +(typeattributeset netutils_wrapper_exec_28_0 (netutils_wrapper_exec)) +(typeattributeset network_management_service_28_0 (network_management_service)) +(typeattributeset network_score_service_28_0 (network_score_service)) +(typeattributeset network_time_update_service_28_0 (network_time_update_service)) +(typeattributeset network_watchlist_data_file_28_0 (network_watchlist_data_file)) +(typeattributeset network_watchlist_service_28_0 (network_watchlist_service)) +(typeattributeset nfc_28_0 (nfc)) +(typeattributeset nfc_data_file_28_0 (nfc_data_file)) +(typeattributeset nfc_device_28_0 (nfc_device)) +(typeattributeset nfc_prop_28_0 (nfc_prop)) +(typeattributeset nfc_service_28_0 (nfc_service)) +(typeattributeset node_28_0 (node)) +(typeattributeset nonplat_service_contexts_file_28_0 (nonplat_service_contexts_file)) +(typeattributeset notification_service_28_0 (notification_service)) +(typeattributeset null_device_28_0 (null_device)) +(typeattributeset oemfs_28_0 (oemfs)) +(typeattributeset oem_lock_service_28_0 (oem_lock_service)) +(typeattributeset ota_data_file_28_0 (ota_data_file)) +(typeattributeset otadexopt_service_28_0 (otadexopt_service)) +(typeattributeset ota_package_file_28_0 (ota_package_file)) +(typeattributeset otapreopt_chroot_28_0 (otapreopt_chroot)) +(typeattributeset otapreopt_chroot_exec_28_0 (otapreopt_chroot_exec)) +(typeattributeset otapreopt_slot_28_0 (otapreopt_slot)) +(typeattributeset otapreopt_slot_exec_28_0 (otapreopt_slot_exec)) +(typeattributeset overlay_prop_28_0 (overlay_prop)) +(typeattributeset overlay_service_28_0 (overlay_service)) +(typeattributeset owntty_device_28_0 (owntty_device)) +(typeattributeset package_native_service_28_0 (package_native_service)) +(typeattributeset package_service_28_0 (package_service)) +(typeattributeset pan_result_prop_28_0 (pan_result_prop)) +(typeattributeset pdx_bufferhub_client_channel_socket_28_0 (pdx_bufferhub_client_channel_socket)) +(typeattributeset pdx_bufferhub_client_endpoint_socket_28_0 (pdx_bufferhub_client_endpoint_socket)) +(typeattributeset pdx_bufferhub_dir_28_0 (pdx_bufferhub_dir)) +(typeattributeset pdx_display_client_channel_socket_28_0 (pdx_display_client_channel_socket)) +(typeattributeset pdx_display_client_endpoint_socket_28_0 (pdx_display_client_endpoint_socket)) +(typeattributeset pdx_display_dir_28_0 (pdx_display_dir)) +(typeattributeset pdx_display_manager_channel_socket_28_0 (pdx_display_manager_channel_socket)) +(typeattributeset pdx_display_manager_endpoint_socket_28_0 (pdx_display_manager_endpoint_socket)) +(typeattributeset pdx_display_screenshot_channel_socket_28_0 (pdx_display_screenshot_channel_socket)) +(typeattributeset pdx_display_screenshot_endpoint_socket_28_0 (pdx_display_screenshot_endpoint_socket)) +(typeattributeset pdx_display_vsync_channel_socket_28_0 (pdx_display_vsync_channel_socket)) +(typeattributeset pdx_display_vsync_endpoint_socket_28_0 (pdx_display_vsync_endpoint_socket)) +(typeattributeset pdx_performance_client_channel_socket_28_0 (pdx_performance_client_channel_socket)) +(typeattributeset pdx_performance_client_endpoint_socket_28_0 (pdx_performance_client_endpoint_socket)) +(typeattributeset pdx_performance_dir_28_0 (pdx_performance_dir)) +(typeattributeset performanced_28_0 (performanced)) +(typeattributeset performanced_exec_28_0 (performanced_exec)) +(typeattributeset permission_service_28_0 (permission_service)) +(typeattributeset persist_debug_prop_28_0 (persist_debug_prop)) +(typeattributeset persistent_data_block_service_28_0 (persistent_data_block_service)) +(typeattributeset persistent_properties_ready_prop_28_0 (persistent_properties_ready_prop)) +(typeattributeset pinner_service_28_0 (pinner_service)) +(typeattributeset pipefs_28_0 (pipefs)) +(typeattributeset platform_app_28_0 (platform_app)) +(typeattributeset pm_prop_28_0 (pm_prop)) +(typeattributeset pmsg_device_28_0 (pmsg_device)) +(typeattributeset port_28_0 (port)) +(typeattributeset port_device_28_0 (port_device)) +(typeattributeset postinstall_28_0 (postinstall)) +(typeattributeset postinstall_dexopt_28_0 (postinstall_dexopt)) +(typeattributeset postinstall_file_28_0 (postinstall_file)) +(typeattributeset postinstall_mnt_dir_28_0 (postinstall_mnt_dir)) +(typeattributeset powerctl_prop_28_0 (powerctl_prop)) +(typeattributeset power_service_28_0 (power_service)) +(typeattributeset ppp_28_0 (ppp)) +(typeattributeset ppp_device_28_0 (ppp_device)) +(typeattributeset ppp_exec_28_0 (ppp_exec)) +(typeattributeset preloads_data_file_28_0 (preloads_data_file)) +(typeattributeset preloads_media_file_28_0 (preloads_media_file)) +(typeattributeset preopt2cachename_28_0 (preopt2cachename)) +(typeattributeset preopt2cachename_exec_28_0 (preopt2cachename_exec)) +(typeattributeset print_service_28_0 (print_service)) +(typeattributeset priv_app_28_0 (priv_app)) +(typeattributeset proc_28_0 + ( proc + proc_fs_verity + proc_keys + proc_kpageflags + proc_lowmemorykiller + proc_pressure_cpu + proc_pressure_io + proc_pressure_mem + proc_slabinfo)) +(typeattributeset proc_abi_28_0 (proc_abi)) +(typeattributeset proc_asound_28_0 (proc_asound)) +(typeattributeset proc_bluetooth_writable_28_0 (proc_bluetooth_writable)) +(typeattributeset proc_buddyinfo_28_0 (proc_buddyinfo)) +(typeattributeset proc_cmdline_28_0 (proc_cmdline)) +(typeattributeset proc_cpuinfo_28_0 (proc_cpuinfo)) +(typeattributeset proc_dirty_28_0 (proc_dirty)) +(typeattributeset proc_diskstats_28_0 (proc_diskstats)) +(typeattributeset proc_drop_caches_28_0 (proc_drop_caches)) +(typeattributeset processinfo_service_28_0 (processinfo_service)) +(typeattributeset proc_extra_free_kbytes_28_0 (proc_extra_free_kbytes)) +(typeattributeset proc_filesystems_28_0 (proc_filesystems)) +(typeattributeset proc_hostname_28_0 (proc_hostname)) +(typeattributeset proc_hung_task_28_0 (proc_hung_task)) +(typeattributeset proc_interrupts_28_0 (proc_interrupts)) +(typeattributeset proc_iomem_28_0 (proc_iomem)) +(typeattributeset proc_kmsg_28_0 (proc_kmsg)) +(typeattributeset proc_loadavg_28_0 (proc_loadavg)) +(typeattributeset proc_max_map_count_28_0 (proc_max_map_count)) +(typeattributeset proc_meminfo_28_0 (proc_meminfo)) +(typeattributeset proc_min_free_order_shift_28_0 (proc_min_free_order_shift)) +(typeattributeset proc_misc_28_0 (proc_misc)) +(typeattributeset proc_modules_28_0 (proc_modules)) +(typeattributeset proc_mounts_28_0 (proc_mounts)) +(typeattributeset proc_net_28_0 + ( proc_net + proc_net_tcp_udp)) +(typeattributeset proc_overcommit_memory_28_0 (proc_overcommit_memory)) +(typeattributeset proc_page_cluster_28_0 (proc_page_cluster)) +(typeattributeset proc_pagetypeinfo_28_0 (proc_pagetypeinfo)) +(typeattributeset proc_panic_28_0 (proc_panic)) +(typeattributeset proc_perf_28_0 (proc_perf)) +(typeattributeset proc_pid_max_28_0 (proc_pid_max)) +(typeattributeset proc_pipe_conf_28_0 (proc_pipe_conf)) +(typeattributeset proc_qtaguid_stat_28_0 (proc_qtaguid_stat)) +(typeattributeset proc_random_28_0 (proc_random)) +(typeattributeset proc_sched_28_0 (proc_sched)) +(typeattributeset proc_security_28_0 (proc_security)) +(typeattributeset proc_stat_28_0 (proc_stat)) +(typeattributeset procstats_service_28_0 (procstats_service)) +(typeattributeset proc_swaps_28_0 (proc_swaps)) +(typeattributeset proc_sysrq_28_0 (proc_sysrq)) +(typeattributeset proc_timer_28_0 (proc_timer)) +(typeattributeset proc_tty_drivers_28_0 (proc_tty_drivers)) +(typeattributeset proc_uid_concurrent_active_time_28_0 (proc_uid_concurrent_active_time)) +(typeattributeset proc_uid_concurrent_policy_time_28_0 (proc_uid_concurrent_policy_time)) +(typeattributeset proc_uid_cpupower_28_0 (proc_uid_cpupower)) +(typeattributeset proc_uid_cputime_removeuid_28_0 (proc_uid_cputime_removeuid)) +(typeattributeset proc_uid_cputime_showstat_28_0 (proc_uid_cputime_showstat)) +(typeattributeset proc_uid_io_stats_28_0 (proc_uid_io_stats)) +(typeattributeset proc_uid_procstat_set_28_0 (proc_uid_procstat_set)) +(typeattributeset proc_uid_time_in_state_28_0 (proc_uid_time_in_state)) +(typeattributeset proc_uptime_28_0 (proc_uptime)) +(typeattributeset proc_version_28_0 (proc_version)) +(typeattributeset proc_vmallocinfo_28_0 (proc_vmallocinfo)) +(typeattributeset proc_vmstat_28_0 (proc_vmstat)) +(typeattributeset proc_zoneinfo_28_0 (proc_zoneinfo)) +(typeattributeset profman_28_0 (profman)) +(typeattributeset profman_dump_data_file_28_0 (profman_dump_data_file)) +(typeattributeset profman_exec_28_0 (profman_exec)) +(typeattributeset properties_device_28_0 (properties_device)) +(typeattributeset properties_serial_28_0 (properties_serial)) +(typeattributeset property_contexts_file_28_0 (property_contexts_file)) +(typeattributeset property_data_file_28_0 (property_data_file)) +(typeattributeset property_info_28_0 (property_info)) +(typeattributeset property_socket_28_0 (property_socket)) +(typeattributeset pstorefs_28_0 (pstorefs)) +(typeattributeset ptmx_device_28_0 (ptmx_device)) +(typeattributeset qtaguid_device_28_0 (qtaguid_device)) +(typeattributeset qtaguid_proc_28_0 + ( proc_qtaguid_ctrl + qtaguid_proc)) +(typeattributeset racoon_28_0 (racoon)) +(typeattributeset racoon_exec_28_0 (racoon_exec)) +(typeattributeset racoon_socket_28_0 (racoon_socket)) +(typeattributeset radio_28_0 (radio)) +(typeattributeset radio_data_file_28_0 (radio_data_file)) +(typeattributeset radio_device_28_0 (radio_device)) +(typeattributeset radio_prop_28_0 (radio_prop)) +(typeattributeset radio_service_28_0 (radio_service)) +(typeattributeset ram_device_28_0 (ram_device)) +(typeattributeset random_device_28_0 (random_device)) +(typeattributeset recovery_28_0 (recovery)) +(typeattributeset recovery_block_device_28_0 (recovery_block_device)) +(typeattributeset recovery_data_file_28_0 (recovery_data_file)) +(typeattributeset recovery_persist_28_0 (recovery_persist)) +(typeattributeset recovery_persist_exec_28_0 (recovery_persist_exec)) +(typeattributeset recovery_refresh_28_0 (recovery_refresh)) +(typeattributeset recovery_refresh_exec_28_0 (recovery_refresh_exec)) +(typeattributeset recovery_service_28_0 (recovery_service)) +(typeattributeset registry_service_28_0 (registry_service)) +(typeattributeset resourcecache_data_file_28_0 (resourcecache_data_file)) +(typeattributeset restorecon_prop_28_0 (restorecon_prop)) +(typeattributeset restrictions_service_28_0 (restrictions_service)) +(typeattributeset rild_debug_socket_28_0 (rild_debug_socket)) +(typeattributeset rild_socket_28_0 (rild_socket)) +(typeattributeset ringtone_file_28_0 (ringtone_file)) +(typeattributeset root_block_device_28_0 (root_block_device)) +(typeattributeset rootfs_28_0 (rootfs)) +(typeattributeset rpmsg_device_28_0 (rpmsg_device)) +(typeattributeset rtc_device_28_0 (rtc_device)) +(typeattributeset rttmanager_service_28_0 (rttmanager_service)) +(typeattributeset runas_28_0 (runas)) +(typeattributeset runas_exec_28_0 (runas_exec)) +(typeattributeset runtime_event_log_tags_file_28_0 (runtime_event_log_tags_file)) +(typeattributeset safemode_prop_28_0 (safemode_prop)) +(typeattributeset same_process_hal_file_28_0 + ( same_process_hal_file + vendor_public_lib_file)) +(typeattributeset samplingprofiler_service_28_0 (samplingprofiler_service)) +(typeattributeset scheduling_policy_service_28_0 (scheduling_policy_service)) +(typeattributeset sdcardd_28_0 (sdcardd)) +(typeattributeset sdcardd_exec_28_0 (sdcardd_exec)) +(typeattributeset sdcardfs_28_0 (sdcardfs)) +(typeattributeset seapp_contexts_file_28_0 (seapp_contexts_file)) +(typeattributeset search_service_28_0 (search_service)) +(typeattributeset sec_key_att_app_id_provider_service_28_0 (sec_key_att_app_id_provider_service)) +(typeattributeset secure_element_28_0 (secure_element)) +(typeattributeset secure_element_device_28_0 (secure_element_device)) +(typeattributeset secure_element_service_28_0 (secure_element_service)) +(typeattributeset selinuxfs_28_0 (selinuxfs)) +(typeattributeset sensors_device_28_0 (sensors_device)) +(typeattributeset sensorservice_service_28_0 (sensorservice_service)) +(typeattributeset sepolicy_file_28_0 (sepolicy_file)) +(typeattributeset serial_device_28_0 (serial_device)) +(typeattributeset serialno_prop_28_0 (serialno_prop)) +(typeattributeset serial_service_28_0 (serial_service)) +(typeattributeset service_contexts_file_28_0 (service_contexts_file)) +(typeattributeset servicediscovery_service_28_0 (servicediscovery_service)) +(typeattributeset servicemanager_28_0 (servicemanager)) +(typeattributeset servicemanager_exec_28_0 (servicemanager_exec)) +(typeattributeset settings_service_28_0 (settings_service)) +(typeattributeset sgdisk_28_0 (sgdisk)) +(typeattributeset sgdisk_exec_28_0 (sgdisk_exec)) +(typeattributeset shared_relro_28_0 (shared_relro)) +(typeattributeset shared_relro_file_28_0 (shared_relro_file)) +(typeattributeset shell_28_0 (shell)) +(typeattributeset shell_data_file_28_0 (shell_data_file)) +(typeattributeset shell_exec_28_0 (shell_exec)) +(typeattributeset shell_prop_28_0 (shell_prop)) +(typeattributeset shm_28_0 (shm)) +(typeattributeset shortcut_manager_icons_28_0 (shortcut_manager_icons)) +(typeattributeset shortcut_service_28_0 (shortcut_service)) +(typeattributeset slice_service_28_0 (slice_service)) +(typeattributeset slideshow_28_0 (slideshow)) +(typeattributeset socket_device_28_0 (socket_device)) +(typeattributeset sockfs_28_0 (sockfs)) +(typeattributeset statusbar_service_28_0 (statusbar_service)) +(typeattributeset storaged_service_28_0 (storaged_service)) +(typeattributeset storage_file_28_0 (storage_file)) +(typeattributeset storagestats_service_28_0 (storagestats_service)) +(typeattributeset storage_stub_file_28_0 (storage_stub_file)) +(typeattributeset su_28_0 (su)) +(typeattributeset su_exec_28_0 (su_exec)) +(typeattributeset surfaceflinger_28_0 (surfaceflinger)) +(typeattributeset surfaceflinger_service_28_0 (surfaceflinger_service)) +(typeattributeset swap_block_device_28_0 (swap_block_device)) +(typeattributeset sysfs_28_0 + ( sysfs + sysfs_devices_block + sysfs_extcon + sysfs_loop + sysfs_transparent_hugepage)) +(typeattributeset sysfs_android_usb_28_0 (sysfs_android_usb)) +(typeattributeset sysfs_batteryinfo_28_0 (sysfs_batteryinfo)) +(typeattributeset sysfs_bluetooth_writable_28_0 (sysfs_bluetooth_writable)) +(typeattributeset sysfs_devices_system_cpu_28_0 (sysfs_devices_system_cpu)) +(typeattributeset sysfs_dm_28_0 (sysfs_dm)) +(typeattributeset sysfs_dt_firmware_android_28_0 (sysfs_dt_firmware_android)) +(typeattributeset sysfs_fs_ext4_features_28_0 (sysfs_fs_ext4_features)) +(typeattributeset sysfs_hwrandom_28_0 (sysfs_hwrandom)) +(typeattributeset sysfs_ipv4_28_0 (sysfs_ipv4)) +(typeattributeset sysfs_kernel_notes_28_0 (sysfs_kernel_notes)) +(typeattributeset sysfs_leds_28_0 (sysfs_leds)) +(typeattributeset sysfs_lowmemorykiller_28_0 (sysfs_lowmemorykiller)) +(typeattributeset sysfs_mac_address_28_0 (sysfs_mac_address)) +(typeattributeset sysfs_net_28_0 (sysfs_net)) +(typeattributeset sysfs_nfc_power_writable_28_0 (sysfs_nfc_power_writable)) +(typeattributeset sysfs_power_28_0 (sysfs_power)) +(typeattributeset sysfs_rtc_28_0 (sysfs_rtc)) +(typeattributeset sysfs_switch_28_0 (sysfs_switch)) +(typeattributeset sysfs_thermal_28_0 (sysfs_thermal)) +(typeattributeset sysfs_uio_28_0 (sysfs_uio)) +(typeattributeset sysfs_usb_28_0 (sysfs_usb)) +(typeattributeset sysfs_usermodehelper_28_0 (sysfs_usermodehelper)) +(typeattributeset sysfs_vibrator_28_0 (sysfs_vibrator)) +(typeattributeset sysfs_wake_lock_28_0 (sysfs_wake_lock)) +(typeattributeset sysfs_wakeup_reasons_28_0 (sysfs_wakeup_reasons)) +(typeattributeset sysfs_wlan_fwpath_28_0 (sysfs_wlan_fwpath)) +(typeattributeset sysfs_zram_28_0 (sysfs_zram)) +(typeattributeset sysfs_zram_uevent_28_0 (sysfs_zram_uevent)) +(typeattributeset system_app_28_0 (system_app)) +(typeattributeset system_app_data_file_28_0 (system_app_data_file)) +(typeattributeset system_app_service_28_0 (system_app_service)) +(typeattributeset system_block_device_28_0 (system_block_device)) +(typeattributeset system_boot_reason_prop_28_0 (system_boot_reason_prop)) +(typeattributeset system_data_file_28_0 + ( dropbox_data_file + system_data_file + packages_list_file)) +(typeattributeset system_file_28_0 + ( system_file + system_asan_options_file + system_lib_file + system_linker_config_file + system_linker_exec + system_seccomp_policy_file + system_security_cacerts_file + tcpdump_exec + system_zoneinfo_file +)) +(typeattributeset systemkeys_data_file_28_0 (systemkeys_data_file)) +(typeattributeset system_ndebug_socket_28_0 (system_ndebug_socket)) +(typeattributeset system_net_netd_hwservice_28_0 (system_net_netd_hwservice)) +(typeattributeset system_prop_28_0 (system_prop)) +(typeattributeset system_radio_prop_28_0 (system_radio_prop)) +(typeattributeset system_server_28_0 (system_server)) +(typeattributeset system_update_service_28_0 (system_update_service)) +(typeattributeset system_wifi_keystore_hwservice_28_0 (system_wifi_keystore_hwservice)) +(typeattributeset system_wpa_socket_28_0 (system_wpa_socket)) +(typeattributeset task_service_28_0 (task_service)) +(typeattributeset tee_28_0 (tee)) +(typeattributeset tee_data_file_28_0 (tee_data_file)) +(typeattributeset tee_device_28_0 (tee_device)) +(typeattributeset telecom_service_28_0 (telecom_service)) +(typeattributeset test_boot_reason_prop_28_0 (test_boot_reason_prop)) +(typeattributeset textclassification_service_28_0 (textclassification_service)) +(typeattributeset textclassifier_data_file_28_0 (textclassifier_data_file)) +(typeattributeset textservices_service_28_0 (textservices_service)) +(typeattributeset thermalcallback_hwservice_28_0 (thermalcallback_hwservice)) +(typeattributeset thermal_service_28_0 (thermal_service)) +(typeattributeset timezone_service_28_0 (timezone_service)) +(typeattributeset tmpfs_28_0 + ( mnt_sdcard_file + tmpfs)) +(typeattributeset tombstoned_28_0 (tombstoned)) +(typeattributeset tombstone_data_file_28_0 (tombstone_data_file)) +(typeattributeset tombstoned_crash_socket_28_0 (tombstoned_crash_socket)) +(typeattributeset tombstoned_exec_28_0 (tombstoned_exec)) +(typeattributeset tombstoned_intercept_socket_28_0 (tombstoned_intercept_socket)) +(typeattributeset tombstoned_java_trace_socket_28_0 (tombstoned_java_trace_socket)) +(typeattributeset tombstone_wifi_data_file_28_0 (tombstone_wifi_data_file)) +(typeattributeset toolbox_28_0 (toolbox)) +(typeattributeset toolbox_exec_28_0 (toolbox_exec)) +(typeattributeset trace_data_file_28_0 (trace_data_file)) +(typeattributeset traced_consumer_socket_28_0 (traced_consumer_socket)) +(typeattributeset traced_enabled_prop_28_0 (traced_enabled_prop)) +(typeattributeset traced_probes_28_0 (traced_probes)) +(typeattributeset traced_producer_socket_28_0 (traced_producer_socket)) +(typeattributeset traceur_app_28_0 (traceur_app)) +(typeattributeset trust_service_28_0 (trust_service)) +(typeattributeset tty_device_28_0 (tty_device)) +(typeattributeset tun_device_28_0 (tun_device)) +(typeattributeset tv_input_service_28_0 (tv_input_service)) +(typeattributeset tzdatacheck_28_0 (tzdatacheck)) +(typeattributeset tzdatacheck_exec_28_0 (tzdatacheck_exec)) +(typeattributeset ueventd_28_0 (ueventd)) +(typeattributeset uhid_device_28_0 (uhid_device)) +(typeattributeset uimode_service_28_0 (uimode_service)) +(typeattributeset uio_device_28_0 (uio_device)) +(typeattributeset uncrypt_28_0 (uncrypt)) +(typeattributeset uncrypt_exec_28_0 (uncrypt_exec)) +(typeattributeset uncrypt_socket_28_0 (uncrypt_socket)) +(typeattributeset unencrypted_data_file_28_0 (unencrypted_data_file)) +(typeattributeset unlabeled_28_0 (unlabeled)) +(typeattributeset untrusted_app_25_28_0 (untrusted_app_25)) +(typeattributeset untrusted_app_27_28_0 (untrusted_app_27)) +(typeattributeset untrusted_app_28_0 (untrusted_app)) +(typeattributeset untrusted_v2_app_28_0 (untrusted_v2_app)) +(typeattributeset update_engine_28_0 (update_engine)) +(typeattributeset update_engine_data_file_28_0 (update_engine_data_file)) +(typeattributeset update_engine_exec_28_0 (update_engine_exec)) +(typeattributeset update_engine_log_data_file_28_0 (update_engine_log_data_file)) +(typeattributeset update_engine_service_28_0 (update_engine_service)) +(typeattributeset updatelock_service_28_0 (updatelock_service)) +(typeattributeset update_verifier_28_0 (update_verifier)) +(typeattributeset update_verifier_exec_28_0 (update_verifier_exec)) +(typeattributeset usagestats_service_28_0 (usagestats_service)) +(typeattributeset usbaccessory_device_28_0 (usbaccessory_device)) +(typeattributeset usbd_28_0 (usbd)) +(typeattributeset usb_device_28_0 (usb_device)) +(typeattributeset usbd_exec_28_0 (usbd_exec)) +(typeattributeset usbfs_28_0 (usbfs)) +(typeattributeset usb_service_28_0 (usb_service)) +(typeattributeset userdata_block_device_28_0 (userdata_block_device)) +(typeattributeset usermodehelper_28_0 (usermodehelper)) +(typeattributeset user_profile_data_file_28_0 (user_profile_data_file)) +(typeattributeset user_service_28_0 (user_service)) +(typeattributeset vcs_device_28_0 (vcs_device)) +(typeattributeset vdc_28_0 (vdc)) +(typeattributeset vdc_exec_28_0 (vdc_exec)) +(typeattributeset vendor_app_file_28_0 (vendor_app_file)) +(typeattributeset vendor_configs_file_28_0 (vendor_configs_file)) +(typeattributeset vendor_data_file_28_0 (vendor_data_file)) +(typeattributeset vendor_default_prop_28_0 (vendor_default_prop)) +(typeattributeset vendor_file_28_0 (vendor_file)) +(typeattributeset vendor_framework_file_28_0 (vendor_framework_file)) +(typeattributeset vendor_hal_file_28_0 (vendor_hal_file)) +(typeattributeset vendor_init_28_0 (vendor_init)) +(typeattributeset vendor_overlay_file_28_0 (vendor_overlay_file)) +(typeattributeset vendor_security_patch_level_prop_28_0 (vendor_security_patch_level_prop)) +(typeattributeset vendor_shell_28_0 (vendor_shell)) +(typeattributeset vendor_shell_exec_28_0 (vendor_shell_exec)) +(typeattributeset vendor_toolbox_exec_28_0 (vendor_toolbox_exec)) +(typeattributeset vfat_28_0 (vfat)) +(typeattributeset vibrator_service_28_0 (vibrator_service)) +(typeattributeset video_device_28_0 (video_device)) +(typeattributeset virtual_touchpad_28_0 (virtual_touchpad)) +(typeattributeset virtual_touchpad_exec_28_0 (virtual_touchpad_exec)) +(typeattributeset virtual_touchpad_service_28_0 (virtual_touchpad_service)) +(typeattributeset vndbinder_device_28_0 (vndbinder_device)) +(typeattributeset vndk_sp_file_28_0 (vndk_sp_file)) +(typeattributeset vndservice_contexts_file_28_0 (vndservice_contexts_file)) +(typeattributeset vndservicemanager_28_0 (vndservicemanager)) +(typeattributeset voiceinteraction_service_28_0 (voiceinteraction_service)) +(typeattributeset vold_28_0 (vold)) +(typeattributeset vold_data_file_28_0 (vold_data_file)) +(typeattributeset vold_device_28_0 (vold_device)) +(typeattributeset vold_exec_28_0 (vold_exec)) +(typeattributeset vold_metadata_file_28_0 (vold_metadata_file)) +(typeattributeset vold_prepare_subdirs_28_0 (vold_prepare_subdirs)) +(typeattributeset vold_prepare_subdirs_exec_28_0 (vold_prepare_subdirs_exec)) +(typeattributeset vold_prop_28_0 (vold_prop)) +(typeattributeset vold_service_28_0 (vold_service)) +(typeattributeset vpn_data_file_28_0 (vpn_data_file)) +(typeattributeset vr_hwc_28_0 (vr_hwc)) +(typeattributeset vr_hwc_exec_28_0 (vr_hwc_exec)) +(typeattributeset vr_hwc_service_28_0 (vr_hwc_service)) +(typeattributeset vr_manager_service_28_0 (vr_manager_service)) +(typeattributeset wallpaper_file_28_0 (wallpaper_file)) +(typeattributeset wallpaper_service_28_0 (wallpaper_service)) +(typeattributeset watchdogd_28_0 (watchdogd)) +(typeattributeset watchdog_device_28_0 (watchdog_device)) +(typeattributeset webviewupdate_service_28_0 (webviewupdate_service)) +(typeattributeset webview_zygote_28_0 (webview_zygote)) +(typeattributeset webview_zygote_exec_28_0 (webview_zygote_exec)) +(typeattributeset wifiaware_service_28_0 (wifiaware_service)) +(typeattributeset wificond_28_0 (wificond)) +(typeattributeset wificond_exec_28_0 (wificond_exec)) +(typeattributeset wificond_service_28_0 (wificond_service)) +(typeattributeset wifi_data_file_28_0 (wifi_data_file)) +(typeattributeset wifi_log_prop_28_0 (wifi_log_prop)) +(typeattributeset wifip2p_service_28_0 (wifip2p_service)) +(typeattributeset wifi_prop_28_0 (wifi_prop)) +(typeattributeset wifiscanner_service_28_0 (wifiscanner_service)) +(typeattributeset wifi_service_28_0 (wifi_service)) +(typeattributeset window_service_28_0 (window_service)) +(typeattributeset wpantund_28_0 (wpantund)) +(typeattributeset wpantund_exec_28_0 (wpantund_exec)) +(typeattributeset wpantund_service_28_0 (wpantund_service)) +(typeattributeset wpa_socket_28_0 (wpa_socket)) +(typeattributeset zero_device_28_0 (zero_device)) +(typeattributeset zoneinfo_data_file_28_0 (zoneinfo_data_file)) +(typeattributeset zygote_28_0 (zygote)) +(typeattributeset zygote_exec_28_0 (zygote_exec)) +(typeattributeset zygote_socket_28_0 (zygote_socket)) diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil new file mode 100644 index 000000000..30af58c42 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/28.0/28.0.compat.cil @@ -0,0 +1,5 @@ +(typeattribute vendordomain) +(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) +(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff)))) +(allowx vendordomain file_type (ioctl file ((range 0x0000 0xffff)))) +(allow vendordomain self (netlink_route_socket (nlmsg_readpriv))) diff --git a/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil new file mode 100644 index 000000000..d24d12d25 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/28.0/28.0.ignore.cil @@ -0,0 +1,159 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + activity_task_service + adb_service + apex_data_file + apex_metadata_file + apex_mnt_dir + apex_service + apexd + apexd_exec + apexd_prop + apexd_tmpfs + appdomain_tmpfs + app_binding_service + app_prediction_service + app_zygote + app_zygote_tmpfs + ashmemd + ashmem_device_service + attention_service + biometric_service + bluetooth_audio_hal_prop + bpf_progs_loaded_prop + bugreport_service + cgroup_desc_file + cgroup_rc_file + charger_exec + content_capture_service + content_suggestions_service + cpu_variant_prop + ctl_apexd_prop + ctl_gsid_prop + dev_cpu_variant + device_config_activity_manager_native_boot_prop + device_config_boot_count_prop + device_config_input_native_boot_prop + device_config_netd_native_prop + device_config_reset_performed_prop + device_config_runtime_native_boot_prop + device_config_runtime_native_prop + device_config_media_native_prop + device_config_service + device_config_sys_traced_prop + dnsresolver_service + dynamic_system_service + dynamic_system_prop + face_service + face_vendor_data_file + sota_prop + fastbootd + flags_health_check + flags_health_check_exec + fwk_bufferhub_hwservice + fwk_camera_hwservice + fwk_stats_hwservice + gpuservice + gsi_data_file + gsi_metadata_file + gsi_service + gsid + gsid_exec + gsid_prop + color_display_service + external_vibrator_service + hal_atrace_hwservice + hal_face_hwservice + hal_graphics_composer_server_tmpfs + hal_health_storage_hwservice + hal_input_classifier_hwservice + hal_power_stats_hwservice + heapprofd + heapprofd_enabled_prop + heapprofd_exec + heapprofd_prop + heapprofd_socket + idmap_service + iris_service + iris_vendor_data_file + llkd + llkd_exec + llkd_prop + llkd_tmpfs + looper_stats_service + lpdumpd + lpdumpd_exec + lpdumpd_prop + lpdump_service + iorapd + iorapd_exec + iorapd_data_file + iorapd_service + iorapd_tmpfs + mediaswcodec + mediaswcodec_exec + mediaswcodec_tmpfs + metadata_bootstat_file + mnt_product_file + network_stack + network_stack_service + network_stack_tmpfs + nnapi_ext_deny_product_prop + overlayfs_file + password_slot_metadata_file + permissionmgr_service + postinstall_apex_mnt_dir + recovery_socket + role_service + rollback_service + rs + rs_exec + rss_hwm_reset + rss_hwm_reset_exec + runas_app + runas_app_tmpfs + art_apex_dir + runtime_service + sdcard_block_device + sensor_privacy_service + server_configurable_flags_data_file + simpleperf_app_runner + simpleperf_app_runner_exec + socket_hook_prop + su_tmpfs + super_block_device + sysfs_fs_f2fs + system_bootstrap_lib_file + system_event_log_tags_file + system_lmk_prop + system_suspend_hwservice + system_suspend_control_service + system_trace_prop + staging_data_file + task_profiles_file + testharness_service + test_harness_prop + theme_prop + time_prop + timedetector_service + timezonedetector_service + traced_lazy_prop + uri_grants_service + use_memfd_prop + vendor_apex_file + vendor_cgroup_desc_file + vendor_idc_file + vendor_keychars_file + vendor_keylayout_file + vendor_misc_writer + vendor_misc_writer_exec + vendor_socket_hook_prop + vendor_task_profiles_file + vndk_prop + vrflinger_vsync_service + watchdogd_tmpfs)) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.cil new file mode 100644 index 000000000..5231498e1 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.cil @@ -0,0 +1,1970 @@ +;; types removed from current policy +(type ashmemd) +(type hal_wifi_offload_hwservice) +(type install_recovery) +(type install_recovery_exec) +(type mediacodec_service) +(type perfprofd_data_file) +(type perfprofd_service) +(type sysfs_mac_address) +(type wificond_service) + +(expandtypeattribute (accessibility_service_29_0) true) +(expandtypeattribute (account_service_29_0) true) +(expandtypeattribute (activity_service_29_0) true) +(expandtypeattribute (activity_task_service_29_0) true) +(expandtypeattribute (adbd_29_0) true) +(expandtypeattribute (adb_data_file_29_0) true) +(expandtypeattribute (adbd_exec_29_0) true) +(expandtypeattribute (adbd_socket_29_0) true) +(expandtypeattribute (adb_keys_file_29_0) true) +(expandtypeattribute (adb_service_29_0) true) +(expandtypeattribute (alarm_service_29_0) true) +(expandtypeattribute (anr_data_file_29_0) true) +(expandtypeattribute (apexd_29_0) true) +(expandtypeattribute (apex_data_file_29_0) true) +(expandtypeattribute (apexd_exec_29_0) true) +(expandtypeattribute (apexd_prop_29_0) true) +(expandtypeattribute (apex_metadata_file_29_0) true) +(expandtypeattribute (apex_mnt_dir_29_0) true) +(expandtypeattribute (apex_service_29_0) true) +(expandtypeattribute (apk_data_file_29_0) true) +(expandtypeattribute (apk_private_data_file_29_0) true) +(expandtypeattribute (apk_private_tmp_file_29_0) true) +(expandtypeattribute (apk_tmp_file_29_0) true) +(expandtypeattribute (app_binding_service_29_0) true) +(expandtypeattribute (app_data_file_29_0) true) +(expandtypeattribute (appdomain_tmpfs_29_0) true) +(expandtypeattribute (app_fuse_file_29_0) true) +(expandtypeattribute (app_fusefs_29_0) true) +(expandtypeattribute (appops_service_29_0) true) +(expandtypeattribute (app_prediction_service_29_0) true) +(expandtypeattribute (appwidget_service_29_0) true) +(expandtypeattribute (app_zygote_29_0) true) +(expandtypeattribute (app_zygote_tmpfs_29_0) true) +(expandtypeattribute (asec_apk_file_29_0) true) +(expandtypeattribute (asec_image_file_29_0) true) +(expandtypeattribute (asec_public_file_29_0) true) +(expandtypeattribute (ashmemd_29_0) true) +(expandtypeattribute (ashmem_device_29_0) true) +(expandtypeattribute (assetatlas_service_29_0) true) +(expandtypeattribute (audio_data_file_29_0) true) +(expandtypeattribute (audio_device_29_0) true) +(expandtypeattribute (audiohal_data_file_29_0) true) +(expandtypeattribute (audio_prop_29_0) true) +(expandtypeattribute (audioserver_29_0) true) +(expandtypeattribute (audioserver_data_file_29_0) true) +(expandtypeattribute (audioserver_service_29_0) true) +(expandtypeattribute (audioserver_tmpfs_29_0) true) +(expandtypeattribute (audio_service_29_0) true) +(expandtypeattribute (autofill_service_29_0) true) +(expandtypeattribute (backup_data_file_29_0) true) +(expandtypeattribute (backup_service_29_0) true) +(expandtypeattribute (batteryproperties_service_29_0) true) +(expandtypeattribute (battery_service_29_0) true) +(expandtypeattribute (batterystats_service_29_0) true) +(expandtypeattribute (binder_calls_stats_service_29_0) true) +(expandtypeattribute (binder_device_29_0) true) +(expandtypeattribute (binfmt_miscfs_29_0) true) +(expandtypeattribute (biometric_service_29_0) true) +(expandtypeattribute (blkid_29_0) true) +(expandtypeattribute (blkid_untrusted_29_0) true) +(expandtypeattribute (block_device_29_0) true) +(expandtypeattribute (bluetooth_29_0) true) +(expandtypeattribute (bluetooth_a2dp_offload_prop_29_0) true) +(expandtypeattribute (bluetooth_audio_hal_prop_29_0) true) +(expandtypeattribute (bluetooth_data_file_29_0) true) +(expandtypeattribute (bluetooth_efs_file_29_0) true) +(expandtypeattribute (bluetooth_logs_data_file_29_0) true) +(expandtypeattribute (bluetooth_manager_service_29_0) true) +(expandtypeattribute (bluetooth_prop_29_0) true) +(expandtypeattribute (bluetooth_service_29_0) true) +(expandtypeattribute (bluetooth_socket_29_0) true) +(expandtypeattribute (bootanim_29_0) true) +(expandtypeattribute (bootanim_exec_29_0) true) +(expandtypeattribute (boot_block_device_29_0) true) +(expandtypeattribute (bootchart_data_file_29_0) true) +(expandtypeattribute (bootloader_boot_reason_prop_29_0) true) +(expandtypeattribute (bootstat_29_0) true) +(expandtypeattribute (bootstat_data_file_29_0) true) +(expandtypeattribute (bootstat_exec_29_0) true) +(expandtypeattribute (boottime_prop_29_0) true) +(expandtypeattribute (boottrace_data_file_29_0) true) +(expandtypeattribute (bpf_progs_loaded_prop_29_0) true) +(expandtypeattribute (broadcastradio_service_29_0) true) +(expandtypeattribute (bufferhubd_29_0) true) +(expandtypeattribute (bufferhubd_exec_29_0) true) +(expandtypeattribute (bugreport_service_29_0) true) +(expandtypeattribute (cache_backup_file_29_0) true) +(expandtypeattribute (cache_block_device_29_0) true) +(expandtypeattribute (cache_file_29_0) true) +(expandtypeattribute (cache_private_backup_file_29_0) true) +(expandtypeattribute (cache_recovery_file_29_0) true) +(expandtypeattribute (camera_data_file_29_0) true) +(expandtypeattribute (camera_device_29_0) true) +(expandtypeattribute (cameraproxy_service_29_0) true) +(expandtypeattribute (cameraserver_29_0) true) +(expandtypeattribute (cameraserver_exec_29_0) true) +(expandtypeattribute (cameraserver_service_29_0) true) +(expandtypeattribute (cameraserver_tmpfs_29_0) true) +(expandtypeattribute (cgroup_29_0) true) +(expandtypeattribute (cgroup_bpf_29_0) true) +(expandtypeattribute (cgroup_desc_file_29_0) true) +(expandtypeattribute (cgroup_rc_file_29_0) true) +(expandtypeattribute (charger_29_0) true) +(expandtypeattribute (charger_exec_29_0) true) +(expandtypeattribute (clatd_29_0) true) +(expandtypeattribute (clatd_exec_29_0) true) +(expandtypeattribute (clipboard_service_29_0) true) +(expandtypeattribute (color_display_service_29_0) true) +(expandtypeattribute (companion_device_service_29_0) true) +(expandtypeattribute (configfs_29_0) true) +(expandtypeattribute (config_prop_29_0) true) +(expandtypeattribute (connectivity_service_29_0) true) +(expandtypeattribute (connmetrics_service_29_0) true) +(expandtypeattribute (console_device_29_0) true) +(expandtypeattribute (consumer_ir_service_29_0) true) +(expandtypeattribute (content_capture_service_29_0) true) +(expandtypeattribute (content_service_29_0) true) +(expandtypeattribute (content_suggestions_service_29_0) true) +(expandtypeattribute (contexthub_service_29_0) true) +(expandtypeattribute (coredump_file_29_0) true) +(expandtypeattribute (country_detector_service_29_0) true) +(expandtypeattribute (coverage_service_29_0) true) +(expandtypeattribute (cppreopt_prop_29_0) true) +(expandtypeattribute (cpuinfo_service_29_0) true) +(expandtypeattribute (cpu_variant_prop_29_0) true) +(expandtypeattribute (crash_dump_29_0) true) +(expandtypeattribute (crash_dump_exec_29_0) true) +(expandtypeattribute (crossprofileapps_service_29_0) true) +(expandtypeattribute (ctl_adbd_prop_29_0) true) +(expandtypeattribute (ctl_bootanim_prop_29_0) true) +(expandtypeattribute (ctl_bugreport_prop_29_0) true) +(expandtypeattribute (ctl_console_prop_29_0) true) +(expandtypeattribute (ctl_default_prop_29_0) true) +(expandtypeattribute (ctl_dumpstate_prop_29_0) true) +(expandtypeattribute (ctl_fuse_prop_29_0) true) +(expandtypeattribute (ctl_gsid_prop_29_0) true) +(expandtypeattribute (ctl_interface_restart_prop_29_0) true) +(expandtypeattribute (ctl_interface_start_prop_29_0) true) +(expandtypeattribute (ctl_interface_stop_prop_29_0) true) +(expandtypeattribute (ctl_mdnsd_prop_29_0) true) +(expandtypeattribute (ctl_restart_prop_29_0) true) +(expandtypeattribute (ctl_rildaemon_prop_29_0) true) +(expandtypeattribute (ctl_sigstop_prop_29_0) true) +(expandtypeattribute (ctl_start_prop_29_0) true) +(expandtypeattribute (ctl_stop_prop_29_0) true) +(expandtypeattribute (dalvikcache_data_file_29_0) true) +(expandtypeattribute (dalvik_prop_29_0) true) +(expandtypeattribute (dbinfo_service_29_0) true) +(expandtypeattribute (debugfs_29_0) true) +(expandtypeattribute (debugfs_mmc_29_0) true) +(expandtypeattribute (debugfs_trace_marker_29_0) true) +(expandtypeattribute (debugfs_tracing_29_0) true) +(expandtypeattribute (debugfs_tracing_debug_29_0) true) +(expandtypeattribute (debugfs_tracing_instances_29_0) true) +(expandtypeattribute (debugfs_wakeup_sources_29_0) true) +(expandtypeattribute (debugfs_wifi_tracing_29_0) true) +(expandtypeattribute (debuggerd_prop_29_0) true) +(expandtypeattribute (debug_prop_29_0) true) +(expandtypeattribute (default_android_hwservice_29_0) true) +(expandtypeattribute (default_android_service_29_0) true) +(expandtypeattribute (default_android_vndservice_29_0) true) +(expandtypeattribute (default_prop_29_0) true) +(expandtypeattribute (dev_cpu_variant_29_0) true) +(expandtypeattribute (device_29_0) true) +(expandtypeattribute (device_config_activity_manager_native_boot_prop_29_0) true) +(expandtypeattribute (device_config_boot_count_prop_29_0) true) +(expandtypeattribute (device_config_input_native_boot_prop_29_0) true) +(expandtypeattribute (device_config_media_native_prop_29_0) true) +(expandtypeattribute (device_config_netd_native_prop_29_0) true) +(expandtypeattribute (device_config_reset_performed_prop_29_0) true) +(expandtypeattribute (device_config_runtime_native_boot_prop_29_0) true) +(expandtypeattribute (device_config_runtime_native_prop_29_0) true) +(expandtypeattribute (device_config_service_29_0) true) +(expandtypeattribute (device_identifiers_service_29_0) true) +(expandtypeattribute (deviceidle_service_29_0) true) +(expandtypeattribute (device_logging_prop_29_0) true) +(expandtypeattribute (device_policy_service_29_0) true) +(expandtypeattribute (devicestoragemonitor_service_29_0) true) +(expandtypeattribute (devpts_29_0) true) +(expandtypeattribute (dhcp_29_0) true) +(expandtypeattribute (dhcp_data_file_29_0) true) +(expandtypeattribute (dhcp_exec_29_0) true) +(expandtypeattribute (dhcp_prop_29_0) true) +(expandtypeattribute (diskstats_service_29_0) true) +(expandtypeattribute (display_service_29_0) true) +(expandtypeattribute (dm_device_29_0) true) +(expandtypeattribute (dnsmasq_29_0) true) +(expandtypeattribute (dnsmasq_exec_29_0) true) +(expandtypeattribute (dnsproxyd_socket_29_0) true) +(expandtypeattribute (dnsresolver_service_29_0) true) +(expandtypeattribute (DockObserver_service_29_0) true) +(expandtypeattribute (dreams_service_29_0) true) +(expandtypeattribute (drm_data_file_29_0) true) +(expandtypeattribute (drmserver_29_0) true) +(expandtypeattribute (drmserver_exec_29_0) true) +(expandtypeattribute (drmserver_service_29_0) true) +(expandtypeattribute (drmserver_socket_29_0) true) +(expandtypeattribute (dropbox_data_file_29_0) true) +(expandtypeattribute (dropbox_service_29_0) true) +(expandtypeattribute (dumpstate_29_0) true) +(expandtypeattribute (dumpstate_exec_29_0) true) +(expandtypeattribute (dumpstate_options_prop_29_0) true) +(expandtypeattribute (dumpstate_prop_29_0) true) +(expandtypeattribute (dumpstate_service_29_0) true) +(expandtypeattribute (dumpstate_socket_29_0) true) +(expandtypeattribute (dynamic_system_prop_29_0) true) +(expandtypeattribute (e2fs_29_0) true) +(expandtypeattribute (e2fs_exec_29_0) true) +(expandtypeattribute (efs_file_29_0) true) +(expandtypeattribute (ephemeral_app_29_0) true) +(expandtypeattribute (ethernet_service_29_0) true) +(expandtypeattribute (exfat_29_0) true) +(expandtypeattribute (exported2_config_prop_29_0) true) +(expandtypeattribute (exported2_default_prop_29_0) true) +(expandtypeattribute (exported2_radio_prop_29_0) true) +(expandtypeattribute (exported2_system_prop_29_0) true) +(expandtypeattribute (exported2_vold_prop_29_0) true) +(expandtypeattribute (exported3_default_prop_29_0) true) +(expandtypeattribute (exported3_radio_prop_29_0) true) +(expandtypeattribute (exported3_system_prop_29_0) true) +(expandtypeattribute (exported_audio_prop_29_0) true) +(expandtypeattribute (exported_bluetooth_prop_29_0) true) +(expandtypeattribute (exported_config_prop_29_0) true) +(expandtypeattribute (exported_dalvik_prop_29_0) true) +(expandtypeattribute (exported_default_prop_29_0) true) +(expandtypeattribute (exported_dumpstate_prop_29_0) true) +(expandtypeattribute (exported_ffs_prop_29_0) true) +(expandtypeattribute (exported_fingerprint_prop_29_0) true) +(expandtypeattribute (exported_overlay_prop_29_0) true) +(expandtypeattribute (exported_pm_prop_29_0) true) +(expandtypeattribute (exported_radio_prop_29_0) true) +(expandtypeattribute (exported_secure_prop_29_0) true) +(expandtypeattribute (exported_system_prop_29_0) true) +(expandtypeattribute (exported_system_radio_prop_29_0) true) +(expandtypeattribute (exported_vold_prop_29_0) true) +(expandtypeattribute (exported_wifi_prop_29_0) true) +(expandtypeattribute (external_vibrator_service_29_0) true) +(expandtypeattribute (face_service_29_0) true) +(expandtypeattribute (face_vendor_data_file_29_0) true) +(expandtypeattribute (fastbootd_29_0) true) +(expandtypeattribute (ffs_prop_29_0) true) +(expandtypeattribute (file_contexts_file_29_0) true) +(expandtypeattribute (fingerprintd_29_0) true) +(expandtypeattribute (fingerprintd_data_file_29_0) true) +(expandtypeattribute (fingerprintd_exec_29_0) true) +(expandtypeattribute (fingerprintd_service_29_0) true) +(expandtypeattribute (fingerprint_prop_29_0) true) +(expandtypeattribute (fingerprint_service_29_0) true) +(expandtypeattribute (fingerprint_vendor_data_file_29_0) true) +(expandtypeattribute (firstboot_prop_29_0) true) +(expandtypeattribute (flags_health_check_29_0) true) +(expandtypeattribute (flags_health_check_exec_29_0) true) +(expandtypeattribute (font_service_29_0) true) +(expandtypeattribute (frp_block_device_29_0) true) +(expandtypeattribute (fs_bpf_29_0) true) +(expandtypeattribute (fsck_29_0) true) +(expandtypeattribute (fsck_exec_29_0) true) +(expandtypeattribute (fscklogs_29_0) true) +(expandtypeattribute (fsck_untrusted_29_0) true) +(expandtypeattribute (functionfs_29_0) true) +(expandtypeattribute (fuse_29_0) true) +(expandtypeattribute (fuse_device_29_0) true) +(expandtypeattribute (fwk_bufferhub_hwservice_29_0) true) +(expandtypeattribute (fwk_camera_hwservice_29_0) true) +(expandtypeattribute (fwk_display_hwservice_29_0) true) +(expandtypeattribute (fwk_scheduler_hwservice_29_0) true) +(expandtypeattribute (fwk_sensor_hwservice_29_0) true) +(expandtypeattribute (fwk_stats_hwservice_29_0) true) +(expandtypeattribute (fwmarkd_socket_29_0) true) +(expandtypeattribute (gatekeeperd_29_0) true) +(expandtypeattribute (gatekeeper_data_file_29_0) true) +(expandtypeattribute (gatekeeperd_exec_29_0) true) +(expandtypeattribute (gatekeeper_service_29_0) true) +(expandtypeattribute (gfxinfo_service_29_0) true) +(expandtypeattribute (gps_control_29_0) true) +(expandtypeattribute (gpu_device_29_0) true) +(expandtypeattribute (gpu_service_29_0) true) +(expandtypeattribute (gpuservice_29_0) true) +(expandtypeattribute (graphics_device_29_0) true) +(expandtypeattribute (graphicsstats_service_29_0) true) +(expandtypeattribute (gsi_data_file_29_0) true) +(expandtypeattribute (gsid_prop_29_0) true) +(expandtypeattribute (gsi_metadata_file_29_0) true) +(expandtypeattribute (hal_atrace_hwservice_29_0) true) +(expandtypeattribute (hal_audiocontrol_hwservice_29_0) true) +(expandtypeattribute (hal_audio_hwservice_29_0) true) +(expandtypeattribute (hal_authsecret_hwservice_29_0) true) +(expandtypeattribute (hal_bluetooth_hwservice_29_0) true) +(expandtypeattribute (hal_bootctl_hwservice_29_0) true) +(expandtypeattribute (hal_broadcastradio_hwservice_29_0) true) +(expandtypeattribute (hal_camera_hwservice_29_0) true) +(expandtypeattribute (hal_cas_hwservice_29_0) true) +(expandtypeattribute (hal_codec2_hwservice_29_0) true) +(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_29_0) true) +(expandtypeattribute (hal_confirmationui_hwservice_29_0) true) +(expandtypeattribute (hal_contexthub_hwservice_29_0) true) +(expandtypeattribute (hal_drm_hwservice_29_0) true) +(expandtypeattribute (hal_dumpstate_hwservice_29_0) true) +(expandtypeattribute (hal_evs_hwservice_29_0) true) +(expandtypeattribute (hal_face_hwservice_29_0) true) +(expandtypeattribute (hal_fingerprint_hwservice_29_0) true) +(expandtypeattribute (hal_fingerprint_service_29_0) true) +(expandtypeattribute (hal_gatekeeper_hwservice_29_0) true) +(expandtypeattribute (hal_gnss_hwservice_29_0) true) +(expandtypeattribute (hal_graphics_allocator_hwservice_29_0) true) +(expandtypeattribute (hal_graphics_composer_hwservice_29_0) true) +(expandtypeattribute (hal_graphics_composer_server_tmpfs_29_0) true) +(expandtypeattribute (hal_graphics_mapper_hwservice_29_0) true) +(expandtypeattribute (hal_health_hwservice_29_0) true) +(expandtypeattribute (hal_health_storage_hwservice_29_0) true) +(expandtypeattribute (hal_input_classifier_hwservice_29_0) true) +(expandtypeattribute (hal_ir_hwservice_29_0) true) +(expandtypeattribute (hal_keymaster_hwservice_29_0) true) +(expandtypeattribute (hal_light_hwservice_29_0) true) +(expandtypeattribute (hal_lowpan_hwservice_29_0) true) +(expandtypeattribute (hal_memtrack_hwservice_29_0) true) +(expandtypeattribute (hal_neuralnetworks_hwservice_29_0) true) +(expandtypeattribute (hal_nfc_hwservice_29_0) true) +(expandtypeattribute (hal_oemlock_hwservice_29_0) true) +(expandtypeattribute (hal_omx_hwservice_29_0) true) +(expandtypeattribute (hal_power_hwservice_29_0) true) +(expandtypeattribute (hal_power_stats_hwservice_29_0) true) +(expandtypeattribute (hal_renderscript_hwservice_29_0) true) +(expandtypeattribute (hal_secure_element_hwservice_29_0) true) +(expandtypeattribute (hal_sensors_hwservice_29_0) true) +(expandtypeattribute (hal_telephony_hwservice_29_0) true) +(expandtypeattribute (hal_tetheroffload_hwservice_29_0) true) +(expandtypeattribute (hal_thermal_hwservice_29_0) true) +(expandtypeattribute (hal_tv_cec_hwservice_29_0) true) +(expandtypeattribute (hal_tv_input_hwservice_29_0) true) +(expandtypeattribute (hal_usb_gadget_hwservice_29_0) true) +(expandtypeattribute (hal_usb_hwservice_29_0) true) +(expandtypeattribute (hal_vehicle_hwservice_29_0) true) +(expandtypeattribute (hal_vibrator_hwservice_29_0) true) +(expandtypeattribute (hal_vr_hwservice_29_0) true) +(expandtypeattribute (hal_weaver_hwservice_29_0) true) +(expandtypeattribute (hal_wifi_hostapd_hwservice_29_0) true) +(expandtypeattribute (hal_wifi_hwservice_29_0) true) +(expandtypeattribute (hal_wifi_offload_hwservice_29_0) true) +(expandtypeattribute (hal_wifi_supplicant_hwservice_29_0) true) +(expandtypeattribute (hardware_properties_service_29_0) true) +(expandtypeattribute (hardware_service_29_0) true) +(expandtypeattribute (hci_attach_dev_29_0) true) +(expandtypeattribute (hdmi_control_service_29_0) true) +(expandtypeattribute (healthd_29_0) true) +(expandtypeattribute (healthd_exec_29_0) true) +(expandtypeattribute (heapdump_data_file_29_0) true) +(expandtypeattribute (heapprofd_29_0) true) +(expandtypeattribute (heapprofd_enabled_prop_29_0) true) +(expandtypeattribute (heapprofd_prop_29_0) true) +(expandtypeattribute (heapprofd_socket_29_0) true) +(expandtypeattribute (hidl_allocator_hwservice_29_0) true) +(expandtypeattribute (hidl_base_hwservice_29_0) true) +(expandtypeattribute (hidl_manager_hwservice_29_0) true) +(expandtypeattribute (hidl_memory_hwservice_29_0) true) +(expandtypeattribute (hidl_token_hwservice_29_0) true) +(expandtypeattribute (hwbinder_device_29_0) true) +(expandtypeattribute (hw_random_device_29_0) true) +(expandtypeattribute (hwservice_contexts_file_29_0) true) +(expandtypeattribute (hwservicemanager_29_0) true) +(expandtypeattribute (hwservicemanager_exec_29_0) true) +(expandtypeattribute (hwservicemanager_prop_29_0) true) +(expandtypeattribute (icon_file_29_0) true) +(expandtypeattribute (idmap_29_0) true) +(expandtypeattribute (idmap_exec_29_0) true) +(expandtypeattribute (idmap_service_29_0) true) +(expandtypeattribute (iio_device_29_0) true) +(expandtypeattribute (imms_service_29_0) true) +(expandtypeattribute (incident_29_0) true) +(expandtypeattribute (incidentd_29_0) true) +(expandtypeattribute (incident_data_file_29_0) true) +(expandtypeattribute (incident_helper_29_0) true) +(expandtypeattribute (incident_service_29_0) true) +(expandtypeattribute (init_29_0) true) +(expandtypeattribute (init_exec_29_0) true) +(expandtypeattribute (init_tmpfs_29_0) true) +(expandtypeattribute (inotify_29_0) true) +(expandtypeattribute (input_device_29_0) true) +(expandtypeattribute (inputflinger_29_0) true) +(expandtypeattribute (inputflinger_exec_29_0) true) +(expandtypeattribute (inputflinger_service_29_0) true) +(expandtypeattribute (input_method_service_29_0) true) +(expandtypeattribute (input_service_29_0) true) +(expandtypeattribute (installd_29_0) true) +(expandtypeattribute (install_data_file_29_0) true) +(expandtypeattribute (installd_exec_29_0) true) +(expandtypeattribute (installd_service_29_0) true) +(expandtypeattribute (install_recovery_29_0) true) +(expandtypeattribute (install_recovery_exec_29_0) true) +(expandtypeattribute (ion_device_29_0) true) +(expandtypeattribute (iorapd_29_0) true) +(expandtypeattribute (iorapd_data_file_29_0) true) +(expandtypeattribute (iorapd_exec_29_0) true) +(expandtypeattribute (iorapd_service_29_0) true) +(expandtypeattribute (iorapd_tmpfs_29_0) true) +(expandtypeattribute (IProxyService_service_29_0) true) +(expandtypeattribute (ipsec_service_29_0) true) +(expandtypeattribute (iris_service_29_0) true) +(expandtypeattribute (iris_vendor_data_file_29_0) true) +(expandtypeattribute (isolated_app_29_0) true) +(expandtypeattribute (jobscheduler_service_29_0) true) +(expandtypeattribute (kernel_29_0) true) +(expandtypeattribute (keychain_data_file_29_0) true) +(expandtypeattribute (keychord_device_29_0) true) +(expandtypeattribute (keystore_29_0) true) +(expandtypeattribute (keystore_data_file_29_0) true) +(expandtypeattribute (keystore_exec_29_0) true) +(expandtypeattribute (keystore_service_29_0) true) +(expandtypeattribute (kmsg_debug_device_29_0) true) +(expandtypeattribute (kmsg_device_29_0) true) +(expandtypeattribute (labeledfs_29_0) true) +(expandtypeattribute (last_boot_reason_prop_29_0) true) +(expandtypeattribute (launcherapps_service_29_0) true) +(expandtypeattribute (llkd_29_0) true) +(expandtypeattribute (llkd_exec_29_0) true) +(expandtypeattribute (llkd_prop_29_0) true) +(expandtypeattribute (lmkd_29_0) true) +(expandtypeattribute (lmkd_exec_29_0) true) +(expandtypeattribute (lmkd_socket_29_0) true) +(expandtypeattribute (location_service_29_0) true) +(expandtypeattribute (lock_settings_service_29_0) true) +(expandtypeattribute (logcat_exec_29_0) true) +(expandtypeattribute (logd_29_0) true) +(expandtypeattribute (logd_exec_29_0) true) +(expandtypeattribute (logd_prop_29_0) true) +(expandtypeattribute (logdr_socket_29_0) true) +(expandtypeattribute (logd_socket_29_0) true) +(expandtypeattribute (logdw_socket_29_0) true) +(expandtypeattribute (logpersist_29_0) true) +(expandtypeattribute (logpersistd_logging_prop_29_0) true) +(expandtypeattribute (log_prop_29_0) true) +(expandtypeattribute (log_tag_prop_29_0) true) +(expandtypeattribute (loop_control_device_29_0) true) +(expandtypeattribute (loop_device_29_0) true) +(expandtypeattribute (looper_stats_service_29_0) true) +(expandtypeattribute (lowpan_device_29_0) true) +(expandtypeattribute (lowpan_prop_29_0) true) +(expandtypeattribute (lowpan_service_29_0) true) +(expandtypeattribute (lpdumpd_prop_29_0) true) +(expandtypeattribute (lpdump_service_29_0) true) +(expandtypeattribute (mac_perms_file_29_0) true) +(expandtypeattribute (mdnsd_29_0) true) +(expandtypeattribute (mdnsd_socket_29_0) true) +(expandtypeattribute (mdns_socket_29_0) true) +(expandtypeattribute (mediacodec_service_29_0) true) +(expandtypeattribute (media_data_file_29_0) true) +(expandtypeattribute (mediadrmserver_29_0) true) +(expandtypeattribute (mediadrmserver_exec_29_0) true) +(expandtypeattribute (mediadrmserver_service_29_0) true) +(expandtypeattribute (mediaextractor_29_0) true) +(expandtypeattribute (mediaextractor_exec_29_0) true) +(expandtypeattribute (mediaextractor_service_29_0) true) +(expandtypeattribute (mediaextractor_tmpfs_29_0) true) +(expandtypeattribute (mediametrics_29_0) true) +(expandtypeattribute (mediametrics_exec_29_0) true) +(expandtypeattribute (mediametrics_service_29_0) true) +(expandtypeattribute (media_projection_service_29_0) true) +(expandtypeattribute (mediaprovider_29_0) true) +(expandtypeattribute (media_router_service_29_0) true) +(expandtypeattribute (media_rw_data_file_29_0) true) +(expandtypeattribute (mediaserver_29_0) true) +(expandtypeattribute (mediaserver_exec_29_0) true) +(expandtypeattribute (mediaserver_service_29_0) true) +(expandtypeattribute (mediaserver_tmpfs_29_0) true) +(expandtypeattribute (media_session_service_29_0) true) +(expandtypeattribute (mediaswcodec_29_0) true) +(expandtypeattribute (mediaswcodec_exec_29_0) true) +(expandtypeattribute (meminfo_service_29_0) true) +(expandtypeattribute (metadata_block_device_29_0) true) +(expandtypeattribute (metadata_file_29_0) true) +(expandtypeattribute (method_trace_data_file_29_0) true) +(expandtypeattribute (midi_service_29_0) true) +(expandtypeattribute (misc_block_device_29_0) true) +(expandtypeattribute (misc_logd_file_29_0) true) +(expandtypeattribute (misc_user_data_file_29_0) true) +(expandtypeattribute (mmc_prop_29_0) true) +(expandtypeattribute (mnt_expand_file_29_0) true) +(expandtypeattribute (mnt_media_rw_file_29_0) true) +(expandtypeattribute (mnt_media_rw_stub_file_29_0) true) +(expandtypeattribute (mnt_product_file_29_0) true) +(expandtypeattribute (mnt_user_file_29_0) true) +(expandtypeattribute (mnt_vendor_file_29_0) true) +(expandtypeattribute (modprobe_29_0) true) +(expandtypeattribute (mount_service_29_0) true) +(expandtypeattribute (mqueue_29_0) true) +(expandtypeattribute (mtp_29_0) true) +(expandtypeattribute (mtp_device_29_0) true) +(expandtypeattribute (mtpd_socket_29_0) true) +(expandtypeattribute (mtp_exec_29_0) true) +(expandtypeattribute (nativetest_data_file_29_0) true) +(expandtypeattribute (netd_29_0) true) +(expandtypeattribute (net_data_file_29_0) true) +(expandtypeattribute (netd_exec_29_0) true) +(expandtypeattribute (netd_listener_service_29_0) true) +(expandtypeattribute (net_dns_prop_29_0) true) +(expandtypeattribute (netd_service_29_0) true) +(expandtypeattribute (netd_stable_secret_prop_29_0) true) +(expandtypeattribute (netif_29_0) true) +(expandtypeattribute (netpolicy_service_29_0) true) +(expandtypeattribute (net_radio_prop_29_0) true) +(expandtypeattribute (netstats_service_29_0) true) +(expandtypeattribute (netutils_wrapper_29_0) true) +(expandtypeattribute (netutils_wrapper_exec_29_0) true) +(expandtypeattribute (network_management_service_29_0) true) +(expandtypeattribute (network_score_service_29_0) true) +(expandtypeattribute (network_stack_29_0) true) +(expandtypeattribute (network_stack_service_29_0) true) +(expandtypeattribute (network_time_update_service_29_0) true) +(expandtypeattribute (network_watchlist_data_file_29_0) true) +(expandtypeattribute (network_watchlist_service_29_0) true) +(expandtypeattribute (nfc_29_0) true) +(expandtypeattribute (nfc_data_file_29_0) true) +(expandtypeattribute (nfc_device_29_0) true) +(expandtypeattribute (nfc_prop_29_0) true) +(expandtypeattribute (nfc_service_29_0) true) +(expandtypeattribute (nnapi_ext_deny_product_prop_29_0) true) +(expandtypeattribute (node_29_0) true) +(expandtypeattribute (nonplat_service_contexts_file_29_0) true) +(expandtypeattribute (notification_service_29_0) true) +(expandtypeattribute (null_device_29_0) true) +(expandtypeattribute (oemfs_29_0) true) +(expandtypeattribute (oem_lock_service_29_0) true) +(expandtypeattribute (ota_data_file_29_0) true) +(expandtypeattribute (otadexopt_service_29_0) true) +(expandtypeattribute (ota_package_file_29_0) true) +(expandtypeattribute (overlayfs_file_29_0) true) +(expandtypeattribute (overlay_prop_29_0) true) +(expandtypeattribute (overlay_service_29_0) true) +(expandtypeattribute (owntty_device_29_0) true) +(expandtypeattribute (package_native_service_29_0) true) +(expandtypeattribute (package_service_29_0) true) +(expandtypeattribute (packages_list_file_29_0) true) +(expandtypeattribute (pan_result_prop_29_0) true) +(expandtypeattribute (password_slot_metadata_file_29_0) true) +(expandtypeattribute (pdx_bufferhub_client_channel_socket_29_0) true) +(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_bufferhub_dir_29_0) true) +(expandtypeattribute (pdx_display_client_channel_socket_29_0) true) +(expandtypeattribute (pdx_display_client_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_display_dir_29_0) true) +(expandtypeattribute (pdx_display_manager_channel_socket_29_0) true) +(expandtypeattribute (pdx_display_manager_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_display_screenshot_channel_socket_29_0) true) +(expandtypeattribute (pdx_display_screenshot_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_display_vsync_channel_socket_29_0) true) +(expandtypeattribute (pdx_display_vsync_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_performance_client_channel_socket_29_0) true) +(expandtypeattribute (pdx_performance_client_endpoint_socket_29_0) true) +(expandtypeattribute (pdx_performance_dir_29_0) true) +(expandtypeattribute (perfetto_29_0) true) +(expandtypeattribute (performanced_29_0) true) +(expandtypeattribute (performanced_exec_29_0) true) +(expandtypeattribute (permissionmgr_service_29_0) true) +(expandtypeattribute (permission_service_29_0) true) +(expandtypeattribute (persist_debug_prop_29_0) true) +(expandtypeattribute (persistent_data_block_service_29_0) true) +(expandtypeattribute (persistent_properties_ready_prop_29_0) true) +(expandtypeattribute (pinner_service_29_0) true) +(expandtypeattribute (pipefs_29_0) true) +(expandtypeattribute (platform_app_29_0) true) +(expandtypeattribute (pm_prop_29_0) true) +(expandtypeattribute (pmsg_device_29_0) true) +(expandtypeattribute (port_29_0) true) +(expandtypeattribute (port_device_29_0) true) +(expandtypeattribute (postinstall_29_0) true) +(expandtypeattribute (postinstall_apex_mnt_dir_29_0) true) +(expandtypeattribute (postinstall_file_29_0) true) +(expandtypeattribute (postinstall_mnt_dir_29_0) true) +(expandtypeattribute (powerctl_prop_29_0) true) +(expandtypeattribute (power_service_29_0) true) +(expandtypeattribute (ppp_29_0) true) +(expandtypeattribute (ppp_device_29_0) true) +(expandtypeattribute (ppp_exec_29_0) true) +(expandtypeattribute (preloads_data_file_29_0) true) +(expandtypeattribute (preloads_media_file_29_0) true) +(expandtypeattribute (print_service_29_0) true) +(expandtypeattribute (priv_app_29_0) true) +(expandtypeattribute (privapp_data_file_29_0) true) +(expandtypeattribute (proc_29_0) true) +(expandtypeattribute (proc_abi_29_0) true) +(expandtypeattribute (proc_asound_29_0) true) +(expandtypeattribute (proc_bluetooth_writable_29_0) true) +(expandtypeattribute (proc_buddyinfo_29_0) true) +(expandtypeattribute (proc_cmdline_29_0) true) +(expandtypeattribute (proc_cpuinfo_29_0) true) +(expandtypeattribute (proc_dirty_29_0) true) +(expandtypeattribute (proc_diskstats_29_0) true) +(expandtypeattribute (proc_drop_caches_29_0) true) +(expandtypeattribute (processinfo_service_29_0) true) +(expandtypeattribute (proc_extra_free_kbytes_29_0) true) +(expandtypeattribute (proc_filesystems_29_0) true) +(expandtypeattribute (proc_fs_verity_29_0) true) +(expandtypeattribute (proc_hostname_29_0) true) +(expandtypeattribute (proc_hung_task_29_0) true) +(expandtypeattribute (proc_interrupts_29_0) true) +(expandtypeattribute (proc_iomem_29_0) true) +(expandtypeattribute (proc_keys_29_0) true) +(expandtypeattribute (proc_kmsg_29_0) true) +(expandtypeattribute (proc_loadavg_29_0) true) +(expandtypeattribute (proc_max_map_count_29_0) true) +(expandtypeattribute (proc_meminfo_29_0) true) +(expandtypeattribute (proc_min_free_order_shift_29_0) true) +(expandtypeattribute (proc_misc_29_0) true) +(expandtypeattribute (proc_modules_29_0) true) +(expandtypeattribute (proc_mounts_29_0) true) +(expandtypeattribute (proc_net_29_0) true) +(expandtypeattribute (proc_net_tcp_udp_29_0) true) +(expandtypeattribute (proc_overcommit_memory_29_0) true) +(expandtypeattribute (proc_page_cluster_29_0) true) +(expandtypeattribute (proc_pagetypeinfo_29_0) true) +(expandtypeattribute (proc_panic_29_0) true) +(expandtypeattribute (proc_perf_29_0) true) +(expandtypeattribute (proc_pid_max_29_0) true) +(expandtypeattribute (proc_pipe_conf_29_0) true) +(expandtypeattribute (proc_pressure_cpu_29_0) true) +(expandtypeattribute (proc_pressure_io_29_0) true) +(expandtypeattribute (proc_pressure_mem_29_0) true) +(expandtypeattribute (proc_qtaguid_ctrl_29_0) true) +(expandtypeattribute (proc_qtaguid_stat_29_0) true) +(expandtypeattribute (proc_random_29_0) true) +(expandtypeattribute (proc_sched_29_0) true) +(expandtypeattribute (proc_security_29_0) true) +(expandtypeattribute (proc_slabinfo_29_0) true) +(expandtypeattribute (proc_stat_29_0) true) +(expandtypeattribute (procstats_service_29_0) true) +(expandtypeattribute (proc_swaps_29_0) true) +(expandtypeattribute (proc_sysrq_29_0) true) +(expandtypeattribute (proc_timer_29_0) true) +(expandtypeattribute (proc_tty_drivers_29_0) true) +(expandtypeattribute (proc_uid_concurrent_active_time_29_0) true) +(expandtypeattribute (proc_uid_concurrent_policy_time_29_0) true) +(expandtypeattribute (proc_uid_cpupower_29_0) true) +(expandtypeattribute (proc_uid_cputime_removeuid_29_0) true) +(expandtypeattribute (proc_uid_cputime_showstat_29_0) true) +(expandtypeattribute (proc_uid_io_stats_29_0) true) +(expandtypeattribute (proc_uid_procstat_set_29_0) true) +(expandtypeattribute (proc_uid_time_in_state_29_0) true) +(expandtypeattribute (proc_uptime_29_0) true) +(expandtypeattribute (proc_version_29_0) true) +(expandtypeattribute (proc_vmallocinfo_29_0) true) +(expandtypeattribute (proc_vmstat_29_0) true) +(expandtypeattribute (proc_zoneinfo_29_0) true) +(expandtypeattribute (profman_29_0) true) +(expandtypeattribute (profman_dump_data_file_29_0) true) +(expandtypeattribute (profman_exec_29_0) true) +(expandtypeattribute (properties_device_29_0) true) +(expandtypeattribute (properties_serial_29_0) true) +(expandtypeattribute (property_contexts_file_29_0) true) +(expandtypeattribute (property_data_file_29_0) true) +(expandtypeattribute (property_info_29_0) true) +(expandtypeattribute (property_socket_29_0) true) +(expandtypeattribute (pstorefs_29_0) true) +(expandtypeattribute (ptmx_device_29_0) true) +(expandtypeattribute (qtaguid_device_29_0) true) +(expandtypeattribute (racoon_29_0) true) +(expandtypeattribute (racoon_exec_29_0) true) +(expandtypeattribute (racoon_socket_29_0) true) +(expandtypeattribute (radio_29_0) true) +(expandtypeattribute (radio_data_file_29_0) true) +(expandtypeattribute (radio_device_29_0) true) +(expandtypeattribute (radio_prop_29_0) true) +(expandtypeattribute (radio_service_29_0) true) +(expandtypeattribute (ram_device_29_0) true) +(expandtypeattribute (random_device_29_0) true) +(expandtypeattribute (recovery_29_0) true) +(expandtypeattribute (recovery_block_device_29_0) true) +(expandtypeattribute (recovery_data_file_29_0) true) +(expandtypeattribute (recovery_persist_29_0) true) +(expandtypeattribute (recovery_persist_exec_29_0) true) +(expandtypeattribute (recovery_refresh_29_0) true) +(expandtypeattribute (recovery_refresh_exec_29_0) true) +(expandtypeattribute (recovery_service_29_0) true) +(expandtypeattribute (recovery_socket_29_0) true) +(expandtypeattribute (registry_service_29_0) true) +(expandtypeattribute (resourcecache_data_file_29_0) true) +(expandtypeattribute (restorecon_prop_29_0) true) +(expandtypeattribute (restrictions_service_29_0) true) +(expandtypeattribute (rild_debug_socket_29_0) true) +(expandtypeattribute (rild_socket_29_0) true) +(expandtypeattribute (ringtone_file_29_0) true) +(expandtypeattribute (role_service_29_0) true) +(expandtypeattribute (rollback_service_29_0) true) +(expandtypeattribute (root_block_device_29_0) true) +(expandtypeattribute (rootfs_29_0) true) +(expandtypeattribute (rpmsg_device_29_0) true) +(expandtypeattribute (rs_29_0) true) +(expandtypeattribute (rs_exec_29_0) true) +(expandtypeattribute (rss_hwm_reset_29_0) true) +(expandtypeattribute (rtc_device_29_0) true) +(expandtypeattribute (rttmanager_service_29_0) true) +(expandtypeattribute (runas_29_0) true) +(expandtypeattribute (runas_app_29_0) true) +(expandtypeattribute (runas_exec_29_0) true) +(expandtypeattribute (runtime_event_log_tags_file_29_0) true) +(expandtypeattribute (runtime_service_29_0) true) +(expandtypeattribute (safemode_prop_29_0) true) +(expandtypeattribute (same_process_hal_file_29_0) true) +(expandtypeattribute (samplingprofiler_service_29_0) true) +(expandtypeattribute (scheduling_policy_service_29_0) true) +(expandtypeattribute (sdcard_block_device_29_0) true) +(expandtypeattribute (sdcardd_29_0) true) +(expandtypeattribute (sdcardd_exec_29_0) true) +(expandtypeattribute (sdcardfs_29_0) true) +(expandtypeattribute (seapp_contexts_file_29_0) true) +(expandtypeattribute (search_service_29_0) true) +(expandtypeattribute (sec_key_att_app_id_provider_service_29_0) true) +(expandtypeattribute (secure_element_29_0) true) +(expandtypeattribute (secure_element_device_29_0) true) +(expandtypeattribute (secure_element_service_29_0) true) +(expandtypeattribute (selinuxfs_29_0) true) +(expandtypeattribute (sensor_privacy_service_29_0) true) +(expandtypeattribute (sensors_device_29_0) true) +(expandtypeattribute (sensorservice_service_29_0) true) +(expandtypeattribute (sepolicy_file_29_0) true) +(expandtypeattribute (serial_device_29_0) true) +(expandtypeattribute (serialno_prop_29_0) true) +(expandtypeattribute (serial_service_29_0) true) +(expandtypeattribute (server_configurable_flags_data_file_29_0) true) +(expandtypeattribute (service_contexts_file_29_0) true) +(expandtypeattribute (servicediscovery_service_29_0) true) +(expandtypeattribute (servicemanager_29_0) true) +(expandtypeattribute (servicemanager_exec_29_0) true) +(expandtypeattribute (settings_service_29_0) true) +(expandtypeattribute (sgdisk_29_0) true) +(expandtypeattribute (sgdisk_exec_29_0) true) +(expandtypeattribute (shared_relro_29_0) true) +(expandtypeattribute (shared_relro_file_29_0) true) +(expandtypeattribute (shell_29_0) true) +(expandtypeattribute (shell_data_file_29_0) true) +(expandtypeattribute (shell_exec_29_0) true) +(expandtypeattribute (shell_prop_29_0) true) +(expandtypeattribute (shm_29_0) true) +(expandtypeattribute (shortcut_manager_icons_29_0) true) +(expandtypeattribute (shortcut_service_29_0) true) +(expandtypeattribute (simpleperf_app_runner_29_0) true) +(expandtypeattribute (simpleperf_app_runner_exec_29_0) true) +(expandtypeattribute (slice_service_29_0) true) +(expandtypeattribute (slideshow_29_0) true) +(expandtypeattribute (socket_device_29_0) true) +(expandtypeattribute (sockfs_29_0) true) +(expandtypeattribute (staging_data_file_29_0) true) +(expandtypeattribute (statsd_29_0) true) +(expandtypeattribute (stats_data_file_29_0) true) +(expandtypeattribute (statsd_exec_29_0) true) +(expandtypeattribute (statsdw_socket_29_0) true) +(expandtypeattribute (statusbar_service_29_0) true) +(expandtypeattribute (storaged_service_29_0) true) +(expandtypeattribute (storage_file_29_0) true) +(expandtypeattribute (storagestats_service_29_0) true) +(expandtypeattribute (storage_stub_file_29_0) true) +(expandtypeattribute (su_29_0) true) +(expandtypeattribute (su_exec_29_0) true) +(expandtypeattribute (super_block_device_29_0) true) +(expandtypeattribute (surfaceflinger_29_0) true) +(expandtypeattribute (surfaceflinger_service_29_0) true) +(expandtypeattribute (surfaceflinger_tmpfs_29_0) true) +(expandtypeattribute (swap_block_device_29_0) true) +(expandtypeattribute (sysfs_29_0) true) +(expandtypeattribute (sysfs_android_usb_29_0) true) +(expandtypeattribute (sysfs_batteryinfo_29_0) true) +(expandtypeattribute (sysfs_bluetooth_writable_29_0) true) +(expandtypeattribute (sysfs_devices_block_29_0) true) +(expandtypeattribute (sysfs_devices_system_cpu_29_0) true) +(expandtypeattribute (sysfs_dm_29_0) true) +(expandtypeattribute (sysfs_dt_firmware_android_29_0) true) +(expandtypeattribute (sysfs_extcon_29_0) true) +(expandtypeattribute (sysfs_fs_ext4_features_29_0) true) +(expandtypeattribute (sysfs_fs_f2fs_29_0) true) +(expandtypeattribute (sysfs_hwrandom_29_0) true) +(expandtypeattribute (sysfs_ipv4_29_0) true) +(expandtypeattribute (sysfs_kernel_notes_29_0) true) +(expandtypeattribute (sysfs_leds_29_0) true) +(expandtypeattribute (sysfs_loop_29_0) true) +(expandtypeattribute (sysfs_lowmemorykiller_29_0) true) +(expandtypeattribute (sysfs_mac_address_29_0) true) +(expandtypeattribute (sysfs_net_29_0) true) +(expandtypeattribute (sysfs_nfc_power_writable_29_0) true) +(expandtypeattribute (sysfs_power_29_0) true) +(expandtypeattribute (sysfs_rtc_29_0) true) +(expandtypeattribute (sysfs_switch_29_0) true) +(expandtypeattribute (sysfs_thermal_29_0) true) +(expandtypeattribute (sysfs_transparent_hugepage_29_0) true) +(expandtypeattribute (sysfs_uio_29_0) true) +(expandtypeattribute (sysfs_usb_29_0) true) +(expandtypeattribute (sysfs_usermodehelper_29_0) true) +(expandtypeattribute (sysfs_vibrator_29_0) true) +(expandtypeattribute (sysfs_wake_lock_29_0) true) +(expandtypeattribute (sysfs_wakeup_reasons_29_0) true) +(expandtypeattribute (sysfs_wlan_fwpath_29_0) true) +(expandtypeattribute (sysfs_zram_29_0) true) +(expandtypeattribute (sysfs_zram_uevent_29_0) true) +(expandtypeattribute (system_app_29_0) true) +(expandtypeattribute (system_app_data_file_29_0) true) +(expandtypeattribute (system_app_service_29_0) true) +(expandtypeattribute (system_asan_options_file_29_0) true) +(expandtypeattribute (system_block_device_29_0) true) +(expandtypeattribute (system_boot_reason_prop_29_0) true) +(expandtypeattribute (system_bootstrap_lib_file_29_0) true) +(expandtypeattribute (system_data_file_29_0) true) +(expandtypeattribute (system_event_log_tags_file_29_0) true) +(expandtypeattribute (system_file_29_0) true) +(expandtypeattribute (systemkeys_data_file_29_0) true) +(expandtypeattribute (system_lib_file_29_0) true) +(expandtypeattribute (system_linker_config_file_29_0) true) +(expandtypeattribute (system_linker_exec_29_0) true) +(expandtypeattribute (system_lmk_prop_29_0) true) +(expandtypeattribute (system_ndebug_socket_29_0) true) +(expandtypeattribute (system_net_netd_hwservice_29_0) true) +(expandtypeattribute (system_prop_29_0) true) +(expandtypeattribute (system_radio_prop_29_0) true) +(expandtypeattribute (system_seccomp_policy_file_29_0) true) +(expandtypeattribute (system_security_cacerts_file_29_0) true) +(expandtypeattribute (system_server_29_0) true) +(expandtypeattribute (system_server_tmpfs_29_0) true) +(expandtypeattribute (system_suspend_control_service_29_0) true) +(expandtypeattribute (system_suspend_hwservice_29_0) true) +(expandtypeattribute (system_trace_prop_29_0) true) +(expandtypeattribute (system_update_service_29_0) true) +(expandtypeattribute (system_wifi_keystore_hwservice_29_0) true) +(expandtypeattribute (system_wpa_socket_29_0) true) +(expandtypeattribute (system_zoneinfo_file_29_0) true) +(expandtypeattribute (task_profiles_file_29_0) true) +(expandtypeattribute (task_service_29_0) true) +(expandtypeattribute (tcpdump_exec_29_0) true) +(expandtypeattribute (tee_29_0) true) +(expandtypeattribute (tee_data_file_29_0) true) +(expandtypeattribute (tee_device_29_0) true) +(expandtypeattribute (telecom_service_29_0) true) +(expandtypeattribute (test_boot_reason_prop_29_0) true) +(expandtypeattribute (test_harness_prop_29_0) true) +(expandtypeattribute (testharness_service_29_0) true) +(expandtypeattribute (textclassification_service_29_0) true) +(expandtypeattribute (textclassifier_data_file_29_0) true) +(expandtypeattribute (textservices_service_29_0) true) +(expandtypeattribute (thermalcallback_hwservice_29_0) true) +(expandtypeattribute (thermal_service_29_0) true) +(expandtypeattribute (timedetector_service_29_0) true) +(expandtypeattribute (time_prop_29_0) true) +(expandtypeattribute (timezone_service_29_0) true) +(expandtypeattribute (tmpfs_29_0) true) +(expandtypeattribute (tombstoned_29_0) true) +(expandtypeattribute (tombstone_data_file_29_0) true) +(expandtypeattribute (tombstoned_crash_socket_29_0) true) +(expandtypeattribute (tombstoned_exec_29_0) true) +(expandtypeattribute (tombstoned_intercept_socket_29_0) true) +(expandtypeattribute (tombstoned_java_trace_socket_29_0) true) +(expandtypeattribute (tombstone_wifi_data_file_29_0) true) +(expandtypeattribute (toolbox_29_0) true) +(expandtypeattribute (toolbox_exec_29_0) true) +(expandtypeattribute (traced_29_0) true) +(expandtypeattribute (trace_data_file_29_0) true) +(expandtypeattribute (traced_consumer_socket_29_0) true) +(expandtypeattribute (traced_enabled_prop_29_0) true) +(expandtypeattribute (traced_lazy_prop_29_0) true) +(expandtypeattribute (traced_probes_29_0) true) +(expandtypeattribute (traced_producer_socket_29_0) true) +(expandtypeattribute (traceur_app_29_0) true) +(expandtypeattribute (trust_service_29_0) true) +(expandtypeattribute (tty_device_29_0) true) +(expandtypeattribute (tun_device_29_0) true) +(expandtypeattribute (tv_input_service_29_0) true) +(expandtypeattribute (tzdatacheck_29_0) true) +(expandtypeattribute (tzdatacheck_exec_29_0) true) +(expandtypeattribute (ueventd_29_0) true) +(expandtypeattribute (ueventd_tmpfs_29_0) true) +(expandtypeattribute (uhid_device_29_0) true) +(expandtypeattribute (uimode_service_29_0) true) +(expandtypeattribute (uio_device_29_0) true) +(expandtypeattribute (uncrypt_29_0) true) +(expandtypeattribute (uncrypt_exec_29_0) true) +(expandtypeattribute (uncrypt_socket_29_0) true) +(expandtypeattribute (unencrypted_data_file_29_0) true) +(expandtypeattribute (unlabeled_29_0) true) +(expandtypeattribute (untrusted_app_25_29_0) true) +(expandtypeattribute (untrusted_app_27_29_0) true) +(expandtypeattribute (untrusted_app_29_0) true) +(expandtypeattribute (update_engine_29_0) true) +(expandtypeattribute (update_engine_data_file_29_0) true) +(expandtypeattribute (update_engine_exec_29_0) true) +(expandtypeattribute (update_engine_log_data_file_29_0) true) +(expandtypeattribute (update_engine_service_29_0) true) +(expandtypeattribute (updatelock_service_29_0) true) +(expandtypeattribute (update_verifier_29_0) true) +(expandtypeattribute (update_verifier_exec_29_0) true) +(expandtypeattribute (uri_grants_service_29_0) true) +(expandtypeattribute (usagestats_service_29_0) true) +(expandtypeattribute (usbaccessory_device_29_0) true) +(expandtypeattribute (usbd_29_0) true) +(expandtypeattribute (usb_device_29_0) true) +(expandtypeattribute (usbd_exec_29_0) true) +(expandtypeattribute (usbfs_29_0) true) +(expandtypeattribute (usb_service_29_0) true) +(expandtypeattribute (use_memfd_prop_29_0) true) +(expandtypeattribute (userdata_block_device_29_0) true) +(expandtypeattribute (usermodehelper_29_0) true) +(expandtypeattribute (user_profile_data_file_29_0) true) +(expandtypeattribute (user_service_29_0) true) +(expandtypeattribute (vdc_29_0) true) +(expandtypeattribute (vdc_exec_29_0) true) +(expandtypeattribute (vendor_app_file_29_0) true) +(expandtypeattribute (vendor_cgroup_desc_file_29_0) true) +(expandtypeattribute (vendor_configs_file_29_0) true) +(expandtypeattribute (vendor_data_file_29_0) true) +(expandtypeattribute (vendor_default_prop_29_0) true) +(expandtypeattribute (vendor_file_29_0) true) +(expandtypeattribute (vendor_framework_file_29_0) true) +(expandtypeattribute (vendor_hal_file_29_0) true) +(expandtypeattribute (vendor_idc_file_29_0) true) +(expandtypeattribute (vendor_init_29_0) true) +(expandtypeattribute (vendor_keychars_file_29_0) true) +(expandtypeattribute (vendor_keylayout_file_29_0) true) +(expandtypeattribute (vendor_overlay_file_29_0) true) +(expandtypeattribute (vendor_public_lib_file_29_0) true) +(expandtypeattribute (vendor_security_patch_level_prop_29_0) true) +(expandtypeattribute (vendor_shell_29_0) true) +(expandtypeattribute (vendor_shell_exec_29_0) true) +(expandtypeattribute (vendor_task_profiles_file_29_0) true) +(expandtypeattribute (vendor_toolbox_exec_29_0) true) +(expandtypeattribute (vfat_29_0) true) +(expandtypeattribute (vibrator_service_29_0) true) +(expandtypeattribute (video_device_29_0) true) +(expandtypeattribute (virtual_touchpad_29_0) true) +(expandtypeattribute (virtual_touchpad_exec_29_0) true) +(expandtypeattribute (virtual_touchpad_service_29_0) true) +(expandtypeattribute (vndbinder_device_29_0) true) +(expandtypeattribute (vndk_sp_file_29_0) true) +(expandtypeattribute (vndservice_contexts_file_29_0) true) +(expandtypeattribute (vndservicemanager_29_0) true) +(expandtypeattribute (voiceinteraction_service_29_0) true) +(expandtypeattribute (vold_29_0) true) +(expandtypeattribute (vold_data_file_29_0) true) +(expandtypeattribute (vold_device_29_0) true) +(expandtypeattribute (vold_exec_29_0) true) +(expandtypeattribute (vold_metadata_file_29_0) true) +(expandtypeattribute (vold_prepare_subdirs_29_0) true) +(expandtypeattribute (vold_prepare_subdirs_exec_29_0) true) +(expandtypeattribute (vold_prop_29_0) true) +(expandtypeattribute (vold_service_29_0) true) +(expandtypeattribute (vpn_data_file_29_0) true) +(expandtypeattribute (vrflinger_vsync_service_29_0) true) +(expandtypeattribute (vr_hwc_29_0) true) +(expandtypeattribute (vr_hwc_exec_29_0) true) +(expandtypeattribute (vr_hwc_service_29_0) true) +(expandtypeattribute (vr_manager_service_29_0) true) +(expandtypeattribute (wallpaper_file_29_0) true) +(expandtypeattribute (wallpaper_service_29_0) true) +(expandtypeattribute (watchdogd_29_0) true) +(expandtypeattribute (watchdog_device_29_0) true) +(expandtypeattribute (watchdogd_exec_29_0) true) +(expandtypeattribute (webviewupdate_service_29_0) true) +(expandtypeattribute (webview_zygote_29_0) true) +(expandtypeattribute (webview_zygote_exec_29_0) true) +(expandtypeattribute (webview_zygote_tmpfs_29_0) true) +(expandtypeattribute (wifiaware_service_29_0) true) +(expandtypeattribute (wificond_29_0) true) +(expandtypeattribute (wificond_exec_29_0) true) +(expandtypeattribute (wificond_service_29_0) true) +(expandtypeattribute (wifi_data_file_29_0) true) +(expandtypeattribute (wifi_log_prop_29_0) true) +(expandtypeattribute (wifip2p_service_29_0) true) +(expandtypeattribute (wifi_prop_29_0) true) +(expandtypeattribute (wifiscanner_service_29_0) true) +(expandtypeattribute (wifi_service_29_0) true) +(expandtypeattribute (window_service_29_0) true) +(expandtypeattribute (wpantund_29_0) true) +(expandtypeattribute (wpantund_exec_29_0) true) +(expandtypeattribute (wpantund_service_29_0) true) +(expandtypeattribute (wpa_socket_29_0) true) +(expandtypeattribute (zero_device_29_0) true) +(expandtypeattribute (zoneinfo_data_file_29_0) true) +(expandtypeattribute (zygote_29_0) true) +(expandtypeattribute (zygote_exec_29_0) true) +(expandtypeattribute (zygote_socket_29_0) true) +(expandtypeattribute (zygote_tmpfs_29_0) true) +(typeattributeset accessibility_service_29_0 (accessibility_service)) +(typeattributeset account_service_29_0 (account_service)) +(typeattributeset activity_service_29_0 (activity_service)) +(typeattributeset activity_task_service_29_0 (activity_task_service)) +(typeattributeset adbd_29_0 (adbd)) +(typeattributeset adb_data_file_29_0 (adb_data_file)) +(typeattributeset adbd_exec_29_0 (adbd_exec)) +(typeattributeset adbd_socket_29_0 (adbd_socket)) +(typeattributeset adb_keys_file_29_0 (adb_keys_file)) +(typeattributeset adb_service_29_0 (adb_service)) +(typeattributeset alarm_service_29_0 (alarm_service)) +(typeattributeset anr_data_file_29_0 (anr_data_file)) +(typeattributeset apexd_29_0 (apexd)) +(typeattributeset apex_data_file_29_0 (apex_data_file)) +(typeattributeset apexd_exec_29_0 (apexd_exec)) +(typeattributeset apexd_prop_29_0 (apexd_prop)) +(typeattributeset apex_metadata_file_29_0 (apex_metadata_file)) +(typeattributeset apex_mnt_dir_29_0 (apex_mnt_dir)) +(typeattributeset apex_service_29_0 (apex_service)) +(typeattributeset apk_data_file_29_0 (apk_data_file)) +(typeattributeset apk_private_data_file_29_0 (apk_private_data_file)) +(typeattributeset apk_private_tmp_file_29_0 (apk_private_tmp_file)) +(typeattributeset apk_tmp_file_29_0 (apk_tmp_file)) +(typeattributeset app_binding_service_29_0 (app_binding_service)) +(typeattributeset app_data_file_29_0 (app_data_file)) +(typeattributeset appdomain_tmpfs_29_0 (appdomain_tmpfs)) +(typeattributeset app_fuse_file_29_0 (app_fuse_file)) +(typeattributeset app_fusefs_29_0 (app_fusefs)) +(typeattributeset appops_service_29_0 (appops_service)) +(typeattributeset app_prediction_service_29_0 (app_prediction_service)) +(typeattributeset appwidget_service_29_0 (appwidget_service)) +(typeattributeset app_zygote_29_0 (app_zygote)) +(typeattributeset app_zygote_tmpfs_29_0 (app_zygote_tmpfs)) +(typeattributeset asec_apk_file_29_0 (asec_apk_file)) +(typeattributeset asec_image_file_29_0 (asec_image_file)) +(typeattributeset asec_public_file_29_0 (asec_public_file)) +(typeattributeset ashmemd_29_0 (ashmemd)) +(typeattributeset ashmem_device_29_0 (ashmem_device)) +(typeattributeset assetatlas_service_29_0 (assetatlas_service)) +(typeattributeset audio_data_file_29_0 (audio_data_file)) +(typeattributeset audio_device_29_0 (audio_device)) +(typeattributeset audiohal_data_file_29_0 (audiohal_data_file)) +(typeattributeset audio_prop_29_0 (audio_prop)) +(typeattributeset audioserver_29_0 (audioserver)) +(typeattributeset audioserver_data_file_29_0 (audioserver_data_file)) +(typeattributeset audioserver_service_29_0 (audioserver_service)) +(typeattributeset audioserver_tmpfs_29_0 (audioserver_tmpfs)) +(typeattributeset audio_service_29_0 (audio_service)) +(typeattributeset autofill_service_29_0 (autofill_service)) +(typeattributeset backup_data_file_29_0 (backup_data_file)) +(typeattributeset backup_service_29_0 (backup_service)) +(typeattributeset batteryproperties_service_29_0 (batteryproperties_service)) +(typeattributeset battery_service_29_0 (battery_service)) +(typeattributeset batterystats_service_29_0 (batterystats_service)) +(typeattributeset binder_calls_stats_service_29_0 (binder_calls_stats_service)) +(typeattributeset binder_device_29_0 (binder_device)) +(typeattributeset binfmt_miscfs_29_0 (binfmt_miscfs)) +(typeattributeset biometric_service_29_0 (biometric_service)) +(typeattributeset blkid_29_0 (blkid)) +(typeattributeset blkid_untrusted_29_0 (blkid_untrusted)) +(typeattributeset block_device_29_0 (block_device)) +(typeattributeset bluetooth_29_0 (bluetooth)) +(typeattributeset bluetooth_a2dp_offload_prop_29_0 (bluetooth_a2dp_offload_prop)) +(typeattributeset bluetooth_audio_hal_prop_29_0 (bluetooth_audio_hal_prop)) +(typeattributeset bluetooth_data_file_29_0 (bluetooth_data_file)) +(typeattributeset bluetooth_efs_file_29_0 (bluetooth_efs_file)) +(typeattributeset bluetooth_logs_data_file_29_0 (bluetooth_logs_data_file)) +(typeattributeset bluetooth_manager_service_29_0 (bluetooth_manager_service)) +(typeattributeset bluetooth_prop_29_0 (bluetooth_prop)) +(typeattributeset bluetooth_service_29_0 (bluetooth_service)) +(typeattributeset bluetooth_socket_29_0 (bluetooth_socket)) +(typeattributeset bootanim_29_0 (bootanim)) +(typeattributeset bootanim_exec_29_0 (bootanim_exec)) +(typeattributeset boot_block_device_29_0 (boot_block_device)) +(typeattributeset bootchart_data_file_29_0 (bootchart_data_file)) +(typeattributeset bootloader_boot_reason_prop_29_0 (bootloader_boot_reason_prop)) +(typeattributeset bootstat_29_0 (bootstat)) +(typeattributeset bootstat_data_file_29_0 (bootstat_data_file)) +(typeattributeset bootstat_exec_29_0 (bootstat_exec)) +(typeattributeset boottime_prop_29_0 (boottime_prop)) +(typeattributeset boottrace_data_file_29_0 (boottrace_data_file)) +(typeattributeset bpf_progs_loaded_prop_29_0 (bpf_progs_loaded_prop)) +(typeattributeset broadcastradio_service_29_0 (broadcastradio_service)) +(typeattributeset bufferhubd_29_0 (bufferhubd)) +(typeattributeset bufferhubd_exec_29_0 (bufferhubd_exec)) +(typeattributeset bugreport_service_29_0 (bugreport_service)) +(typeattributeset cache_backup_file_29_0 (cache_backup_file)) +(typeattributeset cache_block_device_29_0 (cache_block_device)) +(typeattributeset cache_file_29_0 (cache_file)) +(typeattributeset cache_private_backup_file_29_0 (cache_private_backup_file)) +(typeattributeset cache_recovery_file_29_0 (cache_recovery_file)) +(typeattributeset camera_data_file_29_0 (camera_data_file)) +(typeattributeset camera_device_29_0 (camera_device)) +(typeattributeset cameraproxy_service_29_0 (cameraproxy_service)) +(typeattributeset cameraserver_29_0 (cameraserver)) +(typeattributeset cameraserver_exec_29_0 (cameraserver_exec)) +(typeattributeset cameraserver_service_29_0 (cameraserver_service)) +(typeattributeset cameraserver_tmpfs_29_0 (cameraserver_tmpfs)) +(typeattributeset cgroup_29_0 (cgroup)) +(typeattributeset cgroup_bpf_29_0 (cgroup_bpf)) +(typeattributeset cgroup_desc_file_29_0 (cgroup_desc_file)) +(typeattributeset cgroup_rc_file_29_0 (cgroup_rc_file)) +(typeattributeset charger_29_0 (charger)) +(typeattributeset charger_exec_29_0 (charger_exec)) +(typeattributeset clatd_29_0 (clatd)) +(typeattributeset clatd_exec_29_0 (clatd_exec)) +(typeattributeset clipboard_service_29_0 (clipboard_service)) +(typeattributeset color_display_service_29_0 (color_display_service)) +(typeattributeset companion_device_service_29_0 (companion_device_service)) +(typeattributeset configfs_29_0 (configfs)) +(typeattributeset config_prop_29_0 (config_prop)) +(typeattributeset connectivity_service_29_0 (connectivity_service)) +(typeattributeset connmetrics_service_29_0 (connmetrics_service)) +(typeattributeset console_device_29_0 (console_device)) +(typeattributeset consumer_ir_service_29_0 (consumer_ir_service)) +(typeattributeset content_capture_service_29_0 (content_capture_service)) +(typeattributeset content_service_29_0 (content_service)) +(typeattributeset content_suggestions_service_29_0 (content_suggestions_service)) +(typeattributeset contexthub_service_29_0 (contexthub_service)) +(typeattributeset coredump_file_29_0 (coredump_file)) +(typeattributeset country_detector_service_29_0 (country_detector_service)) +(typeattributeset coverage_service_29_0 (coverage_service)) +(typeattributeset cppreopt_prop_29_0 (cppreopt_prop)) +(typeattributeset cpuinfo_service_29_0 (cpuinfo_service)) +(typeattributeset cpu_variant_prop_29_0 (cpu_variant_prop)) +(typeattributeset crash_dump_29_0 (crash_dump)) +(typeattributeset crash_dump_exec_29_0 (crash_dump_exec)) +(typeattributeset crossprofileapps_service_29_0 (crossprofileapps_service)) +(typeattributeset ctl_adbd_prop_29_0 (ctl_adbd_prop)) +(typeattributeset ctl_bootanim_prop_29_0 (ctl_bootanim_prop)) +(typeattributeset ctl_bugreport_prop_29_0 (ctl_bugreport_prop)) +(typeattributeset ctl_console_prop_29_0 (ctl_console_prop)) +(typeattributeset ctl_default_prop_29_0 (ctl_default_prop)) +(typeattributeset ctl_dumpstate_prop_29_0 (ctl_dumpstate_prop)) +(typeattributeset ctl_fuse_prop_29_0 (ctl_fuse_prop)) +(typeattributeset ctl_gsid_prop_29_0 (ctl_gsid_prop)) +(typeattributeset ctl_interface_restart_prop_29_0 (ctl_interface_restart_prop)) +(typeattributeset ctl_interface_start_prop_29_0 (ctl_interface_start_prop)) +(typeattributeset ctl_interface_stop_prop_29_0 (ctl_interface_stop_prop)) +(typeattributeset ctl_mdnsd_prop_29_0 (ctl_mdnsd_prop)) +(typeattributeset ctl_restart_prop_29_0 (ctl_restart_prop)) +(typeattributeset ctl_rildaemon_prop_29_0 (ctl_rildaemon_prop)) +(typeattributeset ctl_sigstop_prop_29_0 (ctl_sigstop_prop)) +(typeattributeset ctl_start_prop_29_0 (ctl_start_prop)) +(typeattributeset ctl_stop_prop_29_0 (ctl_stop_prop)) +(typeattributeset dalvikcache_data_file_29_0 (dalvikcache_data_file)) +(typeattributeset dalvik_prop_29_0 (dalvik_prop)) +(typeattributeset dbinfo_service_29_0 (dbinfo_service)) +(typeattributeset debugfs_29_0 (debugfs)) +(typeattributeset debugfs_mmc_29_0 (debugfs_mmc)) +(typeattributeset debugfs_trace_marker_29_0 (debugfs_trace_marker)) +(typeattributeset debugfs_tracing_29_0 (debugfs_tracing)) +(typeattributeset debugfs_tracing_debug_29_0 (debugfs_tracing_debug)) +(typeattributeset debugfs_tracing_instances_29_0 (debugfs_tracing_instances)) +(typeattributeset debugfs_wakeup_sources_29_0 (debugfs_wakeup_sources)) +(typeattributeset debugfs_wifi_tracing_29_0 (debugfs_wifi_tracing)) +(typeattributeset debuggerd_prop_29_0 (debuggerd_prop)) +(typeattributeset debug_prop_29_0 (debug_prop)) +(typeattributeset default_android_hwservice_29_0 (default_android_hwservice)) +(typeattributeset default_android_service_29_0 (default_android_service)) +(typeattributeset default_android_vndservice_29_0 (default_android_vndservice)) +(typeattributeset default_prop_29_0 (default_prop apk_verity_prop)) +(typeattributeset dev_cpu_variant_29_0 (dev_cpu_variant)) +(typeattributeset device_29_0 (device)) +(typeattributeset device_config_activity_manager_native_boot_prop_29_0 (device_config_activity_manager_native_boot_prop)) +(typeattributeset device_config_boot_count_prop_29_0 (device_config_boot_count_prop)) +(typeattributeset device_config_input_native_boot_prop_29_0 (device_config_input_native_boot_prop)) +(typeattributeset device_config_media_native_prop_29_0 (device_config_media_native_prop)) +(typeattributeset device_config_netd_native_prop_29_0 (device_config_netd_native_prop)) +(typeattributeset device_config_reset_performed_prop_29_0 (device_config_reset_performed_prop)) +(typeattributeset device_config_runtime_native_boot_prop_29_0 (device_config_runtime_native_boot_prop)) +(typeattributeset device_config_runtime_native_prop_29_0 (device_config_runtime_native_prop)) +(typeattributeset device_config_service_29_0 (device_config_service)) +(typeattributeset device_identifiers_service_29_0 (device_identifiers_service)) +(typeattributeset deviceidle_service_29_0 (deviceidle_service)) +(typeattributeset device_logging_prop_29_0 (device_logging_prop)) +(typeattributeset device_policy_service_29_0 (device_policy_service)) +(typeattributeset devicestoragemonitor_service_29_0 (devicestoragemonitor_service)) +(typeattributeset devpts_29_0 (devpts)) +(typeattributeset dhcp_29_0 (dhcp)) +(typeattributeset dhcp_data_file_29_0 (dhcp_data_file)) +(typeattributeset dhcp_exec_29_0 (dhcp_exec)) +(typeattributeset dhcp_prop_29_0 (dhcp_prop)) +(typeattributeset diskstats_service_29_0 (diskstats_service)) +(typeattributeset display_service_29_0 (display_service)) +(typeattributeset dm_device_29_0 (dm_device)) +(typeattributeset dnsmasq_29_0 (dnsmasq)) +(typeattributeset dnsmasq_exec_29_0 (dnsmasq_exec)) +(typeattributeset dnsproxyd_socket_29_0 (dnsproxyd_socket)) +(typeattributeset dnsresolver_service_29_0 (dnsresolver_service)) +(typeattributeset DockObserver_service_29_0 (DockObserver_service)) +(typeattributeset dreams_service_29_0 (dreams_service)) +(typeattributeset drm_data_file_29_0 (drm_data_file)) +(typeattributeset drmserver_29_0 (drmserver)) +(typeattributeset drmserver_exec_29_0 (drmserver_exec)) +(typeattributeset drmserver_service_29_0 (drmserver_service)) +(typeattributeset drmserver_socket_29_0 (drmserver_socket)) +(typeattributeset dropbox_data_file_29_0 (dropbox_data_file)) +(typeattributeset dropbox_service_29_0 (dropbox_service)) +(typeattributeset dumpstate_29_0 (dumpstate)) +(typeattributeset dumpstate_exec_29_0 (dumpstate_exec)) +(typeattributeset dumpstate_options_prop_29_0 (dumpstate_options_prop)) +(typeattributeset dumpstate_prop_29_0 (dumpstate_prop)) +(typeattributeset dumpstate_service_29_0 (dumpstate_service)) +(typeattributeset dumpstate_socket_29_0 (dumpstate_socket)) +(typeattributeset dynamic_system_prop_29_0 (dynamic_system_prop)) +(typeattributeset e2fs_29_0 (e2fs)) +(typeattributeset e2fs_exec_29_0 (e2fs_exec)) +(typeattributeset efs_file_29_0 (efs_file)) +(typeattributeset ephemeral_app_29_0 (ephemeral_app)) +(typeattributeset ethernet_service_29_0 (ethernet_service)) +(typeattributeset exfat_29_0 (exfat)) +(typeattributeset exported2_config_prop_29_0 (exported2_config_prop)) +(typeattributeset exported2_default_prop_29_0 (exported2_default_prop)) +(typeattributeset exported2_radio_prop_29_0 (exported2_radio_prop)) +(typeattributeset exported2_system_prop_29_0 (exported2_system_prop)) +(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop)) +(typeattributeset exported3_default_prop_29_0 (exported3_default_prop)) +(typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop)) +(typeattributeset exported3_system_prop_29_0 (exported3_system_prop)) +(typeattributeset exported_audio_prop_29_0 (exported_audio_prop)) +(typeattributeset exported_bluetooth_prop_29_0 (exported_bluetooth_prop)) +(typeattributeset exported_config_prop_29_0 (exported_config_prop)) +(typeattributeset exported_dalvik_prop_29_0 (exported_dalvik_prop)) +(typeattributeset exported_default_prop_29_0 + ( exported_default_prop + vndk_prop)) +(typeattributeset exported_dumpstate_prop_29_0 (exported_dumpstate_prop)) +(typeattributeset exported_ffs_prop_29_0 (exported_ffs_prop)) +(typeattributeset exported_fingerprint_prop_29_0 (exported_fingerprint_prop)) +(typeattributeset exported_overlay_prop_29_0 (exported_overlay_prop)) +(typeattributeset exported_pm_prop_29_0 (exported_pm_prop)) +(typeattributeset exported_radio_prop_29_0 (exported_radio_prop)) +(typeattributeset exported_secure_prop_29_0 (exported_secure_prop)) +(typeattributeset exported_system_prop_29_0 (exported_system_prop)) +(typeattributeset exported_system_radio_prop_29_0 (exported_system_radio_prop)) +(typeattributeset exported_vold_prop_29_0 (exported_vold_prop)) +(typeattributeset exported_wifi_prop_29_0 (exported_wifi_prop)) +(typeattributeset external_vibrator_service_29_0 (external_vibrator_service)) +(typeattributeset face_service_29_0 (face_service)) +(typeattributeset face_vendor_data_file_29_0 (face_vendor_data_file)) +(typeattributeset fastbootd_29_0 (fastbootd)) +(typeattributeset ffs_prop_29_0 (ffs_prop)) +(typeattributeset file_contexts_file_29_0 (file_contexts_file)) +(typeattributeset fingerprintd_29_0 (fingerprintd)) +(typeattributeset fingerprintd_data_file_29_0 (fingerprintd_data_file)) +(typeattributeset fingerprintd_exec_29_0 (fingerprintd_exec)) +(typeattributeset fingerprintd_service_29_0 (fingerprintd_service)) +(typeattributeset fingerprint_prop_29_0 (fingerprint_prop)) +(typeattributeset fingerprint_service_29_0 (fingerprint_service)) +(typeattributeset fingerprint_vendor_data_file_29_0 (fingerprint_vendor_data_file)) +(typeattributeset firstboot_prop_29_0 (firstboot_prop)) +(typeattributeset flags_health_check_29_0 (flags_health_check)) +(typeattributeset flags_health_check_exec_29_0 (flags_health_check_exec)) +(typeattributeset font_service_29_0 (font_service)) +(typeattributeset frp_block_device_29_0 (frp_block_device)) +(typeattributeset fs_bpf_29_0 (fs_bpf)) +(typeattributeset fsck_29_0 (fsck)) +(typeattributeset fsck_exec_29_0 (fsck_exec)) +(typeattributeset fscklogs_29_0 (fscklogs)) +(typeattributeset fsck_untrusted_29_0 (fsck_untrusted)) +(typeattributeset functionfs_29_0 (functionfs)) +(typeattributeset fuse_29_0 (fuse)) +(typeattributeset fuse_device_29_0 (fuse_device)) +(typeattributeset fwk_bufferhub_hwservice_29_0 (fwk_bufferhub_hwservice)) +(typeattributeset fwk_camera_hwservice_29_0 (fwk_camera_hwservice)) +(typeattributeset fwk_display_hwservice_29_0 (fwk_display_hwservice)) +(typeattributeset fwk_scheduler_hwservice_29_0 (fwk_scheduler_hwservice)) +(typeattributeset fwk_sensor_hwservice_29_0 (fwk_sensor_hwservice)) +(typeattributeset fwk_stats_hwservice_29_0 (fwk_stats_hwservice)) +(typeattributeset fwmarkd_socket_29_0 (fwmarkd_socket)) +(typeattributeset gatekeeperd_29_0 (gatekeeperd)) +(typeattributeset gatekeeper_data_file_29_0 (gatekeeper_data_file)) +(typeattributeset gatekeeperd_exec_29_0 (gatekeeperd_exec)) +(typeattributeset gatekeeper_service_29_0 (gatekeeper_service)) +(typeattributeset gfxinfo_service_29_0 (gfxinfo_service)) +(typeattributeset gps_control_29_0 (gps_control)) +(typeattributeset gpu_device_29_0 (gpu_device)) +(typeattributeset gpu_service_29_0 (gpu_service)) +(typeattributeset gpuservice_29_0 (gpuservice)) +(typeattributeset graphics_device_29_0 (graphics_device)) +(typeattributeset graphicsstats_service_29_0 (graphicsstats_service)) +(typeattributeset gsi_data_file_29_0 (gsi_data_file)) +(typeattributeset gsid_prop_29_0 (gsid_prop)) +(typeattributeset gsi_metadata_file_29_0 (gsi_metadata_file)) +(typeattributeset hal_atrace_hwservice_29_0 (hal_atrace_hwservice)) +(typeattributeset hal_audiocontrol_hwservice_29_0 (hal_audiocontrol_hwservice)) +(typeattributeset hal_audio_hwservice_29_0 (hal_audio_hwservice)) +(typeattributeset hal_authsecret_hwservice_29_0 (hal_authsecret_hwservice)) +(typeattributeset hal_bluetooth_hwservice_29_0 (hal_bluetooth_hwservice)) +(typeattributeset hal_bootctl_hwservice_29_0 (hal_bootctl_hwservice)) +(typeattributeset hal_broadcastradio_hwservice_29_0 (hal_broadcastradio_hwservice)) +(typeattributeset hal_camera_hwservice_29_0 (hal_camera_hwservice)) +(typeattributeset hal_cas_hwservice_29_0 (hal_cas_hwservice)) +(typeattributeset hal_codec2_hwservice_29_0 (hal_codec2_hwservice)) +(typeattributeset hal_configstore_ISurfaceFlingerConfigs_29_0 (hal_configstore_ISurfaceFlingerConfigs)) +(typeattributeset hal_confirmationui_hwservice_29_0 (hal_confirmationui_hwservice)) +(typeattributeset hal_contexthub_hwservice_29_0 (hal_contexthub_hwservice)) +(typeattributeset hal_drm_hwservice_29_0 (hal_drm_hwservice)) +(typeattributeset hal_dumpstate_hwservice_29_0 (hal_dumpstate_hwservice)) +(typeattributeset hal_evs_hwservice_29_0 (hal_evs_hwservice)) +(typeattributeset hal_face_hwservice_29_0 (hal_face_hwservice)) +(typeattributeset hal_fingerprint_hwservice_29_0 (hal_fingerprint_hwservice)) +(typeattributeset hal_fingerprint_service_29_0 (hal_fingerprint_service)) +(typeattributeset hal_gatekeeper_hwservice_29_0 (hal_gatekeeper_hwservice)) +(typeattributeset hal_gnss_hwservice_29_0 (hal_gnss_hwservice)) +(typeattributeset hal_graphics_allocator_hwservice_29_0 (hal_graphics_allocator_hwservice)) +(typeattributeset hal_graphics_composer_hwservice_29_0 (hal_graphics_composer_hwservice)) +(typeattributeset hal_graphics_composer_server_tmpfs_29_0 (hal_graphics_composer_server_tmpfs)) +(typeattributeset hal_graphics_mapper_hwservice_29_0 (hal_graphics_mapper_hwservice)) +(typeattributeset hal_health_hwservice_29_0 (hal_health_hwservice)) +(typeattributeset hal_health_storage_hwservice_29_0 (hal_health_storage_hwservice)) +(typeattributeset hal_input_classifier_hwservice_29_0 (hal_input_classifier_hwservice)) +(typeattributeset hal_ir_hwservice_29_0 (hal_ir_hwservice)) +(typeattributeset hal_keymaster_hwservice_29_0 (hal_keymaster_hwservice)) +(typeattributeset hal_light_hwservice_29_0 (hal_light_hwservice)) +(typeattributeset hal_lowpan_hwservice_29_0 (hal_lowpan_hwservice)) +(typeattributeset hal_memtrack_hwservice_29_0 (hal_memtrack_hwservice)) +(typeattributeset hal_neuralnetworks_hwservice_29_0 (hal_neuralnetworks_hwservice)) +(typeattributeset hal_nfc_hwservice_29_0 (hal_nfc_hwservice)) +(typeattributeset hal_oemlock_hwservice_29_0 (hal_oemlock_hwservice)) +(typeattributeset hal_omx_hwservice_29_0 (hal_omx_hwservice)) +(typeattributeset hal_power_hwservice_29_0 (hal_power_hwservice)) +(typeattributeset hal_power_stats_hwservice_29_0 (hal_power_stats_hwservice)) +(typeattributeset hal_renderscript_hwservice_29_0 (hal_renderscript_hwservice)) +(typeattributeset hal_secure_element_hwservice_29_0 (hal_secure_element_hwservice)) +(typeattributeset hal_sensors_hwservice_29_0 (hal_sensors_hwservice)) +(typeattributeset hal_telephony_hwservice_29_0 (hal_telephony_hwservice)) +(typeattributeset hal_tetheroffload_hwservice_29_0 (hal_tetheroffload_hwservice)) +(typeattributeset hal_thermal_hwservice_29_0 (hal_thermal_hwservice)) +(typeattributeset hal_tv_cec_hwservice_29_0 (hal_tv_cec_hwservice)) +(typeattributeset hal_tv_input_hwservice_29_0 (hal_tv_input_hwservice)) +(typeattributeset hal_usb_gadget_hwservice_29_0 (hal_usb_gadget_hwservice)) +(typeattributeset hal_usb_hwservice_29_0 (hal_usb_hwservice)) +(typeattributeset hal_vehicle_hwservice_29_0 (hal_vehicle_hwservice)) +(typeattributeset hal_vibrator_hwservice_29_0 (hal_vibrator_hwservice)) +(typeattributeset hal_vr_hwservice_29_0 (hal_vr_hwservice)) +(typeattributeset hal_weaver_hwservice_29_0 (hal_weaver_hwservice)) +(typeattributeset hal_wifi_hostapd_hwservice_29_0 (hal_wifi_hostapd_hwservice)) +(typeattributeset hal_wifi_hwservice_29_0 (hal_wifi_hwservice)) +(typeattributeset hal_wifi_offload_hwservice_29_0 (hal_wifi_offload_hwservice)) +(typeattributeset hal_wifi_supplicant_hwservice_29_0 (hal_wifi_supplicant_hwservice)) +(typeattributeset hardware_properties_service_29_0 (hardware_properties_service)) +(typeattributeset hardware_service_29_0 (hardware_service)) +(typeattributeset hci_attach_dev_29_0 (hci_attach_dev)) +(typeattributeset hdmi_control_service_29_0 (hdmi_control_service)) +(typeattributeset healthd_29_0 (healthd)) +(typeattributeset healthd_exec_29_0 (healthd_exec)) +(typeattributeset heapdump_data_file_29_0 (heapdump_data_file)) +(typeattributeset heapprofd_29_0 (heapprofd)) +(typeattributeset heapprofd_enabled_prop_29_0 (heapprofd_enabled_prop)) +(typeattributeset heapprofd_prop_29_0 (heapprofd_prop)) +(typeattributeset heapprofd_socket_29_0 (heapprofd_socket)) +(typeattributeset hidl_allocator_hwservice_29_0 (hidl_allocator_hwservice)) +(typeattributeset hidl_base_hwservice_29_0 (hidl_base_hwservice)) +(typeattributeset hidl_manager_hwservice_29_0 (hidl_manager_hwservice)) +(typeattributeset hidl_memory_hwservice_29_0 (hidl_memory_hwservice)) +(typeattributeset hidl_token_hwservice_29_0 (hidl_token_hwservice)) +(typeattributeset hwbinder_device_29_0 (hwbinder_device)) +(typeattributeset hw_random_device_29_0 (hw_random_device)) +(typeattributeset hwservice_contexts_file_29_0 (hwservice_contexts_file)) +(typeattributeset hwservicemanager_29_0 (hwservicemanager)) +(typeattributeset hwservicemanager_exec_29_0 (hwservicemanager_exec)) +(typeattributeset hwservicemanager_prop_29_0 (hwservicemanager_prop)) +(typeattributeset icon_file_29_0 (icon_file)) +(typeattributeset idmap_29_0 (idmap)) +(typeattributeset idmap_exec_29_0 (idmap_exec)) +(typeattributeset idmap_service_29_0 (idmap_service)) +(typeattributeset iio_device_29_0 (iio_device)) +(typeattributeset imms_service_29_0 (imms_service)) +(typeattributeset incident_29_0 (incident)) +(typeattributeset incidentd_29_0 (incidentd)) +(typeattributeset incident_data_file_29_0 (incident_data_file)) +(typeattributeset incident_helper_29_0 (incident_helper)) +(typeattributeset incident_service_29_0 (incident_service)) +(typeattributeset init_29_0 (init)) +(typeattributeset init_exec_29_0 (init_exec)) +(typeattributeset init_tmpfs_29_0 (init_tmpfs)) +(typeattributeset inotify_29_0 (inotify)) +(typeattributeset input_device_29_0 (input_device)) +(typeattributeset inputflinger_29_0 (inputflinger)) +(typeattributeset inputflinger_exec_29_0 (inputflinger_exec)) +(typeattributeset inputflinger_service_29_0 (inputflinger_service)) +(typeattributeset input_method_service_29_0 (input_method_service)) +(typeattributeset input_service_29_0 (input_service)) +(typeattributeset installd_29_0 (installd)) +(typeattributeset install_data_file_29_0 (install_data_file)) +(typeattributeset installd_exec_29_0 (installd_exec)) +(typeattributeset installd_service_29_0 (installd_service)) +(typeattributeset install_recovery_29_0 (install_recovery)) +(typeattributeset install_recovery_exec_29_0 (install_recovery_exec)) +(typeattributeset ion_device_29_0 (ion_device)) +(typeattributeset iorapd_29_0 (iorapd)) +(typeattributeset iorapd_data_file_29_0 (iorapd_data_file)) +(typeattributeset iorapd_exec_29_0 (iorapd_exec)) +(typeattributeset iorapd_service_29_0 (iorapd_service)) +(typeattributeset iorapd_tmpfs_29_0 (iorapd_tmpfs)) +(typeattributeset IProxyService_service_29_0 (IProxyService_service)) +(typeattributeset ipsec_service_29_0 (ipsec_service)) +(typeattributeset iris_service_29_0 (iris_service)) +(typeattributeset iris_vendor_data_file_29_0 (iris_vendor_data_file)) +(typeattributeset isolated_app_29_0 (isolated_app)) +(typeattributeset jobscheduler_service_29_0 (jobscheduler_service)) +(typeattributeset kernel_29_0 (kernel)) +(typeattributeset keychain_data_file_29_0 (keychain_data_file)) +(typeattributeset keychord_device_29_0 (keychord_device)) +(typeattributeset keystore_29_0 (keystore)) +(typeattributeset keystore_data_file_29_0 (keystore_data_file)) +(typeattributeset keystore_exec_29_0 (keystore_exec)) +(typeattributeset keystore_service_29_0 (keystore_service)) +(typeattributeset kmsg_debug_device_29_0 (kmsg_debug_device)) +(typeattributeset kmsg_device_29_0 (kmsg_device)) +(typeattributeset labeledfs_29_0 (labeledfs)) +(typeattributeset last_boot_reason_prop_29_0 (last_boot_reason_prop)) +(typeattributeset launcherapps_service_29_0 (launcherapps_service)) +(typeattributeset llkd_29_0 (llkd)) +(typeattributeset llkd_exec_29_0 (llkd_exec)) +(typeattributeset llkd_prop_29_0 (llkd_prop)) +(typeattributeset lmkd_29_0 (lmkd)) +(typeattributeset lmkd_exec_29_0 (lmkd_exec)) +(typeattributeset lmkd_socket_29_0 (lmkd_socket)) +(typeattributeset location_service_29_0 (location_service)) +(typeattributeset lock_settings_service_29_0 (lock_settings_service)) +(typeattributeset logcat_exec_29_0 (logcat_exec)) +(typeattributeset logd_29_0 (logd)) +(typeattributeset logd_exec_29_0 (logd_exec)) +(typeattributeset logd_prop_29_0 (logd_prop)) +(typeattributeset logdr_socket_29_0 (logdr_socket)) +(typeattributeset logd_socket_29_0 (logd_socket)) +(typeattributeset logdw_socket_29_0 (logdw_socket)) +(typeattributeset logpersist_29_0 (logpersist)) +(typeattributeset logpersistd_logging_prop_29_0 (logpersistd_logging_prop)) +(typeattributeset log_prop_29_0 (log_prop)) +(typeattributeset log_tag_prop_29_0 (log_tag_prop)) +(typeattributeset loop_control_device_29_0 (loop_control_device)) +(typeattributeset loop_device_29_0 (loop_device)) +(typeattributeset looper_stats_service_29_0 (looper_stats_service)) +(typeattributeset lowpan_device_29_0 (lowpan_device)) +(typeattributeset lowpan_prop_29_0 (lowpan_prop)) +(typeattributeset lowpan_service_29_0 (lowpan_service)) +(typeattributeset lpdumpd_prop_29_0 (lpdumpd_prop)) +(typeattributeset lpdump_service_29_0 (lpdump_service)) +(typeattributeset mac_perms_file_29_0 (mac_perms_file)) +(typeattributeset mdnsd_29_0 (mdnsd)) +(typeattributeset mdnsd_socket_29_0 (mdnsd_socket)) +(typeattributeset mdns_socket_29_0 (mdns_socket)) +(typeattributeset mediacodec_service_29_0 (mediacodec_service)) +(typeattributeset media_data_file_29_0 (media_data_file)) +(typeattributeset mediadrmserver_29_0 (mediadrmserver)) +(typeattributeset mediadrmserver_exec_29_0 (mediadrmserver_exec)) +(typeattributeset mediadrmserver_service_29_0 (mediadrmserver_service)) +(typeattributeset mediaextractor_29_0 (mediaextractor)) +(typeattributeset mediaextractor_exec_29_0 (mediaextractor_exec)) +(typeattributeset mediaextractor_service_29_0 (mediaextractor_service)) +(typeattributeset mediaextractor_tmpfs_29_0 (mediaextractor_tmpfs)) +(typeattributeset mediametrics_29_0 (mediametrics)) +(typeattributeset mediametrics_exec_29_0 (mediametrics_exec)) +(typeattributeset mediametrics_service_29_0 (mediametrics_service)) +(typeattributeset media_projection_service_29_0 (media_projection_service)) +(typeattributeset mediaprovider_29_0 (mediaprovider)) +(typeattributeset media_router_service_29_0 (media_router_service)) +(typeattributeset media_rw_data_file_29_0 (media_rw_data_file)) +(typeattributeset mediaserver_29_0 (mediaserver)) +(typeattributeset mediaserver_exec_29_0 (mediaserver_exec)) +(typeattributeset mediaserver_service_29_0 (mediaserver_service)) +(typeattributeset mediaserver_tmpfs_29_0 (mediaserver_tmpfs)) +(typeattributeset media_session_service_29_0 (media_session_service)) +(typeattributeset mediaswcodec_29_0 (mediaswcodec)) +(typeattributeset mediaswcodec_exec_29_0 (mediaswcodec_exec)) +(typeattributeset meminfo_service_29_0 (meminfo_service)) +(typeattributeset metadata_block_device_29_0 (metadata_block_device)) +(typeattributeset metadata_file_29_0 (metadata_file)) +(typeattributeset method_trace_data_file_29_0 (method_trace_data_file)) +(typeattributeset midi_service_29_0 (midi_service)) +(typeattributeset misc_block_device_29_0 (misc_block_device)) +(typeattributeset misc_logd_file_29_0 (misc_logd_file)) +(typeattributeset misc_user_data_file_29_0 (misc_user_data_file)) +(typeattributeset mmc_prop_29_0 (mmc_prop)) +(typeattributeset mnt_expand_file_29_0 (mnt_expand_file)) +(typeattributeset mnt_media_rw_file_29_0 (mnt_media_rw_file)) +(typeattributeset mnt_media_rw_stub_file_29_0 (mnt_media_rw_stub_file)) +(typeattributeset mnt_product_file_29_0 (mnt_product_file)) +(typeattributeset mnt_user_file_29_0 (mnt_user_file)) +(typeattributeset mnt_vendor_file_29_0 (mnt_vendor_file)) +(typeattributeset modprobe_29_0 (modprobe)) +(typeattributeset mount_service_29_0 (mount_service)) +(typeattributeset mqueue_29_0 (mqueue)) +(typeattributeset mtp_29_0 (mtp)) +(typeattributeset mtp_device_29_0 (mtp_device)) +(typeattributeset mtpd_socket_29_0 (mtpd_socket)) +(typeattributeset mtp_exec_29_0 (mtp_exec)) +(typeattributeset nativetest_data_file_29_0 (nativetest_data_file)) +(typeattributeset netd_29_0 (netd)) +(typeattributeset net_data_file_29_0 (net_data_file)) +(typeattributeset netd_exec_29_0 (netd_exec)) +(typeattributeset netd_listener_service_29_0 (netd_listener_service)) +(typeattributeset net_dns_prop_29_0 (net_dns_prop)) +(typeattributeset netd_service_29_0 (netd_service)) +(typeattributeset netd_stable_secret_prop_29_0 (netd_stable_secret_prop)) +(typeattributeset netif_29_0 (netif)) +(typeattributeset netpolicy_service_29_0 (netpolicy_service)) +(typeattributeset net_radio_prop_29_0 (net_radio_prop)) +(typeattributeset netstats_service_29_0 (netstats_service)) +(typeattributeset netutils_wrapper_29_0 (netutils_wrapper)) +(typeattributeset netutils_wrapper_exec_29_0 (netutils_wrapper_exec)) +(typeattributeset network_management_service_29_0 (network_management_service)) +(typeattributeset network_score_service_29_0 (network_score_service)) +(typeattributeset network_stack_29_0 (network_stack)) +(typeattributeset network_stack_service_29_0 (network_stack_service)) +(typeattributeset network_time_update_service_29_0 (network_time_update_service)) +(typeattributeset network_watchlist_data_file_29_0 (network_watchlist_data_file)) +(typeattributeset network_watchlist_service_29_0 (network_watchlist_service)) +(typeattributeset nfc_29_0 (nfc)) +(typeattributeset nfc_data_file_29_0 (nfc_data_file)) +(typeattributeset nfc_device_29_0 (nfc_device)) +(typeattributeset nfc_prop_29_0 (nfc_prop)) +(typeattributeset nfc_service_29_0 (nfc_service)) +(typeattributeset nnapi_ext_deny_product_prop_29_0 (nnapi_ext_deny_product_prop)) +(typeattributeset node_29_0 (node)) +(typeattributeset nonplat_service_contexts_file_29_0 (nonplat_service_contexts_file)) +(typeattributeset notification_service_29_0 (notification_service)) +(typeattributeset null_device_29_0 (null_device)) +(typeattributeset oemfs_29_0 (oemfs)) +(typeattributeset oem_lock_service_29_0 (oem_lock_service)) +(typeattributeset ota_data_file_29_0 (ota_data_file)) +(typeattributeset otadexopt_service_29_0 (otadexopt_service)) +(typeattributeset ota_package_file_29_0 (ota_package_file)) +(typeattributeset overlayfs_file_29_0 (overlayfs_file)) +(typeattributeset overlay_prop_29_0 (overlay_prop)) +(typeattributeset overlay_service_29_0 (overlay_service)) +(typeattributeset owntty_device_29_0 (owntty_device)) +(typeattributeset package_native_service_29_0 (package_native_service)) +(typeattributeset package_service_29_0 (package_service)) +(typeattributeset packages_list_file_29_0 (packages_list_file)) +(typeattributeset pan_result_prop_29_0 (pan_result_prop)) +(typeattributeset password_slot_metadata_file_29_0 (password_slot_metadata_file)) +(typeattributeset pdx_bufferhub_client_channel_socket_29_0 (pdx_bufferhub_client_channel_socket)) +(typeattributeset pdx_bufferhub_client_endpoint_socket_29_0 (pdx_bufferhub_client_endpoint_socket)) +(typeattributeset pdx_bufferhub_dir_29_0 (pdx_bufferhub_dir)) +(typeattributeset pdx_display_client_channel_socket_29_0 (pdx_display_client_channel_socket)) +(typeattributeset pdx_display_client_endpoint_socket_29_0 (pdx_display_client_endpoint_socket)) +(typeattributeset pdx_display_dir_29_0 (pdx_display_dir)) +(typeattributeset pdx_display_manager_channel_socket_29_0 (pdx_display_manager_channel_socket)) +(typeattributeset pdx_display_manager_endpoint_socket_29_0 (pdx_display_manager_endpoint_socket)) +(typeattributeset pdx_display_screenshot_channel_socket_29_0 (pdx_display_screenshot_channel_socket)) +(typeattributeset pdx_display_screenshot_endpoint_socket_29_0 (pdx_display_screenshot_endpoint_socket)) +(typeattributeset pdx_display_vsync_channel_socket_29_0 (pdx_display_vsync_channel_socket)) +(typeattributeset pdx_display_vsync_endpoint_socket_29_0 (pdx_display_vsync_endpoint_socket)) +(typeattributeset pdx_performance_client_channel_socket_29_0 (pdx_performance_client_channel_socket)) +(typeattributeset pdx_performance_client_endpoint_socket_29_0 (pdx_performance_client_endpoint_socket)) +(typeattributeset pdx_performance_dir_29_0 (pdx_performance_dir)) +(typeattributeset perfetto_29_0 (perfetto)) +(typeattributeset performanced_29_0 (performanced)) +(typeattributeset performanced_exec_29_0 (performanced_exec)) +(typeattributeset permissionmgr_service_29_0 (permissionmgr_service)) +(typeattributeset permission_service_29_0 (permission_service)) +(typeattributeset persist_debug_prop_29_0 (persist_debug_prop)) +(typeattributeset persistent_data_block_service_29_0 (persistent_data_block_service)) +(typeattributeset persistent_properties_ready_prop_29_0 (persistent_properties_ready_prop)) +(typeattributeset pinner_service_29_0 (pinner_service)) +(typeattributeset pipefs_29_0 (pipefs)) +(typeattributeset platform_app_29_0 (platform_app)) +(typeattributeset pm_prop_29_0 (pm_prop)) +(typeattributeset pmsg_device_29_0 (pmsg_device)) +(typeattributeset port_29_0 (port)) +(typeattributeset port_device_29_0 (port_device)) +(typeattributeset postinstall_29_0 (postinstall)) +(typeattributeset postinstall_apex_mnt_dir_29_0 (postinstall_apex_mnt_dir)) +(typeattributeset postinstall_file_29_0 (postinstall_file)) +(typeattributeset postinstall_mnt_dir_29_0 (postinstall_mnt_dir)) +(typeattributeset powerctl_prop_29_0 (powerctl_prop)) +(typeattributeset power_service_29_0 (power_service)) +(typeattributeset ppp_29_0 (ppp)) +(typeattributeset ppp_device_29_0 (ppp_device)) +(typeattributeset ppp_exec_29_0 (ppp_exec)) +(typeattributeset preloads_data_file_29_0 (preloads_data_file)) +(typeattributeset preloads_media_file_29_0 (preloads_media_file)) +(typeattributeset print_service_29_0 (print_service)) +(typeattributeset priv_app_29_0 (priv_app)) +(typeattributeset privapp_data_file_29_0 (privapp_data_file)) +(typeattributeset proc_29_0 + ( proc + proc_kpageflags + proc_lowmemorykiller)) +(typeattributeset proc_abi_29_0 (proc_abi)) +(typeattributeset proc_asound_29_0 (proc_asound)) +(typeattributeset proc_bluetooth_writable_29_0 (proc_bluetooth_writable)) +(typeattributeset proc_buddyinfo_29_0 (proc_buddyinfo)) +(typeattributeset proc_cmdline_29_0 (proc_cmdline)) +(typeattributeset proc_cpuinfo_29_0 (proc_cpuinfo)) +(typeattributeset proc_dirty_29_0 (proc_dirty)) +(typeattributeset proc_diskstats_29_0 (proc_diskstats)) +(typeattributeset proc_drop_caches_29_0 (proc_drop_caches)) +(typeattributeset processinfo_service_29_0 (processinfo_service)) +(typeattributeset proc_extra_free_kbytes_29_0 (proc_extra_free_kbytes)) +(typeattributeset proc_filesystems_29_0 (proc_filesystems)) +(typeattributeset proc_fs_verity_29_0 (proc_fs_verity)) +(typeattributeset proc_hostname_29_0 (proc_hostname)) +(typeattributeset proc_hung_task_29_0 (proc_hung_task)) +(typeattributeset proc_interrupts_29_0 (proc_interrupts)) +(typeattributeset proc_iomem_29_0 (proc_iomem)) +(typeattributeset proc_keys_29_0 (proc_keys)) +(typeattributeset proc_kmsg_29_0 (proc_kmsg)) +(typeattributeset proc_loadavg_29_0 (proc_loadavg)) +(typeattributeset proc_max_map_count_29_0 (proc_max_map_count)) +(typeattributeset proc_meminfo_29_0 (proc_meminfo)) +(typeattributeset proc_min_free_order_shift_29_0 (proc_min_free_order_shift)) +(typeattributeset proc_misc_29_0 (proc_misc)) +(typeattributeset proc_modules_29_0 (proc_modules)) +(typeattributeset proc_mounts_29_0 (proc_mounts)) +(typeattributeset proc_net_29_0 (proc_net)) +(typeattributeset proc_net_tcp_udp_29_0 (proc_net_tcp_udp)) +(typeattributeset proc_overcommit_memory_29_0 (proc_overcommit_memory)) +(typeattributeset proc_page_cluster_29_0 (proc_page_cluster)) +(typeattributeset proc_pagetypeinfo_29_0 (proc_pagetypeinfo)) +(typeattributeset proc_panic_29_0 (proc_panic)) +(typeattributeset proc_perf_29_0 (proc_perf)) +(typeattributeset proc_pid_max_29_0 (proc_pid_max)) +(typeattributeset proc_pipe_conf_29_0 (proc_pipe_conf)) +(typeattributeset proc_pressure_cpu_29_0 (proc_pressure_cpu)) +(typeattributeset proc_pressure_io_29_0 (proc_pressure_io)) +(typeattributeset proc_pressure_mem_29_0 (proc_pressure_mem)) +(typeattributeset proc_qtaguid_ctrl_29_0 (proc_qtaguid_ctrl)) +(typeattributeset proc_qtaguid_stat_29_0 (proc_qtaguid_stat)) +(typeattributeset proc_random_29_0 (proc_random)) +(typeattributeset proc_sched_29_0 (proc_sched)) +(typeattributeset proc_security_29_0 (proc_security)) +(typeattributeset proc_slabinfo_29_0 (proc_slabinfo)) +(typeattributeset proc_stat_29_0 (proc_stat)) +(typeattributeset procstats_service_29_0 (procstats_service)) +(typeattributeset proc_swaps_29_0 (proc_swaps)) +(typeattributeset proc_sysrq_29_0 (proc_sysrq)) +(typeattributeset proc_timer_29_0 (proc_timer)) +(typeattributeset proc_tty_drivers_29_0 (proc_tty_drivers)) +(typeattributeset proc_uid_concurrent_active_time_29_0 (proc_uid_concurrent_active_time)) +(typeattributeset proc_uid_concurrent_policy_time_29_0 (proc_uid_concurrent_policy_time)) +(typeattributeset proc_uid_cpupower_29_0 (proc_uid_cpupower)) +(typeattributeset proc_uid_cputime_removeuid_29_0 (proc_uid_cputime_removeuid)) +(typeattributeset proc_uid_cputime_showstat_29_0 (proc_uid_cputime_showstat)) +(typeattributeset proc_uid_io_stats_29_0 (proc_uid_io_stats)) +(typeattributeset proc_uid_procstat_set_29_0 (proc_uid_procstat_set)) +(typeattributeset proc_uid_time_in_state_29_0 (proc_uid_time_in_state)) +(typeattributeset proc_uptime_29_0 (proc_uptime)) +(typeattributeset proc_version_29_0 (proc_version)) +(typeattributeset proc_vmallocinfo_29_0 (proc_vmallocinfo)) +(typeattributeset proc_vmstat_29_0 (proc_vmstat)) +(typeattributeset proc_zoneinfo_29_0 (proc_zoneinfo)) +(typeattributeset profman_29_0 (profman)) +(typeattributeset profman_dump_data_file_29_0 (profman_dump_data_file)) +(typeattributeset profman_exec_29_0 (profman_exec)) +(typeattributeset properties_device_29_0 (properties_device)) +(typeattributeset properties_serial_29_0 (properties_serial)) +(typeattributeset property_contexts_file_29_0 (property_contexts_file)) +(typeattributeset property_data_file_29_0 (property_data_file)) +(typeattributeset property_info_29_0 (property_info)) +(typeattributeset property_socket_29_0 (property_socket)) +(typeattributeset pstorefs_29_0 (pstorefs)) +(typeattributeset ptmx_device_29_0 (ptmx_device)) +(typeattributeset qtaguid_device_29_0 (qtaguid_device)) +(typeattributeset racoon_29_0 (racoon)) +(typeattributeset racoon_exec_29_0 (racoon_exec)) +(typeattributeset racoon_socket_29_0 (racoon_socket)) +(typeattributeset radio_29_0 (radio)) +(typeattributeset radio_data_file_29_0 (radio_data_file)) +(typeattributeset radio_device_29_0 (radio_device)) +(typeattributeset radio_prop_29_0 (radio_prop)) +(typeattributeset radio_service_29_0 (radio_service)) +(typeattributeset ram_device_29_0 (ram_device)) +(typeattributeset random_device_29_0 (random_device)) +(typeattributeset recovery_29_0 (recovery)) +(typeattributeset recovery_block_device_29_0 (recovery_block_device)) +(typeattributeset recovery_data_file_29_0 (recovery_data_file)) +(typeattributeset recovery_persist_29_0 (recovery_persist)) +(typeattributeset recovery_persist_exec_29_0 (recovery_persist_exec)) +(typeattributeset recovery_refresh_29_0 (recovery_refresh)) +(typeattributeset recovery_refresh_exec_29_0 (recovery_refresh_exec)) +(typeattributeset recovery_service_29_0 (recovery_service)) +(typeattributeset recovery_socket_29_0 (recovery_socket)) +(typeattributeset registry_service_29_0 (registry_service)) +(typeattributeset resourcecache_data_file_29_0 (resourcecache_data_file)) +(typeattributeset restorecon_prop_29_0 (restorecon_prop)) +(typeattributeset restrictions_service_29_0 (restrictions_service)) +(typeattributeset rild_debug_socket_29_0 (rild_debug_socket)) +(typeattributeset rild_socket_29_0 (rild_socket)) +(typeattributeset ringtone_file_29_0 (ringtone_file)) +(typeattributeset role_service_29_0 (role_service)) +(typeattributeset rollback_service_29_0 (rollback_service)) +(typeattributeset root_block_device_29_0 (root_block_device)) +(typeattributeset rootfs_29_0 (rootfs)) +(typeattributeset rpmsg_device_29_0 (rpmsg_device)) +(typeattributeset rs_29_0 (rs)) +(typeattributeset rs_exec_29_0 (rs_exec)) +(typeattributeset rss_hwm_reset_29_0 (rss_hwm_reset)) +(typeattributeset rtc_device_29_0 (rtc_device)) +(typeattributeset rttmanager_service_29_0 (rttmanager_service)) +(typeattributeset runas_29_0 (runas)) +(typeattributeset runas_app_29_0 (runas_app)) +(typeattributeset runas_exec_29_0 (runas_exec)) +(typeattributeset runtime_event_log_tags_file_29_0 (runtime_event_log_tags_file)) +(typeattributeset runtime_service_29_0 (runtime_service)) +(typeattributeset safemode_prop_29_0 (safemode_prop)) +(typeattributeset same_process_hal_file_29_0 (same_process_hal_file)) +(typeattributeset samplingprofiler_service_29_0 (samplingprofiler_service)) +(typeattributeset scheduling_policy_service_29_0 (scheduling_policy_service)) +(typeattributeset sdcard_block_device_29_0 (sdcard_block_device)) +(typeattributeset sdcardd_29_0 (sdcardd)) +(typeattributeset sdcardd_exec_29_0 (sdcardd_exec)) +(typeattributeset sdcardfs_29_0 (sdcardfs)) +(typeattributeset seapp_contexts_file_29_0 (seapp_contexts_file)) +(typeattributeset search_service_29_0 (search_service)) +(typeattributeset sec_key_att_app_id_provider_service_29_0 (sec_key_att_app_id_provider_service)) +(typeattributeset secure_element_29_0 (secure_element)) +(typeattributeset secure_element_device_29_0 (secure_element_device)) +(typeattributeset secure_element_service_29_0 (secure_element_service)) +(typeattributeset selinuxfs_29_0 (selinuxfs)) +(typeattributeset sensor_privacy_service_29_0 (sensor_privacy_service)) +(typeattributeset sensors_device_29_0 (sensors_device)) +(typeattributeset sensorservice_service_29_0 (sensorservice_service)) +(typeattributeset sepolicy_file_29_0 (sepolicy_file)) +(typeattributeset serial_device_29_0 (serial_device)) +(typeattributeset serialno_prop_29_0 (serialno_prop)) +(typeattributeset serial_service_29_0 (serial_service)) +(typeattributeset server_configurable_flags_data_file_29_0 (server_configurable_flags_data_file)) +(typeattributeset service_contexts_file_29_0 (service_contexts_file)) +(typeattributeset servicediscovery_service_29_0 (servicediscovery_service)) +(typeattributeset servicemanager_29_0 (servicemanager)) +(typeattributeset servicemanager_exec_29_0 (servicemanager_exec)) +(typeattributeset settings_service_29_0 (settings_service)) +(typeattributeset sgdisk_29_0 (sgdisk)) +(typeattributeset sgdisk_exec_29_0 (sgdisk_exec)) +(typeattributeset shared_relro_29_0 (shared_relro)) +(typeattributeset shared_relro_file_29_0 (shared_relro_file)) +(typeattributeset shell_29_0 (shell)) +(typeattributeset shell_data_file_29_0 (shell_data_file)) +(typeattributeset shell_exec_29_0 (shell_exec)) +(typeattributeset shell_prop_29_0 (shell_prop)) +(typeattributeset shm_29_0 (shm)) +(typeattributeset shortcut_manager_icons_29_0 (shortcut_manager_icons)) +(typeattributeset shortcut_service_29_0 (shortcut_service)) +(typeattributeset simpleperf_app_runner_29_0 (simpleperf_app_runner)) +(typeattributeset simpleperf_app_runner_exec_29_0 (simpleperf_app_runner_exec)) +(typeattributeset slice_service_29_0 (slice_service)) +(typeattributeset slideshow_29_0 (slideshow)) +(typeattributeset socket_device_29_0 (socket_device)) +(typeattributeset sockfs_29_0 (sockfs)) +(typeattributeset staging_data_file_29_0 (staging_data_file)) +(typeattributeset statsd_29_0 (statsd)) +(typeattributeset stats_data_file_29_0 (stats_data_file)) +(typeattributeset statsd_exec_29_0 (statsd_exec)) +(typeattributeset statsdw_socket_29_0 (statsdw_socket)) +(typeattributeset statusbar_service_29_0 (statusbar_service)) +(typeattributeset storaged_service_29_0 (storaged_service)) +(typeattributeset storage_file_29_0 (storage_file)) +(typeattributeset storagestats_service_29_0 (storagestats_service)) +(typeattributeset storage_stub_file_29_0 (storage_stub_file)) +(typeattributeset su_29_0 (su)) +(typeattributeset su_exec_29_0 (su_exec)) +(typeattributeset super_block_device_29_0 (super_block_device)) +(typeattributeset surfaceflinger_29_0 (surfaceflinger)) +(typeattributeset surfaceflinger_service_29_0 (surfaceflinger_service)) +(typeattributeset surfaceflinger_tmpfs_29_0 (surfaceflinger_tmpfs)) +(typeattributeset swap_block_device_29_0 (swap_block_device)) +(typeattributeset sysfs_29_0 + ( sysfs + sysfs_ion + sysfs_suspend_stats + sysfs_wakeup)) +(typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb)) +(typeattributeset sysfs_batteryinfo_29_0 (sysfs_batteryinfo)) +(typeattributeset sysfs_bluetooth_writable_29_0 (sysfs_bluetooth_writable)) +(typeattributeset sysfs_devices_block_29_0 (sysfs_devices_block)) +(typeattributeset sysfs_devices_system_cpu_29_0 (sysfs_devices_system_cpu)) +(typeattributeset sysfs_dm_29_0 (sysfs_dm)) +(typeattributeset sysfs_dt_firmware_android_29_0 (sysfs_dt_firmware_android)) +(typeattributeset sysfs_extcon_29_0 (sysfs_extcon)) +(typeattributeset sysfs_fs_ext4_features_29_0 (sysfs_fs_ext4_features)) +(typeattributeset sysfs_fs_f2fs_29_0 (sysfs_fs_f2fs)) +(typeattributeset sysfs_hwrandom_29_0 (sysfs_hwrandom)) +(typeattributeset sysfs_ipv4_29_0 (sysfs_ipv4)) +(typeattributeset sysfs_kernel_notes_29_0 (sysfs_kernel_notes)) +(typeattributeset sysfs_leds_29_0 (sysfs_leds)) +(typeattributeset sysfs_loop_29_0 (sysfs_loop)) +(typeattributeset sysfs_lowmemorykiller_29_0 (sysfs_lowmemorykiller)) +(typeattributeset sysfs_mac_address_29_0 (sysfs_mac_address)) +(typeattributeset sysfs_net_29_0 (sysfs_net)) +(typeattributeset sysfs_nfc_power_writable_29_0 (sysfs_nfc_power_writable)) +(typeattributeset sysfs_power_29_0 (sysfs_power)) +(typeattributeset sysfs_rtc_29_0 (sysfs_rtc)) +(typeattributeset sysfs_switch_29_0 (sysfs_switch)) +(typeattributeset sysfs_thermal_29_0 (sysfs_thermal)) +(typeattributeset sysfs_transparent_hugepage_29_0 (sysfs_transparent_hugepage)) +(typeattributeset sysfs_uio_29_0 (sysfs_uio)) +(typeattributeset sysfs_usb_29_0 (sysfs_usb)) +(typeattributeset sysfs_usermodehelper_29_0 (sysfs_usermodehelper)) +(typeattributeset sysfs_vibrator_29_0 (sysfs_vibrator)) +(typeattributeset sysfs_wake_lock_29_0 (sysfs_wake_lock)) +(typeattributeset sysfs_wakeup_reasons_29_0 (sysfs_wakeup_reasons)) +(typeattributeset sysfs_wlan_fwpath_29_0 (sysfs_wlan_fwpath)) +(typeattributeset sysfs_zram_29_0 (sysfs_zram)) +(typeattributeset sysfs_zram_uevent_29_0 (sysfs_zram_uevent)) +(typeattributeset system_app_29_0 (system_app)) +(typeattributeset system_app_data_file_29_0 (system_app_data_file)) +(typeattributeset system_app_service_29_0 (system_app_service)) +(typeattributeset system_asan_options_file_29_0 (system_asan_options_file)) +(typeattributeset system_block_device_29_0 (system_block_device)) +(typeattributeset system_boot_reason_prop_29_0 (system_boot_reason_prop)) +(typeattributeset system_bootstrap_lib_file_29_0 (system_bootstrap_lib_file)) +(typeattributeset system_data_file_29_0 (system_data_file system_data_root_file)) +(typeattributeset system_event_log_tags_file_29_0 (system_event_log_tags_file)) +(typeattributeset system_file_29_0 (system_file)) +(typeattributeset systemkeys_data_file_29_0 (systemkeys_data_file)) +(typeattributeset system_lib_file_29_0 (system_lib_file)) +(typeattributeset system_linker_config_file_29_0 (system_linker_config_file)) +(typeattributeset system_linker_exec_29_0 (system_linker_exec)) +(typeattributeset system_lmk_prop_29_0 (system_lmk_prop)) +(typeattributeset system_ndebug_socket_29_0 (system_ndebug_socket)) +(typeattributeset system_net_netd_hwservice_29_0 (system_net_netd_hwservice)) +(typeattributeset system_prop_29_0 (system_prop)) +(typeattributeset system_radio_prop_29_0 (system_radio_prop)) +(typeattributeset system_seccomp_policy_file_29_0 (system_seccomp_policy_file)) +(typeattributeset system_security_cacerts_file_29_0 (system_security_cacerts_file)) +(typeattributeset system_server_29_0 (system_server)) +(typeattributeset system_server_tmpfs_29_0 (system_server_tmpfs)) +(typeattributeset system_suspend_control_service_29_0 (system_suspend_control_service)) +(typeattributeset system_suspend_hwservice_29_0 (system_suspend_hwservice)) +(typeattributeset system_trace_prop_29_0 (system_trace_prop)) +(typeattributeset system_update_service_29_0 (system_update_service)) +(typeattributeset system_wifi_keystore_hwservice_29_0 (system_wifi_keystore_hwservice)) +(typeattributeset system_wpa_socket_29_0 (system_wpa_socket)) +(typeattributeset system_zoneinfo_file_29_0 (system_zoneinfo_file)) +(typeattributeset task_profiles_file_29_0 (task_profiles_file)) +(typeattributeset task_service_29_0 (task_service)) +(typeattributeset tcpdump_exec_29_0 (tcpdump_exec)) +(typeattributeset tee_29_0 (tee)) +(typeattributeset tee_data_file_29_0 (tee_data_file)) +(typeattributeset tee_device_29_0 (tee_device)) +(typeattributeset telecom_service_29_0 (telecom_service)) +(typeattributeset test_boot_reason_prop_29_0 (test_boot_reason_prop)) +(typeattributeset test_harness_prop_29_0 (test_harness_prop)) +(typeattributeset testharness_service_29_0 (testharness_service)) +(typeattributeset textclassification_service_29_0 (textclassification_service)) +(typeattributeset textclassifier_data_file_29_0 (textclassifier_data_file)) +(typeattributeset textservices_service_29_0 (textservices_service)) +(typeattributeset thermalcallback_hwservice_29_0 (thermalcallback_hwservice)) +(typeattributeset thermal_service_29_0 (thermal_service)) +(typeattributeset timedetector_service_29_0 (timedetector_service)) +(typeattributeset time_prop_29_0 (time_prop)) +(typeattributeset timezone_service_29_0 (timezone_service)) +(typeattributeset tmpfs_29_0 + ( mnt_sdcard_file + tmpfs)) +(typeattributeset tombstoned_29_0 (tombstoned)) +(typeattributeset tombstone_data_file_29_0 (tombstone_data_file)) +(typeattributeset tombstoned_crash_socket_29_0 (tombstoned_crash_socket)) +(typeattributeset tombstoned_exec_29_0 (tombstoned_exec)) +(typeattributeset tombstoned_intercept_socket_29_0 (tombstoned_intercept_socket)) +(typeattributeset tombstoned_java_trace_socket_29_0 (tombstoned_java_trace_socket)) +(typeattributeset tombstone_wifi_data_file_29_0 (tombstone_wifi_data_file)) +(typeattributeset toolbox_29_0 (toolbox)) +(typeattributeset toolbox_exec_29_0 (toolbox_exec)) +(typeattributeset traced_29_0 (traced)) +(typeattributeset trace_data_file_29_0 (trace_data_file)) +(typeattributeset traced_consumer_socket_29_0 (traced_consumer_socket)) +(typeattributeset traced_enabled_prop_29_0 (traced_enabled_prop)) +(typeattributeset traced_lazy_prop_29_0 (traced_lazy_prop)) +(typeattributeset traced_probes_29_0 (traced_probes)) +(typeattributeset traced_producer_socket_29_0 (traced_producer_socket)) +(typeattributeset traceur_app_29_0 (traceur_app)) +(typeattributeset trust_service_29_0 (trust_service)) +(typeattributeset tty_device_29_0 (tty_device)) +(typeattributeset tun_device_29_0 (tun_device)) +(typeattributeset tv_input_service_29_0 (tv_input_service)) +(typeattributeset tzdatacheck_29_0 (tzdatacheck)) +(typeattributeset tzdatacheck_exec_29_0 (tzdatacheck_exec)) +(typeattributeset ueventd_29_0 (ueventd)) +(typeattributeset ueventd_tmpfs_29_0 (ueventd_tmpfs)) +(typeattributeset uhid_device_29_0 (uhid_device)) +(typeattributeset uimode_service_29_0 (uimode_service)) +(typeattributeset uio_device_29_0 (uio_device)) +(typeattributeset uncrypt_29_0 (uncrypt)) +(typeattributeset uncrypt_exec_29_0 (uncrypt_exec)) +(typeattributeset uncrypt_socket_29_0 (uncrypt_socket)) +(typeattributeset unencrypted_data_file_29_0 (unencrypted_data_file)) +(typeattributeset unlabeled_29_0 (unlabeled)) +(typeattributeset untrusted_app_25_29_0 (untrusted_app_25)) +(typeattributeset untrusted_app_27_29_0 (untrusted_app_27)) +(typeattributeset untrusted_app_29_0 (untrusted_app)) +(typeattributeset update_engine_29_0 (update_engine)) +(typeattributeset update_engine_data_file_29_0 (update_engine_data_file)) +(typeattributeset update_engine_exec_29_0 (update_engine_exec)) +(typeattributeset update_engine_log_data_file_29_0 (update_engine_log_data_file)) +(typeattributeset update_engine_service_29_0 (update_engine_service)) +(typeattributeset updatelock_service_29_0 (updatelock_service)) +(typeattributeset update_verifier_29_0 (update_verifier)) +(typeattributeset update_verifier_exec_29_0 (update_verifier_exec)) +(typeattributeset uri_grants_service_29_0 (uri_grants_service)) +(typeattributeset usagestats_service_29_0 (usagestats_service)) +(typeattributeset usbaccessory_device_29_0 (usbaccessory_device)) +(typeattributeset usbd_29_0 (usbd)) +(typeattributeset usb_device_29_0 (usb_device)) +(typeattributeset usbd_exec_29_0 (usbd_exec)) +(typeattributeset usbfs_29_0 (usbfs)) +(typeattributeset usb_service_29_0 (usb_service)) +(typeattributeset use_memfd_prop_29_0 (use_memfd_prop)) +(typeattributeset userdata_block_device_29_0 (userdata_block_device)) +(typeattributeset usermodehelper_29_0 (usermodehelper)) +(typeattributeset user_profile_data_file_29_0 (user_profile_data_file)) +(typeattributeset user_service_29_0 (user_service)) +(typeattributeset vdc_29_0 (vdc)) +(typeattributeset vdc_exec_29_0 (vdc_exec)) +(typeattributeset vendor_app_file_29_0 (vendor_app_file)) +(typeattributeset vendor_cgroup_desc_file_29_0 (vendor_cgroup_desc_file)) +(typeattributeset vendor_configs_file_29_0 (vendor_configs_file)) +(typeattributeset vendor_data_file_29_0 (vendor_data_file)) +(typeattributeset vendor_default_prop_29_0 (vendor_default_prop)) +(typeattributeset vendor_file_29_0 (vendor_file)) +(typeattributeset vendor_framework_file_29_0 (vendor_framework_file)) +(typeattributeset vendor_hal_file_29_0 (vendor_hal_file)) +(typeattributeset vendor_idc_file_29_0 (vendor_idc_file)) +(typeattributeset vendor_init_29_0 (vendor_init)) +(typeattributeset vendor_keychars_file_29_0 (vendor_keychars_file)) +(typeattributeset vendor_keylayout_file_29_0 (vendor_keylayout_file)) +(typeattributeset vendor_overlay_file_29_0 (vendor_overlay_file)) +(typeattributeset vendor_public_lib_file_29_0 (vendor_public_lib_file)) +(typeattributeset vendor_security_patch_level_prop_29_0 (vendor_security_patch_level_prop)) +(typeattributeset vendor_shell_29_0 (vendor_shell)) +(typeattributeset vendor_shell_exec_29_0 (vendor_shell_exec)) +(typeattributeset vendor_task_profiles_file_29_0 (vendor_task_profiles_file)) +(typeattributeset vendor_toolbox_exec_29_0 (vendor_toolbox_exec)) +(typeattributeset vfat_29_0 (vfat)) +(typeattributeset vibrator_service_29_0 (vibrator_service)) +(typeattributeset video_device_29_0 (video_device)) +(typeattributeset virtual_touchpad_29_0 (virtual_touchpad)) +(typeattributeset virtual_touchpad_exec_29_0 (virtual_touchpad_exec)) +(typeattributeset virtual_touchpad_service_29_0 (virtual_touchpad_service)) +(typeattributeset vndbinder_device_29_0 (vndbinder_device)) +(typeattributeset vndk_sp_file_29_0 (vndk_sp_file)) +(typeattributeset vndservice_contexts_file_29_0 (vndservice_contexts_file)) +(typeattributeset vndservicemanager_29_0 (vndservicemanager)) +(typeattributeset voiceinteraction_service_29_0 (voiceinteraction_service)) +(typeattributeset vold_29_0 (vold)) +(typeattributeset vold_data_file_29_0 (vold_data_file)) +(typeattributeset vold_device_29_0 (vold_device)) +(typeattributeset vold_exec_29_0 (vold_exec)) +(typeattributeset vold_metadata_file_29_0 (vold_metadata_file)) +(typeattributeset vold_prepare_subdirs_29_0 (vold_prepare_subdirs)) +(typeattributeset vold_prepare_subdirs_exec_29_0 (vold_prepare_subdirs_exec)) +(typeattributeset vold_prop_29_0 (vold_prop)) +(typeattributeset vold_service_29_0 (vold_service)) +(typeattributeset vpn_data_file_29_0 (vpn_data_file)) +(typeattributeset vrflinger_vsync_service_29_0 (vrflinger_vsync_service)) +(typeattributeset vr_hwc_29_0 (vr_hwc)) +(typeattributeset vr_hwc_exec_29_0 (vr_hwc_exec)) +(typeattributeset vr_hwc_service_29_0 (vr_hwc_service)) +(typeattributeset vr_manager_service_29_0 (vr_manager_service)) +(typeattributeset wallpaper_file_29_0 (wallpaper_file)) +(typeattributeset wallpaper_service_29_0 (wallpaper_service)) +(typeattributeset watchdogd_29_0 (watchdogd)) +(typeattributeset watchdog_device_29_0 (watchdog_device)) +(typeattributeset watchdogd_exec_29_0 (watchdogd_exec)) +(typeattributeset webviewupdate_service_29_0 (webviewupdate_service)) +(typeattributeset webview_zygote_29_0 (webview_zygote)) +(typeattributeset webview_zygote_exec_29_0 (webview_zygote_exec)) +(typeattributeset webview_zygote_tmpfs_29_0 (webview_zygote_tmpfs)) +(typeattributeset wifiaware_service_29_0 (wifiaware_service)) +(typeattributeset wificond_29_0 (wificond)) +(typeattributeset wificond_exec_29_0 (wificond_exec)) +(typeattributeset wificond_service_29_0 (wificond_service wifinl80211_service)) +(typeattributeset wifi_data_file_29_0 (wifi_data_file)) +(typeattributeset wifi_log_prop_29_0 (wifi_log_prop)) +(typeattributeset wifip2p_service_29_0 (wifip2p_service)) +(typeattributeset wifi_prop_29_0 (wifi_prop)) +(typeattributeset wifiscanner_service_29_0 (wifiscanner_service)) +(typeattributeset wifi_service_29_0 (wifi_service)) +(typeattributeset window_service_29_0 (window_service)) +(typeattributeset wpantund_29_0 (wpantund)) +(typeattributeset wpantund_exec_29_0 (wpantund_exec)) +(typeattributeset wpantund_service_29_0 (wpantund_service)) +(typeattributeset wpa_socket_29_0 (wpa_socket)) +(typeattributeset zero_device_29_0 (zero_device)) +(typeattributeset zoneinfo_data_file_29_0 (zoneinfo_data_file)) +(typeattributeset zygote_29_0 (zygote)) +(typeattributeset zygote_exec_29_0 (zygote_exec)) +(typeattributeset zygote_socket_29_0 (zygote_socket)) +(typeattributeset zygote_tmpfs_29_0 (zygote_tmpfs)) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil new file mode 100644 index 000000000..af4da8a23 --- /dev/null +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.compat.cil @@ -0,0 +1,3 @@ +(typeattribute vendordomain) +(typeattributeset vendordomain ((and (domain) ((not (coredomain)))))) +(allow vendordomain self (netlink_route_socket (nlmsg_readpriv))) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil new file mode 100644 index 000000000..e54aa776c --- /dev/null +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -0,0 +1,120 @@ +;; new_objects - a collection of types that have been introduced that have no +;; analogue in older policy. Thus, we do not need to map these types to +;; previous ones. Add here to pass checkapi tests. +(type new_objects) +(typeattribute new_objects) +(typeattributeset new_objects + ( new_objects + aidl_lazy_test_server + aidl_lazy_test_server_exec + aidl_lazy_test_service + adbd_prop + apex_module_data_file + apex_permission_data_file + apex_rollback_data_file + apex_wifi_data_file + app_integrity_service + app_search_service + auth_service + automotive_display_service + automotive_display_service_exec + ashmem_libcutils_device + blob_store_service + binder_cache_bluetooth_server_prop + binder_cache_system_server_prop + binder_cache_telephony_server_prop + binderfs + binderfs_logs + binderfs_logs_proc + boringssl_self_test + bq_config_prop + charger_prop + cold_boot_done_prop + credstore + credstore_data_file + credstore_exec + credstore_service + platform_compat_service + ctl_apexd_prop + dataloader_manager_service + device_config_storage_native_boot_prop + device_config_sys_traced_prop + device_config_window_manager_native_boot_prop + device_config_configuration_prop + emergency_affordance_service + exported_camera_prop + file_integrity_service + fwk_automotive_display_hwservice + gmscore_app + hal_can_bus_hwservice + hal_can_controller_hwservice + hal_identity_service + hal_light_service + hal_power_service + hal_rebootescrow_service + hal_tv_tuner_hwservice + hal_vibrator_service + incremental_control_file + incremental_service + init_perf_lsm_hooks_prop + init_svc_debug_prop + iorap_inode2filename + iorap_inode2filename_data_file + iorap_inode2filename_exec + iorap_inode2filename_tmpfs + iorap_prefetcherd + iorap_prefetcherd_data_file + iorap_prefetcherd_exec + iorap_prefetcherd_tmpfs + mediatranscoding_service + mediatranscoding + mediatranscoding_exec + mediatranscoding_tmpfs + mirror_data_file + light_service + linkerconfig_file + media_variant_prop + metadata_bootstat_file + mnt_pass_through_file + mock_ota_prop + module_sdkextensions_prop + ota_metadata_file + ota_prop + prereboot_data_file + art_apex_dir + rebootescrow_hal_prop + securityfs + service_manager_service + service_manager_vndservice + simpleperf + snapshotctl_log_data_file + socket_hook_prop + soundtrigger_middleware_service + storage_config_prop + sysfs_dm_verity + system_adbd_prop + system_config_service + system_group_file + system_jvmti_agent_prop + system_passwd_file + system_unsolzygote_socket + tethering_service + traced_perf + traced_perf_enabled_prop + traced_perf_socket + timezonedetector_service + untrusted_app_29 + usb_serial_device + userspace_reboot_config_prop + userspace_reboot_exported_prop + userspace_reboot_log_prop + userspace_reboot_test_prop + vehicle_hal_prop + tv_tuner_resource_mgr_service + vendor_apex_file + vendor_boringssl_self_test + vendor_install_recovery + vendor_install_recovery_exec + vendor_socket_hook_prop + vendor_socket_hook_prop + virtual_ab_prop)) diff --git a/prebuilts/api/30.0/private/coredomain.te b/prebuilts/api/30.0/private/coredomain.te new file mode 100644 index 000000000..32a1e3f5b --- /dev/null +++ b/prebuilts/api/30.0/private/coredomain.te @@ -0,0 +1,198 @@ +get_prop(coredomain, pm_prop) +get_prop(coredomain, exported_pm_prop) + +full_treble_only(` +neverallow { + coredomain + + # for chowning + -init + + # generic access to sysfs_type + -ueventd + -vold +} sysfs_leds:file *; +') + +# On TREBLE devices, a limited set of files in /vendor are accessible to +# only a few whitelisted coredomains to keep system/vendor separation. +full_treble_only(` + # Limit access to /vendor/app + neverallow { + coredomain + -appdomain + -dex2oat + -idmap + -init + -installd + userdebug_or_eng(`-heapprofd') + -postinstall_dexopt + -rs # spawned by appdomain, so carryover the exception above + -system_server + -traced_perf + } vendor_app_file:dir { open read getattr search }; +') + +full_treble_only(` + neverallow { + coredomain + -appdomain + -dex2oat + -idmap + -init + -installd + userdebug_or_eng(`-heapprofd') + -postinstall_dexopt + -rs # spawned by appdomain, so carryover the exception above + -system_server + -traced_perf + -mediaserver + } vendor_app_file:file r_file_perms; +') + +full_treble_only(` + # Limit access to /vendor/overlay + neverallow { + coredomain + -appdomain + -idmap + -init + -installd + -iorap_inode2filename + -iorap_prefetcherd + -postinstall_dexopt + -rs # spawned by appdomain, so carryover the exception above + -system_server + -traced_perf + -app_zygote + -webview_zygote + -zygote + userdebug_or_eng(`-heapprofd') + } vendor_overlay_file:dir { getattr open read search }; +') + +full_treble_only(` + neverallow { + coredomain + -appdomain + -idmap + -init + -installd + -iorap_inode2filename + -iorap_prefetcherd + -postinstall_dexopt + -rs # spawned by appdomain, so carryover the exception above + -system_server + -traced_perf + -app_zygote + -webview_zygote + -zygote + userdebug_or_eng(`-heapprofd') + } vendor_overlay_file:file r_file_perms; +') + +# Core domains are not permitted to use kernel interfaces which are not +# explicitly labeled. +# TODO(b/65643247): Apply these neverallow rules to all coredomain. +full_treble_only(` + # /proc + neverallow { + coredomain + -init + -vold + } proc:file no_rw_file_perms; + + # /sys + neverallow { + coredomain + -init + -ueventd + -vold + } sysfs:file no_rw_file_perms; + + # /dev + neverallow { + coredomain + -fsck + -init + -ueventd + } device:{ blk_file file } no_rw_file_perms; + + # debugfs + neverallow { + coredomain + -dumpstate + -init + -system_server + } debugfs:file no_rw_file_perms; + + # tracefs + neverallow { + coredomain + -atrace + -dumpstate + -init + -traced_probes + -shell + -system_server + -traceur_app + } debugfs_tracing:file no_rw_file_perms; + + # inotifyfs + neverallow { + coredomain + -init + } inotify:file no_rw_file_perms; + + # pstorefs + neverallow { + coredomain + -bootstat + -charger + -dumpstate + -healthd + userdebug_or_eng(`-incidentd') + -init + -logd + -logpersist + -recovery_persist + -recovery_refresh + -shell + -system_server + } pstorefs:file no_rw_file_perms; + + # configfs + neverallow { + coredomain + -init + -system_server + } configfs:file no_rw_file_perms; + + # functionfs + neverallow { + coredomain + -adbd + -init + -mediaprovider + -system_server + } functionfs:file no_rw_file_perms; + + # usbfs and binfmt_miscfs + neverallow { + coredomain + -init + }{ usbfs binfmt_miscfs }:file no_rw_file_perms; +') + +# Following /dev nodes must not be directly accessed by coredomain, but should +# instead be wrapped by HALs. +neverallow coredomain { + iio_device + radio_device +}:chr_file { open read append write ioctl }; + +# TODO(b/120243891): HAL permission to tee_device is included into coredomain +# on non-Treble devices. +full_treble_only(` + neverallow coredomain tee_device:chr_file { open read append write ioctl }; +') diff --git a/prebuilts/api/30.0/private/cppreopts.te b/prebuilts/api/30.0/private/cppreopts.te new file mode 100644 index 000000000..1192ba676 --- /dev/null +++ b/prebuilts/api/30.0/private/cppreopts.te @@ -0,0 +1,31 @@ +# cppreopts +# +# This command copies preopted files from the system_b partition to the data +# partition. This domain ensures that we are only copying into specific +# directories. + +type cppreopts, domain, mlstrustedsubject, coredomain; +type cppreopts_exec, system_file_type, exec_type, file_type; + +# Technically not a daemon but we do want the transition from init domain to +# cppreopts to occur. +init_daemon_domain(cppreopts) +domain_auto_trans(cppreopts, preopt2cachename_exec, preopt2cachename); + +# Allow cppreopts copy files into the dalvik-cache +allow cppreopts dalvikcache_data_file:dir { add_name remove_name search write }; +allow cppreopts dalvikcache_data_file:file { create getattr open read rename write unlink }; + +# Allow cppreopts to execute itself using #!/system/bin/sh +allow cppreopts shell_exec:file rx_file_perms; + +# Allow us to run find on /postinstall +allow cppreopts system_file:dir { open read }; + +# Allow running the cp command using cppreopts permissions. Needed so we can +# write into dalvik-cache +allow cppreopts toolbox_exec:file rx_file_perms; + +# Silence the denial when /postinstall cannot be mounted, e.g., system_other +# is wiped, but cppreopts.sh still runs. +dontaudit cppreopts postinstall_mnt_dir:dir search; diff --git a/prebuilts/api/30.0/private/crash_dump.te b/prebuilts/api/30.0/private/crash_dump.te new file mode 100644 index 000000000..f130327da --- /dev/null +++ b/prebuilts/api/30.0/private/crash_dump.te @@ -0,0 +1,49 @@ +typeattribute crash_dump coredomain; + +# Crash dump does not need to access devices passed across exec(). +dontaudit crash_dump { devpts dev_type }:chr_file { read write }; + +allow crash_dump { + domain + -apexd + -bpfloader + -crash_dump + -init + -kernel + -keystore + -llkd + -logd + -ueventd + -vendor_init + -vold +}:process { ptrace signal sigchld sigstop sigkill }; +userdebug_or_eng(` + allow crash_dump { apexd llkd logd vold }:process { ptrace signal sigchld sigstop sigkill }; +') + +### +### neverallow assertions +### + +# ptrace neverallow assertions are spread throughout the other policy +# files, so we avoid adding redundant assertions here + +neverallow crash_dump { + apexd + userdebug_or_eng(`-apexd') + bpfloader + init + kernel + keystore + llkd + userdebug_or_eng(`-llkd') + logd + userdebug_or_eng(`-logd') + ueventd + vendor_init + vold + userdebug_or_eng(`-vold') +}:process { signal sigstop sigkill }; + +neverallow crash_dump self:process ptrace; +neverallow crash_dump gpu_device:chr_file *; diff --git a/prebuilts/api/30.0/private/credstore.te b/prebuilts/api/30.0/private/credstore.te new file mode 100644 index 000000000..8d87e2f33 --- /dev/null +++ b/prebuilts/api/30.0/private/credstore.te @@ -0,0 +1,6 @@ +typeattribute credstore coredomain; + +init_daemon_domain(credstore) + +# talk to Identity Credential +hal_client_domain(credstore, hal_identity) diff --git a/prebuilts/api/30.0/private/derive_sdk.te b/prebuilts/api/30.0/private/derive_sdk.te new file mode 100644 index 000000000..1f60e3446 --- /dev/null +++ b/prebuilts/api/30.0/private/derive_sdk.te @@ -0,0 +1,12 @@ + +# Domain for derive_sdk +type derive_sdk, domain, coredomain; +type derive_sdk_exec, system_file_type, exec_type, file_type; +init_daemon_domain(derive_sdk) + +# Read /apex +allow derive_sdk apex_mnt_dir:dir r_dir_perms; + +# Prop rules: writable by derive_sdk, readable by bootclasspath (apps) +set_prop(derive_sdk, module_sdkextensions_prop) +neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set; diff --git a/prebuilts/api/30.0/private/dex2oat.te b/prebuilts/api/30.0/private/dex2oat.te new file mode 100644 index 000000000..7907f6c2a --- /dev/null +++ b/prebuilts/api/30.0/private/dex2oat.te @@ -0,0 +1,84 @@ +# dex2oat +type dex2oat, domain, coredomain; +type dex2oat_exec, system_file_type, exec_type, file_type; + +r_dir_file(dex2oat, apk_data_file) +# Access to /vendor/app +r_dir_file(dex2oat, vendor_app_file) +# Access /vendor/framework +allow dex2oat vendor_framework_file:dir { getattr search }; +allow dex2oat vendor_framework_file:file { getattr open read map }; + +allow dex2oat tmpfs:file { read getattr map }; + +r_dir_file(dex2oat, dalvikcache_data_file) +allow dex2oat dalvikcache_data_file:file write; +# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot images, where +# the oat file is symlinked to the original file in /system. +allow dex2oat dalvikcache_data_file:lnk_file read; +allow dex2oat installd:fd use; + +# Acquire advisory lock on /system/framework/arm/* +allow dex2oat system_file:file lock; + +# Read already open asec_apk_file file descriptors passed by installd. +# Also allow reading unlabeled files, to allow for upgrading forward +# locked APKs. +allow dex2oat asec_apk_file:file { read map }; +allow dex2oat unlabeled:file { read map }; +allow dex2oat oemfs:file { read map }; +allow dex2oat apk_tmp_file:dir search; +allow dex2oat apk_tmp_file:file r_file_perms; +allow dex2oat user_profile_data_file:file { getattr read lock map }; + +# Allow dex2oat to compile app's secondary dex files which were reported back to +# the framework. +allow dex2oat { privapp_data_file app_data_file }:file { getattr read write lock map }; + +################## +# A/B OTA Dexopt # +################## + +# Allow dex2oat to use file descriptors from otapreopt. +allow dex2oat postinstall_dexopt:fd use; + +# Allow dex2oat to read files under /postinstall (e.g. APKs under /system, /system/bin/linker). +allow dex2oat postinstall_file:dir r_dir_perms; +allow dex2oat postinstall_file:filesystem getattr; +allow dex2oat postinstall_file:lnk_file { getattr read }; +allow dex2oat postinstall_file:file read; +# Allow dex2oat to use libraries under /postinstall/system (e.g. /system/lib/libc.so). +# TODO(b/120266448): Remove when Bionic libraries are part of the Runtime APEX. +allow dex2oat postinstall_file:file { execute getattr open }; + +# Allow dex2oat access to /postinstall/apex. +allow dex2oat postinstall_apex_mnt_dir:dir { getattr search }; + +# Allow dex2oat access to files in /data/ota. +allow dex2oat ota_data_file:dir ra_dir_perms; +allow dex2oat ota_data_file:file r_file_perms; + +# Create and read symlinks in /data/ota/dalvik-cache. This is required for PIC mode boot images, +# where the oat file is symlinked to the original file in /system. +allow dex2oat ota_data_file:lnk_file { create read }; + +# It would be nice to tie this down, but currently, because of how images are written, we can't +# pass file descriptors for the preopted boot image to dex2oat. So dex2oat needs to be able to +# create them itself (and make them world-readable). +allow dex2oat ota_data_file:file { create w_file_perms setattr }; + +############### +# APEX Update # +############### + +# /dev/zero is inherited. +allow dex2oat apexd:fd use; + +# Allow dex2oat to use file descriptors from preinstall. +allow dex2oat art_apex_preinstall:fd use; + +############## +# Neverallow # +############## + +neverallow dex2oat { privapp_data_file app_data_file }:notdevfile_class_set open; diff --git a/prebuilts/api/30.0/private/dexoptanalyzer.te b/prebuilts/api/30.0/private/dexoptanalyzer.te new file mode 100644 index 000000000..1f9246230 --- /dev/null +++ b/prebuilts/api/30.0/private/dexoptanalyzer.te @@ -0,0 +1,35 @@ +# dexoptanalyzer +type dexoptanalyzer, domain, coredomain, mlstrustedsubject; +type dexoptanalyzer_exec, system_file_type, exec_type, file_type; +type dexoptanalyzer_tmpfs, file_type; + +# Reading an APK opens a ZipArchive, which unpack to tmpfs. +# Use tmpfs_domain() which will give tmpfs files created by dexoptanalyzer their +# own label, which differs from other labels created by other processes. +# This allows to distinguish in policy files created by dexoptanalyzer vs other +#processes. +tmpfs_domain(dexoptanalyzer) + +# Read symlinks in /data/dalvik-cache. This is required for PIC mode boot +# app_data_file the oat file is symlinked to the original file in /system. +allow dexoptanalyzer dalvikcache_data_file:dir { getattr search }; +allow dexoptanalyzer dalvikcache_data_file:file r_file_perms; +allow dexoptanalyzer dalvikcache_data_file:lnk_file read; + +allow dexoptanalyzer installd:fd use; +allow dexoptanalyzer installd:fifo_file { getattr write }; + +# Acquire advisory lock on /system/framework/arm/* +allow dexoptanalyzer system_file:file lock; + +# Allow reading secondary dex files that were reported by the app to the +# package manager. +allow dexoptanalyzer { privapp_data_file app_data_file }:dir { getattr search }; +allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map }; +# dexoptanalyzer calls access(2) with W_OK flag on app data. We can use the +# "dontaudit...audit_access" policy line to suppress the audit access without +# suppressing denial on actual access. +dontaudit dexoptanalyzer { privapp_data_file app_data_file }:dir audit_access; + +# Allow testing /data/user/0 which symlinks to /data/data +allow dexoptanalyzer system_data_file:lnk_file { getattr }; diff --git a/prebuilts/api/30.0/private/dhcp.te b/prebuilts/api/30.0/private/dhcp.te new file mode 100644 index 000000000..b2f8ac7c7 --- /dev/null +++ b/prebuilts/api/30.0/private/dhcp.te @@ -0,0 +1,4 @@ +typeattribute dhcp coredomain; + +init_daemon_domain(dhcp) +type_transition dhcp system_data_file:{ dir file } dhcp_data_file; diff --git a/prebuilts/api/30.0/private/dnsmasq.te b/prebuilts/api/30.0/private/dnsmasq.te new file mode 100644 index 000000000..96084b490 --- /dev/null +++ b/prebuilts/api/30.0/private/dnsmasq.te @@ -0,0 +1 @@ +typeattribute dnsmasq coredomain; diff --git a/prebuilts/api/30.0/private/domain.te b/prebuilts/api/30.0/private/domain.te new file mode 100644 index 000000000..1a8ce5053 --- /dev/null +++ b/prebuilts/api/30.0/private/domain.te @@ -0,0 +1,371 @@ +# Transition to crash_dump when /system/bin/crash_dump* is executed. +# This occurs when the process crashes. +# We do not apply this to the su domain to avoid interfering with +# tests (b/114136122) +domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump); +allow domain crash_dump:process sigchld; + +# Allow every process to check the heapprofd.enable properties to determine +# whether to load the heap profiling library. This does not necessarily enable +# heap profiling, as initialization will fail if it does not have the +# necessary SELinux permissions. +get_prop(domain, heapprofd_prop); +# Allow heap profiling on debug builds. +userdebug_or_eng(`can_profile_heap_central({ + domain + -bpfloader + -init + -kernel + -keystore + -llkd + -logd + -logpersist + -recovery + -recovery_persist + -recovery_refresh + -ueventd + -vendor_init + -vold +})') + +# As above, allow perf profiling most processes on debug builds. +# zygote is excluded as system-wide profiling could end up with it +# (unexpectedly) holding an open fd across a fork. +userdebug_or_eng(`can_profile_perf({ + domain + -bpfloader + -init + -kernel + -keystore + -llkd + -logd + -logpersist + -recovery + -recovery_persist + -recovery_refresh + -ueventd + -vendor_init + -vold + -zygote +})') + +# Path resolution access in cgroups. +allow domain cgroup:dir search; +allow { domain -appdomain -rs } cgroup:dir w_dir_perms; +allow { domain -appdomain -rs } cgroup:file w_file_perms; + +allow domain cgroup_rc_file:dir search; +allow domain cgroup_rc_file:file r_file_perms; +allow domain task_profiles_file:file r_file_perms; +allow domain vendor_task_profiles_file:file r_file_perms; + +# Allow all domains to read sys.use_memfd to determine +# if memfd support can be used if device supports it +get_prop(domain, use_memfd_prop); + +# Read access to sdkextensions props +get_prop(domain, module_sdkextensions_prop) + +# Read access to bq configuration values +get_prop(domain, bq_config_prop); + +# For now, everyone can access core property files +# Device specific properties are not granted by default +not_compatible_property(` + get_prop(domain, core_property_type) + get_prop(domain, exported_dalvik_prop) + get_prop(domain, exported_ffs_prop) + get_prop(domain, exported_system_radio_prop) + get_prop(domain, exported2_config_prop) + get_prop(domain, exported2_radio_prop) + get_prop(domain, exported2_system_prop) + get_prop(domain, exported2_vold_prop) + get_prop(domain, exported3_default_prop) + get_prop(domain, exported3_radio_prop) + get_prop(domain, exported3_system_prop) + get_prop(domain, vendor_default_prop) +') +compatible_property_only(` + get_prop({coredomain appdomain shell}, core_property_type) + get_prop({coredomain appdomain shell}, exported_dalvik_prop) + get_prop({coredomain appdomain shell}, exported_ffs_prop) + get_prop({coredomain appdomain shell}, exported_system_radio_prop) + get_prop({coredomain appdomain shell}, exported2_config_prop) + get_prop({coredomain appdomain shell}, exported2_radio_prop) + get_prop({coredomain appdomain shell}, exported2_system_prop) + get_prop({coredomain appdomain shell}, exported2_vold_prop) + get_prop({coredomain appdomain shell}, exported3_default_prop) + get_prop({coredomain appdomain shell}, exported3_radio_prop) + get_prop({coredomain appdomain shell}, exported3_system_prop) + get_prop({coredomain appdomain shell}, exported_camera_prop) + get_prop({coredomain appdomain shell}, userspace_reboot_config_prop) + get_prop({coredomain shell}, userspace_reboot_exported_prop) + get_prop({coredomain shell}, userspace_reboot_log_prop) + get_prop({coredomain shell}, userspace_reboot_test_prop) + get_prop({domain -coredomain -appdomain}, vendor_default_prop) +') + +# Allow access to fsverity keyring. +allow domain kernel:key search; +# Allow access to keys in the fsverity keyring that were installed at boot. +allow domain fsverity_init:key search; +# For testing purposes, allow access to keys installed with su. +userdebug_or_eng(` + allow domain su:key search; +') + +# Allow access to linkerconfig file +allow domain linkerconfig_file:dir search; +allow domain linkerconfig_file:file r_file_perms; + +# Allow all processes to check for the existence of the boringssl_self_test_marker files. +allow domain boringssl_self_test_marker:dir search; + +# Limit ability to ptrace or read sensitive /proc/pid files of processes +# with other UIDs to these whitelisted domains. +neverallow { + domain + -vold + userdebug_or_eng(`-llkd') + -dumpstate + userdebug_or_eng(`-incidentd') + -storaged + -system_server +} self:global_capability_class_set sys_ptrace; + +# Limit ability to generate hardware unique device ID attestations to priv_apps +neverallow { domain -priv_app -gmscore_app } *:keystore_key gen_unique_id; + +neverallow { + domain + -init + -vendor_init + userdebug_or_eng(`-domain') +} debugfs_tracing_debug:file no_rw_file_perms; + +# System_server owns dropbox data, and init creates/restorecons the directory +# Disallow direct access by other processes. +neverallow { domain -init -system_server } dropbox_data_file:dir *; +neverallow { domain -init -system_server } dropbox_data_file:file ~{ getattr read }; + +### +# Services should respect app sandboxes +neverallow { + domain + -appdomain + -installd # creation of sandbox +} { privapp_data_file app_data_file }:dir_file_class_set { create unlink }; + +# Only the following processes should be directly accessing private app +# directories. +neverallow { + domain + -adbd + -appdomain + -app_zygote + -dexoptanalyzer + -installd + -iorap_inode2filename + -iorap_prefetcherd + -profman + -rs # spawned by appdomain, so carryover the exception above + -runas + -system_server + -viewcompiler + -zygote +} { privapp_data_file app_data_file }:dir *; + +# Only apps should be modifying app data. installd is exempted for +# restorecon and package install/uninstall. +neverallow { + domain + -appdomain + -installd + -rs # spawned by appdomain, so carryover the exception above +} { privapp_data_file app_data_file }:dir ~r_dir_perms; + +neverallow { + domain + -appdomain + -app_zygote + -installd + -iorap_prefetcherd + -rs # spawned by appdomain, so carryover the exception above +} { privapp_data_file app_data_file }:file_class_set open; + +neverallow { + domain + -appdomain + -installd # creation of sandbox +} { privapp_data_file app_data_file }:dir_file_class_set { create unlink }; + +neverallow { + domain + -installd +} { privapp_data_file app_data_file }:dir_file_class_set { relabelfrom relabelto }; + +# The staging directory contains APEX and APK files. It is important to ensure +# that these files cannot be accessed by other domains to ensure that the files +# do not change between system_server staging the files and apexd processing +# the files. +neverallow { domain -init -system_server -apexd -installd -iorap_inode2filename } staging_data_file:dir *; +neverallow { domain -init -system_app -system_server -apexd -kernel -installd -iorap_inode2filename -priv_app } staging_data_file:file *; +neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms; +# apexd needs the link and unlink permissions, so list every `no_w_file_perms` +# except for `link` and `unlink`. +neverallow { domain -init -system_server } staging_data_file:file + { append create relabelfrom rename setattr write no_x_file_perms }; + +neverallow { + domain + -appdomain # for oemfs + -bootanim # for oemfs + -recovery # for /tmp/update_binary in tmpfs +} { fs_type -rootfs }:file execute; + +# +# Assert that, to the extent possible, we're not loading executable content from +# outside the rootfs or /system partition except for a few whitelisted domains. +# Executable files loaded from /data is a persistence vector +# we want to avoid. See +# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example. +# +neverallow { + domain + -appdomain + with_asan(`-asan_extract') + -iorap_prefetcherd + -shell + userdebug_or_eng(`-su') + -system_server_startup # for memfd backed executable regions + -app_zygote + -webview_zygote + -zygote + userdebug_or_eng(`-mediaextractor') + userdebug_or_eng(`-mediaswcodec') +} { + file_type + -system_file_type + -system_lib_file + -system_linker_exec + -vendor_file_type + -exec_type + -postinstall_file +}:file execute; + +# Only init is allowed to write cgroup.rc file +neverallow { + domain + -init + -vendor_init +} cgroup_rc_file:file no_w_file_perms; + +# Only authorized processes should be writing to files in /data/dalvik-cache +neverallow { + domain + -init # TODO: limit init to relabelfrom for files + -zygote + -installd + -postinstall_dexopt + -cppreopts + -dex2oat + -otapreopt_slot + -art_apex_postinstall + -art_apex_boot_integrity +} dalvikcache_data_file:file no_w_file_perms; + +neverallow { + domain + -init + -installd + -postinstall_dexopt + -cppreopts + -dex2oat + -zygote + -otapreopt_slot + -art_apex_boot_integrity + -art_apex_postinstall +} dalvikcache_data_file:dir no_w_dir_perms; + +# Minimize dac_override and dac_read_search. +# Instead of granting them it is usually better to add the domain to +# a Unix group or change the permissions of a file. +define(`dac_override_allowed', `{ + apexd + dnsmasq + dumpstate + init + installd + userdebug_or_eng(`llkd') + lmkd + migrate_legacy_obb_data + netd + postinstall_dexopt + recovery + rss_hwm_reset + sdcardd + tee + ueventd + uncrypt + vendor_init + vold + vold_prepare_subdirs + zygote +}') +neverallow ~dac_override_allowed self:global_capability_class_set dac_override; +# Since the kernel checks dac_read_search before dac_override, domains that +# have dac_override should also have dac_read_search to eliminate spurious +# denials. Some domains have dac_read_search without having dac_override, so +# this list should be a superset of the one above. +neverallow ~{ + dac_override_allowed + iorap_inode2filename + iorap_prefetcherd + traced_perf + traced_probes + userdebug_or_eng(`heapprofd') +} self:global_capability_class_set dac_read_search; + +# Limit what domains can mount filesystems or change their mount flags. +# sdcard_type / vfat is exempt as a larger set of domains need +# this capability, including device-specific domains. +neverallow { + domain + -apexd + recovery_only(`userdebug_or_eng(`-fastbootd')') + -init + -kernel + -otapreopt_chroot + -recovery + -update_engine + -vold + -zygote +} { fs_type -sdcard_type }:filesystem { mount remount relabelfrom relabelto }; + +# Limit raw I/O to these whitelisted domains. Do not apply to debug builds. +neverallow { + domain + userdebug_or_eng(`-domain') + -kernel + -gsid + -init + -recovery + -ueventd + -healthd + -uncrypt + -tee + -hal_bootctl_server + -fastbootd +} self:global_capability_class_set sys_rawio; + +# Limit directory operations that doesn't need to do app data isolation. +neverallow { + domain + -init + -installd + -zygote +} mirror_data_file:dir *; + +# This property is being removed. Remove remaining access. +neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set; +neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read; diff --git a/prebuilts/api/30.0/private/drmserver.te b/prebuilts/api/30.0/private/drmserver.te new file mode 100644 index 000000000..afe4f0aae --- /dev/null +++ b/prebuilts/api/30.0/private/drmserver.te @@ -0,0 +1,7 @@ +typeattribute drmserver coredomain; + +init_daemon_domain(drmserver) + +type_transition drmserver apk_data_file:sock_file drmserver_socket; + +typeattribute drmserver_socket coredomain_socket; diff --git a/prebuilts/api/30.0/private/dumpstate.te b/prebuilts/api/30.0/private/dumpstate.te new file mode 100644 index 000000000..72e508e86 --- /dev/null +++ b/prebuilts/api/30.0/private/dumpstate.te @@ -0,0 +1,62 @@ +typeattribute dumpstate coredomain; + +init_daemon_domain(dumpstate) + +# Execute and transition to the vdc domain +domain_auto_trans(dumpstate, vdc_exec, vdc) + +# Acquire advisory lock on /system/etc/xtables.lock from ip[6]tables +allow dumpstate system_file:file lock; + +allow dumpstate storaged_exec:file rx_file_perms; + +# /data/misc/wmtrace for wm traces +userdebug_or_eng(` + allow dumpstate wm_trace_data_file:dir r_dir_perms; + allow dumpstate wm_trace_data_file:file r_file_perms; +') + +# Allow dumpstate to make binder calls to incidentd +binder_call(dumpstate, incidentd) + +# Allow dumpstate to make binder calls to storaged service +binder_call(dumpstate, storaged) + +# Allow dumpstate to make binder calls to statsd +binder_call(dumpstate, statsd) + +# Allow dumpstate to talk to gpuservice over binder +binder_call(dumpstate, gpuservice); + +# Allow dumpstate to talk to idmap over binder +binder_call(dumpstate, idmap); + +# Collect metrics on boot time created by init +get_prop(dumpstate, boottime_prop) + +# Signal native processes to dump their stack. +allow dumpstate { + statsd + netd +}:process signal; + +# For collecting bugreports. +allow dumpstate debugfs_wakeup_sources:file r_file_perms; +allow dumpstate dev_type:blk_file getattr; +allow dumpstate webview_zygote:process signal; +dontaudit dumpstate update_engine:binder call; +allow dumpstate proc_net_tcp_udp:file r_file_perms; + +# For comminucating with the system process to do confirmation ui. +binder_call(dumpstate, incidentcompanion_service) + +# For dumping dynamic partition information. +set_prop(dumpstate, lpdumpd_prop) +binder_call(dumpstate, lpdumpd) + +# For dumping device-mapper and snapshot information. +allow dumpstate gsid_exec:file rx_file_perms; +set_prop(dumpstate, ctl_gsid_prop) +binder_call(dumpstate, gsid) + +r_dir_file(dumpstate, ota_metadata_file) diff --git a/prebuilts/api/30.0/private/ephemeral_app.te b/prebuilts/api/30.0/private/ephemeral_app.te new file mode 100644 index 000000000..56d47474b --- /dev/null +++ b/prebuilts/api/30.0/private/ephemeral_app.te @@ -0,0 +1,99 @@ +### +### Ephemeral apps. +### +### This file defines the security policy for apps with the ephemeral +### feature. +### +### The ephemeral_app domain is a reduced permissions sandbox allowing +### ephemeral applications to be safely installed and run. Non ephemeral +### applications may also opt-in to ephemeral to take advantage of the +### additional security features. +### +### PackageManager flags an app as ephemeral at install time. + +typeattribute ephemeral_app coredomain; + +net_domain(ephemeral_app) +app_domain(ephemeral_app) + +# Allow ephemeral apps to read/write files in visible storage if provided fds +allow ephemeral_app { sdcard_type media_rw_data_file }:file {read write getattr ioctl lock append}; + +# Some apps ship with shared libraries and binaries that they write out +# to their sandbox directory and then execute. +allow ephemeral_app privapp_data_file:file { r_file_perms execute }; +allow ephemeral_app app_data_file:file { r_file_perms execute }; + +# Follow priv-app symlinks. This is used for dynamite functionality. +allow ephemeral_app privapp_data_file:lnk_file r_file_perms; + +# Allow the renderscript compiler to be run. +domain_auto_trans(ephemeral_app, rs_exec, rs) + +# Allow loading and deleting shared libraries created by trusted system +# components within an application home directory. +allow ephemeral_app app_exec_data_file:file { r_file_perms execute unlink }; + +# services +allow ephemeral_app audioserver_service:service_manager find; +allow ephemeral_app cameraserver_service:service_manager find; +allow ephemeral_app mediaserver_service:service_manager find; +allow ephemeral_app mediaextractor_service:service_manager find; +allow ephemeral_app mediametrics_service:service_manager find; +allow ephemeral_app mediadrmserver_service:service_manager find; +allow ephemeral_app drmserver_service:service_manager find; +allow ephemeral_app radio_service:service_manager find; +allow ephemeral_app ephemeral_app_api_service:service_manager find; +allow ephemeral_app gpu_service:service_manager find; + +# Allow ephemeral apps to interact with gpuservice +binder_call(ephemeral_app, gpuservice) + +# Write app-specific trace data to the Perfetto traced damon. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(ephemeral_app) + +# Allow profiling if the app opts in by being marked profileable/debuggable. +can_profile_heap(ephemeral_app) +can_profile_perf(ephemeral_app) + +# allow ephemeral apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow ephemeral_app system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +allow ephemeral_app ashmem_device:chr_file rw_file_perms; + +### +### neverallow rules +### + +neverallow ephemeral_app { app_data_file privapp_data_file }:file execute_no_trans; + +# Receive or send uevent messages. +neverallow ephemeral_app domain:netlink_kobject_uevent_socket *; + +# Receive or send generic netlink messages +neverallow ephemeral_app domain:netlink_socket *; + +# Too much leaky information in debugfs. It's a security +# best practice to ensure these files aren't readable. +neverallow ephemeral_app debugfs:file read; + +# execute gpu_device +neverallow ephemeral_app gpu_device:chr_file execute; + +# access files in /sys with the default sysfs label +neverallow ephemeral_app sysfs:file *; + +# Avoid reads from generically labeled /proc files +# Create a more specific label if needed +neverallow ephemeral_app proc:file { no_rw_file_perms no_x_file_perms }; + +# Directly access external storage +neverallow ephemeral_app { sdcard_type media_rw_data_file }:file {open create}; +neverallow ephemeral_app { sdcard_type media_rw_data_file }:dir search; + +# Avoid reads to proc_net, it contains too much device wide information about +# ongoing connections. +neverallow ephemeral_app proc_net:file no_rw_file_perms; diff --git a/prebuilts/api/30.0/private/fastbootd.te b/prebuilts/api/30.0/private/fastbootd.te new file mode 100644 index 000000000..29a9157e6 --- /dev/null +++ b/prebuilts/api/30.0/private/fastbootd.te @@ -0,0 +1 @@ +typeattribute fastbootd coredomain; diff --git a/prebuilts/api/30.0/private/file.te b/prebuilts/api/30.0/private/file.te new file mode 100644 index 000000000..44920029c --- /dev/null +++ b/prebuilts/api/30.0/private/file.te @@ -0,0 +1,28 @@ +# /proc/config.gz +type config_gz, fs_type, proc_type; + +# /data/misc/storaged +type storaged_data_file, file_type, data_file_type, core_data_file_type; + +# /data/misc/wmtrace for wm traces +type wm_trace_data_file, file_type, data_file_type, core_data_file_type; + +# /data/misc/perfetto-traces for perfetto traces +type perfetto_traces_data_file, file_type, data_file_type, core_data_file_type; + +# /sys/kernel/debug/kcov for coverage guided kernel fuzzing in userdebug builds. +type debugfs_kcov, fs_type, debugfs_type; + +# App executable files in /data/data directories +type app_exec_data_file, file_type, data_file_type, core_data_file_type; +typealias app_exec_data_file alias rs_data_file; + +# /data/misc_[ce|de]/rollback : Used by installd to store snapshots +# of application data. +type rollback_data_file, file_type, data_file_type, core_data_file_type; + +# /data/gsi/ota +type ota_image_data_file, file_type, data_file_type, core_data_file_type; + +# /data/misc/emergencynumberdb +type emergency_data_file, file_type, data_file_type, core_data_file_type; diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts new file mode 100644 index 000000000..4f86f710f --- /dev/null +++ b/prebuilts/api/30.0/private/file_contexts @@ -0,0 +1,733 @@ +########################################### +# Root +/ u:object_r:rootfs:s0 + +# Data files +/adb_keys u:object_r:adb_keys_file:s0 +/build\.prop u:object_r:rootfs:s0 +/default\.prop u:object_r:rootfs:s0 +/fstab\..* u:object_r:rootfs:s0 +/init\..* u:object_r:rootfs:s0 +/res(/.*)? u:object_r:rootfs:s0 +/selinux_version u:object_r:rootfs:s0 +/ueventd\..* u:object_r:rootfs:s0 +/verity_key u:object_r:rootfs:s0 + +# Executables +/init u:object_r:init_exec:s0 +/sbin(/.*)? u:object_r:rootfs:s0 + +# For kernel modules +/lib(/.*)? u:object_r:rootfs:s0 + +# Empty directories +/lost\+found u:object_r:rootfs:s0 +/acct u:object_r:cgroup:s0 +/config u:object_r:rootfs:s0 +/data_mirror u:object_r:mirror_data_file:s0 +/debug_ramdisk u:object_r:tmpfs:s0 +/mnt u:object_r:tmpfs:s0 +/postinstall u:object_r:postinstall_mnt_dir:s0 +/postinstall/apex u:object_r:postinstall_apex_mnt_dir:s0 +/proc u:object_r:rootfs:s0 +/sys u:object_r:sysfs:s0 +/apex u:object_r:apex_mnt_dir:s0 + +# Symlinks +/bin u:object_r:rootfs:s0 +/bugreports u:object_r:rootfs:s0 +/charger u:object_r:rootfs:s0 +/d u:object_r:rootfs:s0 +/etc u:object_r:rootfs:s0 +/sdcard u:object_r:rootfs:s0 + +# SELinux policy files +/vendor_file_contexts u:object_r:file_contexts_file:s0 +/nonplat_file_contexts u:object_r:file_contexts_file:s0 +/plat_file_contexts u:object_r:file_contexts_file:s0 +/product_file_contexts u:object_r:file_contexts_file:s0 +/mapping_sepolicy\.cil u:object_r:sepolicy_file:s0 +/nonplat_sepolicy\.cil u:object_r:sepolicy_file:s0 +/plat_sepolicy\.cil u:object_r:sepolicy_file:s0 +/plat_property_contexts u:object_r:property_contexts_file:s0 +/product_property_contexts u:object_r:property_contexts_file:s0 +/nonplat_property_contexts u:object_r:property_contexts_file:s0 +/vendor_property_contexts u:object_r:property_contexts_file:s0 +/seapp_contexts u:object_r:seapp_contexts_file:s0 +/nonplat_seapp_contexts u:object_r:seapp_contexts_file:s0 +/vendor_seapp_contexts u:object_r:seapp_contexts_file:s0 +/plat_seapp_contexts u:object_r:seapp_contexts_file:s0 +/sepolicy u:object_r:sepolicy_file:s0 +/plat_service_contexts u:object_r:service_contexts_file:s0 +/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0 +# Use nonplat_service_contexts_file to allow servicemanager to read it +# on non full-treble devices. +/vendor_service_contexts u:object_r:nonplat_service_contexts_file:s0 +/nonplat_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/vendor_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/vndservice_contexts u:object_r:vndservice_contexts_file:s0 + +########################## +# Devices +# +/dev(/.*)? u:object_r:device:s0 +/dev/adf[0-9]* u:object_r:graphics_device:s0 +/dev/adf-interface[0-9]*\.[0-9]* u:object_r:graphics_device:s0 +/dev/adf-overlay-engine[0-9]*\.[0-9]* u:object_r:graphics_device:s0 +/dev/ashmem u:object_r:ashmem_device:s0 +/dev/ashmem(.*)? u:object_r:ashmem_libcutils_device:s0 +/dev/audio.* u:object_r:audio_device:s0 +/dev/binder u:object_r:binder_device:s0 +/dev/block(/.*)? u:object_r:block_device:s0 +/dev/block/dm-[0-9]+ u:object_r:dm_device:s0 +/dev/block/loop[0-9]* u:object_r:loop_device:s0 +/dev/block/vold/.+ u:object_r:vold_device:s0 +/dev/block/ram[0-9]* u:object_r:ram_device:s0 +/dev/block/zram[0-9]* u:object_r:ram_device:s0 +/dev/boringssl/selftest(/.*)? u:object_r:boringssl_self_test_marker:s0 +/dev/bus/usb(.*)? u:object_r:usb_device:s0 +/dev/console u:object_r:console_device:s0 +/dev/cpu_variant:.* u:object_r:dev_cpu_variant:s0 +/dev/device-mapper u:object_r:dm_device:s0 +/dev/eac u:object_r:audio_device:s0 +/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0 +/dev/cgroup_info(/.*)? u:object_r:cgroup_rc_file:s0 +/dev/fscklogs(/.*)? u:object_r:fscklogs:s0 +/dev/fuse u:object_r:fuse_device:s0 +/dev/graphics(/.*)? u:object_r:graphics_device:s0 +/dev/hw_random u:object_r:hw_random_device:s0 +/dev/hwbinder u:object_r:hwbinder_device:s0 +/dev/input(/.*)? u:object_r:input_device:s0 +/dev/iio:device[0-9]+ u:object_r:iio_device:s0 +/dev/ion u:object_r:ion_device:s0 +/dev/keychord u:object_r:keychord_device:s0 +/dev/loop-control u:object_r:loop_control_device:s0 +/dev/modem.* u:object_r:radio_device:s0 +/dev/mtp_usb u:object_r:mtp_device:s0 +/dev/pmsg0 u:object_r:pmsg_device:s0 +/dev/pn544 u:object_r:nfc_device:s0 +/dev/port u:object_r:port_device:s0 +/dev/ppp u:object_r:ppp_device:s0 +/dev/ptmx u:object_r:ptmx_device:s0 +/dev/pvrsrvkm u:object_r:gpu_device:s0 +/dev/kmsg u:object_r:kmsg_device:s0 +/dev/kmsg_debug u:object_r:kmsg_debug_device:s0 +/dev/null u:object_r:null_device:s0 +/dev/nvhdcp1 u:object_r:video_device:s0 +/dev/random u:object_r:random_device:s0 +/dev/rpmsg-omx[0-9] u:object_r:rpmsg_device:s0 +/dev/rproc_user u:object_r:rpmsg_device:s0 +/dev/rtc[0-9] u:object_r:rtc_device:s0 +/dev/snd(/.*)? u:object_r:audio_device:s0 +/dev/socket(/.*)? u:object_r:socket_device:s0 +/dev/socket/adbd u:object_r:adbd_socket:s0 +/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0 +/dev/socket/dumpstate u:object_r:dumpstate_socket:s0 +/dev/socket/fwmarkd u:object_r:fwmarkd_socket:s0 +/dev/socket/lmkd u:object_r:lmkd_socket:s0 +/dev/socket/logd u:object_r:logd_socket:s0 +/dev/socket/logdr u:object_r:logdr_socket:s0 +/dev/socket/logdw u:object_r:logdw_socket:s0 +/dev/socket/statsdw u:object_r:statsdw_socket:s0 +/dev/socket/mdns u:object_r:mdns_socket:s0 +/dev/socket/mdnsd u:object_r:mdnsd_socket:s0 +/dev/socket/mtpd u:object_r:mtpd_socket:s0 +/dev/socket/pdx/system/buffer_hub u:object_r:pdx_bufferhub_dir:s0 +/dev/socket/pdx/system/buffer_hub/client u:object_r:pdx_bufferhub_client_endpoint_socket:s0 +/dev/socket/pdx/system/performance u:object_r:pdx_performance_dir:s0 +/dev/socket/pdx/system/performance/client u:object_r:pdx_performance_client_endpoint_socket:s0 +/dev/socket/pdx/system/vr/display u:object_r:pdx_display_dir:s0 +/dev/socket/pdx/system/vr/display/client u:object_r:pdx_display_client_endpoint_socket:s0 +/dev/socket/pdx/system/vr/display/manager u:object_r:pdx_display_manager_endpoint_socket:s0 +/dev/socket/pdx/system/vr/display/screenshot u:object_r:pdx_display_screenshot_endpoint_socket:s0 +/dev/socket/pdx/system/vr/display/vsync u:object_r:pdx_display_vsync_endpoint_socket:s0 +/dev/socket/property_service u:object_r:property_socket:s0 +/dev/socket/racoon u:object_r:racoon_socket:s0 +/dev/socket/recovery u:object_r:recovery_socket:s0 +/dev/socket/rild u:object_r:rild_socket:s0 +/dev/socket/rild-debug u:object_r:rild_debug_socket:s0 +/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0 +/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0 +/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0 +/dev/socket/traced_consumer u:object_r:traced_consumer_socket:s0 +/dev/socket/traced_perf u:object_r:traced_perf_socket:s0 +/dev/socket/traced_producer u:object_r:traced_producer_socket:s0 +/dev/socket/heapprofd u:object_r:heapprofd_socket:s0 +/dev/socket/uncrypt u:object_r:uncrypt_socket:s0 +/dev/socket/wpa_eth[0-9] u:object_r:wpa_socket:s0 +/dev/socket/wpa_wlan[0-9] u:object_r:wpa_socket:s0 +/dev/socket/zygote u:object_r:zygote_socket:s0 +/dev/socket/zygote_secondary u:object_r:zygote_socket:s0 +/dev/socket/usap_pool_primary u:object_r:zygote_socket:s0 +/dev/socket/usap_pool_secondary u:object_r:zygote_socket:s0 +/dev/spdif_out.* u:object_r:audio_device:s0 +/dev/tty u:object_r:owntty_device:s0 +/dev/tty[0-9]* u:object_r:tty_device:s0 +/dev/ttyS[0-9]* u:object_r:serial_device:s0 +/dev/ttyUSB[0-9]* u:object_r:usb_serial_device:s0 +/dev/ttyACM[0-9]* u:object_r:usb_serial_device:s0 +/dev/tun u:object_r:tun_device:s0 +/dev/uhid u:object_r:uhid_device:s0 +/dev/uinput u:object_r:uhid_device:s0 +/dev/uio[0-9]* u:object_r:uio_device:s0 +/dev/urandom u:object_r:random_device:s0 +/dev/usb_accessory u:object_r:usbaccessory_device:s0 +/dev/v4l-touch[0-9]* u:object_r:input_device:s0 +/dev/video[0-9]* u:object_r:video_device:s0 +/dev/vndbinder u:object_r:vndbinder_device:s0 +/dev/watchdog u:object_r:watchdog_device:s0 +/dev/xt_qtaguid u:object_r:qtaguid_device:s0 +/dev/zero u:object_r:zero_device:s0 +/dev/__properties__ u:object_r:properties_device:s0 +/dev/__properties__/property_info u:object_r:property_info:s0 +############################# +# Linker configuration +# +/linkerconfig(/.*)? u:object_r:linkerconfig_file:s0 +############################# +# System files +# +/system(/.*)? u:object_r:system_file:s0 +/system/apex/com.android.art u:object_r:art_apex_dir:s0 +/system/lib(64)?(/.*)? u:object_r:system_lib_file:s0 +/system/lib(64)?/bootstrap(/.*)? u:object_r:system_bootstrap_lib_file:s0 +/system/bin/atrace u:object_r:atrace_exec:s0 +/system/bin/auditctl u:object_r:auditctl_exec:s0 +/system/bin/bcc u:object_r:rs_exec:s0 +/system/bin/blank_screen u:object_r:blank_screen_exec:s0 +/system/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0 +/system/bin/charger u:object_r:charger_exec:s0 +/system/bin/e2fsdroid u:object_r:e2fs_exec:s0 +/system/bin/mke2fs u:object_r:e2fs_exec:s0 +/system/bin/e2fsck -- u:object_r:fsck_exec:s0 +/system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0 +/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0 +/system/bin/init u:object_r:init_exec:s0 +# TODO(/123600489): merge mini-keyctl into toybox +/system/bin/mini-keyctl -- u:object_r:toolbox_exec:s0 +/system/bin/fsverity_init u:object_r:fsverity_init_exec:s0 +/system/bin/sload_f2fs -- u:object_r:e2fs_exec:s0 +/system/bin/make_f2fs -- u:object_r:e2fs_exec:s0 +/system/bin/fsck_msdos -- u:object_r:fsck_exec:s0 +/system/bin/tcpdump -- u:object_r:tcpdump_exec:s0 +/system/bin/tune2fs -- u:object_r:fsck_exec:s0 +/system/bin/toolbox -- u:object_r:toolbox_exec:s0 +/system/bin/toybox -- u:object_r:toolbox_exec:s0 +/system/bin/ld\.mc u:object_r:rs_exec:s0 +/system/bin/logcat -- u:object_r:logcat_exec:s0 +/system/bin/logcatd -- u:object_r:logcat_exec:s0 +/system/bin/sh -- u:object_r:shell_exec:s0 +/system/bin/run-as -- u:object_r:runas_exec:s0 +/system/bin/bootanimation u:object_r:bootanim_exec:s0 +/system/bin/bootstat u:object_r:bootstat_exec:s0 +/system/bin/app_process32 u:object_r:zygote_exec:s0 +/system/bin/app_process64 u:object_r:zygote_exec:s0 +/system/bin/servicemanager u:object_r:servicemanager_exec:s0 +/system/bin/hwservicemanager u:object_r:hwservicemanager_exec:s0 +/system/bin/surfaceflinger u:object_r:surfaceflinger_exec:s0 +/system/bin/gpuservice u:object_r:gpuservice_exec:s0 +/system/bin/bufferhubd u:object_r:bufferhubd_exec:s0 +/system/bin/performanced u:object_r:performanced_exec:s0 +/system/bin/drmserver u:object_r:drmserver_exec:s0 +/system/bin/dumpstate u:object_r:dumpstate_exec:s0 +/system/bin/incident u:object_r:incident_exec:s0 +/system/bin/incidentd u:object_r:incidentd_exec:s0 +/system/bin/incident_helper u:object_r:incident_helper_exec:s0 +/system/bin/iw u:object_r:iw_exec:s0 +/system/bin/netutils-wrapper-1\.0 u:object_r:netutils_wrapper_exec:s0 +/system/bin/vold u:object_r:vold_exec:s0 +/system/bin/netd u:object_r:netd_exec:s0 +/system/bin/wificond u:object_r:wificond_exec:s0 +/system/bin/audioserver u:object_r:audioserver_exec:s0 +/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0 +/system/bin/mediaserver u:object_r:mediaserver_exec:s0 +/system/bin/mediametrics u:object_r:mediametrics_exec:s0 +/system/bin/cameraserver u:object_r:cameraserver_exec:s0 +/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0 +/system/bin/mediaswcodec u:object_r:mediaswcodec_exec:s0 +/system/bin/mediatranscoding u:object_r:mediatranscoding_exec:s0 +/system/bin/mdnsd u:object_r:mdnsd_exec:s0 +/system/bin/installd u:object_r:installd_exec:s0 +/system/bin/otapreopt_chroot u:object_r:otapreopt_chroot_exec:s0 +/system/bin/otapreopt_slot u:object_r:otapreopt_slot_exec:s0 +/system/bin/art_apex_boot_integrity u:object_r:art_apex_boot_integrity_exec:s0 +/system/bin/credstore u:object_r:credstore_exec:s0 +/system/bin/keystore u:object_r:keystore_exec:s0 +/system/bin/fingerprintd u:object_r:fingerprintd_exec:s0 +/system/bin/gatekeeperd u:object_r:gatekeeperd_exec:s0 +/system/bin/crash_dump32 u:object_r:crash_dump_exec:s0 +/system/bin/crash_dump64 u:object_r:crash_dump_exec:s0 +/system/bin/tombstoned u:object_r:tombstoned_exec:s0 +/system/bin/recovery-persist u:object_r:recovery_persist_exec:s0 +/system/bin/recovery-refresh u:object_r:recovery_refresh_exec:s0 +/system/bin/sdcard u:object_r:sdcardd_exec:s0 +/system/bin/snapshotctl u:object_r:snapshotctl_exec:s0 +/system/bin/dhcpcd u:object_r:dhcp_exec:s0 +/system/bin/dhcpcd-6\.8\.2 u:object_r:dhcp_exec:s0 +/system/bin/mtpd u:object_r:mtp_exec:s0 +/system/bin/pppd u:object_r:ppp_exec:s0 +/system/bin/racoon u:object_r:racoon_exec:s0 +/system/xbin/su u:object_r:su_exec:s0 +/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0 +/system/bin/healthd u:object_r:healthd_exec:s0 +/system/bin/clatd u:object_r:clatd_exec:s0 +/system/bin/linker(64)? u:object_r:system_linker_exec:s0 +/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0 +/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0 +/system/bin/llkd u:object_r:llkd_exec:s0 +/system/bin/lmkd u:object_r:lmkd_exec:s0 +/system/bin/usbd u:object_r:usbd_exec:s0 +/system/bin/inputflinger u:object_r:inputflinger_exec:s0 +/system/bin/logd u:object_r:logd_exec:s0 +/system/bin/lpdumpd u:object_r:lpdumpd_exec:s0 +/system/bin/rss_hwm_reset u:object_r:rss_hwm_reset_exec:s0 +/system/bin/perfetto u:object_r:perfetto_exec:s0 +/system/bin/traced u:object_r:traced_exec:s0 +/system/bin/traced_perf u:object_r:traced_perf_exec:s0 +/system/bin/traced_probes u:object_r:traced_probes_exec:s0 +/system/bin/heapprofd u:object_r:heapprofd_exec:s0 +/system/bin/uncrypt u:object_r:uncrypt_exec:s0 +/system/bin/update_verifier u:object_r:update_verifier_exec:s0 +/system/bin/logwrapper u:object_r:system_file:s0 +/system/bin/vdc u:object_r:vdc_exec:s0 +/system/bin/cppreopts\.sh u:object_r:cppreopts_exec:s0 +/system/bin/preloads_copy\.sh u:object_r:preloads_copy_exec:s0 +/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0 +/system/bin/dex2oat(d)? u:object_r:dex2oat_exec:s0 +/system/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0 +/system/bin/viewcompiler u:object_r:viewcompiler_exec:s0 +/system/bin/profman(d)? u:object_r:profman_exec:s0 +/system/bin/iorapd u:object_r:iorapd_exec:s0 +/system/bin/iorap\.inode2filename u:object_r:iorap_inode2filename_exec:s0 +/system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0 +/system/bin/sgdisk u:object_r:sgdisk_exec:s0 +/system/bin/blkid u:object_r:blkid_exec:s0 +/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0 +/system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0 +/system/bin/idmap u:object_r:idmap_exec:s0 +/system/bin/idmap2(d)? u:object_r:idmap_exec:s0 +/system/bin/update_engine u:object_r:update_engine_exec:s0 +/system/bin/storaged u:object_r:storaged_exec:s0 +/system/bin/wpantund u:object_r:wpantund_exec:s0 +/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0 +/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0 +/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0 +/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:system_suspend_exec:s0 +/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0 +/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0 +/system/etc/group u:object_r:system_group_file:s0 +/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0 +/system/etc/passwd u:object_r:system_passwd_file:s0 +/system/etc/seccomp_policy(/.*)? u:object_r:system_seccomp_policy_file:s0 +/system/etc/security/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0 +/system/etc/selinux/mapping/[0-9]+\.[0-9]+\.cil u:object_r:sepolicy_file:s0 +/system/etc/selinux/plat_mac_permissions\.xml u:object_r:mac_perms_file:s0 +/system/etc/selinux/plat_property_contexts u:object_r:property_contexts_file:s0 +/system/etc/selinux/plat_service_contexts u:object_r:service_contexts_file:s0 +/system/etc/selinux/plat_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/system/etc/selinux/plat_file_contexts u:object_r:file_contexts_file:s0 +/system/etc/selinux/plat_seapp_contexts u:object_r:seapp_contexts_file:s0 +/system/etc/selinux/plat_sepolicy\.cil u:object_r:sepolicy_file:s0 +/system/etc/selinux/plat_and_mapping_sepolicy\.cil\.sha256 u:object_r:sepolicy_file:s0 +/system/etc/task_profiles\.json u:object_r:task_profiles_file:s0 +/system/usr/share/zoneinfo(/.*)? u:object_r:system_zoneinfo_file:s0 +/system/bin/vr_hwc u:object_r:vr_hwc_exec:s0 +/system/bin/adbd u:object_r:adbd_exec:s0 +/system/bin/vold_prepare_subdirs u:object_r:vold_prepare_subdirs_exec:s0 +/system/bin/stats u:object_r:stats_exec:s0 +/system/bin/statsd u:object_r:statsd_exec:s0 +/system/bin/bpfloader u:object_r:bpfloader_exec:s0 +/system/bin/wait_for_keymaster u:object_r:wait_for_keymaster_exec:s0 +/system/bin/watchdogd u:object_r:watchdogd_exec:s0 +/system/bin/apexd u:object_r:apexd_exec:s0 +/system/bin/gsid u:object_r:gsid_exec:s0 +/system/bin/simpleperf u:object_r:simpleperf_exec:s0 +/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0 +/system/bin/notify_traceur\.sh u:object_r:notify_traceur_exec:s0 +/system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0 +/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0 + +############################# +# Vendor files +# +/(vendor|system/vendor)(/.*)? u:object_r:vendor_file:s0 +/(vendor|system/vendor)/bin/sh u:object_r:vendor_shell_exec:s0 +/(vendor|system/vendor)/bin/toybox_vendor u:object_r:vendor_toolbox_exec:s0 +/(vendor|system/vendor)/bin/toolbox u:object_r:vendor_toolbox_exec:s0 +/(vendor|system/vendor)/etc(/.*)? u:object_r:vendor_configs_file:s0 +/(vendor|system/vendor)/etc/cgroups\.json u:object_r:vendor_cgroup_desc_file:s0 +/(vendor|system/vendor)/etc/task_profiles\.json u:object_r:vendor_task_profiles_file:s0 + +/(vendor|system/vendor)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0 + +/(vendor|system/vendor)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0 + +/(vendor|system/vendor)/manifest\.xml u:object_r:vendor_configs_file:s0 +/(vendor|system/vendor)/compatibility_matrix\.xml u:object_r:vendor_configs_file:s0 +/(vendor|system/vendor)/etc/vintf(/.*)? u:object_r:vendor_configs_file:s0 +/(vendor|system/vendor)/app(/.*)? u:object_r:vendor_app_file:s0 +/(vendor|system/vendor)/priv-app(/.*)? u:object_r:vendor_app_file:s0 +/(vendor|system/vendor)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 +/(vendor|system/vendor)/framework(/.*)? u:object_r:vendor_framework_file:s0 + +/(vendor|system/vendor)/apex(/[^/]+){0,2} u:object_r:vendor_apex_file:s0 +/(vendor|system/vendor)/bin/misc_writer u:object_r:vendor_misc_writer_exec:s0 +/(vendor|system/vendor)/bin/boringssl_self_test(32|64) u:object_r:vendor_boringssl_self_test_exec:s0 + +# HAL location +/(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 + +/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0 + +/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0 + +############################# +# OEM and ODM files +# +/(odm|vendor/odm)(/.*)? u:object_r:vendor_file:s0 +/(odm|vendor/odm)/lib(64)?/egl(/.*)? u:object_r:same_process_hal_file:s0 +/(odm|vendor/odm)/lib(64)?/hw u:object_r:vendor_hal_file:s0 +/(odm|vendor/odm)/lib(64)?/vndk-sp(/.*)? u:object_r:vndk_sp_file:s0 +/(odm|vendor/odm)/bin/sh u:object_r:vendor_shell_exec:s0 +/(odm|vendor/odm)/etc(/.*)? u:object_r:vendor_configs_file:s0 +/(odm|vendor/odm)/app(/.*)? u:object_r:vendor_app_file:s0 +/(odm|vendor/odm)/priv-app(/.*)? u:object_r:vendor_app_file:s0 +/(odm|vendor/odm)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 +/(odm|vendor/odm)/framework(/.*)? u:object_r:vendor_framework_file:s0 + +# Input configuration +/(odm|vendor/odm|vendor|system/vendor)/usr/keylayout(/.*)?\.kl u:object_r:vendor_keylayout_file:s0 +/(odm|vendor/odm|vendor|system/vendor)/usr/keychars(/.*)?\.kcm u:object_r:vendor_keychars_file:s0 +/(odm|vendor/odm|vendor|system/vendor)/usr/idc(/.*)?\.idc u:object_r:vendor_idc_file:s0 + +/oem(/.*)? u:object_r:oemfs:s0 +/oem/overlay(/.*)? u:object_r:vendor_overlay_file:s0 + +# The precompiled monolithic sepolicy will be under /odm only when +# BOARD_USES_ODMIMAGE is true: a separate odm.img is built. +/odm/etc/selinux/precompiled_sepolicy u:object_r:sepolicy_file:s0 +/odm/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0 + +/(odm|vendor/odm)/etc/selinux/odm_sepolicy\.cil u:object_r:sepolicy_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_file_contexts u:object_r:file_contexts_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_seapp_contexts u:object_r:seapp_contexts_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_property_contexts u:object_r:property_contexts_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/(odm|vendor/odm)/etc/selinux/odm_mac_permissions\.xml u:object_r:mac_perms_file:s0 + +############################# +# Product files +# +/(product|system/product)(/.*)? u:object_r:system_file:s0 +/(product|system/product)/etc/group u:object_r:system_group_file:s0 +/(product|system/product)/etc/passwd u:object_r:system_passwd_file:s0 +/(product|system/product)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 + +/(product|system/product)/etc/selinux/product_file_contexts u:object_r:file_contexts_file:s0 +/(product|system/product)/etc/selinux/product_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/(product|system/product)/etc/selinux/product_property_contexts u:object_r:property_contexts_file:s0 +/(product|system/product)/etc/selinux/product_seapp_contexts u:object_r:seapp_contexts_file:s0 +/(product|system/product)/etc/selinux/product_service_contexts u:object_r:service_contexts_file:s0 +/(product|system/product)/etc/selinux/product_mac_permissions\.xml u:object_r:mac_perms_file:s0 + +/(product|system/product)/lib(64)?(/.*)? u:object_r:system_lib_file:s0 + +############################# +# SystemExt files +# +/(system_ext|system/system_ext)(/.*)? u:object_r:system_file:s0 +/(system_ext|system/system_ext)/etc/group u:object_r:system_group_file:s0 +/(system_ext|system/system_ext)/etc/passwd u:object_r:system_passwd_file:s0 +/(system_ext|system/system_ext)/overlay(/.*)? u:object_r:vendor_overlay_file:s0 + +/(system_ext|system/system_ext)/etc/selinux/system_ext_file_contexts u:object_r:file_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_hwservice_contexts u:object_r:hwservice_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_property_contexts u:object_r:property_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_seapp_contexts u:object_r:seapp_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_service_contexts u:object_r:service_contexts_file:s0 +/(system_ext|system/system_ext)/etc/selinux/system_ext_mac_permissions\.xml u:object_r:mac_perms_file:s0 + +/(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0 +/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0 + +############################# +# Vendor files from /(product|system/product)/vendor_overlay +# +# NOTE: For additional vendor file contexts for vendor overlay files, +# use device specific file_contexts. +# +/(product|system/product)/vendor_overlay/[0-9]+/.* u:object_r:vendor_file:s0 + +############################# +# Data files +# +# NOTE: When modifying existing label rules, changes may also need to +# propagate to the "Expanded data files" section. +# +/data u:object_r:system_data_root_file:s0 +/data/(.*)? u:object_r:system_data_file:s0 +/data/system/packages\.list u:object_r:packages_list_file:s0 +/data/unencrypted(/.*)? u:object_r:unencrypted_data_file:s0 +/data/backup(/.*)? u:object_r:backup_data_file:s0 +/data/secure/backup(/.*)? u:object_r:backup_data_file:s0 +/data/system/ndebugsocket u:object_r:system_ndebug_socket:s0 +/data/system/unsolzygotesocket u:object_r:system_unsolzygote_socket:s0 +/data/drm(/.*)? u:object_r:drm_data_file:s0 +/data/resource-cache(/.*)? u:object_r:resourcecache_data_file:s0 +/data/dalvik-cache(/.*)? u:object_r:dalvikcache_data_file:s0 +/data/ota(/.*)? u:object_r:ota_data_file:s0 +/data/ota_package(/.*)? u:object_r:ota_package_file:s0 +/data/adb(/.*)? u:object_r:adb_data_file:s0 +/data/anr(/.*)? u:object_r:anr_data_file:s0 +/data/apex(/.*)? u:object_r:apex_data_file:s0 +/data/apex/active/(.*)? u:object_r:staging_data_file:s0 +/data/apex/backup/(.*)? u:object_r:staging_data_file:s0 +/data/app(/.*)? u:object_r:apk_data_file:s0 +# Traditional /data/app/[packageName]-[randomString]/base.apk location +/data/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +# /data/app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout +/data/app/[^/]+/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/data/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0 +/data/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/data/app-private(/.*)? u:object_r:apk_private_data_file:s0 +/data/app-private/vmdl.*\.tmp(/.*)? u:object_r:apk_private_tmp_file:s0 +/data/gsi(/.*)? u:object_r:gsi_data_file:s0 +/data/gsi/ota(/.*)? u:object_r:ota_image_data_file:s0 +/data/tombstones(/.*)? u:object_r:tombstone_data_file:s0 +/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0 +/data/local/tmp(/.*)? u:object_r:shell_data_file:s0 +/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0 +/data/local/traces(/.*)? u:object_r:trace_data_file:s0 +/data/media(/.*)? u:object_r:media_rw_data_file:s0 +/data/mediadrm(/.*)? u:object_r:media_data_file:s0 +/data/nativetest(/.*)? u:object_r:nativetest_data_file:s0 +/data/nativetest64(/.*)? u:object_r:nativetest_data_file:s0 +# This directory was removed after Q Beta 2, but we need to preserve labels for upgrading devices. +/data/pkg_staging(/.*)? u:object_r:staging_data_file:s0 +/data/property(/.*)? u:object_r:property_data_file:s0 +/data/preloads(/.*)? u:object_r:preloads_data_file:s0 +/data/preloads/media(/.*)? u:object_r:preloads_media_file:s0 +/data/preloads/demo(/.*)? u:object_r:preloads_media_file:s0 +/data/server_configurable_flags(/.*)? u:object_r:server_configurable_flags_data_file:s0 +/data/app-staging(/.*)? u:object_r:staging_data_file:s0 + +# Misc data +/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0 +/data/misc/apexdata(/.*)? u:object_r:apex_module_data_file:s0 +/data/misc/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 +/data/misc/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 +/data/misc/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0 +/data/misc/apns(/.*)? u:object_r:radio_data_file:s0 +/data/misc/audio(/.*)? u:object_r:audio_data_file:s0 +/data/misc/audioserver(/.*)? u:object_r:audioserver_data_file:s0 +/data/misc/audiohal(/.*)? u:object_r:audiohal_data_file:s0 +/data/misc/bootstat(/.*)? u:object_r:bootstat_data_file:s0 +/data/misc/boottrace(/.*)? u:object_r:boottrace_data_file:s0 +/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0 +/data/misc/bluetooth/logs(/.*)? u:object_r:bluetooth_logs_data_file:s0 +/data/misc/bluedroid(/.*)? u:object_r:bluetooth_data_file:s0 +/data/misc/bluedroid/\.a2dp_ctrl u:object_r:bluetooth_socket:s0 +/data/misc/bluedroid/\.a2dp_data u:object_r:bluetooth_socket:s0 +/data/misc/camera(/.*)? u:object_r:camera_data_file:s0 +/data/misc/carrierid(/.*)? u:object_r:radio_data_file:s0 +/data/misc/dhcp(/.*)? u:object_r:dhcp_data_file:s0 +/data/misc/dhcp-6\.8\.2(/.*)? u:object_r:dhcp_data_file:s0 +/data/misc/emergencynumberdb(/.*)? u:object_r:emergency_data_file:s0 +/data/misc/gatekeeper(/.*)? u:object_r:gatekeeper_data_file:s0 +/data/misc/incidents(/.*)? u:object_r:incident_data_file:s0 +/data/misc/installd(/.*)? u:object_r:install_data_file:s0 +/data/misc/keychain(/.*)? u:object_r:keychain_data_file:s0 +/data/misc/credstore(/.*)? u:object_r:credstore_data_file:s0 +/data/misc/keystore(/.*)? u:object_r:keystore_data_file:s0 +/data/misc/logd(/.*)? u:object_r:misc_logd_file:s0 +/data/misc/media(/.*)? u:object_r:media_data_file:s0 +/data/misc/net(/.*)? u:object_r:net_data_file:s0 +/data/misc/network_watchlist(/.*)? u:object_r:network_watchlist_data_file:s0 +/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0 +/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0 +/data/misc/recovery(/.*)? u:object_r:recovery_data_file:s0 +/data/misc/shared_relro(/.*)? u:object_r:shared_relro_file:s0 +/data/misc/sms(/.*)? u:object_r:radio_data_file:s0 +/data/misc/snapshotctl_log(/.*)? u:object_r:snapshotctl_log_data_file:s0 +/data/misc/stats-active-metric(/.*)? u:object_r:stats_data_file:s0 +/data/misc/stats-data(/.*)? u:object_r:stats_data_file:s0 +/data/misc/stats-service(/.*)? u:object_r:stats_data_file:s0 +/data/misc/stats-metadata(/.*)? u:object_r:stats_data_file:s0 +/data/misc/systemkeys(/.*)? u:object_r:systemkeys_data_file:s0 +/data/misc/textclassifier(/.*)? u:object_r:textclassifier_data_file:s0 +/data/misc/train-info(/.*)? u:object_r:stats_data_file:s0 +/data/misc/user(/.*)? u:object_r:misc_user_data_file:s0 +/data/misc/vpn(/.*)? u:object_r:vpn_data_file:s0 +/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0 +/data/misc_ce/[0-9]+/wifi(/.*)? u:object_r:wifi_data_file:s0 +/data/misc/wifi/sockets(/.*)? u:object_r:wpa_socket:s0 +/data/misc/wifi/sockets/wpa_ctrl.* u:object_r:system_wpa_socket:s0 +/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0 +/data/misc/vold(/.*)? u:object_r:vold_data_file:s0 +/data/misc/iorapd(/.*)? u:object_r:iorapd_data_file:s0 +/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0 +/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0 +/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0 +/data/system/heapdump(/.*)? u:object_r:heapdump_data_file:s0 +/data/misc/trace(/.*)? u:object_r:method_trace_data_file:s0 +/data/misc/wmtrace(/.*)? u:object_r:wm_trace_data_file:s0 +# TODO(calin) label profile reference differently so that only +# profman run as a special user can write to them +/data/misc/profiles/cur(/.*)? u:object_r:user_profile_data_file:s0 +/data/misc/profiles/ref(/.*)? u:object_r:user_profile_data_file:s0 +/data/misc/profman(/.*)? u:object_r:profman_dump_data_file:s0 +/data/vendor(/.*)? u:object_r:vendor_data_file:s0 +/data/vendor_ce(/.*)? u:object_r:vendor_data_file:s0 +/data/vendor_de(/.*)? u:object_r:vendor_data_file:s0 + +# storaged proto files +/data/misc_de/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0 +/data/misc_ce/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0 + +# Fingerprint data +/data/system/users/[0-9]+/fpdata(/.*)? u:object_r:fingerprintd_data_file:s0 + +# Fingerprint vendor data file +/data/vendor_de/[0-9]+/fpdata(/.*)? u:object_r:fingerprint_vendor_data_file:s0 + +# Face vendor data file +/data/vendor_de/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0 +/data/vendor_ce/[0-9]+/facedata(/.*)? u:object_r:face_vendor_data_file:s0 + +# Iris vendor data file +/data/vendor_de/[0-9]+/irisdata(/.*)? u:object_r:iris_vendor_data_file:s0 + +# Bootchart data +/data/bootchart(/.*)? u:object_r:bootchart_data_file:s0 + +# App data snapshots (managed by installd). +/data/misc_de/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0 +/data/misc_ce/[0-9]+/rollback(/.*)? u:object_r:rollback_data_file:s0 + +# Apex data directories +/data/misc_de/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0 +/data/misc_ce/[0-9]+/apexdata(/.*)? u:object_r:apex_module_data_file:s0 +/data/misc_de/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 +/data/misc_ce/[0-9]+/apexdata/com.android.permission(/.*)? u:object_r:apex_permission_data_file:s0 +/data/misc_de/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 +/data/misc_ce/[0-9]+/apexdata/com\.android\.wifi(/.*)? u:object_r:apex_wifi_data_file:s0 + +# Apex rollback directories +/data/misc_de/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0 +/data/misc_ce/[0-9]+/apexrollback(/.*)? u:object_r:apex_rollback_data_file:s0 + +# Incremental directories +/data/incremental(/.*)? u:object_r:apk_data_file:s0 +/data/incremental/MT_[^/]+/mount/.pending_reads u:object_r:incremental_control_file:s0 +/data/incremental/MT_[^/]+/mount/.log u:object_r:incremental_control_file:s0 + +############################# +# Expanded data files +# +/mnt/expand(/.*)? u:object_r:mnt_expand_file:s0 +/mnt/expand/[^/]+(/.*)? u:object_r:system_data_file:s0 +/mnt/expand/[^/]+/app(/.*)? u:object_r:apk_data_file:s0 +/mnt/expand/[^/]+/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +# /mnt/expand/..../app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout +/mnt/expand/[^/]+/app/[^/]+/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0 +/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0 +/mnt/expand/[^/]+/local/tmp(/.*)? u:object_r:shell_data_file:s0 +/mnt/expand/[^/]+/media(/.*)? u:object_r:media_rw_data_file:s0 +/mnt/expand/[^/]+/misc/vold(/.*)? u:object_r:vold_data_file:s0 + +# coredump directory for userdebug/eng devices +/cores(/.*)? u:object_r:coredump_file:s0 + +# Wallpaper files +/data/system/users/[0-9]+/wallpaper_lock_orig u:object_r:wallpaper_file:s0 +/data/system/users/[0-9]+/wallpaper_lock u:object_r:wallpaper_file:s0 +/data/system/users/[0-9]+/wallpaper_orig u:object_r:wallpaper_file:s0 +/data/system/users/[0-9]+/wallpaper u:object_r:wallpaper_file:s0 + +# Ringtone files +/data/system_de/[0-9]+/ringtones(/.*)? u:object_r:ringtone_file:s0 + +# ShortcutManager icons, e.g. +# /data/system_ce/0/shortcut_service/bitmaps/com.example.app/1457472879282.png +/data/system_ce/[0-9]+/shortcut_service/bitmaps(/.*)? u:object_r:shortcut_manager_icons:s0 + +# User icon files +/data/system/users/[0-9]+/photo\.png u:object_r:icon_file:s0 + +# vold per-user data +/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0 +/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0 + +# iorapd per-user data +/data/misc_ce/[0-9]+/iorapd(/.*)? u:object_r:iorapd_data_file:s0 + +# Backup service persistent per-user bookkeeping +/data/system_ce/[0-9]+/backup(/.*)? u:object_r:backup_data_file:s0 +# Backup service temporary per-user data for inter-change with apps +/data/system_ce/[0-9]+/backup_stage(/.*)? u:object_r:backup_data_file:s0 + +############################# +# efs files +# +/efs(/.*)? u:object_r:efs_file:s0 + +############################# +# Cache files +# +/cache(/.*)? u:object_r:cache_file:s0 +/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0 +# General backup/restore interchange with apps +/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0 +# LocalTransport (backup) uses this subtree +/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0 + +############################# +# Overlayfs support directories +# +/cache/overlay(/.*)? u:object_r:overlayfs_file:s0 +/mnt/scratch(/.*)? u:object_r:overlayfs_file:s0 + +/data/cache(/.*)? u:object_r:cache_file:s0 +/data/cache/recovery(/.*)? u:object_r:cache_recovery_file:s0 +# General backup/restore interchange with apps +/data/cache/backup_stage(/.*)? u:object_r:cache_backup_file:s0 +# LocalTransport (backup) uses this subtree +/data/cache/backup(/.*)? u:object_r:cache_private_backup_file:s0 + +############################# +# Metadata files +# +/metadata(/.*)? u:object_r:metadata_file:s0 +/metadata/apex(/.*)? u:object_r:apex_metadata_file:s0 +/metadata/vold(/.*)? u:object_r:vold_metadata_file:s0 +/metadata/gsi(/.*)? u:object_r:gsi_metadata_file:s0 +/metadata/gsi/ota(/.*)? u:object_r:ota_metadata_file:s0 +/metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0 +/metadata/ota(/.*)? u:object_r:ota_metadata_file:s0 +/metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0 + +############################# +# asec containers +/mnt/asec(/.*)? u:object_r:asec_apk_file:s0 +/mnt/asec/[^/]+/[^/]+\.zip u:object_r:asec_public_file:s0 +/mnt/asec/[^/]+/lib(/.*)? u:object_r:asec_public_file:s0 +/data/app-asec(/.*)? u:object_r:asec_image_file:s0 + +############################# +# external storage +/mnt/media_rw(/.*)? u:object_r:mnt_media_rw_file:s0 +/mnt/user(/.*)? u:object_r:mnt_user_file:s0 +/mnt/pass_through(/.*)? u:object_r:mnt_pass_through_file:s0 +/mnt/sdcard u:object_r:mnt_sdcard_file:s0 +/mnt/runtime(/.*)? u:object_r:storage_file:s0 +/storage(/.*)? u:object_r:storage_file:s0 + +############################# +# mount point for read-write vendor partitions +/mnt/vendor(/.*)? u:object_r:mnt_vendor_file:s0 + +############################# +# mount point for read-write product partitions +/mnt/product(/.*)? u:object_r:mnt_product_file:s0 diff --git a/prebuilts/api/30.0/private/file_contexts_asan b/prebuilts/api/30.0/private/file_contexts_asan new file mode 100644 index 000000000..b37f08633 --- /dev/null +++ b/prebuilts/api/30.0/private/file_contexts_asan @@ -0,0 +1,14 @@ +/data/asan/system/lib(/.*)? u:object_r:system_lib_file:s0 +/data/asan/system/lib64(/.*)? u:object_r:system_lib_file:s0 +/data/asan/vendor/lib(/.*)? u:object_r:system_lib_file:s0 +/data/asan/vendor/lib64(/.*)? u:object_r:system_lib_file:s0 +/data/asan/odm/lib(/.*)? u:object_r:system_lib_file:s0 +/data/asan/odm/lib64(/.*)? u:object_r:system_lib_file:s0 +/data/asan/product/lib(/.*)? u:object_r:system_lib_file:s0 +/data/asan/product/lib64(/.*)? u:object_r:system_lib_file:s0 +/system/asan.options u:object_r:system_asan_options_file:s0 +/system/bin/asan_extract u:object_r:asan_extract_exec:s0 +/system/bin/asanwrapper u:object_r:asanwrapper_exec:s0 +/system/bin/asan/app_process u:object_r:zygote_exec:s0 +/system/bin/asan/app_process32 u:object_r:zygote_exec:s0 +/system/bin/asan/app_process64 u:object_r:zygote_exec:s0 diff --git a/prebuilts/api/30.0/private/file_contexts_overlayfs b/prebuilts/api/30.0/private/file_contexts_overlayfs new file mode 100644 index 000000000..e472fade5 --- /dev/null +++ b/prebuilts/api/30.0/private/file_contexts_overlayfs @@ -0,0 +1,9 @@ +############################# +# Overlayfs support directories for userdebug/eng devices +# +/cache/overlay/(system|product)/upper u:object_r:system_file:s0 +/cache/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0 +/cache/overlay/oem/upper u:object_r:vendor_file:s0 +/mnt/scratch/overlay/(system|product)/upper u:object_r:system_file:s0 +/mnt/scratch/overlay/(vendor|odm)/upper u:object_r:vendor_file:s0 +/mnt/scratch/overlay/oem/upper u:object_r:vendor_file:s0 diff --git a/prebuilts/api/30.0/private/fingerprintd.te b/prebuilts/api/30.0/private/fingerprintd.te new file mode 100644 index 000000000..eb73ef8cc --- /dev/null +++ b/prebuilts/api/30.0/private/fingerprintd.te @@ -0,0 +1,3 @@ +typeattribute fingerprintd coredomain; + +init_daemon_domain(fingerprintd) diff --git a/prebuilts/api/30.0/private/flags_health_check.te b/prebuilts/api/30.0/private/flags_health_check.te new file mode 100644 index 000000000..fb41aff79 --- /dev/null +++ b/prebuilts/api/30.0/private/flags_health_check.te @@ -0,0 +1,3 @@ +typeattribute flags_health_check coredomain; + +init_daemon_domain(flags_health_check) diff --git a/prebuilts/api/30.0/private/fs_use b/prebuilts/api/30.0/private/fs_use new file mode 100644 index 000000000..6fcc2ccb8 --- /dev/null +++ b/prebuilts/api/30.0/private/fs_use @@ -0,0 +1,26 @@ +# Label inodes via getxattr. +fs_use_xattr yaffs2 u:object_r:labeledfs:s0; +fs_use_xattr jffs2 u:object_r:labeledfs:s0; +fs_use_xattr ext2 u:object_r:labeledfs:s0; +fs_use_xattr ext3 u:object_r:labeledfs:s0; +fs_use_xattr ext4 u:object_r:labeledfs:s0; +fs_use_xattr xfs u:object_r:labeledfs:s0; +fs_use_xattr btrfs u:object_r:labeledfs:s0; +fs_use_xattr f2fs u:object_r:labeledfs:s0; +fs_use_xattr squashfs u:object_r:labeledfs:s0; +fs_use_xattr overlay u:object_r:labeledfs:s0; +fs_use_xattr erofs u:object_r:labeledfs:s0; +fs_use_xattr incremental-fs u:object_r:labeledfs:s0; + +# Label inodes from task label. +fs_use_task pipefs u:object_r:pipefs:s0; +fs_use_task sockfs u:object_r:sockfs:s0; + +# Label inodes from combination of task label and fs label. +# Define type_transition rules if you want per-domain types. +fs_use_trans devpts u:object_r:devpts:s0; +fs_use_trans tmpfs u:object_r:tmpfs:s0; +fs_use_trans devtmpfs u:object_r:device:s0; +fs_use_trans shm u:object_r:shm:s0; +fs_use_trans mqueue u:object_r:mqueue:s0; + diff --git a/prebuilts/api/30.0/private/fsck.te b/prebuilts/api/30.0/private/fsck.te new file mode 100644 index 000000000..f8e09b645 --- /dev/null +++ b/prebuilts/api/30.0/private/fsck.te @@ -0,0 +1,5 @@ +typeattribute fsck coredomain; + +init_daemon_domain(fsck) + +allow fsck metadata_block_device:blk_file rw_file_perms; diff --git a/prebuilts/api/30.0/private/fsck_untrusted.te b/prebuilts/api/30.0/private/fsck_untrusted.te new file mode 100644 index 000000000..9a57bf027 --- /dev/null +++ b/prebuilts/api/30.0/private/fsck_untrusted.te @@ -0,0 +1 @@ +typeattribute fsck_untrusted coredomain; diff --git a/prebuilts/api/30.0/private/fsverity_init.te b/prebuilts/api/30.0/private/fsverity_init.te new file mode 100644 index 000000000..25595254c --- /dev/null +++ b/prebuilts/api/30.0/private/fsverity_init.te @@ -0,0 +1,26 @@ +type fsverity_init, domain, coredomain; +type fsverity_init_exec, exec_type, file_type, system_file_type; + +init_daemon_domain(fsverity_init) + +# Allow to retrieve keys from keystore. +binder_use(fsverity_init) +use_keystore(fsverity_init) +allow fsverity_init keystore:keystore_key { list get }; + +# Allow to read /proc/keys for searching key id. +allow fsverity_init proc_keys:file r_file_perms; + +# Kernel only prints the keys that can be accessed and only kernel keyring is needed here. +dontaudit fsverity_init init:key view; +dontaudit fsverity_init vold:key view; +allow fsverity_init kernel:key { view search write setattr }; +allow fsverity_init fsverity_init:key { view search write }; + +# Allow init to write to /proc/sys/fs/verity/require_signatures +allow fsverity_init proc_fs_verity:file w_file_perms; + +# When kernel requests an algorithm, the crypto API first looks for an +# already registered algorithm with that name. If it fails, the kernel creates +# an implementation of the algorithm from templates. +dontaudit fsverity_init kernel:system module_request; diff --git a/prebuilts/api/30.0/private/fwk_bufferhub.te b/prebuilts/api/30.0/private/fwk_bufferhub.te new file mode 100644 index 000000000..6b69cca61 --- /dev/null +++ b/prebuilts/api/30.0/private/fwk_bufferhub.te @@ -0,0 +1,8 @@ +type fwk_bufferhub, domain, coredomain; +type fwk_bufferhub_exec, system_file_type, exec_type, file_type; + +hal_client_domain(fwk_bufferhub, hal_graphics_allocator) +allow fwk_bufferhub ion_device:chr_file r_file_perms; + +hal_server_domain(fwk_bufferhub, hal_bufferhub) +init_daemon_domain(fwk_bufferhub) diff --git a/prebuilts/api/30.0/private/gatekeeperd.te b/prebuilts/api/30.0/private/gatekeeperd.te new file mode 100644 index 000000000..5e4d0a2e9 --- /dev/null +++ b/prebuilts/api/30.0/private/gatekeeperd.te @@ -0,0 +1,3 @@ +typeattribute gatekeeperd coredomain; + +init_daemon_domain(gatekeeperd) diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts new file mode 100644 index 000000000..b423e64f3 --- /dev/null +++ b/prebuilts/api/30.0/private/genfs_contexts @@ -0,0 +1,319 @@ +# Label inodes with the fs label. +genfscon rootfs / u:object_r:rootfs:s0 +# proc labeling can be further refined (longest matching prefix). +genfscon proc / u:object_r:proc:s0 +genfscon proc /asound u:object_r:proc_asound:s0 +genfscon proc /buddyinfo u:object_r:proc_buddyinfo:s0 +genfscon proc /cmdline u:object_r:proc_cmdline:s0 +genfscon proc /config.gz u:object_r:config_gz:s0 +genfscon proc /diskstats u:object_r:proc_diskstats:s0 +genfscon proc /filesystems u:object_r:proc_filesystems:s0 +genfscon proc /interrupts u:object_r:proc_interrupts:s0 +genfscon proc /iomem u:object_r:proc_iomem:s0 +genfscon proc /keys u:object_r:proc_keys:s0 +genfscon proc /kmsg u:object_r:proc_kmsg:s0 +genfscon proc /loadavg u:object_r:proc_loadavg:s0 +genfscon proc /lowmemorykiller u:object_r:proc_lowmemorykiller:s0 +genfscon proc /meminfo u:object_r:proc_meminfo:s0 +genfscon proc /misc u:object_r:proc_misc:s0 +genfscon proc /modules u:object_r:proc_modules:s0 +genfscon proc /mounts u:object_r:proc_mounts:s0 +genfscon proc /net u:object_r:proc_net:s0 +genfscon proc /net/tcp u:object_r:proc_net_tcp_udp:s0 +genfscon proc /net/udp u:object_r:proc_net_tcp_udp:s0 +genfscon proc /net/xt_qtaguid/ctrl u:object_r:proc_qtaguid_ctrl:s0 +genfscon proc /net/xt_qtaguid/ u:object_r:proc_qtaguid_stat:s0 +genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 +genfscon proc /pagetypeinfo u:object_r:proc_pagetypeinfo:s0 +genfscon proc /pressure/cpu u:object_r:proc_pressure_cpu:s0 +genfscon proc /pressure/io u:object_r:proc_pressure_io:s0 +genfscon proc /pressure/memory u:object_r:proc_pressure_mem:s0 +genfscon proc /slabinfo u:object_r:proc_slabinfo:s0 +genfscon proc /softirqs u:object_r:proc_timer:s0 +genfscon proc /stat u:object_r:proc_stat:s0 +genfscon proc /swaps u:object_r:proc_swaps:s0 +genfscon proc /sysrq-trigger u:object_r:proc_sysrq:s0 +genfscon proc /kpageflags u:object_r:proc_kpageflags:s0 +genfscon proc /sys/abi/swp u:object_r:proc_abi:s0 +genfscon proc /sys/fs/pipe-max-size u:object_r:proc_pipe_conf:s0 +genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0 +genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0 +genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0 +genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0 +genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0 +genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0 +genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0 +genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/hung_task_ u:object_r:proc_hung_task:s0 +genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0 +genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0 +genfscon proc /sys/kernel/panic_on_oops u:object_r:proc_panic:s0 +genfscon proc /sys/kernel/perf_event_max_sample_rate u:object_r:proc_perf:s0 +genfscon proc /sys/kernel/perf_event_paranoid u:object_r:proc_perf:s0 +genfscon proc /sys/kernel/perf_cpu_time_max_percent u:object_r:proc_perf:s0 +genfscon proc /sys/kernel/perf_event_mlock_kb u:object_r:proc_perf:s0 +genfscon proc /sys/kernel/pid_max u:object_r:proc_pid_max:s0 +genfscon proc /sys/kernel/poweroff_cmd u:object_r:usermodehelper:s0 +genfscon proc /sys/kernel/random u:object_r:proc_random:s0 +genfscon proc /sys/kernel/randomize_va_space u:object_r:proc_security:s0 +genfscon proc /sys/kernel/sched_child_runs_first u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_latency_ns u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_rt_period_us u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_rt_runtime_us u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_schedstats u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_tunable_scaling u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sched_wakeup_granularity_ns u:object_r:proc_sched:s0 +genfscon proc /sys/kernel/sysrq u:object_r:proc_sysrq:s0 +genfscon proc /sys/kernel/usermodehelper u:object_r:usermodehelper:s0 +genfscon proc /sys/net u:object_r:proc_net:s0 +genfscon proc /sys/vm/dirty_background_ratio u:object_r:proc_dirty:s0 +genfscon proc /sys/vm/dirty_expire_centisecs u:object_r:proc_dirty:s0 +genfscon proc /sys/vm/extra_free_kbytes u:object_r:proc_extra_free_kbytes:s0 +genfscon proc /sys/vm/max_map_count u:object_r:proc_max_map_count:s0 +genfscon proc /sys/vm/mmap_min_addr u:object_r:proc_security:s0 +genfscon proc /sys/vm/mmap_rnd_bits u:object_r:proc_security:s0 +genfscon proc /sys/vm/mmap_rnd_compat_bits u:object_r:proc_security:s0 +genfscon proc /sys/vm/page-cluster u:object_r:proc_page_cluster:s0 +genfscon proc /sys/vm/drop_caches u:object_r:proc_drop_caches:s0 +genfscon proc /sys/vm/overcommit_memory u:object_r:proc_overcommit_memory:s0 +genfscon proc /sys/vm/min_free_order_shift u:object_r:proc_min_free_order_shift:s0 +genfscon proc /timer_list u:object_r:proc_timer:s0 +genfscon proc /timer_stats u:object_r:proc_timer:s0 +genfscon proc /tty/drivers u:object_r:proc_tty_drivers:s0 +genfscon proc /uid/ u:object_r:proc_uid_time_in_state:s0 +genfscon proc /uid_cputime/show_uid_stat u:object_r:proc_uid_cputime_showstat:s0 +genfscon proc /uid_cputime/remove_uid_range u:object_r:proc_uid_cputime_removeuid:s0 +genfscon proc /uid_io/stats u:object_r:proc_uid_io_stats:s0 +genfscon proc /uid_procstat/set u:object_r:proc_uid_procstat_set:s0 +genfscon proc /uid_time_in_state u:object_r:proc_uid_time_in_state:s0 +genfscon proc /uid_concurrent_active_time u:object_r:proc_uid_concurrent_active_time:s0 +genfscon proc /uid_concurrent_policy_time u:object_r:proc_uid_concurrent_policy_time:s0 +genfscon proc /uid_cpupower/ u:object_r:proc_uid_cpupower:s0 +genfscon proc /uptime u:object_r:proc_uptime:s0 +genfscon proc /version u:object_r:proc_version:s0 +genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0 +genfscon proc /vmstat u:object_r:proc_vmstat:s0 +genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0 + +# selinuxfs booleans can be individually labeled. +genfscon selinuxfs / u:object_r:selinuxfs:s0 +genfscon cgroup / u:object_r:cgroup:s0 +genfscon cgroup2 / u:object_r:cgroup_bpf:s0 +# sysfs labels can be set by userspace. +genfscon sysfs / u:object_r:sysfs:s0 +genfscon sysfs /devices/system/cpu u:object_r:sysfs_devices_system_cpu:s0 +genfscon sysfs /class/android_usb u:object_r:sysfs_android_usb:s0 +genfscon sysfs /class/extcon u:object_r:sysfs_extcon:s0 +genfscon sysfs /class/leds u:object_r:sysfs_leds:s0 +genfscon sysfs /class/net u:object_r:sysfs_net:s0 +genfscon sysfs /class/rfkill/rfkill0/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /class/rfkill/rfkill1/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /class/rfkill/rfkill2/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0 +genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0 +genfscon sysfs /class/switch u:object_r:sysfs_switch:s0 +genfscon sysfs /class/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0 +genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0 +genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0 +genfscon sysfs /devices/virtual/block/dm- u:object_r:sysfs_dm:s0 +genfscon sysfs /devices/virtual/block/loop u:object_r:sysfs_loop:s0 +genfscon sysfs /devices/virtual/block/zram0 u:object_r:sysfs_zram:s0 +genfscon sysfs /devices/virtual/block/zram1 u:object_r:sysfs_zram:s0 +genfscon sysfs /devices/virtual/block/zram0/uevent u:object_r:sysfs_zram_uevent:s0 +genfscon sysfs /devices/virtual/block/zram1/uevent u:object_r:sysfs_zram_uevent:s0 +genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0 +genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0 +genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0 +genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0 +genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0 +genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0 +genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0 +genfscon sysfs /power/state u:object_r:sysfs_power:s0 +genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0 +genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0 +genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0 +genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0 +genfscon sysfs /kernel/memory_state_time u:object_r:sysfs_power:s0 +genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0 +genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0 +genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0 +genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0 +genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0 +genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0 +genfscon sysfs /module/dm_verity/parameters/prefetch_cluster u:object_r:sysfs_dm_verity:s0 +genfscon sysfs /module/lowmemorykiller u:object_r:sysfs_lowmemorykiller:s0 +genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0 +genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0 +genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0 + +genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0 +genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0 +genfscon tracefs / u:object_r:debugfs_tracing_debug:s0 +genfscon debugfs /tracing/tracing_on u:object_r:debugfs_tracing:s0 +genfscon tracefs /tracing_on u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/trace u:object_r:debugfs_tracing:s0 +genfscon tracefs /trace u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/per_cpu/cpu u:object_r:debugfs_tracing:s0 +genfscon tracefs /per_cpu/cpu u:object_r:debugfs_tracing:s0 + +genfscon debugfs /tracing/instances u:object_r:debugfs_tracing_instances:s0 +genfscon tracefs /instances u:object_r:debugfs_tracing_instances:s0 +genfscon debugfs /tracing/instances/wifi u:object_r:debugfs_wifi_tracing:s0 +genfscon tracefs /instances/wifi u:object_r:debugfs_wifi_tracing:s0 +genfscon debugfs /tracing/trace_marker u:object_r:debugfs_trace_marker:s0 +genfscon tracefs /trace_marker u:object_r:debugfs_trace_marker:s0 +genfscon debugfs /wakeup_sources u:object_r:debugfs_wakeup_sources:s0 + +genfscon debugfs /tracing/events/header_page u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0 + +genfscon tracefs /events/header_page u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_get_data_block/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_iget/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_sync_file_enter/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_sync_file_exit/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_write_begin/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/f2fs/f2fs_write_end/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_da_write_begin/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_da_write_end/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_es_lookup_extent_enter/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_es_lookup_extent_exit/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_load_inode/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_sync_file_enter/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ext4/ext4_sync_file_exit/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/block/block_rq_issue/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/block/block_rq_complete/ u:object_r:debugfs_tracing:s0 + +genfscon tracefs /trace_clock u:object_r:debugfs_tracing:s0 +genfscon tracefs /buffer_size_kb u:object_r:debugfs_tracing:s0 +genfscon tracefs /options/overwrite u:object_r:debugfs_tracing:s0 +genfscon tracefs /options/print-tgid u:object_r:debugfs_tracing:s0 +genfscon tracefs /options/record-tgid u:object_r:debugfs_tracing:s0 +genfscon tracefs /saved_cmdlines_size u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_switch/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/cgroup/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/cpu_idle/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/power/suspend_resume/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_lock/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_locked/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/lowmemorykiller/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/sync/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/fence/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/dma_fence/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ion/ion_stat/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0 + +genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/options/overwrite u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/options/print-tgid u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/options/record-tgid u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/saved_cmdlines_size u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_switch/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_wakeup/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_blocked_reason/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_cpu_hotplug/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sched/sched_process_exit/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/cgroup/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/cpu_frequency/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/cpu_idle/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/clock_set_rate/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/cpu_frequency_limits/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/gpu_frequency/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/power/suspend_resume/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/cpufreq_interactive/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_begin/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/vmscan/mm_vmscan_direct_reclaim_end/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_wake/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/vmscan/mm_vmscan_kswapd_sleep/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_transaction/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_transaction_received/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_lock/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_locked/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_unlock/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/binder/binder_transaction_alloc_buf/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/lowmemorykiller/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/sync/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/fence/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/dma_fence/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/filemap/mm_filemap_add_to_page_cache/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/filemap/mm_filemap_delete_from_page_cache/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/kmem/rss_stat/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/kmem/ion_heap_grow/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/kmem/ion_heap_shrink/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ion/ion_stat/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/mm_event/mm_event_record/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/oom/oom_score_adj_update/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/ftrace/print/ u:object_r:debugfs_tracing:s0 + +genfscon debugfs /kcov u:object_r:debugfs_kcov:s0 + +genfscon securityfs / u:object_r:securityfs:s0 + +genfscon binder /binder u:object_r:binder_device:s0 +genfscon binder /hwbinder u:object_r:hwbinder_device:s0 +genfscon binder /vndbinder u:object_r:vndbinder_device:s0 +genfscon binder /binder_logs u:object_r:binderfs_logs:s0 +genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0 + +genfscon inotifyfs / u:object_r:inotify:s0 +genfscon vfat / u:object_r:vfat:s0 +genfscon binder / u:object_r:binderfs:s0 +genfscon exfat / u:object_r:exfat:s0 +genfscon debugfs / u:object_r:debugfs:s0 +genfscon fuse / u:object_r:fuse:s0 +genfscon configfs / u:object_r:configfs:s0 +genfscon sdcardfs / u:object_r:sdcardfs:s0 +genfscon esdfs / u:object_r:sdcardfs:s0 +genfscon pstore / u:object_r:pstorefs:s0 +genfscon functionfs / u:object_r:functionfs:s0 +genfscon usbfs / u:object_r:usbfs:s0 +genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0 +genfscon bpf / u:object_r:fs_bpf:s0 diff --git a/prebuilts/api/30.0/private/gmscore_app.te b/prebuilts/api/30.0/private/gmscore_app.te new file mode 100644 index 000000000..235532676 --- /dev/null +++ b/prebuilts/api/30.0/private/gmscore_app.te @@ -0,0 +1,129 @@ +### +### A domain for further sandboxing the PrebuiltGMSCore app. +### +typeattribute gmscore_app coredomain; + +app_domain(gmscore_app) + +allow gmscore_app sysfs_type:dir search; +# Read access to /sys/class/net/wlan*/address +r_dir_file(gmscore_app, sysfs_net) +# Read access to /sys/block/zram*/mm_stat +r_dir_file(gmscore_app, sysfs_zram) + +r_dir_file(gmscore_app, rootfs) + +# Allow GMS core to open kernel config for OTA matching through libvintf +allow gmscore_app config_gz:file { open read getattr }; + +# Allow GMS core to communicate with update_engine for A/B update. +binder_call(gmscore_app, update_engine) +allow gmscore_app update_engine_service:service_manager find; + +# Allow GMS core to communicate with dumpsys storaged. +binder_call(gmscore_app, storaged) +allow gmscore_app storaged_service:service_manager find; + +# Allow GMS core to access system_update_service (e.g. to publish pending +# system update info). +allow gmscore_app system_update_service:service_manager find; + +# Allow GMS core to communicate with statsd. +binder_call(gmscore_app, statsd) + +# Allow GMS core to generate unique hardware IDs +allow gmscore_app keystore:keystore_key gen_unique_id; + +# Allow GMS core to access /sys/fs/selinux/policyvers for compatibility check +allow gmscore_app selinuxfs:file r_file_perms; + +# suppress denials for non-API accesses. +dontaudit gmscore_app exec_type:file r_file_perms; +dontaudit gmscore_app device:dir r_dir_perms; +dontaudit gmscore_app fs_bpf:dir r_dir_perms; +dontaudit gmscore_app net_dns_prop:file r_file_perms; +dontaudit gmscore_app proc:file r_file_perms; +dontaudit gmscore_app proc_interrupts:file r_file_perms; +dontaudit gmscore_app proc_modules:file r_file_perms; +dontaudit gmscore_app proc_net:file r_file_perms; +dontaudit gmscore_app proc_stat:file r_file_perms; +dontaudit gmscore_app proc_version:file r_file_perms; +dontaudit gmscore_app sysfs:dir r_dir_perms; +dontaudit gmscore_app sysfs:file r_file_perms; +dontaudit gmscore_app sysfs_android_usb:file r_file_perms; +dontaudit gmscore_app sysfs_dm:file r_file_perms; +dontaudit gmscore_app sysfs_loop:file r_file_perms; +dontaudit gmscore_app wifi_prop:file r_file_perms; +dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms; +dontaudit gmscore_app mirror_data_file:dir search; +dontaudit gmscore_app mnt_vendor_file:dir search; + +# Access the network +net_domain(gmscore_app) + +# webview crash handling depends on self ptrace (b/27697529, b/20150694, b/19277529#comment7) +allow gmscore_app self:process ptrace; + +# Allow loading executable code from writable priv-app home +# directories. This is a W^X violation, however, it needs +# to be supported for now for the following reasons. +# * /data/user_*/0/*/code_cache/* POSSIBLE uses (b/117841367) +# 1) com.android.opengl.shaders_cache +# 2) com.android.skia.shaders_cache +# 3) com.android.renderscript.cache +# * /data/user_de/0/com.google.android.gms/app_chimera +# TODO: Tighten (b/112357170) +allow gmscore_app privapp_data_file:file execute; + +allow gmscore_app privapp_data_file:lnk_file create_file_perms; + +# /proc access +allow gmscore_app proc_vmstat:file r_file_perms; + +# Allow interaction with gpuservice +binder_call(gmscore_app, gpuservice) +allow gmscore_app gpu_service:service_manager find; + +# find services that expose both @SystemAPI and normal APIs. +allow gmscore_app app_api_service:service_manager find; +allow gmscore_app system_api_service:service_manager find; +allow gmscore_app audioserver_service:service_manager find; +allow gmscore_app cameraserver_service:service_manager find; +allow gmscore_app drmserver_service:service_manager find; +allow gmscore_app mediadrmserver_service:service_manager find; +allow gmscore_app mediaextractor_service:service_manager find; +allow gmscore_app mediametrics_service:service_manager find; +allow gmscore_app mediaserver_service:service_manager find; +allow gmscore_app network_watchlist_service:service_manager find; +allow gmscore_app nfc_service:service_manager find; +allow gmscore_app oem_lock_service:service_manager find; +allow gmscore_app persistent_data_block_service:service_manager find; +allow gmscore_app radio_service:service_manager find; +allow gmscore_app recovery_service:service_manager find; +allow gmscore_app stats_service:service_manager find; + +# Used by Finsky / Android "Verify Apps" functionality when +# running "adb install foo.apk". +allow gmscore_app shell_data_file:file r_file_perms; +allow gmscore_app shell_data_file:dir r_dir_perms; + +# Write to /cache. +allow gmscore_app { cache_file cache_recovery_file }:dir create_dir_perms; +allow gmscore_app { cache_file cache_recovery_file }:file create_file_perms; +# /cache is a symlink to /data/cache on some devices. Allow reading the link. +allow gmscore_app cache_file:lnk_file r_file_perms; + +# Write to /data/ota_package for OTA packages. +allow gmscore_app ota_package_file:dir rw_dir_perms; +allow gmscore_app ota_package_file:file create_file_perms; + +# Used by Finsky / Android "Verify Apps" functionality when +# running "adb install foo.apk". +allow gmscore_app shell_data_file:file r_file_perms; +allow gmscore_app shell_data_file:dir r_dir_perms; + +# b/18504118: Allow reads from /data/anr/traces.txt +allow gmscore_app anr_data_file:file r_file_perms; + +# b/148974132: com.android.vending needs this +allow gmscore_app priv_app:tcp_socket { read write }; diff --git a/prebuilts/api/30.0/private/gpuservice.te b/prebuilts/api/30.0/private/gpuservice.te new file mode 100644 index 000000000..a4d84ea9d --- /dev/null +++ b/prebuilts/api/30.0/private/gpuservice.te @@ -0,0 +1,48 @@ +# gpuservice - server for gpu stats and other gpu related services +typeattribute gpuservice coredomain; +type gpuservice_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(gpuservice) + +binder_call(gpuservice, adbd) +binder_call(gpuservice, shell) +binder_call(gpuservice, system_server) +binder_use(gpuservice) + +# Access the GPU. +allow gpuservice gpu_device:chr_file rw_file_perms; + +# GPU service will need to load GPU driver, for example Vulkan driver in order +# to get the capability of the driver. +allow gpuservice same_process_hal_file:file { open read getattr execute map }; +allow gpuservice ion_device:chr_file r_file_perms; +get_prop(gpuservice, hwservicemanager_prop) +hwbinder_use(gpuservice) + +# Access /dev/graphics/fb0. +allow gpuservice graphics_device:dir search; +allow gpuservice graphics_device:chr_file rw_file_perms; + +# Needed for dumpsys pipes. +allow gpuservice shell:fifo_file write; + +# Use socket supplied by adbd, for cmd gpu vkjson etc. +allow gpuservice adbd:unix_stream_socket { read write getattr }; + +# Needed for interactive shell +allow gpuservice devpts:chr_file { read write getattr }; + +# Needed for dumpstate to dumpsys gpu. +allow gpuservice dumpstate:fd use; +allow gpuservice dumpstate:fifo_file write; + +# Needed for stats callback registration to statsd. +allow gpuservice stats_service:service_manager find; +allow gpuservice statsmanager_service:service_manager find; +# TODO(b/146461633): remove this once native pullers talk to StatsManagerService +binder_call(gpuservice, statsd); + +add_service(gpuservice, gpu_service) + +# Only uncomment below line when in development +# userdebug_or_eng(`permissive gpuservice;') diff --git a/prebuilts/api/30.0/private/gsid.te b/prebuilts/api/30.0/private/gsid.te new file mode 100644 index 000000000..3ff9d678d --- /dev/null +++ b/prebuilts/api/30.0/private/gsid.te @@ -0,0 +1,180 @@ +# gsid - Manager for GSI Installation + +type gsid, domain; +type gsid_exec, exec_type, file_type, system_file_type; +typeattribute gsid coredomain; + +init_daemon_domain(gsid) + +binder_use(gsid) +binder_service(gsid) +add_service(gsid, gsi_service) +set_prop(gsid, gsid_prop) + +# Needed to create/delete device-mapper nodes, and read/write to them. +allow gsid dm_device:chr_file rw_file_perms; +allow gsid dm_device:blk_file rw_file_perms; +allow gsid self:global_capability_class_set sys_admin; +dontaudit gsid self:global_capability_class_set dac_override; + +# On FBE devices (not using dm-default-key), gsid will use loop devices to map +# images rather than device-mapper. +allow gsid loop_control_device:chr_file rw_file_perms; +allow gsid loop_device:blk_file rw_file_perms; +allowxperm gsid loop_device:blk_file ioctl { + LOOP_GET_STATUS64 + LOOP_SET_STATUS64 + LOOP_SET_FD + LOOP_SET_BLOCK_SIZE + LOOP_SET_DIRECT_IO + LOOP_CLR_FD + BLKFLSBUF +}; + +# libfiemap_writer uses sysfs to derive the bottom of a device-mapper stacking. +# This requires traversing /sys/block/dm-N/slaves/* and reading the list of +# file names. +r_dir_file(gsid, sysfs_dm) + +# libfiemap_writer needs to read /sys/fs/f2fs//features to determine +# whether pin_file support is enabled. +r_dir_file(gsid, sysfs_fs_f2fs) + +# Needed to read fstab, which is used to validate that system verity does not +# use check_once_at_most for sdcard installs. (Note: proc_cmdline is needed +# to get the A/B slot suffix). +allow gsid proc_cmdline:file r_file_perms; +allow gsid sysfs_dt_firmware_android:dir r_dir_perms; +allow gsid sysfs_dt_firmware_android:file r_file_perms; + +# Needed to stat /data/gsi/* and realpath on /dev/block/by-name/* +allow gsid block_device:dir r_dir_perms; + +# liblp queries these block alignment properties. +allowxperm gsid { userdata_block_device sdcard_block_device }:blk_file ioctl { + BLKIOMIN + BLKALIGNOFF +}; + +# When installing images to an sdcard, gsid needs to be able to stat() the +# block device. gsid also calls realpath() to remove symlinks. +allow gsid mnt_media_rw_file:dir r_dir_perms; + +# When installing images to an sdcard, gsid must bypass sdcardfs and install +# directly to vfat, which supports the FIBMAP ioctl. +allow gsid vfat:dir rw_dir_perms; +allow gsid vfat:file create_file_perms; +allow gsid sdcard_block_device:blk_file r_file_perms; +# This is needed for FIBMAP unfortunately. Oddly FIEMAP does not carry this +# requirement, but the kernel does not implement FIEMAP support for VFAT. +allow gsid self:global_capability_class_set sys_rawio; + +# gsi_tool passes the system image over the adb connection, via stdin. +allow gsid adbd:fd use; +# Needed when running gsi_tool through "su root" rather than adb root. +allow gsid adbd:unix_stream_socket rw_socket_perms; + +neverallow { + domain + -gsid + -init + -update_engine_common + -recovery + -fastbootd +} gsid_prop:property_service set; + +# gsid needs to store images on /data, but cannot use file I/O. If it did, the +# underlying blocks would be encrypted, and we couldn't mount the GSI image in +# first-stage init. So instead of directly writing to /data, we: +# +# 1. fallocate a file large enough to hold the signed GSI +# 2. extract its block layout with FIEMAP +# 3. create a dm-linear device using the FIEMAP, targeting /dev/block/by-name/userdata +# 4. write system_gsi into that dm device +# +# To make this process work, we need to unwrap the device-mapper stacking for +# userdata to reach the underlying block device. To verify the result we use +# stat(), which requires read access. +allow gsid userdata_block_device:blk_file r_file_perms; + +# gsid uses /metadata/gsi to communicate GSI boot information to first-stage +# init. It cannot use userdata since data cannot be decrypted during this +# stage. +# +# gsid uses /metadata/gsi to store three files: +# install_status - A short string indicating whether a GSI image is bootable. +# lp_metadata - LpMetadata blob describing the block ranges on userdata +# where system_gsi resides. +# booted - An empty file that, if exists, indicates that a GSI is +# currently running. +# +allow gsid metadata_file:dir { search getattr }; +allow gsid { + gsi_metadata_file +}:dir create_dir_perms; + +allow gsid { + ota_metadata_file +}:dir rw_dir_perms; + +allow gsid { + gsi_metadata_file + ota_metadata_file +}:file create_file_perms; + +allow gsid { + gsi_data_file + ota_image_data_file +}:dir rw_dir_perms; +allow gsid { + gsi_data_file + ota_image_data_file +}:file create_file_perms; +allowxperm gsid { + gsi_data_file + ota_image_data_file +}:file ioctl FS_IOC_FIEMAP; + +allow gsid system_server:binder call; + +neverallow { + domain + -init + -gsid + -fastbootd + -recovery + -vold +} gsi_metadata_file:dir *; + +neverallow { + domain + -init + -gsid + -fastbootd + -vold +} gsi_metadata_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { + domain + -init + -gsid + -fastbootd + -vold +} { gsi_data_file gsi_metadata_file }:notdevfile_class_set *; + +neverallow { + domain + -gsid + -init +} gsi_data_file:dir ~{ open create read getattr setattr search relabelto ioctl }; + +neverallow { + domain + -init + -gsid +} gsi_data_file:dir *; + +neverallow { + domain + -gsid +} gsi_data_file:notdevfile_class_set ~{ relabelto getattr }; diff --git a/prebuilts/api/30.0/private/hal_allocator_default.te b/prebuilts/api/30.0/private/hal_allocator_default.te new file mode 100644 index 000000000..7aa28aa29 --- /dev/null +++ b/prebuilts/api/30.0/private/hal_allocator_default.te @@ -0,0 +1,5 @@ +type hal_allocator_default, domain, coredomain; +hal_server_domain(hal_allocator_default, hal_allocator) + +type hal_allocator_default_exec, system_file_type, exec_type, file_type; +init_daemon_domain(hal_allocator_default) diff --git a/prebuilts/api/30.0/private/hal_lazy_test.te b/prebuilts/api/30.0/private/hal_lazy_test.te new file mode 100644 index 000000000..93cf2350b --- /dev/null +++ b/prebuilts/api/30.0/private/hal_lazy_test.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` + hal_attribute_hwservice(hal_lazy_test, hal_lazy_test_hwservice) +') diff --git a/prebuilts/api/30.0/private/halclientdomain.te b/prebuilts/api/30.0/private/halclientdomain.te new file mode 100644 index 000000000..9dcd3ee38 --- /dev/null +++ b/prebuilts/api/30.0/private/halclientdomain.te @@ -0,0 +1,13 @@ +### +### Rules for all domains which are clients of a HAL +### + +# Find out whether a HAL in passthrough/in-process mode or +# binderized/out-of-process mode +hwbinder_use(halclientdomain) + +# Used to wait for hwservicemanager +get_prop(halclientdomain, hwservicemanager_prop) + +# Wait for HAL server to be up (used by getService) +allow halclientdomain hidl_manager_hwservice:hwservice_manager find; diff --git a/prebuilts/api/30.0/private/halserverdomain.te b/prebuilts/api/30.0/private/halserverdomain.te new file mode 100644 index 000000000..f36e0e7d8 --- /dev/null +++ b/prebuilts/api/30.0/private/halserverdomain.te @@ -0,0 +1,12 @@ +### +### Rules for all domains which offer a HAL service over HwBinder +### + +# Register the HAL service with hwservicemanager +hwbinder_use(halserverdomain) + +# Find HAL implementations +allow halserverdomain system_file:dir r_dir_perms; + +# Used to wait for hwservicemanager +get_prop(halserverdomain, hwservicemanager_prop) diff --git a/prebuilts/api/30.0/private/healthd.te b/prebuilts/api/30.0/private/healthd.te new file mode 100644 index 000000000..20d079173 --- /dev/null +++ b/prebuilts/api/30.0/private/healthd.te @@ -0,0 +1,6 @@ +typeattribute healthd coredomain; + +init_daemon_domain(healthd) + +# Allow healthd to serve health HAL +hal_server_domain(healthd, hal_health) diff --git a/prebuilts/api/30.0/private/heapprofd.te b/prebuilts/api/30.0/private/heapprofd.te new file mode 100644 index 000000000..ec3e4d067 --- /dev/null +++ b/prebuilts/api/30.0/private/heapprofd.te @@ -0,0 +1,76 @@ +# Android heap profiling daemon. go/heapprofd. +# +# On user builds, this daemon is responsible for receiving the initial +# profiling configuration, finding matching target processes (if profiling by +# process name), and sending the activation signal to them (+ setting system +# properties for new processes to start profiling from startup). When profiling +# is triggered in a process, it spawns a private heapprofd subprocess (in its +# own SELinux domain), which will exclusively handle profiling of its parent. +# +# On debug builds, this central daemon performs profiling for all target +# processes (which talk directly to this daemon). +type heapprofd_exec, exec_type, file_type, system_file_type; +type heapprofd_tmpfs, file_type; + +init_daemon_domain(heapprofd) +tmpfs_domain(heapprofd) + +# Allow apps in other MLS contexts (for multi-user) to access +# shared memory buffers created by heapprofd. +typeattribute heapprofd_tmpfs mlstrustedobject; + +set_prop(heapprofd, heapprofd_prop); + +# Necessary for /proc/[pid]/cmdline access & sending signals. +typeattribute heapprofd mlstrustedsubject; + +# Allow sending signals to processes. This excludes SIGKILL, SIGSTOP and +# SIGCHLD, which are controlled by separate permissions. +allow heapprofd self:capability kill; + +# When scanning /proc/[pid]/cmdline to find matching processes for by-name +# profiling, only whitelisted domains will be allowed by SELinux. Avoid +# spamming logs with denials for entries that we can not access. +dontaudit heapprofd domain:dir { search open }; + +# Write trace data to the Perfetto traced daemon. This requires connecting to +# its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(heapprofd) + +# When handling profiling for all processes, heapprofd needs to read +# executables/libraries/etc to do stack unwinding. +userdebug_or_eng(` + r_dir_file(heapprofd, nativetest_data_file) + r_dir_file(heapprofd, system_file_type) + r_dir_file(heapprofd, apk_data_file) + r_dir_file(heapprofd, dalvikcache_data_file) + r_dir_file(heapprofd, vendor_file_type) + # Some dex files are not world-readable. + # We are still constrained by the SELinux rules above. + allow heapprofd self:global_capability_class_set dac_read_search; + + allow heapprofd proc_kpageflags:file r_file_perms; +') + +# This is going to happen on user but is benign because central heapprofd +# does not actually need these permission. +# If the dac_read_search capability check is rejected, the kernel then tries +# to perform a dac_override capability check, so we need to dontaudit that +# as well. +dontaudit heapprofd self:global_capability_class_set { dac_read_search dac_override }; + +never_profile_heap(`{ + bpfloader + init + kernel + keystore + llkd + logd + ueventd + vendor_init + vold +}') + +full_treble_only(` + neverallow heapprofd vendor_file:file { no_w_file_perms no_x_file_perms }; +') diff --git a/prebuilts/api/30.0/private/hidl_lazy_test_server.te b/prebuilts/api/30.0/private/hidl_lazy_test_server.te new file mode 100644 index 000000000..04e8c9fbe --- /dev/null +++ b/prebuilts/api/30.0/private/hidl_lazy_test_server.te @@ -0,0 +1,8 @@ +type hidl_lazy_test_server, domain; +type hidl_lazy_test_server_exec, exec_type, file_type, system_file_type; + +userdebug_or_eng(` + typeattribute hidl_lazy_test_server coredomain; + init_daemon_domain(hidl_lazy_test_server) + hal_server_domain(hidl_lazy_test_server, hal_lazy_test) +') diff --git a/prebuilts/api/30.0/private/hwservice.te b/prebuilts/api/30.0/private/hwservice.te new file mode 100644 index 000000000..b7ba4d7bf --- /dev/null +++ b/prebuilts/api/30.0/private/hwservice.te @@ -0,0 +1 @@ +type hal_lazy_test_hwservice, hwservice_manager_type, protected_hwservice; diff --git a/prebuilts/api/30.0/private/hwservice_contexts b/prebuilts/api/30.0/private/hwservice_contexts new file mode 100644 index 000000000..c45b0efdb --- /dev/null +++ b/prebuilts/api/30.0/private/hwservice_contexts @@ -0,0 +1,86 @@ +android.frameworks.automotive.display::IAutomotiveDisplayProxyService u:object_r:fwk_automotive_display_hwservice:s0 +android.frameworks.bufferhub::IBufferHub u:object_r:fwk_bufferhub_hwservice:s0 +android.frameworks.cameraservice.service::ICameraService u:object_r:fwk_camera_hwservice:s0 +android.frameworks.displayservice::IDisplayService u:object_r:fwk_display_hwservice:s0 +android.frameworks.schedulerservice::ISchedulingPolicyService u:object_r:fwk_scheduler_hwservice:s0 +android.frameworks.sensorservice::ISensorManager u:object_r:fwk_sensor_hwservice:s0 +android.frameworks.stats::IStats u:object_r:fwk_stats_hwservice:s0 +android.hardware.atrace::IAtraceDevice u:object_r:hal_atrace_hwservice:s0 +android.hardware.audio.effect::IEffectsFactory u:object_r:hal_audio_hwservice:s0 +android.hardware.audio::IDevicesFactory u:object_r:hal_audio_hwservice:s0 +android.hardware.authsecret::IAuthSecret u:object_r:hal_authsecret_hwservice:s0 +android.hardware.automotive.audiocontrol::IAudioControl u:object_r:hal_audiocontrol_hwservice:s0 +android.hardware.automotive.can::ICanController u:object_r:hal_can_controller_hwservice:s0 +android.hardware.automotive.can::ICanBus u:object_r:hal_can_bus_hwservice:s0 +android.hardware.automotive.evs::IEvsEnumerator u:object_r:hal_evs_hwservice:s0 +android.hardware.automotive.vehicle::IVehicle u:object_r:hal_vehicle_hwservice:s0 +android.hardware.biometrics.face::IBiometricsFace u:object_r:hal_face_hwservice:s0 +android.hardware.biometrics.fingerprint::IBiometricsFingerprint u:object_r:hal_fingerprint_hwservice:s0 +android.hardware.bluetooth::IBluetoothHci u:object_r:hal_bluetooth_hwservice:s0 +android.hardware.bluetooth.a2dp::IBluetoothAudioOffload u:object_r:hal_audio_hwservice:s0 +android.hardware.bluetooth.audio::IBluetoothAudioProvidersFactory u:object_r:hal_audio_hwservice:s0 +android.hardware.boot::IBootControl u:object_r:hal_bootctl_hwservice:s0 +android.hardware.broadcastradio::IBroadcastRadio u:object_r:hal_broadcastradio_hwservice:s0 +android.hardware.broadcastradio::IBroadcastRadioFactory u:object_r:hal_broadcastradio_hwservice:s0 +android.hardware.camera.provider::ICameraProvider u:object_r:hal_camera_hwservice:s0 +android.hardware.configstore::ISurfaceFlingerConfigs u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0 +android.hardware.confirmationui::IConfirmationUI u:object_r:hal_confirmationui_hwservice:s0 +android.hardware.contexthub::IContexthub u:object_r:hal_contexthub_hwservice:s0 +android.hardware.cas::IMediaCasService u:object_r:hal_cas_hwservice:s0 +android.hardware.drm::ICryptoFactory u:object_r:hal_drm_hwservice:s0 +android.hardware.drm::IDrmFactory u:object_r:hal_drm_hwservice:s0 +android.hardware.dumpstate::IDumpstateDevice u:object_r:hal_dumpstate_hwservice:s0 +android.hardware.gatekeeper::IGatekeeper u:object_r:hal_gatekeeper_hwservice:s0 +android.hardware.gnss::IGnss u:object_r:hal_gnss_hwservice:s0 +android.hardware.graphics.allocator::IAllocator u:object_r:hal_graphics_allocator_hwservice:s0 +android.hardware.graphics.composer::IComposer u:object_r:hal_graphics_composer_hwservice:s0 +android.hardware.graphics.mapper::IMapper u:object_r:hal_graphics_mapper_hwservice:s0 +android.hardware.health::IHealth u:object_r:hal_health_hwservice:s0 +android.hardware.health.storage::IStorage u:object_r:hal_health_storage_hwservice:s0 +android.hardware.input.classifier::IInputClassifier u:object_r:hal_input_classifier_hwservice:s0 +android.hardware.ir::IConsumerIr u:object_r:hal_ir_hwservice:s0 +android.hardware.keymaster::IKeymasterDevice u:object_r:hal_keymaster_hwservice:s0 +android.hardware.tests.lazy::ILazy u:object_r:hal_lazy_test_hwservice:s0 +android.hardware.light::ILight u:object_r:hal_light_hwservice:s0 +android.hardware.lowpan::ILowpanDevice u:object_r:hal_lowpan_hwservice:s0 +android.hardware.media.omx::IOmx u:object_r:hal_omx_hwservice:s0 +android.hardware.media.omx::IOmxStore u:object_r:hal_omx_hwservice:s0 +android.hardware.media.c2::IComponentStore u:object_r:hal_codec2_hwservice:s0 +android.hardware.memtrack::IMemtrack u:object_r:hal_memtrack_hwservice:s0 +android.hardware.neuralnetworks::IDevice u:object_r:hal_neuralnetworks_hwservice:s0 +android.hardware.nfc::INfc u:object_r:hal_nfc_hwservice:s0 +android.hardware.oemlock::IOemLock u:object_r:hal_oemlock_hwservice:s0 +android.hardware.power::IPower u:object_r:hal_power_hwservice:s0 +android.hardware.power.stats::IPowerStats u:object_r:hal_power_stats_hwservice:s0 +android.hardware.radio.config::IRadioConfig u:object_r:hal_telephony_hwservice:s0 +android.hardware.radio.deprecated::IOemHook u:object_r:hal_telephony_hwservice:s0 +android.hardware.radio::IRadio u:object_r:hal_telephony_hwservice:s0 +android.hardware.radio::ISap u:object_r:hal_telephony_hwservice:s0 +android.hardware.renderscript::IDevice u:object_r:hal_renderscript_hwservice:s0 +android.hardware.secure_element::ISecureElement u:object_r:hal_secure_element_hwservice:s0 +android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0 +android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0 +android.hardware.tetheroffload.config::IOffloadConfig u:object_r:hal_tetheroffload_hwservice:s0 +android.hardware.tetheroffload.control::IOffloadControl u:object_r:hal_tetheroffload_hwservice:s0 +android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0 +android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0 +android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0 +android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0 +android.hardware.tv.tuner::ITuner u:object_r:hal_tv_tuner_hwservice:s0 +android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0 +android.hardware.usb.gadget::IUsbGadget u:object_r:hal_usb_gadget_hwservice:s0 +android.hardware.vibrator::IVibrator u:object_r:hal_vibrator_hwservice:s0 +android.hardware.vr::IVr u:object_r:hal_vr_hwservice:s0 +android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0 +android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0 +android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0 +android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0 +android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0 +android.hidl.base::IBase u:object_r:hidl_base_hwservice:s0 +android.hidl.manager::IServiceManager u:object_r:hidl_manager_hwservice:s0 +android.hidl.memory::IMapper u:object_r:hidl_memory_hwservice:s0 +android.hidl.token::ITokenManager u:object_r:hidl_token_hwservice:s0 +android.system.net.netd::INetd u:object_r:system_net_netd_hwservice:s0 +android.system.suspend::ISystemSuspend u:object_r:system_suspend_hwservice:s0 +android.system.wifi.keystore::IKeystore u:object_r:system_wifi_keystore_hwservice:s0 +* u:object_r:default_android_hwservice:s0 diff --git a/prebuilts/api/30.0/private/hwservicemanager.te b/prebuilts/api/30.0/private/hwservicemanager.te new file mode 100644 index 000000000..0705cc711 --- /dev/null +++ b/prebuilts/api/30.0/private/hwservicemanager.te @@ -0,0 +1,8 @@ +typeattribute hwservicemanager coredomain; + +init_daemon_domain(hwservicemanager) + +add_hwservice(hwservicemanager, hidl_manager_hwservice) +add_hwservice(hwservicemanager, hidl_token_hwservice) + +set_prop(hwservicemanager, ctl_interface_start_prop) diff --git a/prebuilts/api/30.0/private/idmap.te b/prebuilts/api/30.0/private/idmap.te new file mode 100644 index 000000000..c982783b9 --- /dev/null +++ b/prebuilts/api/30.0/private/idmap.te @@ -0,0 +1,3 @@ +typeattribute idmap coredomain; + +init_daemon_domain(idmap) diff --git a/prebuilts/api/30.0/private/incident.te b/prebuilts/api/30.0/private/incident.te new file mode 100644 index 000000000..db9ae8638 --- /dev/null +++ b/prebuilts/api/30.0/private/incident.te @@ -0,0 +1,37 @@ +typeattribute incident coredomain; + +type incident_exec, system_file_type, exec_type, file_type; + +# switch to incident domain for incident command +domain_auto_trans(shell, incident_exec, incident) +domain_auto_trans(dumpstate, incident_exec, incident) + +# allow incident access to stdout from its parent shell. +allow incident shell:fd use; + +# allow incident to communicate with dumpstate, and write incident report to +# /data/data/com.android.shell/files/bugreports/tmp_incident_report +allow incident dumpstate:fd use; +allow incident dumpstate:unix_stream_socket { read write }; +allow incident shell_data_file:file write; + +# allow incident be able to output data for CTS to fetch. +allow incident devpts:chr_file { read write }; + +# allow incident to communicate use, read and write over the adb +# connection. +allow incident adbd:fd use; +allow incident adbd:unix_stream_socket { read write }; + +# allow adbd to reap incident +allow incident adbd:process { sigchld }; + +# Allow the incident command to talk to the incidentd over the binder, and get +# back the incident report data from a ParcelFileDescriptor. +binder_use(incident) +allow incident incident_service:service_manager find; +binder_call(incident, incidentd) +allow incident incidentd:fifo_file write; + +# only allow incident being called by shell or dumpstate +neverallow { domain -su -shell -incident -dumpstate} incident_exec:file { execute execute_no_trans }; diff --git a/prebuilts/api/30.0/private/incident_helper.te b/prebuilts/api/30.0/private/incident_helper.te new file mode 100644 index 000000000..b45385568 --- /dev/null +++ b/prebuilts/api/30.0/private/incident_helper.te @@ -0,0 +1,14 @@ +typeattribute incident_helper coredomain; + +type incident_helper_exec, system_file_type, exec_type, file_type; + +# switch to incident_helper domain for incident_helper command +domain_auto_trans(incidentd, incident_helper_exec, incident_helper) + +# use pipe to transmit data from/to incidentd/incident_helper for parsing +allow incident_helper { shell incident incidentd dumpstate }:fd use; +allow incident_helper { shell incident incidentd dumpstate }:fifo_file { getattr read write }; +allow incident_helper incidentd:unix_stream_socket { read write }; + +# only allow incidentd and shell to call incident_helper +neverallow { domain -incidentd -incident_helper -shell } incident_helper_exec:file { execute execute_no_trans }; diff --git a/prebuilts/api/30.0/private/incidentd.te b/prebuilts/api/30.0/private/incidentd.te new file mode 100644 index 000000000..405684ae6 --- /dev/null +++ b/prebuilts/api/30.0/private/incidentd.te @@ -0,0 +1,214 @@ +typeattribute incidentd coredomain; +typeattribute incidentd mlstrustedsubject; + +init_daemon_domain(incidentd) +type incidentd_exec, system_file_type, exec_type, file_type; +binder_use(incidentd) +wakelock_use(incidentd) + +# Allow incidentd to scan through /proc/pid for all processes +r_dir_file(incidentd, domain) + +# Allow incidentd to kill incident_helper when timeout +allow incidentd incident_helper:process sigkill; + +# Allow executing files on system, such as: +# /system/bin/toolbox +# /system/bin/logcat +# /system/bin/dumpsys +allow incidentd system_file:file execute_no_trans; +allow incidentd toolbox_exec:file rx_file_perms; + +# section id 1002, allow reading kernel version /proc/version +allow incidentd proc_version:file r_file_perms; + +# section id 2001, allow reading /proc/pagetypeinfo +allow incidentd proc_pagetypeinfo:file r_file_perms; + +# section id 2002, allow reading /d/wakeup_sources +allow incidentd debugfs_wakeup_sources:file r_file_perms; + +# section id 2003, allow executing top +allow incidentd proc_meminfo:file { open read }; + +# section id 2004, allow reading /sys/devices/system/cpu/cpufreq/all_time_in_state +allow incidentd sysfs_devices_system_cpu:file r_file_perms; + +# section id 2005, allow reading ps dump in full +allow incidentd domain:process getattr; + +# section id 2006, allow reading /sys/class/power_supply/bms/battery_type +allow incidentd sysfs_batteryinfo:dir { search }; +allow incidentd sysfs_batteryinfo:file r_file_perms; + +# section id 2007, allow reading LAST_KMSG /sys/fs/pstore/console-ramoops +userdebug_or_eng(`allow incidentd pstorefs:dir search'); +userdebug_or_eng(`allow incidentd pstorefs:file r_file_perms'); + +# section id 3023, allow obtaining stats report +allow incidentd stats_service:service_manager find; +binder_call(incidentd, statsd) + +# section id 3026, allow reading /data/misc/perfetto-traces. +allow incidentd perfetto_traces_data_file:dir r_dir_perms; +allow incidentd perfetto_traces_data_file:file r_file_perms; + +# Create and write into /data/misc/incidents +allow incidentd incident_data_file:dir rw_dir_perms; +allow incidentd incident_data_file:file create_file_perms; + +# Enable incidentd to get stack traces. +binder_use(incidentd) +hwbinder_use(incidentd) +allow incidentd hwservicemanager:hwservice_manager { list }; +get_prop(incidentd, hwservicemanager_prop) +allow incidentd hidl_manager_hwservice:hwservice_manager { find }; + +# Read files in /proc +allow incidentd { + proc_cmdline + proc_pipe_conf + proc_stat +}:file r_file_perms; + +# Signal java processes to dump their stack and get the results +allow incidentd { appdomain ephemeral_app system_server }:process signal; + +# Signal native processes to dump their stack. +# This list comes from native_processes_to_dump in incidentd/utils.c +allow incidentd { + # This list comes from native_processes_to_dump in dumputils/dump_utils.cpp + audioserver + cameraserver + drmserver + inputflinger + mediadrmserver + mediaextractor + mediametrics + mediaserver + sdcardd + statsd + surfaceflinger + + # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.cpp + hal_audio_server + hal_bluetooth_server + hal_camera_server + hal_codec2_server + hal_face_server + hal_graphics_allocator_server + hal_graphics_composer_server + hal_health_server + hal_omx_server + hal_sensors_server + hal_vr_server +}:process signal; + +# Allow incidentd to make binder calls to any binder service +binder_call(incidentd, system_server) +binder_call(incidentd, appdomain) + +# Reading /proc/PID/maps of other processes +userdebug_or_eng(`allow incidentd self:global_capability_class_set { sys_ptrace }'); +# incidentd has capability sys_ptrace, but should only use that capability for +# accessing sensitive /proc/PID files, never for using ptrace attach. +neverallow incidentd *:process ptrace; + +allow incidentd self:global_capability_class_set { + # Send signals to processes + kill +}; + +# Connect to tombstoned to intercept dumps. +unix_socket_connect(incidentd, tombstoned_intercept, tombstoned) + +# Run a shell. +allow incidentd shell_exec:file rx_file_perms; + +# For running am, incident-helper-cmd and similar framework commands. +# Run /system/bin/app_process. +allow incidentd zygote_exec:file { rx_file_perms }; +# Access the runtime feature flag properties. +get_prop(incidentd, device_config_runtime_native_prop) +get_prop(incidentd, device_config_runtime_native_boot_prop) +# ART locks profile files. +allow incidentd system_file:file lock; +# Incidentd should never exec from the memory (e.g. JIT cache). These denials are expected. +dontaudit incidentd dalvikcache_data_file:dir r_dir_perms; +dontaudit incidentd tmpfs:file rwx_file_perms; + +# logd access - work to be done is a PII safe log (possibly an event log?) +userdebug_or_eng(`read_logd(incidentd)') +# TODO control_logd(incidentd) + +# Access /data/misc/logd +r_dir_file(incidentd, misc_logd_file) + +# Allow incidentd to find these standard groups of services. +# Others can be whitelisted individually. +allow incidentd { + system_server_service + app_api_service + system_api_service +}:service_manager find; + +# Only incidentd can publish the binder service +add_service(incidentd, incident_service) + +# Allow pipes only from dumpstate and incident +allow incidentd { dumpstate incident }:fd use; +allow incidentd { dumpstate incident }:fifo_file write; + +# Allow incident to call back to incident with status updates. +binder_call(incidentd, incident) + +# Read device serial number from system properties +# This is used to track reports from lab testing devices +userdebug_or_eng(` + get_prop(incidentd, serialno_prop) +') + +# Read ro.boot.bootreason, persist.sys.boot.bootreason +# This is used to track reports from lab testing devices +userdebug_or_eng(` + get_prop(incidentd, bootloader_boot_reason_prop); + get_prop(incidentd, system_boot_reason_prop); + get_prop(incidentd, last_boot_reason_prop); +') + +### +### neverallow rules +### + +# only specific domains can find the incident service +neverallow { + domain + -dumpstate + -incident + -incidentd + -perfetto + -permissioncontroller_app + -priv_app + -statsd + -system_app + -system_server +} incident_service:service_manager find; + +# only incidentd and the other root services in limited circumstances +# can get to the files in /data/misc/incidents +# +# write, execute, append are forbidden almost everywhere +neverallow { domain -incidentd -init -vold } incident_data_file:file { + w_file_perms + x_file_perms + create + rename + setattr + unlink + append +}; +# read is also allowed by system_server, for when the file is handed to dropbox +neverallow { domain -incidentd -init -vold -system_server } incident_data_file:file r_file_perms; +# limited access to the directory itself +neverallow { domain -incidentd -init -vold } incident_data_file:dir create_dir_perms; + diff --git a/prebuilts/api/30.0/private/init.te b/prebuilts/api/30.0/private/init.te new file mode 100644 index 000000000..b0e7f809a --- /dev/null +++ b/prebuilts/api/30.0/private/init.te @@ -0,0 +1,60 @@ +typeattribute init coredomain; + +tmpfs_domain(init) + +# Transitions to seclabel processes in init.rc +domain_trans(init, rootfs, healthd) +domain_trans(init, rootfs, slideshow) +domain_auto_trans(init, charger_exec, charger) +domain_auto_trans(init, e2fs_exec, e2fs) +domain_auto_trans(init, bpfloader_exec, bpfloader) + +recovery_only(` + # Files in recovery image are labeled as rootfs. + domain_trans(init, rootfs, adbd) + domain_trans(init, rootfs, charger) + domain_trans(init, rootfs, fastbootd) + domain_trans(init, rootfs, recovery) + domain_trans(init, rootfs, linkerconfig) +') +domain_trans(init, shell_exec, shell) +domain_trans(init, init_exec, ueventd) +domain_trans(init, init_exec, vendor_init) +domain_trans(init, { rootfs toolbox_exec }, modprobe) +userdebug_or_eng(` + # case where logpersistd is actually logcat -f in logd context (nee: logcatd) + domain_auto_trans(init, logcat_exec, logpersist) + + # allow init to execute services marked with seclabel u:r:su:s0 in userdebug/eng + allow init su:process transition; + dontaudit init su:process noatsecure; + allow init su:process { siginh rlimitinh }; +') + +# Allow init to figure out name of dm-device from it's /dev/block/dm-XX path. +# This is useful in case of remounting ext4 userdata into checkpointing mode, +# since it potentially requires tearing down dm-devices (e.g. dm-bow, dm-crypto) +# that userdata is mounted onto. +allow init sysfs_dm:file read; + +# Allow the BoringSSL self test to request a reboot upon failure +set_prop(init, powerctl_prop) + +# Only init is allowed to set userspace reboot related properties. +set_prop(init, userspace_reboot_exported_prop) +neverallow { domain -init } userspace_reboot_exported_prop:property_service set; + +# Second-stage init performs a test for whether the kernel has SELinux hooks +# for the perf_event_open() syscall. This is done by testing for the syscall +# outcomes corresponding to this policy. +# TODO(b/137092007): this can be removed once the platform stops supporting +# kernels that precede the perf_event_open hooks (Android common kernels 4.4 +# and 4.9). +allow init self:perf_event { open cpu }; +neverallow init self:perf_event { kernel tracepoint read write }; +dontaudit init self:perf_event { kernel tracepoint read write }; + +# Only init is allowed to set the sysprop indicating whether perf_event_open() +# SELinux hooks were detected. +set_prop(init, init_perf_lsm_hooks_prop) +neverallow { domain -init } init_perf_lsm_hooks_prop:property_service set; diff --git a/prebuilts/api/30.0/private/initial_sid_contexts b/prebuilts/api/30.0/private/initial_sid_contexts new file mode 100644 index 000000000..98190510f --- /dev/null +++ b/prebuilts/api/30.0/private/initial_sid_contexts @@ -0,0 +1,27 @@ +sid kernel u:r:kernel:s0 +sid security u:object_r:kernel:s0 +sid unlabeled u:object_r:unlabeled:s0 +sid fs u:object_r:labeledfs:s0 +sid file u:object_r:unlabeled:s0 +sid file_labels u:object_r:unlabeled:s0 +sid init u:object_r:unlabeled:s0 +sid any_socket u:object_r:unlabeled:s0 +sid port u:object_r:port:s0 +sid netif u:object_r:netif:s0 +sid netmsg u:object_r:unlabeled:s0 +sid node u:object_r:node:s0 +sid igmp_packet u:object_r:unlabeled:s0 +sid icmp_socket u:object_r:unlabeled:s0 +sid tcp_socket u:object_r:unlabeled:s0 +sid sysctl_modprobe u:object_r:unlabeled:s0 +sid sysctl u:object_r:proc:s0 +sid sysctl_fs u:object_r:unlabeled:s0 +sid sysctl_kernel u:object_r:unlabeled:s0 +sid sysctl_net u:object_r:unlabeled:s0 +sid sysctl_net_unix u:object_r:unlabeled:s0 +sid sysctl_vm u:object_r:unlabeled:s0 +sid sysctl_dev u:object_r:unlabeled:s0 +sid kmod u:object_r:unlabeled:s0 +sid policy u:object_r:unlabeled:s0 +sid scmp_packet u:object_r:unlabeled:s0 +sid devnull u:object_r:null_device:s0 diff --git a/prebuilts/api/30.0/private/initial_sids b/prebuilts/api/30.0/private/initial_sids new file mode 100644 index 000000000..91ac816ba --- /dev/null +++ b/prebuilts/api/30.0/private/initial_sids @@ -0,0 +1,35 @@ +# FLASK + +# +# Define initial security identifiers +# + +sid kernel +sid security +sid unlabeled +sid fs +sid file +sid file_labels +sid init +sid any_socket +sid port +sid netif +sid netmsg +sid node +sid igmp_packet +sid icmp_socket +sid tcp_socket +sid sysctl_modprobe +sid sysctl +sid sysctl_fs +sid sysctl_kernel +sid sysctl_net +sid sysctl_net_unix +sid sysctl_vm +sid sysctl_dev +sid kmod +sid policy +sid scmp_packet +sid devnull + +# FLASK diff --git a/prebuilts/api/30.0/private/inputflinger.te b/prebuilts/api/30.0/private/inputflinger.te new file mode 100644 index 000000000..9696b491b --- /dev/null +++ b/prebuilts/api/30.0/private/inputflinger.te @@ -0,0 +1,3 @@ +typeattribute inputflinger coredomain; + +init_daemon_domain(inputflinger) diff --git a/prebuilts/api/30.0/private/installd.te b/prebuilts/api/30.0/private/installd.te new file mode 100644 index 000000000..c89ba8bfa --- /dev/null +++ b/prebuilts/api/30.0/private/installd.te @@ -0,0 +1,45 @@ +typeattribute installd coredomain; + +init_daemon_domain(installd) + +# Run migrate_legacy_obb_data.sh in its own sandbox. +domain_auto_trans(installd, migrate_legacy_obb_data_exec, migrate_legacy_obb_data) +allow installd shell_exec:file rx_file_perms; + +# Run dex2oat in its own sandbox. +domain_auto_trans(installd, dex2oat_exec, dex2oat) + +# Run dexoptanalyzer in its own sandbox. +domain_auto_trans(installd, dexoptanalyzer_exec, dexoptanalyzer) + +# Run viewcompiler in its own sandbox. +domain_auto_trans(installd, viewcompiler_exec, viewcompiler) + +# Run profman in its own sandbox. +domain_auto_trans(installd, profman_exec, profman) + +# Run idmap in its own sandbox. +domain_auto_trans(installd, idmap_exec, idmap) + +# For collecting bugreports. +allow installd dumpstate:fd use; +allow installd dumpstate:fifo_file r_file_perms; + +# Delete /system/bin/bcc generated artifacts +allow installd app_exec_data_file:file unlink; + +# Capture userdata snapshots to /data/misc_[ce|de]/rollback and +# subsequently restore them. +allow installd rollback_data_file:dir create_dir_perms; +allow installd rollback_data_file:file create_file_perms; + +# Allow installd to access the runtime feature flag properties. +get_prop(installd, device_config_runtime_native_prop) +get_prop(installd, device_config_runtime_native_boot_prop) + +# Allow installd to access apk verity feature flag (for legacy case). +get_prop(installd, apk_verity_prop) + +# Allow installd to delete files in /data/staging +allow installd staging_data_file:file unlink; +allow installd staging_data_file:dir { open read remove_name rmdir search write }; diff --git a/prebuilts/api/30.0/private/iorap_inode2filename.te b/prebuilts/api/30.0/private/iorap_inode2filename.te new file mode 100644 index 000000000..96b7bc268 --- /dev/null +++ b/prebuilts/api/30.0/private/iorap_inode2filename.te @@ -0,0 +1,9 @@ +typeattribute iorap_inode2filename coredomain; + +# Grant access to open most of the files under / +allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search }; +allow iorap_inode2filename dalvikcache_data_file:file { getattr }; +allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read }; +allow iorap_inode2filename dexoptanalyzer_exec:file { getattr }; +allow iorap_inode2filename storaged_data_file:dir { getattr open read search }; +allow iorap_inode2filename storaged_data_file:file { getattr }; diff --git a/prebuilts/api/30.0/private/iorap_prefecherd.te b/prebuilts/api/30.0/private/iorap_prefecherd.te new file mode 100644 index 000000000..9ddb512c9 --- /dev/null +++ b/prebuilts/api/30.0/private/iorap_prefecherd.te @@ -0,0 +1,4 @@ +typeattribute iorap_prefetcherd coredomain; + +init_daemon_domain(iorap_prefetcherd) +tmpfs_domain(iorap_prefetcherd) diff --git a/prebuilts/api/30.0/private/iorapd.te b/prebuilts/api/30.0/private/iorapd.te new file mode 100644 index 000000000..73acec9c9 --- /dev/null +++ b/prebuilts/api/30.0/private/iorapd.te @@ -0,0 +1,10 @@ +typeattribute iorapd coredomain; + +init_daemon_domain(iorapd) +tmpfs_domain(iorapd) + +domain_auto_trans(iorapd, iorap_prefetcherd_exec, iorap_prefetcherd) +domain_auto_trans(iorapd, iorap_inode2filename_exec, iorap_inode2filename) + +# Allow iorapd to access the runtime native boot feature flag properties. +get_prop(iorapd, device_config_runtime_native_boot_prop) diff --git a/prebuilts/api/30.0/private/isolated_app.te b/prebuilts/api/30.0/private/isolated_app.te new file mode 100644 index 000000000..4c6c5aad9 --- /dev/null +++ b/prebuilts/api/30.0/private/isolated_app.te @@ -0,0 +1,152 @@ +### +### Services with isolatedProcess=true in their manifest. +### +### This file defines the rules for isolated apps. An "isolated +### app" is an APP with UID between AID_ISOLATED_START (99000) +### and AID_ISOLATED_END (99999). +### + +typeattribute isolated_app coredomain; + +app_domain(isolated_app) + +# Access already open app data files received over Binder or local socket IPC. +allow isolated_app { app_data_file privapp_data_file }:file { append read write getattr lock map }; + +# Allow access to network sockets received over IPC. New socket creation is not +# permitted. +allow isolated_app { ephemeral_app priv_app untrusted_app_all }:{ tcp_socket udp_socket } { rw_socket_perms_no_ioctl }; + +allow isolated_app activity_service:service_manager find; +allow isolated_app display_service:service_manager find; +allow isolated_app webviewupdate_service:service_manager find; + +# Google Breakpad (crash reporter for Chrome) relies on ptrace +# functionality. Without the ability to ptrace, the crash reporter +# tool is broken. +# b/20150694 +# https://code.google.com/p/chromium/issues/detail?id=475270 +allow isolated_app self:process ptrace; + +# b/32896414: Allow accessing sdcard file descriptors passed to isolated_apps +# by other processes. Open should never be allowed, and is blocked by +# neverallow rules below. +# media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs +# is modified to change the secontext when accessing the lower filesystem. +allow isolated_app { sdcard_type media_rw_data_file }:file { read write append getattr lock map }; + +# For webviews, isolated_app processes can be forked from the webview_zygote +# in addition to the zygote. Allow access to resources inherited from the +# webview_zygote process. These rules are specialized copies of the ones in app.te. +# Inherit FDs from the webview_zygote. +allow isolated_app webview_zygote:fd use; +# Notify webview_zygote of child death. +allow isolated_app webview_zygote:process sigchld; +# Inherit logd write socket. +allow isolated_app webview_zygote:unix_dgram_socket write; +# Read system properties managed by webview_zygote. +allow isolated_app webview_zygote_tmpfs:file read; + +# Inherit FDs from the app_zygote. +allow isolated_app app_zygote:fd use; +# Notify app_zygote of child death. +allow isolated_app app_zygote:process sigchld; +# Inherit logd write socket. +allow isolated_app app_zygote:unix_dgram_socket write; + +# TODO (b/63631799) fix this access +# suppress denials to /data/local/tmp +dontaudit isolated_app shell_data_file:dir search; + +# Write app-specific trace data to the Perfetto traced damon. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(isolated_app) + +# Allow profiling if the main app has been marked as profileable or +# debuggable. +can_profile_heap(isolated_app) +can_profile_perf(isolated_app) + +##### +##### Neverallow +##### + +# Isolated apps should not directly open app data files themselves. +neverallow isolated_app { app_data_file privapp_data_file }:file open; + +# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553) +# TODO: are there situations where isolated_apps write to this file? +# TODO: should we tighten these restrictions further? +neverallow isolated_app anr_data_file:file ~{ open append }; +neverallow isolated_app anr_data_file:dir ~search; + +# Isolated apps must not be permitted to use HwBinder +neverallow isolated_app hwbinder_device:chr_file *; +neverallow isolated_app *:hwservice_manager *; + +# Isolated apps must not be permitted to use VndBinder +neverallow isolated_app vndbinder_device:chr_file *; + +# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager +# except the find actions for services whitelisted below. +neverallow isolated_app *:service_manager ~find; + +# b/17487348 +# Isolated apps can only access three services, +# activity_service, display_service, webviewupdate_service. +neverallow isolated_app { + service_manager_type + -activity_service + -display_service + -webviewupdate_service +}:service_manager find; + +# Isolated apps shouldn't be able to access the driver directly. +neverallow isolated_app gpu_device:chr_file { rw_file_perms execute }; + +# Do not allow isolated_app access to /cache +neverallow isolated_app cache_file:dir ~{ r_dir_perms }; +neverallow isolated_app cache_file:file ~{ read getattr }; + +# Do not allow isolated_app to access external storage, except for files passed +# via file descriptors (b/32896414). +neverallow isolated_app { storage_file mnt_user_file sdcard_type }:dir ~getattr; +neverallow isolated_app { storage_file mnt_user_file }:file_class_set *; +neverallow isolated_app sdcard_type:{ devfile_class_set lnk_file sock_file fifo_file } *; +neverallow isolated_app sdcard_type:file ~{ read write append getattr lock map }; + +# Do not allow USB access +neverallow isolated_app { usb_device usbaccessory_device }:chr_file *; + +# Restrict the webview_zygote control socket. +neverallow isolated_app webview_zygote:sock_file write; + +# Limit the /sys files which isolated_app can access. This is important +# for controlling isolated_app attack surface. +neverallow isolated_app { + sysfs_type + -sysfs_devices_system_cpu + -sysfs_transparent_hugepage + -sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852) +}:file no_rw_file_perms; + +# No creation of sockets families other than AF_UNIX sockets. +# List taken from system/sepolicy/public/global_macros - socket_class_set +# excluding unix_stream_socket and unix_dgram_socket. +# Many of these are socket families which have never and will never +# be compiled into the Android kernel. +neverallow isolated_app { self ephemeral_app priv_app untrusted_app_all }:{ + socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket + key_socket appletalk_socket netlink_route_socket + netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket + netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket + netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket + netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket + netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket + netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket + netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket + rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket + bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket + ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket + qipcrtr_socket smc_socket xdp_socket +} create; diff --git a/prebuilts/api/30.0/private/iw.te b/prebuilts/api/30.0/private/iw.te new file mode 100644 index 000000000..adc8c9632 --- /dev/null +++ b/prebuilts/api/30.0/private/iw.te @@ -0,0 +1,4 @@ +type iw, domain, coredomain; +type iw_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(iw) diff --git a/prebuilts/api/30.0/private/kernel.te b/prebuilts/api/30.0/private/kernel.te new file mode 100644 index 000000000..207800e08 --- /dev/null +++ b/prebuilts/api/30.0/private/kernel.te @@ -0,0 +1,8 @@ +typeattribute kernel coredomain; + +domain_auto_trans(kernel, init_exec, init) + +# Allow the kernel to read otapreopt_chroot's file descriptors and files under +# /postinstall, as it uses apexd logic to mount APEX packages in /postinstall/apex. +allow kernel otapreopt_chroot:fd use; +allow kernel postinstall_file:file read; diff --git a/prebuilts/api/30.0/private/keys.conf b/prebuilts/api/30.0/private/keys.conf new file mode 100644 index 000000000..362e73df7 --- /dev/null +++ b/prebuilts/api/30.0/private/keys.conf @@ -0,0 +1,28 @@ +# +# Maps an arbitrary tag [TAGNAME] with the string contents found in +# TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and +# name it after the base file name of the pem file. +# +# Each tag (section) then allows one to specify any string found in +# TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another +# option is to use ALL which will match ANY TARGET_BUILD_VARIANT string. +# + +[@PLATFORM] +ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem + +[@MEDIA] +ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/media.x509.pem + +[@NETWORK_STACK] +ALL : $MAINLINE_SEPOLICY_DEV_CERTIFICATES/networkstack.x509.pem + +[@SHARED] +ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/shared.x509.pem + +# Example of ALL TARGET_BUILD_VARIANTS +[@RELEASE] +ENG : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem +USER : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem +USERDEBUG : $DEFAULT_SYSTEM_DEV_CERTIFICATE/testkey.x509.pem + diff --git a/prebuilts/api/30.0/private/keystore.te b/prebuilts/api/30.0/private/keystore.te new file mode 100644 index 000000000..ee6dbdf2a --- /dev/null +++ b/prebuilts/api/30.0/private/keystore.te @@ -0,0 +1,15 @@ +typeattribute keystore coredomain; + +init_daemon_domain(keystore) + +# talk to keymaster +hal_client_domain(keystore, hal_keymaster) + +# talk to confirmationui +hal_client_domain(keystore, hal_confirmationui) + +# This is used for the ConfirmationUI async callback. +allow keystore platform_app:binder call; + +# Allow to check whether security logging is enabled. +get_prop(keystore, device_logging_prop) diff --git a/prebuilts/api/30.0/private/linkerconfig.te b/prebuilts/api/30.0/private/linkerconfig.te new file mode 100644 index 000000000..414b39f48 --- /dev/null +++ b/prebuilts/api/30.0/private/linkerconfig.te @@ -0,0 +1,19 @@ +type linkerconfig, domain, coredomain; +type linkerconfig_exec, exec_type, file_type, system_file_type; + +init_daemon_domain(linkerconfig) + +## Read and write linkerconfig subdirectory. +allow linkerconfig linkerconfig_file:dir create_dir_perms; +allow linkerconfig linkerconfig_file:file create_file_perms; + +# Allow linkerconfig to log to the kernel. +allow linkerconfig kmsg_device:chr_file w_file_perms; + +# Allow linkerconfig to be invoked with logwrapper from init. +allow linkerconfig devpts:chr_file { read write }; + +# Allow linkerconfig to scan for apex modules +allow linkerconfig apex_mnt_dir:dir r_dir_perms; + +neverallow { domain -init -linkerconfig } linkerconfig_exec:file no_x_file_perms; diff --git a/prebuilts/api/30.0/private/llkd.te b/prebuilts/api/30.0/private/llkd.te new file mode 100644 index 000000000..f218dec7c --- /dev/null +++ b/prebuilts/api/30.0/private/llkd.te @@ -0,0 +1,53 @@ +# llkd Live LocK Daemon +typeattribute llkd coredomain; + +init_daemon_domain(llkd) + +get_prop(llkd, llkd_prop) + +allow llkd self:global_capability_class_set kill; +userdebug_or_eng(` + allow llkd self:global_capability_class_set { sys_ptrace sys_admin }; + allow llkd self:global_capability_class_set { dac_override dac_read_search }; +') + +# llkd optionally locks itself in memory, to prevent it from being +# swapped out and unable to discover a kernel in live-lock state. +allow llkd self:global_capability_class_set ipc_lock; + +# Send kill signals to _anyone_ suffering from Live Lock +allow llkd domain:process sigkill; + +# read stack to check for Live Lock +userdebug_or_eng(` + allow llkd { + domain + -apexd + -kernel + -keystore + -init + -llkd + -ueventd + -vendor_init + }:process ptrace; +') + +# live lock watchdog process allowed to look through /proc/ +allow llkd domain:dir r_dir_perms; +allow llkd domain:file r_file_perms; +allow llkd domain:lnk_file read; +# Set /proc/sys/kernel/hung_task_* +allow llkd proc_hung_task:file rw_file_perms; + +# live lock watchdog process allowed to dump process trace and +# reboot because orderly shutdown may not be possible. +allow llkd proc_sysrq:file w_file_perms; +allow llkd kmsg_device:chr_file w_file_perms; + +### neverallow rules + +neverallow { domain -init } llkd:process { dyntransition transition }; +neverallow { domain userdebug_or_eng(`-crash_dump') } llkd:process ptrace; + +# never honor LD_PRELOAD +neverallow * llkd:process noatsecure; diff --git a/prebuilts/api/30.0/private/lmkd.te b/prebuilts/api/30.0/private/lmkd.te new file mode 100644 index 000000000..a07ce879c --- /dev/null +++ b/prebuilts/api/30.0/private/lmkd.te @@ -0,0 +1,3 @@ +typeattribute lmkd coredomain; + +init_daemon_domain(lmkd) diff --git a/prebuilts/api/30.0/private/logd.te b/prebuilts/api/30.0/private/logd.te new file mode 100644 index 000000000..ca92e2061 --- /dev/null +++ b/prebuilts/api/30.0/private/logd.te @@ -0,0 +1,38 @@ +typeattribute logd coredomain; + +init_daemon_domain(logd) + +# logd is not allowed to write anywhere other than /data/misc/logd, and then +# only on userdebug or eng builds +neverallow logd { + file_type + -runtime_event_log_tags_file + userdebug_or_eng(`-coredump_file -misc_logd_file') + with_native_coverage(`-method_trace_data_file') +}:file { create write append }; + +# protect the event-log-tags file +neverallow { + domain + -appdomain # covered below + -bootstat + -dumpstate + -init + -logd + userdebug_or_eng(`-logpersist') + -servicemanager + -system_server + -surfaceflinger + -zygote +} runtime_event_log_tags_file:file no_rw_file_perms; + +neverallow { + appdomain + -bluetooth + -platform_app + -priv_app + -radio + -shell + userdebug_or_eng(`-su') + -system_app +} runtime_event_log_tags_file:file no_rw_file_perms; diff --git a/prebuilts/api/30.0/private/logpersist.te b/prebuilts/api/30.0/private/logpersist.te new file mode 100644 index 000000000..ac324df88 --- /dev/null +++ b/prebuilts/api/30.0/private/logpersist.te @@ -0,0 +1,29 @@ +typeattribute logpersist coredomain; + +# android debug log storage in logpersist domains (eng and userdebug only) +userdebug_or_eng(` + + r_dir_file(logpersist, cgroup) + + allow logpersist misc_logd_file:file create_file_perms; + allow logpersist misc_logd_file:dir rw_dir_perms; + + allow logpersist self:global_capability_class_set sys_nice; + allow logpersist pstorefs:dir search; + allow logpersist pstorefs:file r_file_perms; + + control_logd(logpersist) + unix_socket_connect(logpersist, logdr, logd) + read_runtime_log_tags(logpersist) + +') + +# logpersist is allowed to write to /data/misc/log for userdebug and eng builds +neverallow logpersist { + file_type + userdebug_or_eng(`-misc_logd_file -coredump_file') + with_native_coverage(`-method_trace_data_file') +}:file { create write append }; +neverallow { domain -init -dumpstate -incidentd userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_rw_file_perms; +neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:file no_w_file_perms; +neverallow { domain -init userdebug_or_eng(`-logpersist -logd') } misc_logd_file:dir { add_name link relabelfrom remove_name rename reparent rmdir write }; diff --git a/prebuilts/api/30.0/private/lpdumpd.te b/prebuilts/api/30.0/private/lpdumpd.te new file mode 100644 index 000000000..3bcd7612e --- /dev/null +++ b/prebuilts/api/30.0/private/lpdumpd.te @@ -0,0 +1,42 @@ +type lpdumpd, domain, coredomain; +type lpdumpd_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(lpdumpd) + +# Allow lpdumpd to register itself as a service. +binder_use(lpdumpd) +add_service(lpdumpd, lpdump_service) + +# Allow lpdumpd to find the super partition block device. +allow lpdumpd block_device:dir r_dir_perms; + +# Allow lpdumpd to read super partition metadata. +allow lpdumpd super_block_device_type:blk_file r_file_perms; + +# Allow lpdumpd to read fstab. +allow lpdumpd sysfs_dt_firmware_android:dir r_dir_perms; +allow lpdumpd sysfs_dt_firmware_android:file r_file_perms; + +# Triggered when lpdumpd tries to read default fstab. +dontaudit lpdumpd metadata_file:dir r_dir_perms; +dontaudit lpdumpd metadata_file:file r_file_perms; +dontaudit lpdumpd gsi_metadata_file:dir r_dir_perms; +dontaudit lpdumpd gsi_metadata_file:file r_file_perms; + +### Neverallow rules + +# Disallow other domains to get lpdump_service and call lpdumpd. +neverallow { + domain + -dumpstate + -lpdumpd + -shell +} lpdump_service:service_manager find; + +neverallow { + domain + -dumpstate + -lpdumpd + -shell + -servicemanager +} lpdumpd:binder call; diff --git a/prebuilts/api/30.0/private/mac_permissions.xml b/prebuilts/api/30.0/private/mac_permissions.xml new file mode 100644 index 000000000..7fc37c13e --- /dev/null +++ b/prebuilts/api/30.0/private/mac_permissions.xml @@ -0,0 +1,62 @@ + + + + + + + + + + + + + + + + + + + diff --git a/prebuilts/api/30.0/private/mdnsd.te b/prebuilts/api/30.0/private/mdnsd.te new file mode 100644 index 000000000..98e95dab3 --- /dev/null +++ b/prebuilts/api/30.0/private/mdnsd.te @@ -0,0 +1,12 @@ +# mdns daemon + +typeattribute mdnsd coredomain; +typeattribute mdnsd mlstrustedsubject; + +type mdnsd_exec, system_file_type, exec_type, file_type; +init_daemon_domain(mdnsd) + +net_domain(mdnsd) + +# Read from /proc/net +r_dir_file(mdnsd, proc_net_type) diff --git a/prebuilts/api/30.0/private/mediadrmserver.te b/prebuilts/api/30.0/private/mediadrmserver.te new file mode 100644 index 000000000..4e511a819 --- /dev/null +++ b/prebuilts/api/30.0/private/mediadrmserver.te @@ -0,0 +1,8 @@ +typeattribute mediadrmserver coredomain; + +init_daemon_domain(mediadrmserver) + +# allocate and use graphic buffers +hal_client_domain(mediadrmserver, hal_graphics_allocator) +auditallow mediadrmserver hal_graphics_allocator_server:binder call; + diff --git a/prebuilts/api/30.0/private/mediaextractor.te b/prebuilts/api/30.0/private/mediaextractor.te new file mode 100644 index 000000000..2e654d689 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaextractor.te @@ -0,0 +1,7 @@ +typeattribute mediaextractor coredomain; + +init_daemon_domain(mediaextractor) +tmpfs_domain(mediaextractor) +allow mediaextractor appdomain_tmpfs:file { getattr map read write }; +allow mediaextractor mediaserver_tmpfs:file { getattr map read write }; +allow mediaextractor system_server_tmpfs:file { getattr map read write }; diff --git a/prebuilts/api/30.0/private/mediametrics.te b/prebuilts/api/30.0/private/mediametrics.te new file mode 100644 index 000000000..f8b2fa5cd --- /dev/null +++ b/prebuilts/api/30.0/private/mediametrics.te @@ -0,0 +1,3 @@ +typeattribute mediametrics coredomain; + +init_daemon_domain(mediametrics) diff --git a/prebuilts/api/30.0/private/mediaprovider.te b/prebuilts/api/30.0/private/mediaprovider.te new file mode 100644 index 000000000..249fee179 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaprovider.te @@ -0,0 +1,44 @@ +### +### A domain for android.process.media, which contains both +### MediaProvider and DownloadProvider and associated services. +### + +typeattribute mediaprovider coredomain; +app_domain(mediaprovider) + +# DownloadProvider accesses the network. +net_domain(mediaprovider) + +# DownloadProvider uses /cache. +allow mediaprovider cache_file:dir create_dir_perms; +allow mediaprovider cache_file:file create_file_perms; +# /cache is a symlink to /data/cache on some devices. Allow reading the link. +allow mediaprovider cache_file:lnk_file r_file_perms; +# mediaprovider searches through /cache looking for orphans +# Ignore denials to /cache/recovery and /cache/backup. +dontaudit mediaprovider cache_private_backup_file:dir getattr; +dontaudit mediaprovider cache_recovery_file:dir getattr; + +# Access external sdcards through /mnt/media_rw +allow mediaprovider { mnt_media_rw_file }:dir search; + +allow mediaprovider app_api_service:service_manager find; +allow mediaprovider audioserver_service:service_manager find; +allow mediaprovider drmserver_service:service_manager find; +allow mediaprovider mediaextractor_service:service_manager find; +allow mediaprovider mediaserver_service:service_manager find; + +# Allow MediaProvider to read/write cached ringtones (opened by system). +allow mediaprovider ringtone_file:file { getattr read write }; + +# MtpServer uses /dev/mtp_usb +allow mediaprovider mtp_device:chr_file rw_file_perms; + +# MtpServer uses /dev/usb-ffs/mtp +allow mediaprovider functionfs:dir search; +allow mediaprovider functionfs:file rw_file_perms; +allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC; + +# MtpServer sets sys.usb.ffs.mtp.ready +set_prop(mediaprovider, ffs_prop) +set_prop(mediaprovider, exported_ffs_prop) diff --git a/prebuilts/api/30.0/private/mediaprovider_app.te b/prebuilts/api/30.0/private/mediaprovider_app.te new file mode 100644 index 000000000..0b1047ae8 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaprovider_app.te @@ -0,0 +1,42 @@ +### +### A domain for further sandboxing the MediaProvider mainline module. +### +type mediaprovider_app, domain, coredomain; + +app_domain(mediaprovider_app) + +# Access to /mnt/pass_through. +allow mediaprovider_app mnt_pass_through_file:dir r_dir_perms; + +# Allow MediaProvider to host a FUSE daemon for external storage +allow mediaprovider_app fuse_device:chr_file { read write ioctl getattr }; + +# Allow MediaProvider to read/write media_rw_data_file files and dirs +allow mediaprovider_app media_rw_data_file:file create_file_perms; +allow mediaprovider_app media_rw_data_file:dir create_dir_perms; + +# Talk to the DRM service +allow mediaprovider_app drmserver_service:service_manager find; + +# Talk to the MediaServer service +allow mediaprovider_app mediaserver_service:service_manager find; + +# Talk to regular app services +allow mediaprovider_app app_api_service:service_manager find; + +# Talk to the GPU service +binder_call(mediaprovider_app, gpuservice) + +# read pipe-max-size configuration +allow mediaprovider_app proc_pipe_conf:file r_file_perms; + +# Allow MediaProvider to set extended attributes (such as quota project ID) +# on media files. +allowxperm mediaprovider_app media_rw_data_file:{ dir file } ioctl { + FS_IOC_FSGETXATTR + FS_IOC_FSSETXATTR + FS_IOC_GETFLAGS + FS_IOC_SETFLAGS +}; + +allow mediaprovider_app proc_filesystems:file r_file_perms; diff --git a/prebuilts/api/30.0/private/mediaserver.te b/prebuilts/api/30.0/private/mediaserver.te new file mode 100644 index 000000000..c55e54a94 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaserver.te @@ -0,0 +1,14 @@ +typeattribute mediaserver coredomain; + +init_daemon_domain(mediaserver) +tmpfs_domain(mediaserver) +allow mediaserver appdomain_tmpfs:file { getattr map read write }; + +# allocate and use graphic buffers +hal_client_domain(mediaserver, hal_graphics_allocator) +hal_client_domain(mediaserver, hal_configstore) +hal_client_domain(mediaserver, hal_drm) +hal_client_domain(mediaserver, hal_omx) +hal_client_domain(mediaserver, hal_codec2) + +allow mediaserver mediatranscoding_service:service_manager find; diff --git a/prebuilts/api/30.0/private/mediaswcodec.te b/prebuilts/api/30.0/private/mediaswcodec.te new file mode 100644 index 000000000..50f569875 --- /dev/null +++ b/prebuilts/api/30.0/private/mediaswcodec.te @@ -0,0 +1,4 @@ +typeattribute mediaswcodec coredomain; + +init_daemon_domain(mediaswcodec) + diff --git a/prebuilts/api/30.0/private/mediatranscoding.te b/prebuilts/api/30.0/private/mediatranscoding.te new file mode 100644 index 000000000..e0ad84c66 --- /dev/null +++ b/prebuilts/api/30.0/private/mediatranscoding.te @@ -0,0 +1,3 @@ +typeattribute mediatranscoding coredomain; + +init_daemon_domain(mediatranscoding) diff --git a/prebuilts/api/30.0/private/migrate_legacy_obb_data.te b/prebuilts/api/30.0/private/migrate_legacy_obb_data.te new file mode 100644 index 000000000..b2a1fb10a --- /dev/null +++ b/prebuilts/api/30.0/private/migrate_legacy_obb_data.te @@ -0,0 +1,28 @@ +type migrate_legacy_obb_data, domain, coredomain; +type migrate_legacy_obb_data_exec, system_file_type, exec_type, file_type; + +allow migrate_legacy_obb_data media_rw_data_file:dir create_dir_perms; +allow migrate_legacy_obb_data media_rw_data_file:file create_file_perms; + +allow migrate_legacy_obb_data shell_exec:file rx_file_perms; + +allow migrate_legacy_obb_data toolbox_exec:file rx_file_perms; + +allow migrate_legacy_obb_data self:capability { chown dac_override dac_read_search fowner fsetid }; + +allow migrate_legacy_obb_data mnt_user_file:dir search; +allow migrate_legacy_obb_data mnt_user_file:lnk_file read; +allow migrate_legacy_obb_data storage_file:dir search; +allow migrate_legacy_obb_data storage_file:lnk_file read; + +allow migrate_legacy_obb_data sdcard_type:dir create_dir_perms; +allow migrate_legacy_obb_data sdcard_type:file create_file_perms; + +# TODO: This should not be necessary. We don't deliberately hand over +# any open file descriptors to this domain, so anything that triggers this +# should be a candidate for O_CLOEXEC. +allow migrate_legacy_obb_data installd:fd use; + +# This rule is required to let this process read /proc/{parent_pid}/mount. +# TODO: Why is this required ? +allow migrate_legacy_obb_data installd:file read; diff --git a/prebuilts/api/30.0/private/mls b/prebuilts/api/30.0/private/mls new file mode 100644 index 000000000..9690440e8 --- /dev/null +++ b/prebuilts/api/30.0/private/mls @@ -0,0 +1,107 @@ +################################################# +# MLS policy constraints +# + +# +# Process constraints +# + +# Process transition: Require equivalence unless the subject is trusted. +mlsconstrain process { transition dyntransition } + ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject); + +# Process read operations: No read up unless trusted. +mlsconstrain process { getsched getsession getpgid getcap getattr ptrace share } + (l1 dom l2 or t1 == mlstrustedsubject); + +# Process write operations: Require equivalence unless trusted. +mlsconstrain process { sigkill sigstop signal setsched setpgid setcap setrlimit ptrace share } + (l1 eq l2 or t1 == mlstrustedsubject); + +# +# Socket constraints +# + +# Create/relabel operations: Subject must be equivalent to object unless +# the subject is trusted. Sockets inherit the range of their creator. +mlsconstrain socket_class_set { create relabelfrom relabelto } + ((h1 eq h2 and l1 eq l2) or t1 == mlstrustedsubject); + +# Datagram send: Sender must be equivalent to the receiver unless one of them +# is trusted. +mlsconstrain unix_dgram_socket { sendto } + (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject); + +# Stream connect: Client must be equivalent to server unless one of them +# is trusted. +mlsconstrain unix_stream_socket { connectto } + (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject); + +# +# Directory/file constraints +# + +# Create/relabel operations: Subject must be equivalent to object unless +# the subject is trusted. Also, files should always be single-level. +# Do NOT exempt mlstrustedobject types from this constraint. +mlsconstrain dir_file_class_set { create relabelfrom relabelto } + (l2 eq h2 and (l1 eq l2 or t1 == mlstrustedsubject)); + +# +# Constraints for app data files only. +# + +# Only constrain open, not read/write. +# Also constrain other forms of manipulation, e.g. chmod/chown, unlink, rename, etc. +# Subject must dominate object unless the subject is trusted. +mlsconstrain dir { open search setattr rename add_name remove_name reparent rmdir } + ( (t2 != app_data_file and t2 != privapp_data_file ) or l1 dom l2 or t1 == mlstrustedsubject); +mlsconstrain { file sock_file } { open setattr unlink link rename } + ( (t2 != app_data_file and t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject); +# For symlinks in app_data_file, require equivalence in order to manipulate or follow (read). +mlsconstrain { lnk_file } { open setattr unlink link rename read } + ( (t2 != app_data_file) or l1 eq l2 or t1 == mlstrustedsubject); +# For priv_app_data_file, continue to use dominance for symlinks because dynamite relies on this. +# TODO: Migrate to equivalence when it's no longer needed. +mlsconstrain { lnk_file } { open setattr unlink link rename read } + ( (t2 != privapp_data_file and t2 != appdomain_tmpfs) or l1 dom l2 or t1 == mlstrustedsubject); + +# +# Constraints for file types other than app data files. +# + +# Read operations: Subject must dominate object unless the subject +# or the object is trusted. +mlsconstrain dir { read getattr search } + (t2 == app_data_file or t2 == privapp_data_file or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); + +mlsconstrain { file lnk_file sock_file chr_file blk_file } { read getattr execute } + (t2 == app_data_file or t2 == privapp_data_file or t2 == appdomain_tmpfs or l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); + +# Write operations: Subject must be equivalent to the object unless the +# subject or the object is trusted. +mlsconstrain dir { write setattr rename add_name remove_name reparent rmdir } + (t2 == app_data_file or t2 == privapp_data_file or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); + +mlsconstrain { file lnk_file sock_file chr_file blk_file } { write setattr append unlink link rename } + (t2 == app_data_file or t2 == privapp_data_file or t2 == appdomain_tmpfs or l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject); + +# Special case for FIFOs. +# These can be unnamed pipes, in which case they will be labeled with the +# creating process' label. Thus we also have an exemption when the "object" +# is a domain type, so that processes can communicate via unnamed pipes +# passed by binder or local socket IPC. +mlsconstrain fifo_file { read getattr } + (l1 dom l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain); + +mlsconstrain fifo_file { write setattr append unlink link rename } + (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedobject or t2 == domain); + +# +# Binder IPC constraints +# +# Presently commented out, as apps are expected to call one another. +# This would only make sense if apps were assigned categories +# based on allowable communications rather than per-app categories. +#mlsconstrain binder call +# (l1 eq l2 or t1 == mlstrustedsubject or t2 == mlstrustedsubject); diff --git a/prebuilts/api/30.0/private/mls_decl b/prebuilts/api/30.0/private/mls_decl new file mode 100644 index 000000000..dd53bea7e --- /dev/null +++ b/prebuilts/api/30.0/private/mls_decl @@ -0,0 +1,10 @@ +######################################### +# MLS declarations +# + +# Generate the desired number of sensitivities and categories. +gen_sens(mls_num_sens) +gen_cats(mls_num_cats) + +# Generate level definitions for each sensitivity and category. +gen_levels(mls_num_sens,mls_num_cats) diff --git a/prebuilts/api/30.0/private/mls_macros b/prebuilts/api/30.0/private/mls_macros new file mode 100644 index 000000000..83e05425b --- /dev/null +++ b/prebuilts/api/30.0/private/mls_macros @@ -0,0 +1,54 @@ +######################################## +# +# gen_cats(N) +# +# declares categores c0 to c(N-1) +# +define(`decl_cats',`dnl +category c$1; +ifelse(`$1',`$2',,`decl_cats(incr($1),$2)')dnl +') + +define(`gen_cats',`decl_cats(0,decr($1))') + +######################################## +# +# gen_sens(N) +# +# declares sensitivites s0 to s(N-1) with dominance +# in increasing numeric order with s0 lowest, s(N-1) highest +# +define(`decl_sens',`dnl +sensitivity s$1; +ifelse(`$1',`$2',,`decl_sens(incr($1),$2)')dnl +') + +define(`gen_dominance',`s$1 ifelse(`$1',`$2',,`gen_dominance(incr($1),$2)')') + +define(`gen_sens',` +# Each sensitivity has a name and zero or more aliases. +decl_sens(0,decr($1)) + +# Define the ordering of the sensitivity levels (least to greatest) +dominance { gen_dominance(0,decr($1)) } +') + +######################################## +# +# gen_levels(N,M) +# +# levels from s0 to (N-1) with categories c0 to (M-1) +# +define(`decl_levels',`dnl +level s$1:c0.c$3; +ifelse(`$1',`$2',,`decl_levels(incr($1),$2,$3)')dnl +') + +define(`gen_levels',`decl_levels(0,decr($1),decr($2))') + +######################################## +# +# Basic level names for system low and high +# +define(`mls_systemlow',`s0') +define(`mls_systemhigh',`s`'decr(mls_num_sens):c0.c`'decr(mls_num_cats)') diff --git a/prebuilts/api/30.0/private/modprobe.te b/prebuilts/api/30.0/private/modprobe.te new file mode 100644 index 000000000..98586756f --- /dev/null +++ b/prebuilts/api/30.0/private/modprobe.te @@ -0,0 +1 @@ +typeattribute modprobe coredomain; diff --git a/prebuilts/api/30.0/private/mtp.te b/prebuilts/api/30.0/private/mtp.te new file mode 100644 index 000000000..732e111ed --- /dev/null +++ b/prebuilts/api/30.0/private/mtp.te @@ -0,0 +1,3 @@ +typeattribute mtp coredomain; + +init_daemon_domain(mtp) diff --git a/prebuilts/api/30.0/private/netd.te b/prebuilts/api/30.0/private/netd.te new file mode 100644 index 000000000..41473b73d --- /dev/null +++ b/prebuilts/api/30.0/private/netd.te @@ -0,0 +1,30 @@ +typeattribute netd coredomain; + +init_daemon_domain(netd) + +# Allow netd to spawn dnsmasq in it's own domain +domain_auto_trans(netd, dnsmasq_exec, dnsmasq) + +# Allow netd to start clatd in its own domain and kill it +domain_auto_trans(netd, clatd_exec, clatd) +allow netd clatd:process signal; + +# give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write +# the map created by bpfloader +allow netd bpfloader:bpf { prog_run map_read map_write }; + +# in order to invoke side effect of close() on such a socket calling synchronize_rcu() +# TODO: Remove this permission when 4.9 kernel is deprecated. +allow netd self:key_socket create; + +get_prop(netd, bpf_progs_loaded_prop) + +# Allow netd to write to statsd. +unix_socket_send(netd, statsdw, statsd) + +# Allow netd to send callbacks to network_stack +binder_call(netd, network_stack) + +# Allow netd to send dump info to dumpstate +allow netd dumpstate:fd use; +allow netd dumpstate:fifo_file { getattr write }; diff --git a/prebuilts/api/30.0/private/netutils_wrapper.te b/prebuilts/api/30.0/private/netutils_wrapper.te new file mode 100644 index 000000000..ca3b51585 --- /dev/null +++ b/prebuilts/api/30.0/private/netutils_wrapper.te @@ -0,0 +1,44 @@ +typeattribute netutils_wrapper coredomain; + +r_dir_file(netutils_wrapper, system_file); + +# For netutils (ip, iptables, tc) +allow netutils_wrapper self:global_capability_class_set net_raw; + +allow netutils_wrapper system_file:file { execute execute_no_trans }; +allow netutils_wrapper proc_net_type:file { open read getattr }; +allow netutils_wrapper self:rawip_socket create_socket_perms; +allow netutils_wrapper self:udp_socket create_socket_perms; +allow netutils_wrapper self:global_capability_class_set net_admin; +# ip utils need everything but ioctl +allow netutils_wrapper self:netlink_route_socket ~ioctl; +allow netutils_wrapper self:netlink_xfrm_socket ~ioctl; + +# For netutils (ndc) to be able to talk to netd +allow netutils_wrapper netd_service:service_manager find; +allow netutils_wrapper dnsresolver_service:service_manager find; +binder_use(netutils_wrapper); +binder_call(netutils_wrapper, netd); + +# For vendor code that update the iptables rules at runtime. They need to reload +# the whole chain including the xt_bpf rules. They need to access to the pinned +# program when reloading the rule. +allow netutils_wrapper fs_bpf:dir search; +allow netutils_wrapper fs_bpf:file { read write }; +allow netutils_wrapper bpfloader:bpf prog_run; + +# For /data/misc/net access to ndc and ip +r_dir_file(netutils_wrapper, net_data_file) + +domain_auto_trans({ + domain + -coredomain + -appdomain +}, netutils_wrapper_exec, netutils_wrapper) + +# suppress spurious denials +dontaudit netutils_wrapper self:global_capability_class_set sys_resource; +dontaudit netutils_wrapper sysfs_type:file read; + +# netutils wrapper may only use the following capabilities. +neverallow netutils_wrapper self:global_capability_class_set ~{ net_admin net_raw }; diff --git a/prebuilts/api/30.0/private/network_stack.te b/prebuilts/api/30.0/private/network_stack.te new file mode 100644 index 000000000..1295a070f --- /dev/null +++ b/prebuilts/api/30.0/private/network_stack.te @@ -0,0 +1,38 @@ +# Networking service app +typeattribute network_stack coredomain; + +app_domain(network_stack); +net_domain(network_stack); + +allow network_stack self:global_capability_class_set { + net_admin + net_bind_service + net_broadcast + net_raw +}; + +# Allow access to net_admin ioctl, DHCP server uses SIOCSARP +allowxperm network_stack self:udp_socket ioctl priv_sock_ioctls; + +# The DhcpClient uses packet_sockets +allow network_stack self:packet_socket create_socket_perms_no_ioctl; + +# Monitor neighbors via netlink. +allow network_stack self:netlink_route_socket nlmsg_write; + +allow network_stack app_api_service:service_manager find; +allow network_stack dnsresolver_service:service_manager find; +allow network_stack netd_service:service_manager find; +allow network_stack radio_service:service_manager find; +allow network_stack radio_data_file:dir create_dir_perms; +allow network_stack radio_data_file:file create_file_perms; + +binder_call(network_stack, netd); + +# Create/use netlink_tcpdiag_socket to get tcp info +allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write }; +############### Tethering Service app - Tethering.apk ############## +hal_client_domain(network_stack, hal_tetheroffload) +# Create and share netlink_netfilter_sockets for tetheroffload. +allow network_stack self:netlink_netfilter_socket create_socket_perms_no_ioctl; +allow network_stack network_stack_service:service_manager find; diff --git a/prebuilts/api/30.0/private/nfc.te b/prebuilts/api/30.0/private/nfc.te new file mode 100644 index 000000000..2e48eef04 --- /dev/null +++ b/prebuilts/api/30.0/private/nfc.te @@ -0,0 +1,33 @@ +# nfc subsystem +typeattribute nfc coredomain; +app_domain(nfc) +net_domain(nfc) + +binder_service(nfc) +add_service(nfc, nfc_service) + +hal_client_domain(nfc, hal_nfc) + +# Data file accesses. +allow nfc nfc_data_file:dir create_dir_perms; +allow nfc nfc_data_file:notdevfile_class_set create_file_perms; + +# SoundPool loading and playback +allow nfc audioserver_service:service_manager find; +allow nfc drmserver_service:service_manager find; +allow nfc mediametrics_service:service_manager find; +allow nfc mediaextractor_service:service_manager find; +allow nfc mediaserver_service:service_manager find; + +allow nfc radio_service:service_manager find; +allow nfc app_api_service:service_manager find; +allow nfc system_api_service:service_manager find; +allow nfc vr_manager_service:service_manager find; +allow nfc secure_element_service:service_manager find; + +set_prop(nfc, nfc_prop); + +# already open bugreport file descriptors may be shared with +# the nfc process, from a file in +# /data/data/com.android.shell/files/bugreports/bugreport-*. +allow nfc shell_data_file:file read; diff --git a/prebuilts/api/30.0/private/notify_traceur.te b/prebuilts/api/30.0/private/notify_traceur.te new file mode 100644 index 000000000..ef1fd4f38 --- /dev/null +++ b/prebuilts/api/30.0/private/notify_traceur.te @@ -0,0 +1,12 @@ +type notify_traceur, domain, coredomain; +type notify_traceur_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(notify_traceur); +binder_use(notify_traceur); + +# This is to execute am +allow notify_traceur activity_service:service_manager find; +allow notify_traceur shell_exec:file rx_file_perms; +allow notify_traceur system_file:file rx_file_perms; + +binder_call(notify_traceur, system_server); diff --git a/prebuilts/api/30.0/private/otapreopt_chroot.te b/prebuilts/api/30.0/private/otapreopt_chroot.te new file mode 100644 index 000000000..e2bc33e3f --- /dev/null +++ b/prebuilts/api/30.0/private/otapreopt_chroot.te @@ -0,0 +1,74 @@ +# otapreopt_chroot executable +type otapreopt_chroot, domain, coredomain; +type otapreopt_chroot_exec, system_file_type, exec_type, file_type; + +# Chroot preparation and execution. +# We need to create an unshared mount namespace, and then mount /data. +allow otapreopt_chroot postinstall_file:dir { search mounton }; +allow otapreopt_chroot self:global_capability_class_set { sys_admin sys_chroot }; + +# This is required to mount /vendor and mount/unmount ext4 images from +# APEX packages in /postinstall/apex. +allow otapreopt_chroot block_device:dir search; +allow otapreopt_chroot labeledfs:filesystem { mount unmount }; +# This is required for dynamic partitions. +allow otapreopt_chroot dm_device:chr_file rw_file_perms; + +# This is required to unmount flattened APEX packages under +# /postinstall/system/apex (which are bind-mounted in /postinstall/apex). +allow otapreopt_chroot postinstall_file:filesystem unmount; +# Mounting /vendor can have this side-effect. Ignore denial. +dontaudit otapreopt_chroot kernel:process setsched; + +# Allow otapreopt_chroot to read SELinux policy files. +allow otapreopt_chroot file_contexts_file:file r_file_perms; + +# Allow otapreopt_chroot to open and read the contents of /postinstall/system/apex. +allow otapreopt_chroot postinstall_file:dir r_dir_perms; +# Allow otapreopt_chroot to read the persist.apexd.verity_on_system system property. +get_prop(otapreopt_chroot, apexd_prop) + +# Allow otapreopt to use file descriptors from update-engine. It will +# close them immediately. +allow otapreopt_chroot postinstall:fd use; +allow otapreopt_chroot update_engine:fd use; +allow otapreopt_chroot update_engine:fifo_file write; + +# Allow to transition to postinstall_dexopt, to run otapreopt in its own sandbox. +domain_auto_trans(otapreopt_chroot, postinstall_file, postinstall_dexopt) + +# Allow otapreopt_chroot to create loop devices with /dev/loop-control. +allow otapreopt_chroot loop_control_device:chr_file rw_file_perms; +# Allow otapreopt_chroot to access loop devices. +allow otapreopt_chroot loop_device:blk_file rw_file_perms; +allowxperm otapreopt_chroot loop_device:blk_file ioctl { + LOOP_GET_STATUS64 + LOOP_SET_STATUS64 + LOOP_SET_FD + LOOP_SET_BLOCK_SIZE + LOOP_SET_DIRECT_IO + LOOP_CLR_FD + BLKFLSBUF +}; + +# Allow otapreopt_chroot to configure read-ahead of loop devices. +allow otapreopt_chroot sysfs_loop:dir r_dir_perms; +allow otapreopt_chroot sysfs_loop:file rw_file_perms; + +# Allow otapreopt_chroot to mount a tmpfs filesystem in /postinstall/apex. +allow otapreopt_chroot tmpfs:filesystem mount; +# Allow otapreopt_chroot to restore the security context of /postinstall/apex. +allow otapreopt_chroot tmpfs:dir relabelfrom; +allow otapreopt_chroot postinstall_apex_mnt_dir:dir relabelto; + +# Allow otapreopt_chroot to manipulate directory /postinstall/apex. +allow otapreopt_chroot postinstall_apex_mnt_dir:dir create_dir_perms; +# Allow otapreopt_chroot to mount APEX packages in /postinstall/apex. +allow otapreopt_chroot postinstall_apex_mnt_dir:dir mounton; + +# Allow otapreopt_chroot to access /dev/block (needed to detach loop +# devices used by ext4 images from APEX packages). +allow otapreopt_chroot block_device:dir r_dir_perms; + +# Allow to access the linker through the symlink. +allow otapreopt_chroot postinstall_file:lnk_file r_file_perms; diff --git a/prebuilts/api/30.0/private/otapreopt_slot.te b/prebuilts/api/30.0/private/otapreopt_slot.te new file mode 100644 index 000000000..27a3b0e08 --- /dev/null +++ b/prebuilts/api/30.0/private/otapreopt_slot.te @@ -0,0 +1,28 @@ +# This command set moves the artifact corresponding to the current slot +# from /data/ota to /data/dalvik-cache. + +type otapreopt_slot, domain, mlstrustedsubject, coredomain; +type otapreopt_slot_exec, system_file_type, exec_type, file_type; + +# Technically not a daemon but we do want the transition from init domain to +# cppreopts to occur. +init_daemon_domain(otapreopt_slot) + +# The otapreopt_slot renames the OTA dalvik-cache to the regular dalvik-cache, and cleans up +# the directory afterwards. For logging of aggregate size, we need getattr. +allow otapreopt_slot ota_data_file:dir { rw_dir_perms rename reparent rmdir }; +allow otapreopt_slot ota_data_file:{ file lnk_file } getattr; +# (du follows symlinks) +allow otapreopt_slot ota_data_file:lnk_file read; + +# Delete old content of the dalvik-cache. +allow otapreopt_slot dalvikcache_data_file:dir { add_name getattr open read remove_name rmdir search write }; +allow otapreopt_slot dalvikcache_data_file:file { getattr unlink }; +allow otapreopt_slot dalvikcache_data_file:lnk_file { getattr read unlink }; + +# Allow cppreopts to execute itself using #!/system/bin/sh +allow otapreopt_slot shell_exec:file rx_file_perms; + +# Allow running the mv and rm/rmdir commands using otapreopt_slot permissions. +# Needed so we can move artifacts into /data/dalvik-cache/dalvik-cache. +allow otapreopt_slot toolbox_exec:file rx_file_perms; diff --git a/prebuilts/api/30.0/private/perfetto.te b/prebuilts/api/30.0/private/perfetto.te new file mode 100644 index 000000000..06e4ed116 --- /dev/null +++ b/prebuilts/api/30.0/private/perfetto.te @@ -0,0 +1,85 @@ +# Perfetto command-line client. Can be used only from the domains that are +# explicitly whitelisted with a domain_auto_trans(X, perfetto_exec, perfetto). +# This command line client accesses the privileged socket of the traced +# daemon. + +type perfetto_exec, system_file_type, exec_type, file_type; +type perfetto_tmpfs, file_type; + +tmpfs_domain(perfetto); + +# Allow to access traced's privileged consumer socket. +unix_socket_connect(perfetto, traced_consumer, traced) + +# Connect to the Perfetto traced daemon as a producer. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(perfetto) + +# Allow to write and unlink traces into /data/misc/perfetto-traces. +allow perfetto perfetto_traces_data_file:dir rw_dir_perms; +allow perfetto perfetto_traces_data_file:file create_file_perms; + +# Allow to access binder to pass the traces to Dropbox. +binder_use(perfetto) +binder_call(perfetto, system_server) +allow perfetto dropbox_service:service_manager find; + +# Allow perfetto to read the trace config from statsd and shell +# (both root and non-root) on stdin and also to write the resulting trace to +# stdout. +allow perfetto { statsd shell su }:fd use; +allow perfetto { statsd shell su }:fifo_file { getattr read write }; + +# Allow to communicate use, read and write over the adb connection. +allow perfetto adbd:fd use; +allow perfetto adbd:unix_stream_socket { read write }; + +# Allow adbd to reap perfetto. +allow perfetto adbd:process { sigchld }; + +# Allow perfetto to write to statsd. +unix_socket_send(perfetto, statsdw, statsd) + +# Allow to access /dev/pts when launched in an adb shell. +allow perfetto devpts:chr_file rw_file_perms; + +# Allow perfetto to ask incidentd to start a report. +allow perfetto incident_service:service_manager find; +binder_call(perfetto, incidentd) + +### +### Neverallow rules +### +### perfetto should NEVER do any of this + +# Disallow mapping executable memory (execstack and exec are already disallowed +# globally in domain.te). +neverallow perfetto self:process execmem; + +# Block device access. +neverallow perfetto dev_type:blk_file { read write }; + +# ptrace any other process +neverallow perfetto domain:process ptrace; + +# Disallows access to other /data files. +neverallow perfetto { + data_file_type + -system_data_file + -system_data_root_file + # TODO(b/72998741) Remove exemption. Further restricted in a subsequent + # neverallow. Currently only getattr and search are allowed. + -vendor_data_file + -zoneinfo_data_file + -perfetto_traces_data_file + with_native_coverage(`-method_trace_data_file') +}:dir *; +neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search }; +neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms; +neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *; +neverallow perfetto { + data_file_type + -zoneinfo_data_file + -perfetto_traces_data_file + with_native_coverage(`-method_trace_data_file') +}:file ~write; diff --git a/prebuilts/api/30.0/private/performanced.te b/prebuilts/api/30.0/private/performanced.te new file mode 100644 index 000000000..792826e02 --- /dev/null +++ b/prebuilts/api/30.0/private/performanced.te @@ -0,0 +1,3 @@ +typeattribute performanced coredomain; + +init_daemon_domain(performanced) diff --git a/prebuilts/api/30.0/private/permissioncontroller_app.te b/prebuilts/api/30.0/private/permissioncontroller_app.te new file mode 100644 index 000000000..8a6f6aa26 --- /dev/null +++ b/prebuilts/api/30.0/private/permissioncontroller_app.te @@ -0,0 +1,38 @@ +### +### A domain for further sandboxing the GooglePermissionController app. +### +type permissioncontroller_app, domain, coredomain; + +app_domain(permissioncontroller_app) + +# Allow interaction with gpuservice +binder_call(permissioncontroller_app, gpuservice) +allow permissioncontroller_app gpu_service:service_manager find; + +# Allow interaction with role_service +allow permissioncontroller_app role_service:service_manager find; + +# Allow interaction with usagestats_service +allow permissioncontroller_app usagestats_service:service_manager find; + +# Allow interaction with activity_service +allow permissioncontroller_app activity_service:service_manager find; + +allow permissioncontroller_app activity_task_service:service_manager find; +allow permissioncontroller_app audio_service:service_manager find; +allow permissioncontroller_app autofill_service:service_manager find; +allow permissioncontroller_app content_capture_service:service_manager find; +allow permissioncontroller_app device_policy_service:service_manager find; +allow permissioncontroller_app incidentcompanion_service:service_manager find; +allow permissioncontroller_app IProxyService_service:service_manager find; +allow permissioncontroller_app location_service:service_manager find; +allow permissioncontroller_app media_session_service:service_manager find; +allow permissioncontroller_app surfaceflinger_service:service_manager find; +allow permissioncontroller_app telecom_service:service_manager find; +allow permissioncontroller_app trust_service:service_manager find; + +# Allow the app to request and collect incident reports. +# (Also requires DUMP and PACKAGE_USAGE_STATS permissions) +allow permissioncontroller_app incident_service:service_manager find; +binder_call(permissioncontroller_app, incidentd) +allow permissioncontroller_app incidentd:fifo_file { read write }; diff --git a/prebuilts/api/30.0/private/platform_app.te b/prebuilts/api/30.0/private/platform_app.te new file mode 100644 index 000000000..3beec38e0 --- /dev/null +++ b/prebuilts/api/30.0/private/platform_app.te @@ -0,0 +1,102 @@ +### +### Apps signed with the platform key. +### + +typeattribute platform_app coredomain; + +app_domain(platform_app) + +# Access the network. +net_domain(platform_app) +# Access bluetooth. +bluetooth_domain(platform_app) +# Read from /data/local/tmp or /data/data/com.android.shell. +allow platform_app shell_data_file:dir search; +allow platform_app shell_data_file:file { open getattr read }; +allow platform_app icon_file:file { open getattr read }; +# Populate /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files +# created by system server. +allow platform_app { apk_tmp_file apk_private_tmp_file }:dir rw_dir_perms; +allow platform_app { apk_tmp_file apk_private_tmp_file }:file rw_file_perms; +allow platform_app apk_private_data_file:dir search; +# ASEC +allow platform_app asec_apk_file:dir create_dir_perms; +allow platform_app asec_apk_file:file create_file_perms; + +# Access to /data/media. +allow platform_app media_rw_data_file:dir create_dir_perms; +allow platform_app media_rw_data_file:file create_file_perms; + +# Write to /cache. +allow platform_app cache_file:dir create_dir_perms; +allow platform_app cache_file:file create_file_perms; + +# Direct access to vold-mounted storage under /mnt/media_rw +# This is a performance optimization that allows platform apps to bypass the FUSE layer +allow platform_app mnt_media_rw_file:dir r_dir_perms; +allow platform_app sdcard_type:dir create_dir_perms; +allow platform_app sdcard_type:file create_file_perms; + +# com.android.systemui +allow platform_app rootfs:dir getattr; + +# com.android.captiveportallogin reads /proc/vmstat +allow platform_app { + proc_vmstat +}:file r_file_perms; + +# /proc/net access. +# TODO(b/9496886) Audit access for removal. +r_dir_file(platform_app, proc_net_type) +userdebug_or_eng(` + auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read }; +') + +allow platform_app audioserver_service:service_manager find; +allow platform_app cameraserver_service:service_manager find; +allow platform_app drmserver_service:service_manager find; +allow platform_app mediaserver_service:service_manager find; +allow platform_app mediametrics_service:service_manager find; +allow platform_app mediaextractor_service:service_manager find; +allow platform_app mediadrmserver_service:service_manager find; +allow platform_app persistent_data_block_service:service_manager find; +allow platform_app radio_service:service_manager find; +allow platform_app thermal_service:service_manager find; +allow platform_app timezone_service:service_manager find; +allow platform_app app_api_service:service_manager find; +allow platform_app system_api_service:service_manager find; +allow platform_app vr_manager_service:service_manager find; +allow platform_app gpu_service:service_manager find; +allow platform_app stats_service:service_manager find; + +# Allow platform apps to interact with gpuservice +binder_call(platform_app, gpuservice) + +# Allow platform apps to log via statsd. +binder_call(platform_app, statsd) + +# Access to /data/preloads +allow platform_app preloads_data_file:file r_file_perms; +allow platform_app preloads_data_file:dir r_dir_perms; +allow platform_app preloads_media_file:file r_file_perms; +allow platform_app preloads_media_file:dir r_dir_perms; + +read_runtime_log_tags(platform_app) + +# allow platform apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow platform_app system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +# allow platform apps to connect to the property service +set_prop(platform_app, test_boot_reason_prop) + +# allow platform apps to create symbolic link +allow platform_app app_data_file:lnk_file create_file_perms; + +### +### Neverallow rules +### + +# app domains which access /dev/fuse should not run as platform_app +neverallow platform_app fuse_device:chr_file *; diff --git a/prebuilts/api/30.0/private/policy_capabilities b/prebuilts/api/30.0/private/policy_capabilities new file mode 100644 index 000000000..9290e3ab3 --- /dev/null +++ b/prebuilts/api/30.0/private/policy_capabilities @@ -0,0 +1,20 @@ +# Enable new networking controls. +policycap network_peer_controls; + +# Enable open permission check. +policycap open_perms; + +# Enable separate security classes for +# all network address families previously +# mapped to the socket class and for +# ICMP and SCTP sockets previously mapped +# to the rawip_socket class. +policycap extended_socket_class; + +# Enable NoNewPrivileges support. Requires libsepol 2.7+ +# and kernel 4.14 (estimated). +# +# Checks enabled; +# process2: nnp_transition, nosuid_transition +# +policycap nnp_nosuid_transition; diff --git a/prebuilts/api/30.0/private/port_contexts b/prebuilts/api/30.0/private/port_contexts new file mode 100644 index 000000000..b473c0c9b --- /dev/null +++ b/prebuilts/api/30.0/private/port_contexts @@ -0,0 +1,3 @@ +# portcon statements go here, e.g. +# portcon tcp 80 u:object_r:http_port:s0 + diff --git a/prebuilts/api/30.0/private/postinstall.te b/prebuilts/api/30.0/private/postinstall.te new file mode 100644 index 000000000..363e362dd --- /dev/null +++ b/prebuilts/api/30.0/private/postinstall.te @@ -0,0 +1,3 @@ +typeattribute postinstall coredomain; + +domain_auto_trans(postinstall, otapreopt_chroot_exec, otapreopt_chroot) diff --git a/prebuilts/api/30.0/private/postinstall_dexopt.te b/prebuilts/api/30.0/private/postinstall_dexopt.te new file mode 100644 index 000000000..fd370c201 --- /dev/null +++ b/prebuilts/api/30.0/private/postinstall_dexopt.te @@ -0,0 +1,75 @@ +# Domain for the otapreopt executable, running under postinstall_dexopt +# +# Note: otapreopt is a driver for dex2oat, and reuses parts of installd. As such, +# this is derived and adapted from installd.te. + +type postinstall_dexopt, domain, coredomain; + +# Run dex2oat/patchoat in its own sandbox. +# We have to manually transition, as we don't have an entrypoint. +# - Case where dex2oat is in a non-flattened APEX, which has retained +# the correct type (`dex2oat_exec`). +domain_auto_trans(postinstall_dexopt, dex2oat_exec, dex2oat) +# - Case where dex2oat is in a flattened APEX, which has been tagged +# with the `postinstall_file` type by update_engine. +domain_auto_trans(postinstall_dexopt, postinstall_file, dex2oat) + +allow postinstall_dexopt self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid }; + +allow postinstall_dexopt postinstall_file:filesystem getattr; +allow postinstall_dexopt postinstall_file:dir { getattr read search }; +allow postinstall_dexopt postinstall_file:lnk_file { getattr read }; +allow postinstall_dexopt proc_filesystems:file { getattr open read }; +allow postinstall_dexopt tmpfs:file read; + +# Allow access to /postinstall/apex. +allow postinstall_dexopt postinstall_apex_mnt_dir:dir { getattr search }; + +# Note: /data/ota is created by init (see system/core/rootdir/init.rc) to avoid giving access +# here and having to relabel the directory. + +# Read app data (APKs) as input to dex2oat. +r_dir_file(postinstall_dexopt, apk_data_file) +# Read vendor app data (APKs) as input to dex2oat. +r_dir_file(postinstall_dexopt, vendor_app_file) +# Read vendor overlay files (APKs) as input to dex2oat. +r_dir_file(postinstall_dexopt, vendor_overlay_file) +# Access to app oat directory. +r_dir_file(postinstall_dexopt, dalvikcache_data_file) + +# Read profile data. +allow postinstall_dexopt user_profile_data_file:dir { getattr search }; +allow postinstall_dexopt user_profile_data_file:file r_file_perms; +# Suppress deletion denial (we do not want to update the profile). +dontaudit postinstall_dexopt user_profile_data_file:file { write }; + +# Write to /data/ota(/*). Create symlinks in /data/ota(/*) +allow postinstall_dexopt ota_data_file:dir create_dir_perms; +allow postinstall_dexopt ota_data_file:file create_file_perms; +allow postinstall_dexopt ota_data_file:lnk_file create_file_perms; + +# Need to write .b files, which are dalvikcache_data_file, not ota_data_file. +# TODO: See whether we can apply ota_data_file? +allow postinstall_dexopt dalvikcache_data_file:dir rw_dir_perms; +allow postinstall_dexopt dalvikcache_data_file:file create_file_perms; + +# Allow labeling of files under /data/app/com.example/oat/ +# TODO: Restrict to .b suffix? +allow postinstall_dexopt dalvikcache_data_file:dir relabelto; +allow postinstall_dexopt dalvikcache_data_file:file { relabelto link }; + +# Check validity of SELinux context before use. +selinux_check_context(postinstall_dexopt) +selinux_check_access(postinstall_dexopt) + + +# Postinstall wants to know about our child. +allow postinstall_dexopt postinstall:process sigchld; + +# Allow otapreopt to use file descriptors from otapreopt_chroot. +# TODO: Probably we can actually close file descriptors... +allow postinstall_dexopt otapreopt_chroot:fd use; + +# Allow postinstall_dexopt to access the runtime feature flag properties. +get_prop(postinstall_dexopt, device_config_runtime_native_prop) +get_prop(postinstall_dexopt, device_config_runtime_native_boot_prop) diff --git a/prebuilts/api/30.0/private/ppp.te b/prebuilts/api/30.0/private/ppp.te new file mode 100644 index 000000000..968b221b6 --- /dev/null +++ b/prebuilts/api/30.0/private/ppp.te @@ -0,0 +1,3 @@ +typeattribute ppp coredomain; + +domain_auto_trans(mtp, ppp_exec, ppp) diff --git a/prebuilts/api/30.0/private/preloads_copy.te b/prebuilts/api/30.0/private/preloads_copy.te new file mode 100644 index 000000000..ba54b70ac --- /dev/null +++ b/prebuilts/api/30.0/private/preloads_copy.te @@ -0,0 +1,18 @@ +type preloads_copy, domain, coredomain; +type preloads_copy_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(preloads_copy) + +allow preloads_copy shell_exec:file rx_file_perms; +allow preloads_copy toolbox_exec:file rx_file_perms; +allow preloads_copy preloads_data_file:dir create_dir_perms; +allow preloads_copy preloads_data_file:file create_file_perms; +allow preloads_copy preloads_media_file:dir create_dir_perms; +allow preloads_copy preloads_media_file:file create_file_perms; + +# Allow to copy from /postinstall +allow preloads_copy system_file:dir r_dir_perms; + +# Silence the denial when /postinstall cannot be mounted, e.g., system_other +# is wiped, but preloads_copy.sh still runs. +dontaudit preloads_copy postinstall_mnt_dir:dir search; diff --git a/prebuilts/api/30.0/private/preopt2cachename.te b/prebuilts/api/30.0/private/preopt2cachename.te new file mode 100644 index 000000000..dcfba14d5 --- /dev/null +++ b/prebuilts/api/30.0/private/preopt2cachename.te @@ -0,0 +1,17 @@ +# preopt2cachename executable +# +# This executable translates names from the preopted versions the build system +# creates to the names the runtime expects in the data directory. + +type preopt2cachename, domain, coredomain; +type preopt2cachename_exec, system_file_type, exec_type, file_type; + +# Allow write to stdout. +allow preopt2cachename cppreopts:fd use; +allow preopt2cachename cppreopts:fifo_file { getattr read write }; + +# Allow write to logcat. +allow preopt2cachename proc_net_type:file r_file_perms; +userdebug_or_eng(` + auditallow preopt2cachename proc_net_type:{ dir file lnk_file } { getattr open read }; +') diff --git a/prebuilts/api/30.0/private/priv_app.te b/prebuilts/api/30.0/private/priv_app.te new file mode 100644 index 000000000..44c81ee80 --- /dev/null +++ b/prebuilts/api/30.0/private/priv_app.te @@ -0,0 +1,222 @@ +### +### A domain for further sandboxing privileged apps. +### + +typeattribute priv_app coredomain; +app_domain(priv_app) + +# Access the network. +net_domain(priv_app) +# Access bluetooth. +bluetooth_domain(priv_app) + +# Allow the allocation and use of ptys +# Used by: https://play.privileged.com/store/apps/details?id=jackpal.androidterm +create_pty(priv_app) + +# Allow loading executable code from writable priv-app home +# directories. This is a W^X violation, however, it needs +# to be supported for now for the following reasons. +# * /data/user_*/0/*/code_cache/* POSSIBLE uses (b/117841367) +# 1) com.android.opengl.shaders_cache +# 2) com.android.skia.shaders_cache +# 3) com.android.renderscript.cache +# * /data/user_de/0/com.google.android.gms/app_chimera +# TODO: Tighten (b/112357170) +allow priv_app privapp_data_file:file execute; + +allow priv_app privapp_data_file:lnk_file create_file_perms; + +# Priv apps can find services that expose both @SystemAPI and normal APIs. +allow priv_app app_api_service:service_manager find; +allow priv_app system_api_service:service_manager find; + +allow priv_app audioserver_service:service_manager find; +allow priv_app cameraserver_service:service_manager find; +allow priv_app drmserver_service:service_manager find; +allow priv_app mediadrmserver_service:service_manager find; +allow priv_app mediaextractor_service:service_manager find; +allow priv_app mediametrics_service:service_manager find; +allow priv_app mediaserver_service:service_manager find; +allow priv_app network_watchlist_service:service_manager find; +allow priv_app nfc_service:service_manager find; +allow priv_app oem_lock_service:service_manager find; +allow priv_app persistent_data_block_service:service_manager find; +allow priv_app radio_service:service_manager find; +allow priv_app recovery_service:service_manager find; +allow priv_app stats_service:service_manager find; + +# Allow privileged apps to interact with gpuservice +binder_call(priv_app, gpuservice) +allow priv_app gpu_service:service_manager find; + +# Write to /cache. +allow priv_app { cache_file cache_recovery_file }:dir create_dir_perms; +allow priv_app { cache_file cache_recovery_file }:file create_file_perms; +# /cache is a symlink to /data/cache on some devices. Allow reading the link. +allow priv_app cache_file:lnk_file r_file_perms; + +# Access to /data/media. +allow priv_app media_rw_data_file:dir create_dir_perms; +allow priv_app media_rw_data_file:file create_file_perms; + +# Used by Finsky / Android "Verify Apps" functionality when +# running "adb install foo.apk". +allow priv_app shell_data_file:file r_file_perms; +allow priv_app shell_data_file:dir r_dir_perms; + +# Allow traceur to pass file descriptors through a content provider to betterbug +allow priv_app trace_data_file:file { getattr read }; + +# Allow verifier to access staged apks. +allow priv_app { apk_tmp_file apk_private_tmp_file }:dir r_dir_perms; +allow priv_app { apk_tmp_file apk_private_tmp_file }:file r_file_perms; + +# For AppFuse. +allow priv_app vold:fd use; +allow priv_app fuse_device:chr_file { read write }; + +# /proc access +allow priv_app { + proc_vmstat +}:file r_file_perms; + +allow priv_app sysfs_type:dir search; +# Read access to /sys/class/net/wlan*/address +r_dir_file(priv_app, sysfs_net) +# Read access to /sys/block/zram*/mm_stat +r_dir_file(priv_app, sysfs_zram) + +r_dir_file(priv_app, rootfs) + +# access the mac address +allowxperm priv_app self:udp_socket ioctl SIOCGIFHWADDR; + +# Allow com.android.vending to communicate with statsd. +binder_call(priv_app, statsd) + +# Allow Phone to read/write cached ringtones (opened by system). +allow priv_app ringtone_file:file { getattr read write }; + +# Access to /data/preloads +allow priv_app preloads_data_file:file r_file_perms; +allow priv_app preloads_data_file:dir r_dir_perms; +allow priv_app preloads_media_file:file r_file_perms; +allow priv_app preloads_media_file:dir r_dir_perms; + +read_runtime_log_tags(priv_app) + +# Write app-specific trace data to the Perfetto traced damon. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(priv_app) + +# Allow priv_apps to request and collect incident reports. +# (Also requires DUMP and PACKAGE_USAGE_STATS permissions) +allow priv_app incident_service:service_manager find; +binder_call(priv_app, incidentd) +allow priv_app incidentd:fifo_file { read write }; + +# Allow profiling if the app opts in by being marked profileable/debuggable. +can_profile_heap(priv_app) +can_profile_perf(priv_app) + +# Allow priv_apps to check whether Dynamic System Update is enabled +get_prop(priv_app, dynamic_system_prop) + +# suppress denials for non-API accesses. +dontaudit priv_app exec_type:file getattr; +dontaudit priv_app device:dir read; +dontaudit priv_app fs_bpf:dir search; +dontaudit priv_app net_dns_prop:file read; +dontaudit priv_app proc:file read; +dontaudit priv_app proc_interrupts:file read; +dontaudit priv_app proc_modules:file read; +dontaudit priv_app proc_net:file read; +dontaudit priv_app proc_stat:file read; +dontaudit priv_app proc_version:file read; +dontaudit priv_app sysfs:dir read; +dontaudit priv_app sysfs:file read; +dontaudit priv_app sysfs_android_usb:file read; +dontaudit priv_app sysfs_dm:file r_file_perms; +dontaudit priv_app wifi_prop:file read; +dontaudit priv_app { wifi_prop exported_wifi_prop }:file read; + +# allow privileged apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow priv_app system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +# allow apps like Phonesky to check the file signature of an apk installed on +# the Incremental File System, and fill missing blocks in the apk +allowxperm priv_app apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS }; + +# allow privileged data loader apps (e.g. com.android.vending) to read logs from Incremental File System +allow priv_app incremental_control_file:file { read getattr ioctl }; + +# allow apps like Phonesky to request permission to fill blocks of an apk file +# on the Incremental File System. +allowxperm priv_app incremental_control_file:file ioctl INCFS_IOCTL_PERMIT_FILL; + +# Required for Phonesky to be able to read APEX files under /data/apex/active/. +allow priv_app apex_data_file:dir search; +allow priv_app staging_data_file:file r_file_perms; + +### +### neverallow rules +### + +# Receive or send uevent messages. +neverallow priv_app domain:netlink_kobject_uevent_socket *; + +# Receive or send generic netlink messages +neverallow priv_app domain:netlink_socket *; + +# Too much leaky information in debugfs. It's a security +# best practice to ensure these files aren't readable. +neverallow priv_app debugfs:file read; + +# Do not allow privileged apps to register services. +# Only trusted components of Android should be registering +# services. +neverallow priv_app service_manager_type:service_manager add; + +# Do not allow privileged apps to connect to the property service +# or set properties. b/10243159 +neverallow priv_app property_socket:sock_file write; +neverallow priv_app init:unix_stream_socket connectto; +neverallow priv_app property_type:property_service set; + +# Do not allow priv_app to be assigned mlstrustedsubject. +# This would undermine the per-user isolation model being +# enforced via levelFrom=user in seapp_contexts and the mls +# constraints. As there is no direct way to specify a neverallow +# on attribute assignment, this relies on the fact that fork +# permission only makes sense within a domain (hence should +# never be granted to any other domain within mlstrustedsubject) +# and priv_app is allowed fork permission to itself. +neverallow priv_app mlstrustedsubject:process fork; + +# Do not allow priv_app to hard link to any files. +# In particular, if priv_app links to other app data +# files, installd will not be able to guarantee the deletion +# of the linked to file. Hard links also contribute to security +# bugs, so we want to ensure priv_app never has this +# capability. +neverallow priv_app file_type:file link; + +# priv apps should not be able to open trace data files, they should depend +# upon traceur to pass a file descriptor which they can then read +neverallow priv_app trace_data_file:dir *; +neverallow priv_app trace_data_file:file { no_w_file_perms open }; + +# Do not allow priv_app access to cgroups. +neverallow priv_app cgroup:file *; + +# Do not allow loading executable code from non-privileged +# application home directories. Code loading across a security boundary +# is dangerous and allows a full compromise of a privileged process +# by an unprivileged process. b/112357170 +neverallow priv_app app_data_file:file no_x_file_perms; + +# Do not follow untrusted app provided symlinks +neverallow priv_app app_data_file:lnk_file { open read getattr }; diff --git a/prebuilts/api/30.0/private/profman.te b/prebuilts/api/30.0/private/profman.te new file mode 100644 index 000000000..f61d05efe --- /dev/null +++ b/prebuilts/api/30.0/private/profman.te @@ -0,0 +1 @@ +typeattribute profman coredomain; diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts new file mode 100644 index 000000000..10f029f81 --- /dev/null +++ b/prebuilts/api/30.0/private/property_contexts @@ -0,0 +1,258 @@ +########################## +# property service keys +# +# +net.rmnet u:object_r:net_radio_prop:s0 +net.gprs u:object_r:net_radio_prop:s0 +net.ppp u:object_r:net_radio_prop:s0 +net.qmi u:object_r:net_radio_prop:s0 +net.lte u:object_r:net_radio_prop:s0 +net.cdma u:object_r:net_radio_prop:s0 +net.dns u:object_r:net_dns_prop:s0 +sys.usb.config u:object_r:system_radio_prop:s0 +ril. u:object_r:radio_prop:s0 +ro.ril. u:object_r:radio_prop:s0 +gsm. u:object_r:radio_prop:s0 +persist.radio u:object_r:radio_prop:s0 + +net. u:object_r:system_prop:s0 +dev. u:object_r:system_prop:s0 +ro.runtime. u:object_r:system_prop:s0 +ro.runtime.firstboot u:object_r:firstboot_prop:s0 +hw. u:object_r:system_prop:s0 +ro.hw. u:object_r:system_prop:s0 +sys. u:object_r:system_prop:s0 +sys.audio. u:object_r:audio_prop:s0 +sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0 +sys.cppreopt u:object_r:cppreopt_prop:s0 +sys.lpdumpd u:object_r:lpdumpd_prop:s0 +sys.powerctl u:object_r:powerctl_prop:s0 +sys.usb.ffs. u:object_r:ffs_prop:s0 +service. u:object_r:system_prop:s0 +dhcp. u:object_r:dhcp_prop:s0 +dhcp.bt-pan.result u:object_r:pan_result_prop:s0 +bluetooth. u:object_r:bluetooth_prop:s0 + +debug. u:object_r:debug_prop:s0 +debug.db. u:object_r:debuggerd_prop:s0 +dumpstate. u:object_r:dumpstate_prop:s0 +dumpstate.options u:object_r:dumpstate_options_prop:s0 +init.svc_debug_pid. u:object_r:init_svc_debug_prop:s0 +llk. u:object_r:llkd_prop:s0 +khungtask. u:object_r:llkd_prop:s0 +ro.llk. u:object_r:llkd_prop:s0 +ro.khungtask. u:object_r:llkd_prop:s0 +log. u:object_r:log_prop:s0 +log.tag u:object_r:log_tag_prop:s0 +log.tag.WifiHAL u:object_r:wifi_log_prop:s0 +security.perf_harden u:object_r:shell_prop:s0 +service.adb.root u:object_r:shell_prop:s0 +service.adb.tcp.port u:object_r:shell_prop:s0 +service.adb.tls.port u:object_r:adbd_prop:s0 +persist.adb.wifi. u:object_r:adbd_prop:s0 +persist.adb.tls_server.enable u:object_r:system_adbd_prop:s0 + +persist.audio. u:object_r:audio_prop:s0 +persist.bluetooth. u:object_r:bluetooth_prop:s0 +persist.nfc_cfg. u:object_r:nfc_prop:s0 +persist.debug. u:object_r:persist_debug_prop:s0 +persist.logd. u:object_r:logd_prop:s0 +ro.logd. u:object_r:logd_prop:s0 +persist.logd.security u:object_r:device_logging_prop:s0 +persist.logd.logpersistd u:object_r:logpersistd_logging_prop:s0 +logd.logpersistd u:object_r:logpersistd_logging_prop:s0 +persist.log.tag u:object_r:log_tag_prop:s0 +persist.mmc. u:object_r:mmc_prop:s0 +persist.netd.stable_secret u:object_r:netd_stable_secret_prop:s0 +persist.pm.mock-upgrade u:object_r:mock_ota_prop:s0 +persist.sys. u:object_r:system_prop:s0 +persist.sys.safemode u:object_r:safemode_prop:s0 +persist.sys.theme u:object_r:theme_prop:s0 +persist.sys.fflag.override.settings_dynamic_system u:object_r:dynamic_system_prop:s0 +ro.sys.safemode u:object_r:safemode_prop:s0 +persist.sys.audit_safemode u:object_r:safemode_prop:s0 +persist.sys.dalvik.jvmtiagent u:object_r:system_jvmti_agent_prop:s0 +persist.service. u:object_r:system_prop:s0 +persist.service.bdroid. u:object_r:bluetooth_prop:s0 +persist.security. u:object_r:system_prop:s0 +persist.traced.enable u:object_r:traced_enabled_prop:s0 +traced.lazy. u:object_r:traced_lazy_prop:s0 +persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0 +persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0 +persist.vendor.overlay. u:object_r:overlay_prop:s0 +ro.boot.vendor.overlay. u:object_r:overlay_prop:s0 +ro.boottime. u:object_r:boottime_prop:s0 +ro.serialno u:object_r:serialno_prop:s0 +ro.boot.btmacaddr u:object_r:bluetooth_prop:s0 +ro.boot.serialno u:object_r:serialno_prop:s0 +ro.bt. u:object_r:bluetooth_prop:s0 +ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0 +persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0 +sys.boot.reason u:object_r:system_boot_reason_prop:s0 +sys.boot.reason.last u:object_r:last_boot_reason_prop:s0 +pm. u:object_r:pm_prop:s0 +test.sys.boot.reason u:object_r:test_boot_reason_prop:s0 +test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0 +sys.lmk. u:object_r:system_lmk_prop:s0 +sys.trace. u:object_r:system_trace_prop:s0 + +# Boolean property set by system server upon boot indicating +# if device is fully owned by organization instead of being +# a personal device. +ro.organization_owned u:object_r:device_logging_prop:s0 + +# selinux non-persistent properties +selinux.restorecon_recursive u:object_r:restorecon_prop:s0 + +# default property context +* u:object_r:default_prop:s0 + +# data partition encryption properties +vold. u:object_r:vold_prop:s0 +ro.crypto. u:object_r:vold_prop:s0 + +# ro.build.fingerprint is either set in /system/build.prop, or is +# set at runtime by system_server. +ro.build.fingerprint u:object_r:fingerprint_prop:s0 + +ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0 + +# ctl properties +ctl.bootanim u:object_r:ctl_bootanim_prop:s0 +ctl.dumpstate u:object_r:ctl_dumpstate_prop:s0 +ctl.fuse_ u:object_r:ctl_fuse_prop:s0 +ctl.mdnsd u:object_r:ctl_mdnsd_prop:s0 +ctl.ril-daemon u:object_r:ctl_rildaemon_prop:s0 +ctl.bugreport u:object_r:ctl_bugreport_prop:s0 +ctl.console u:object_r:ctl_console_prop:s0 +ctl. u:object_r:ctl_default_prop:s0 + +# Don't allow blind access to all services +ctl.sigstop_on$ u:object_r:ctl_sigstop_prop:s0 +ctl.sigstop_off$ u:object_r:ctl_sigstop_prop:s0 +ctl.start$ u:object_r:ctl_start_prop:s0 +ctl.stop$ u:object_r:ctl_stop_prop:s0 +ctl.restart$ u:object_r:ctl_restart_prop:s0 +ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0 +ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0 +ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0 + + # Restrict access to starting/stopping adbd +ctl.start$adbd u:object_r:ctl_adbd_prop:s0 +ctl.stop$adbd u:object_r:ctl_adbd_prop:s0 +ctl.restart$adbd u:object_r:ctl_adbd_prop:s0 + +# Restrict access to starting/stopping gsid. +ctl.start$gsid u:object_r:ctl_gsid_prop:s0 +ctl.stop$gsid u:object_r:ctl_gsid_prop:s0 +ctl.restart$gsid u:object_r:ctl_gsid_prop:s0 + +# Restrict access to stopping apexd. +ctl.stop$apexd u:object_r:ctl_apexd_prop:s0 + +# Restrict access to restart dumpstate +ctl.interface_restart$android.hardware.dumpstate u:object_r:ctl_dumpstate_prop:s0 + +# NFC properties +nfc. u:object_r:nfc_prop:s0 + +# These properties are not normally set by processes other than init. +# They are only distinguished here for setting by qemu-props on the +# emulator/goldfish. +config. u:object_r:config_prop:s0 +ro.config. u:object_r:config_prop:s0 +dalvik. u:object_r:dalvik_prop:s0 +ro.dalvik. u:object_r:dalvik_prop:s0 + +# Shared between system server and wificond +wifi. u:object_r:wifi_prop:s0 +wlan. u:object_r:wifi_prop:s0 + +# Lowpan properties +lowpan. u:object_r:lowpan_prop:s0 +ro.lowpan. u:object_r:lowpan_prop:s0 + +# heapprofd properties +heapprofd. u:object_r:heapprofd_prop:s0 + +# hwservicemanager properties +hwservicemanager. u:object_r:hwservicemanager_prop:s0 + +# Common default properties for vendor and odm. +init.svc.odm. u:object_r:vendor_default_prop:s0 +init.svc.vendor. u:object_r:vendor_default_prop:s0 +ro.hardware. u:object_r:vendor_default_prop:s0 +ro.odm. u:object_r:vendor_default_prop:s0 +ro.vendor. u:object_r:vendor_default_prop:s0 +odm. u:object_r:vendor_default_prop:s0 +persist.odm. u:object_r:vendor_default_prop:s0 +persist.vendor. u:object_r:vendor_default_prop:s0 +vendor. u:object_r:vendor_default_prop:s0 +# ro.boot. properties are set based on kernel commandline arguments, which are vendor owned. +ro.boot. u:object_r:exported2_default_prop:s0 + +# Properties that relate to time / time zone detection behavior. +persist.time. u:object_r:time_prop:s0 + +# Properties that relate to server configurable flags +device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0 +persist.device_config.activity_manager_native_boot. u:object_r:device_config_activity_manager_native_boot_prop:s0 +persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0 +persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0 +persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0 +persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0 +persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0 +persist.device_config.media_native. u:object_r:device_config_media_native_prop:s0 +persist.device_config.storage_native_boot. u:object_r:device_config_storage_native_boot_prop:s0 +persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0 +persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0 + +# Properties that relate to legacy server configurable flags +persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0 + +apexd. u:object_r:apexd_prop:s0 +persist.apexd. u:object_r:apexd_prop:s0 + +bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0 + +gsid. u:object_r:gsid_prop:s0 +ro.gsid. u:object_r:gsid_prop:s0 + +# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image, +# which can't use NNAPI vendor extensions). +ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0 + +# Property that is set once ueventd finishes cold boot. +ro.cold_boot_done u:object_r:cold_boot_done_prop:s0 + +# Charger properties +ro.charger. u:object_r:charger_prop:s0 + +# Virtual A/B properties +ro.virtual_ab.enabled u:object_r:virtual_ab_prop:s0 +ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0 + +# Property to set/clear the warm reset flag after an OTA update. +ota.warm_reset u:object_r:ota_prop:s0 + +# Module properties +com.android.sdkext. u:object_r:module_sdkextensions_prop:s0 +persist.com.android.sdkext. u:object_r:module_sdkextensions_prop:s0 + +# Userspace reboot properties +sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 +persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 + +# Integer property which is used in libgui to configure the number of frames +# tracked by buffer queue's frame event timing history. The property is set +# by devices with video decoding pipelines long enough to overflow the default +# history size. +ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 + +# Properties to configure userspace reboot. +init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool +init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int +init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int diff --git a/prebuilts/api/30.0/private/racoon.te b/prebuilts/api/30.0/private/racoon.te new file mode 100644 index 000000000..42ea7c9e4 --- /dev/null +++ b/prebuilts/api/30.0/private/racoon.te @@ -0,0 +1,3 @@ +typeattribute racoon coredomain; + +init_daemon_domain(racoon) diff --git a/prebuilts/api/30.0/private/radio.te b/prebuilts/api/30.0/private/radio.te new file mode 100644 index 000000000..00a5cda36 --- /dev/null +++ b/prebuilts/api/30.0/private/radio.te @@ -0,0 +1,25 @@ +typeattribute radio coredomain; + +app_domain(radio) + +read_runtime_log_tags(radio) + +# Telephony code contains time / time zone detection logic so it reads the associated properties. +get_prop(radio, time_prop) + +# allow telephony to access platform compat to log permission denials +allow radio platform_compat_service:service_manager find; + +allow radio uce_service:service_manager find; + +# Manage /data/misc/emergencynumberdb +allow radio emergency_data_file:dir r_dir_perms; +allow radio emergency_data_file:file r_file_perms; + +# allow sending pulled atoms to statsd +binder_call(radio, statsd) + +# allow telephony to access related cache properties +set_prop(radio, binder_cache_telephony_server_prop); +neverallow { domain -radio -init } + binder_cache_telephony_server_prop:property_service set; diff --git a/prebuilts/api/30.0/private/recovery.te b/prebuilts/api/30.0/private/recovery.te new file mode 100644 index 000000000..2a7fdc7e1 --- /dev/null +++ b/prebuilts/api/30.0/private/recovery.te @@ -0,0 +1 @@ +typeattribute recovery coredomain; diff --git a/prebuilts/api/30.0/private/recovery_persist.te b/prebuilts/api/30.0/private/recovery_persist.te new file mode 100644 index 000000000..7cb2e675a --- /dev/null +++ b/prebuilts/api/30.0/private/recovery_persist.te @@ -0,0 +1,11 @@ +typeattribute recovery_persist coredomain; + +init_daemon_domain(recovery_persist) + +# recovery_persist is not allowed to write anywhere other than recovery_data_file +neverallow recovery_persist { + file_type + -recovery_data_file + userdebug_or_eng(`-coredump_file') + with_native_coverage(`-method_trace_data_file') +}:file write; diff --git a/prebuilts/api/30.0/private/recovery_refresh.te b/prebuilts/api/30.0/private/recovery_refresh.te new file mode 100644 index 000000000..3c095cc26 --- /dev/null +++ b/prebuilts/api/30.0/private/recovery_refresh.te @@ -0,0 +1,10 @@ +typeattribute recovery_refresh coredomain; + +init_daemon_domain(recovery_refresh) + +# recovery_refresh is not allowed to write anywhere +neverallow recovery_refresh { + file_type + userdebug_or_eng(`-coredump_file') + with_native_coverage(`-method_trace_data_file') +}:file write; diff --git a/prebuilts/api/30.0/private/roles_decl b/prebuilts/api/30.0/private/roles_decl new file mode 100644 index 000000000..c84fcba0f --- /dev/null +++ b/prebuilts/api/30.0/private/roles_decl @@ -0,0 +1 @@ +role r; diff --git a/prebuilts/api/30.0/private/rs.te b/prebuilts/api/30.0/private/rs.te new file mode 100644 index 000000000..bf10841cc --- /dev/null +++ b/prebuilts/api/30.0/private/rs.te @@ -0,0 +1,39 @@ +# Any files which would have been created as app_data_file +# will be created as app_exec_data_file instead. +allow rs app_data_file:dir ra_dir_perms; +allow rs app_exec_data_file:file create_file_perms; +type_transition rs app_data_file:file app_exec_data_file; + +# Follow /data/user/0 symlink +allow rs system_data_file:lnk_file read; + +# Read files from the app home directory. +allow rs app_data_file:file r_file_perms; +allow rs app_data_file:dir r_dir_perms; + +# Cleanup app_exec_data_file files in the app home directory. +allow rs app_data_file:dir remove_name; + +# Use vendor resources +allow rs vendor_file:dir r_dir_perms; +r_dir_file(rs, vendor_overlay_file) +r_dir_file(rs, vendor_app_file) + +# Read contents of app apks +r_dir_file(rs, apk_data_file) + +allow rs gpu_device:chr_file rw_file_perms; +allow rs ion_device:chr_file r_file_perms; +allow rs same_process_hal_file:file { r_file_perms execute }; + +# File descriptors passed from app to renderscript +allow rs { untrusted_app_all ephemeral_app }:fd use; + +# rs can access app data, so ensure it can only be entered via an app domain and cannot have +# CAP_DAC_OVERRIDE. +neverallow rs rs:capability_class_set *; +neverallow { domain -appdomain } rs:process { dyntransition transition }; +neverallow rs { domain -crash_dump }:process { dyntransition transition }; +neverallow rs app_data_file:file_class_set ~r_file_perms; +# rs should never use network sockets +neverallow rs *:network_socket_class_set *; diff --git a/prebuilts/api/30.0/private/rss_hwm_reset.te b/prebuilts/api/30.0/private/rss_hwm_reset.te new file mode 100644 index 000000000..30818c2fa --- /dev/null +++ b/prebuilts/api/30.0/private/rss_hwm_reset.te @@ -0,0 +1,14 @@ +type rss_hwm_reset_exec, system_file_type, exec_type, file_type; + +# Start rss_hwm_reset from init. +init_daemon_domain(rss_hwm_reset) + +# Search /proc/pid directories. +allow rss_hwm_reset domain:dir search; + +# Write to /proc/pid/clear_refs of other processes. +# /proc/pid/clear_refs is S_IWUSER, see: fs/proc/base.c +allow rss_hwm_reset self:global_capability_class_set { dac_override }; + +# Write to /prc/pid/clear_refs. +allow rss_hwm_reset domain:file w_file_perms; diff --git a/prebuilts/api/30.0/private/runas.te b/prebuilts/api/30.0/private/runas.te new file mode 100644 index 000000000..ef31aac34 --- /dev/null +++ b/prebuilts/api/30.0/private/runas.te @@ -0,0 +1,4 @@ +typeattribute runas coredomain; + +# ndk-gdb invokes adb shell run-as. +domain_auto_trans(shell, runas_exec, runas) diff --git a/prebuilts/api/30.0/private/runas_app.te b/prebuilts/api/30.0/private/runas_app.te new file mode 100644 index 000000000..c1b354a9a --- /dev/null +++ b/prebuilts/api/30.0/private/runas_app.te @@ -0,0 +1,32 @@ +typeattribute runas_app coredomain; + +app_domain(runas_app) +untrusted_app_domain(runas_app) +net_domain(runas_app) +bluetooth_domain(runas_app) + +# The ability to call exec() on files in the apps home directories +# when using run-as on a debuggable app. Used to run lldb/ndk-gdb/simpleperf, +# which are copied to the apps home directories. +allow runas_app app_data_file:file execute_no_trans; + +# Allow lldb/ndk-gdb/simpleperf to read maps of debuggable app processes. +r_dir_file(runas_app, untrusted_app_all) + +# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes. +allow runas_app untrusted_app_all:process { ptrace signal sigstop }; +allow runas_app untrusted_app_all:unix_stream_socket connectto; + +# Allow executing system image simpleperf without a domain transition. +allow runas_app simpleperf_exec:file rx_file_perms; + +# Suppress denial logspam when simpleperf is trying to find a matching process +# by scanning /proc//cmdline files. The /proc/ directories are within +# the same domain as their respective process, most of which this domain is not +# allowed to see. +dontaudit runas_app domain:dir search; + +# Allow runas_app to call perf_event_open for profiling debuggable app +# processes, but not the whole system. +allow runas_app self:perf_event { open read write kernel }; +neverallow runas_app self:perf_event ~{ open read write kernel }; diff --git a/prebuilts/api/30.0/private/sdcardd.te b/prebuilts/api/30.0/private/sdcardd.te new file mode 100644 index 000000000..126d64349 --- /dev/null +++ b/prebuilts/api/30.0/private/sdcardd.te @@ -0,0 +1,3 @@ +typeattribute sdcardd coredomain; + +type_transition sdcardd system_data_file:{ dir file } media_rw_data_file; diff --git a/prebuilts/api/30.0/private/seapp_contexts b/prebuilts/api/30.0/private/seapp_contexts new file mode 100644 index 000000000..1bad9c11b --- /dev/null +++ b/prebuilts/api/30.0/private/seapp_contexts @@ -0,0 +1,175 @@ +# The entries in this file define how security contexts for apps are determined. +# Each entry lists input selectors, used to match the app, and outputs which are +# used to determine the security contexts for matching apps. +# +# Input selectors: +# isSystemServer (boolean) +# isEphemeralApp (boolean) +# isOwner (boolean) +# user (string) +# seinfo (string) +# name (string) +# path (string) +# isPrivApp (boolean) +# minTargetSdkVersion (unsigned integer) +# fromRunAs (boolean) +# +# All specified input selectors in an entry must match (i.e. logical AND). +# An unspecified string or boolean selector with no default will match any +# value. +# A user, name, or path string selector that ends in * will perform a prefix +# match. +# String matching is case-insensitive. +# See external/selinux/libselinux/src/android/android_platform.c, +# seapp_context_lookup(). +# +# isSystemServer=true only matches the system server. +# An unspecified isSystemServer defaults to false. +# isEphemeralApp=true will match apps marked by PackageManager as Ephemeral +# isOwner=true will only match for the owner/primary user. +# user=_app will match any regular app process. +# user=_isolated will match any isolated service process. +# Other values of user are matched against the name associated with the process +# UID. +# seinfo= matches aginst the seinfo tag for the app, determined from +# mac_permissions.xml files. +# The ':' character is reserved and may not be used in seinfo. +# name= matches against the package name of the app. +# path= matches against the directory path when labeling app directories. +# isPrivApp=true will only match for applications preinstalled in +# /system/priv-app. +# minTargetSdkVersion will match applications with a targetSdkVersion +# greater than or equal to the specified value. If unspecified, +# it has a default value of 0. +# fromRunAs=true means the process being labeled is started by run-as. Default +# is false. +# +# Precedence: entries are compared using the following rules, in the order shown +# (see external/selinux/libselinux/src/android/android_platform.c, +# seapp_context_cmp()). +# (1) isSystemServer=true before isSystemServer=false. +# (2) Specified isEphemeralApp= before unspecified isEphemeralApp= +# boolean. +# (3) Specified isOwner= before unspecified isOwner= boolean. +# (4) Specified user= string before unspecified user= string; +# more specific user= string before less specific user= string. +# (5) Specified seinfo= string before unspecified seinfo= string. +# (6) Specified name= string before unspecified name= string; +# more specific name= string before less specific name= string. +# (7) Specified path= string before unspecified path= string. +# more specific name= string before less specific name= string. +# (8) Specified isPrivApp= before unspecified isPrivApp= boolean. +# (9) Higher value of minTargetSdkVersion= before lower value of +# minTargetSdkVersion= integer. Note that minTargetSdkVersion= +# defaults to 0 if unspecified. +# (10) fromRunAs=true before fromRunAs=false. +# (A fixed selector is more specific than a prefix, i.e. ending in *, and a +# longer prefix is more specific than a shorter prefix.) +# Apps are checked against entries in precedence order until the first match, +# regardless of their order in this file. +# +# Duplicate entries, i.e. with identical input selectors, are not allowed. +# +# Outputs: +# domain (string) +# type (string) +# levelFrom (string; one of none, all, app, or user) +# level (string) +# +# domain= determines the label to be used for the app process; entries +# without domain= are ignored for this purpose. +# type= specifies the label to be used for the app data directory; entries +# without type= are ignored for this purpose. +# levelFrom and level are used to determine the level (sensitivity + categories) +# for MLS/MCS. +# levelFrom=none omits the level. +# levelFrom=app determines the level from the process UID. +# levelFrom=user determines the level from the user ID. +# levelFrom=all determines the level from both UID and user ID. +# +# levelFrom=user is only supported for _app or _isolated UIDs. +# levelFrom=app or levelFrom=all is only supported for _app UIDs. +# level may be used to specify a fixed level for any UID. +# +# For backwards compatibility levelFromUid=true is equivalent to levelFrom=app +# and levelFromUid=false is equivalent to levelFrom=none. +# +# +# Neverallow Assertions +# Additional compile time assertion checks for the rules in this file can be +# added as well. The assertion +# rules are lines beginning with the keyword neverallow. Full support for PCRE +# regular expressions exists on all input and output selectors. Neverallow +# rules are never output to the built seapp_contexts file. Like all keywords, +# neverallows are case-insensitive. A neverallow is asserted when all key value +# inputs are matched on a key value rule line. +# + +# only the system server can be in system_server domain +neverallow isSystemServer=false domain=system_server +neverallow isSystemServer="" domain=system_server + +# system domains should never be assigned outside of system uid +neverallow user=((?!system).)* domain=system_app +neverallow user=((?!system).)* type=system_app_data_file + +# any non priv-app with a non-known uid with a specified name should have a specified +# seinfo +neverallow user=_app isPrivApp=false name=.* seinfo="" +neverallow user=_app isPrivApp=false name=.* seinfo=default + +# neverallow shared relro to any other domain +# and neverallow any other uid into shared_relro +neverallow user=shared_relro domain=((?!shared_relro).)* +neverallow user=((?!shared_relro).)* domain=shared_relro + +# neverallow non-isolated uids into isolated_app domain +# and vice versa +neverallow user=_isolated domain=((?!isolated_app).)* +neverallow user=((?!_isolated).)* domain=isolated_app + +# uid shell should always be in shell domain, however non-shell +# uid's can be in shell domain +neverallow user=shell domain=((?!shell).)* + +# only the package named com.android.shell can run in the shell domain +neverallow domain=shell name=((?!com\.android\.shell).)* +neverallow user=shell name=((?!com\.android\.shell).)* + +# Ephemeral Apps must run in the ephemeral_app domain +neverallow isEphemeralApp=true domain=((?!ephemeral_app).)* + +isSystemServer=true domain=system_server_startup + +user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all +user=system seinfo=platform domain=system_app type=system_app_data_file +user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file +user=network_stack seinfo=network_stack domain=network_stack levelFrom=all type=radio_data_file +user=nfc seinfo=platform domain=nfc type=nfc_data_file +user=secure_element seinfo=platform domain=secure_element levelFrom=all +user=radio seinfo=platform domain=radio type=radio_data_file +user=shared_relro domain=shared_relro +user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file +user=webview_zygote seinfo=webview_zygote domain=webview_zygote +user=_isolated domain=isolated_app levelFrom=all +user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user +user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user +user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all +user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all +user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user +user=_app minTargetSdkVersion=30 domain=untrusted_app type=app_data_file levelFrom=all +user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all +user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all +user=_app minTargetSdkVersion=26 domain=untrusted_app_27 type=app_data_file levelFrom=user +user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user +user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all +user=_app fromRunAs=true domain=runas_app levelFrom=user diff --git a/prebuilts/api/30.0/private/secure_element.te b/prebuilts/api/30.0/private/secure_element.te new file mode 100644 index 000000000..57f512bbd --- /dev/null +++ b/prebuilts/api/30.0/private/secure_element.te @@ -0,0 +1,14 @@ +# secure element subsystem +typeattribute secure_element coredomain; +app_domain(secure_element) + +binder_service(secure_element) +add_service(secure_element, secure_element_service) + +allow secure_element app_api_service:service_manager find; +hal_client_domain(secure_element, hal_secure_element) + +# already open bugreport file descriptors may be shared with +# the secure element process, from a file in +# /data/data/com.android.shell/files/bugreports/bugreport-*. +allow secure_element shell_data_file:file read; diff --git a/prebuilts/api/30.0/private/security_classes b/prebuilts/api/30.0/private/security_classes new file mode 100644 index 000000000..04ed814ff --- /dev/null +++ b/prebuilts/api/30.0/private/security_classes @@ -0,0 +1,160 @@ +# FLASK + +# +# Define the security object classes +# + +# Classes marked as userspace are classes +# for userspace object managers + +class security +class process +class system +class capability + +# file-related classes +class filesystem +class file +class dir +class fd +class lnk_file +class chr_file +class blk_file +class sock_file +class fifo_file + +# network-related classes +class socket +class tcp_socket +class udp_socket +class rawip_socket +class node +class netif +class netlink_socket +class packet_socket +class key_socket +class unix_stream_socket +class unix_dgram_socket + +# sysv-ipc-related classes +class sem +class msg +class msgq +class shm +class ipc + +# extended netlink sockets +class netlink_route_socket +class netlink_tcpdiag_socket +class netlink_nflog_socket +class netlink_xfrm_socket +class netlink_selinux_socket +class netlink_audit_socket +class netlink_dnrt_socket + +# IPSec association +class association + +# Updated Netlink class for KOBJECT_UEVENT family. +class netlink_kobject_uevent_socket + +class appletalk_socket + +class packet + +# Kernel access key retention +class key + +class dccp_socket + +class memprotect + +# network peer labels +class peer + +# Capabilities >= 32 +class capability2 + +# kernel services that need to override task security, e.g. cachefiles +class kernel_service + +class tun_socket + +class binder + +# Updated netlink classes for more recent netlink protocols. +class netlink_iscsi_socket +class netlink_fib_lookup_socket +class netlink_connector_socket +class netlink_netfilter_socket +class netlink_generic_socket +class netlink_scsitransport_socket +class netlink_rdma_socket +class netlink_crypto_socket + +# Infiniband +class infiniband_pkey +class infiniband_endport + +# Capability checks when on a non-init user namespace +class cap_userns +class cap2_userns + +# New socket classes introduced by extended_socket_class policy capability. +# These two were previously mapped to rawip_socket. +class sctp_socket +class icmp_socket +# These were previously mapped to socket. +class ax25_socket +class ipx_socket +class netrom_socket +class atmpvc_socket +class x25_socket +class rose_socket +class decnet_socket +class atmsvc_socket +class rds_socket +class irda_socket +class pppox_socket +class llc_socket +class can_socket +class tipc_socket +class bluetooth_socket +class iucv_socket +class rxrpc_socket +class isdn_socket +class phonet_socket +class ieee802154_socket +class caif_socket +class alg_socket +class nfc_socket +class vsock_socket +class kcm_socket +class qipcrtr_socket +class smc_socket + +class process2 + +class bpf + +class xdp_socket + +class perf_event + +# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331 +class lockdown + +# Property service +class property_service # userspace + +# Service manager +class service_manager # userspace + +# hardware service manager # userspace +class hwservice_manager + +# Keystore Key +class keystore_key # userspace + +class drmservice # userspace +# FLASK diff --git a/prebuilts/api/30.0/private/service.te b/prebuilts/api/30.0/private/service.te new file mode 100644 index 000000000..6c17521ac --- /dev/null +++ b/prebuilts/api/30.0/private/service.te @@ -0,0 +1,8 @@ +type attention_service, system_server_service, service_manager_type; +type dynamic_system_service, system_api_service, system_server_service, service_manager_type; +type gsi_service, service_manager_type; +type incidentcompanion_service, system_api_service, system_server_service, service_manager_type; +type stats_service, service_manager_type; +type statscompanion_service, system_server_service, service_manager_type; +type statsmanager_service, system_api_service, system_server_service, service_manager_type; +type uce_service, service_manager_type; diff --git a/prebuilts/api/30.0/private/service_contexts b/prebuilts/api/30.0/private/service_contexts new file mode 100644 index 000000000..e01dcc1af --- /dev/null +++ b/prebuilts/api/30.0/private/service_contexts @@ -0,0 +1,249 @@ +android.hardware.identity.IIdentityCredentialStore/default u:object_r:hal_identity_service:s0 +android.hardware.light.ILights/default u:object_r:hal_light_service:s0 +android.hardware.power.IPower/default u:object_r:hal_power_service:s0 +android.hardware.rebootescrow.IRebootEscrow/default u:object_r:hal_rebootescrow_service:s0 +android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0 + +accessibility u:object_r:accessibility_service:s0 +account u:object_r:account_service:s0 +activity u:object_r:activity_service:s0 +activity_task u:object_r:activity_task_service:s0 +adb u:object_r:adb_service:s0 +aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0 +aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0 +alarm u:object_r:alarm_service:s0 +android.os.UpdateEngineService u:object_r:update_engine_service:s0 +android.security.identity u:object_r:credstore_service:s0 +android.security.keystore u:object_r:keystore_service:s0 +android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0 +app_binding u:object_r:app_binding_service:s0 +app_integrity u:object_r:app_integrity_service:s0 +app_prediction u:object_r:app_prediction_service:s0 +app_search u:object_r:app_search_service:s0 +apexservice u:object_r:apex_service:s0 +blob_store u:object_r:blob_store_service:s0 +gsiservice u:object_r:gsi_service:s0 +appops u:object_r:appops_service:s0 +appwidget u:object_r:appwidget_service:s0 +assetatlas u:object_r:assetatlas_service:s0 +attention u:object_r:attention_service:s0 +audio u:object_r:audio_service:s0 +auth u:object_r:auth_service:s0 +autofill u:object_r:autofill_service:s0 +backup u:object_r:backup_service:s0 +batteryproperties u:object_r:batteryproperties_service:s0 +batterystats u:object_r:batterystats_service:s0 +battery u:object_r:battery_service:s0 +binder_calls_stats u:object_r:binder_calls_stats_service:s0 +biometric u:object_r:biometric_service:s0 +bluetooth_manager u:object_r:bluetooth_manager_service:s0 +bluetooth u:object_r:bluetooth_service:s0 +broadcastradio u:object_r:broadcastradio_service:s0 +bugreport u:object_r:bugreport_service:s0 +carrier_config u:object_r:radio_service:s0 +clipboard u:object_r:clipboard_service:s0 +com.android.net.IProxyService u:object_r:IProxyService_service:s0 +companiondevice u:object_r:companion_device_service:s0 +platform_compat u:object_r:platform_compat_service:s0 +platform_compat_native u:object_r:platform_compat_service:s0 +connectivity u:object_r:connectivity_service:s0 +connmetrics u:object_r:connmetrics_service:s0 +consumer_ir u:object_r:consumer_ir_service:s0 +content u:object_r:content_service:s0 +content_capture u:object_r:content_capture_service:s0 +content_suggestions u:object_r:content_suggestions_service:s0 +contexthub u:object_r:contexthub_service:s0 +country_detector u:object_r:country_detector_service:s0 +coverage u:object_r:coverage_service:s0 +cpuinfo u:object_r:cpuinfo_service:s0 +crossprofileapps u:object_r:crossprofileapps_service:s0 +dataloader_manager u:object_r:dataloader_manager_service:s0 +dbinfo u:object_r:dbinfo_service:s0 +device_config u:object_r:device_config_service:s0 +device_policy u:object_r:device_policy_service:s0 +device_identifiers u:object_r:device_identifiers_service:s0 +deviceidle u:object_r:deviceidle_service:s0 +devicestoragemonitor u:object_r:devicestoragemonitor_service:s0 +diskstats u:object_r:diskstats_service:s0 +display u:object_r:display_service:s0 +dnsresolver u:object_r:dnsresolver_service:s0 +color_display u:object_r:color_display_service:s0 +netd_listener u:object_r:netd_listener_service:s0 +network_watchlist u:object_r:network_watchlist_service:s0 +DockObserver u:object_r:DockObserver_service:s0 +dreams u:object_r:dreams_service:s0 +drm.drmManager u:object_r:drmserver_service:s0 +dropbox u:object_r:dropbox_service:s0 +dumpstate u:object_r:dumpstate_service:s0 +dynamic_system u:object_r:dynamic_system_service:s0 +econtroller u:object_r:radio_service:s0 +emergency_affordance u:object_r:emergency_affordance_service:s0 +euicc_card_controller u:object_r:radio_service:s0 +external_vibrator_service u:object_r:external_vibrator_service:s0 +lowpan u:object_r:lowpan_service:s0 +ethernet u:object_r:ethernet_service:s0 +face u:object_r:face_service:s0 +file_integrity u:object_r:file_integrity_service:s0 +fingerprint u:object_r:fingerprint_service:s0 +font u:object_r:font_service:s0 +android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0 +gfxinfo u:object_r:gfxinfo_service:s0 +graphicsstats u:object_r:graphicsstats_service:s0 +gpu u:object_r:gpu_service:s0 +hardware u:object_r:hardware_service:s0 +hardware_properties u:object_r:hardware_properties_service:s0 +hdmi_control u:object_r:hdmi_control_service:s0 +ions u:object_r:radio_service:s0 +idmap u:object_r:idmap_service:s0 +incident u:object_r:incident_service:s0 +incidentcompanion u:object_r:incidentcompanion_service:s0 +inputflinger u:object_r:inputflinger_service:s0 +input_method u:object_r:input_method_service:s0 +input u:object_r:input_service:s0 +installd u:object_r:installd_service:s0 +iorapd u:object_r:iorapd_service:s0 +iphonesubinfo_msim u:object_r:radio_service:s0 +iphonesubinfo2 u:object_r:radio_service:s0 +iphonesubinfo u:object_r:radio_service:s0 +ims u:object_r:radio_service:s0 +imms u:object_r:imms_service:s0 +incremental u:object_r:incremental_service:s0 +ipsec u:object_r:ipsec_service:s0 +ircsmessage u:object_r:radio_service:s0 +iris u:object_r:iris_service:s0 +isms_msim u:object_r:radio_service:s0 +isms2 u:object_r:radio_service:s0 +isms u:object_r:radio_service:s0 +isub u:object_r:radio_service:s0 +jobscheduler u:object_r:jobscheduler_service:s0 +launcherapps u:object_r:launcherapps_service:s0 +lights u:object_r:light_service:s0 +location u:object_r:location_service:s0 +lock_settings u:object_r:lock_settings_service:s0 +looper_stats u:object_r:looper_stats_service:s0 +lpdump_service u:object_r:lpdump_service:s0 +media.aaudio u:object_r:audioserver_service:s0 +media.audio_flinger u:object_r:audioserver_service:s0 +media.audio_policy u:object_r:audioserver_service:s0 +media.camera u:object_r:cameraserver_service:s0 +media.camera.proxy u:object_r:cameraproxy_service:s0 +media.log u:object_r:audioserver_service:s0 +media.player u:object_r:mediaserver_service:s0 +media.metrics u:object_r:mediametrics_service:s0 +media.extractor u:object_r:mediaextractor_service:s0 +media.transcoding u:object_r:mediatranscoding_service:s0 +media.resource_manager u:object_r:mediaserver_service:s0 +media.sound_trigger_hw u:object_r:audioserver_service:s0 +media.drm u:object_r:mediadrmserver_service:s0 +media_projection u:object_r:media_projection_service:s0 +media_resource_monitor u:object_r:media_session_service:s0 +media_router u:object_r:media_router_service:s0 +media_session u:object_r:media_session_service:s0 +meminfo u:object_r:meminfo_service:s0 +midi u:object_r:midi_service:s0 +mount u:object_r:mount_service:s0 +netd u:object_r:netd_service:s0 +netpolicy u:object_r:netpolicy_service:s0 +netstats u:object_r:netstats_service:s0 +network_stack u:object_r:network_stack_service:s0 +network_management u:object_r:network_management_service:s0 +network_score u:object_r:network_score_service:s0 +network_time_update_service u:object_r:network_time_update_service:s0 +nfc u:object_r:nfc_service:s0 +notification u:object_r:notification_service:s0 +oem_lock u:object_r:oem_lock_service:s0 +otadexopt u:object_r:otadexopt_service:s0 +overlay u:object_r:overlay_service:s0 +package u:object_r:package_service:s0 +package_native u:object_r:package_native_service:s0 +permission u:object_r:permission_service:s0 +permissionmgr u:object_r:permissionmgr_service:s0 +persistent_data_block u:object_r:persistent_data_block_service:s0 +phone_msim u:object_r:radio_service:s0 +phone1 u:object_r:radio_service:s0 +phone2 u:object_r:radio_service:s0 +phone u:object_r:radio_service:s0 +pinner u:object_r:pinner_service:s0 +power u:object_r:power_service:s0 +print u:object_r:print_service:s0 +processinfo u:object_r:processinfo_service:s0 +procstats u:object_r:procstats_service:s0 +radio.phonesubinfo u:object_r:radio_service:s0 +radio.phone u:object_r:radio_service:s0 +radio.sms u:object_r:radio_service:s0 +rcs u:object_r:radio_service:s0 +recovery u:object_r:recovery_service:s0 +restrictions u:object_r:restrictions_service:s0 +role u:object_r:role_service:s0 +rollback u:object_r:rollback_service:s0 +rttmanager u:object_r:rttmanager_service:s0 +runtime u:object_r:runtime_service:s0 +samplingprofiler u:object_r:samplingprofiler_service:s0 +scheduling_policy u:object_r:scheduling_policy_service:s0 +search u:object_r:search_service:s0 +secure_element u:object_r:secure_element_service:s0 +sec_key_att_app_id_provider u:object_r:sec_key_att_app_id_provider_service:s0 +sensorservice u:object_r:sensorservice_service:s0 +sensor_privacy u:object_r:sensor_privacy_service:s0 +serial u:object_r:serial_service:s0 +servicediscovery u:object_r:servicediscovery_service:s0 +manager u:object_r:service_manager_service:s0 +settings u:object_r:settings_service:s0 +shortcut u:object_r:shortcut_service:s0 +simphonebook_msim u:object_r:radio_service:s0 +simphonebook2 u:object_r:radio_service:s0 +simphonebook u:object_r:radio_service:s0 +sip u:object_r:radio_service:s0 +slice u:object_r:slice_service:s0 +stats u:object_r:stats_service:s0 +statscompanion u:object_r:statscompanion_service:s0 +statsmanager u:object_r:statsmanager_service:s0 +soundtrigger u:object_r:voiceinteraction_service:s0 +soundtrigger_middleware u:object_r:soundtrigger_middleware_service:s0 +statusbar u:object_r:statusbar_service:s0 +storaged u:object_r:storaged_service:s0 +storaged_pri u:object_r:storaged_service:s0 +storagestats u:object_r:storagestats_service:s0 +SurfaceFlinger u:object_r:surfaceflinger_service:s0 +suspend_control u:object_r:system_suspend_control_service:s0 +system_config u:object_r:system_config_service:s0 +system_update u:object_r:system_update_service:s0 +task u:object_r:task_service:s0 +telecom u:object_r:telecom_service:s0 +telephony.registry u:object_r:registry_service:s0 +telephony_ims u:object_r:radio_service:s0 +testharness u:object_r:testharness_service:s0 +tethering u:object_r:tethering_service:s0 +textclassification u:object_r:textclassification_service:s0 +textservices u:object_r:textservices_service:s0 +time_detector u:object_r:timedetector_service:s0 +time_zone_detector u:object_r:timezonedetector_service:s0 +timezone u:object_r:timezone_service:s0 +thermalservice u:object_r:thermal_service:s0 +trust u:object_r:trust_service:s0 +tv_input u:object_r:tv_input_service:s0 +tv_tuner_resource_mgr u:object_r:tv_tuner_resource_mgr_service:s0 +uce u:object_r:uce_service:s0 +uimode u:object_r:uimode_service:s0 +updatelock u:object_r:updatelock_service:s0 +uri_grants u:object_r:uri_grants_service:s0 +usagestats u:object_r:usagestats_service:s0 +usb u:object_r:usb_service:s0 +user u:object_r:user_service:s0 +vibrator u:object_r:vibrator_service:s0 +virtual_touchpad u:object_r:virtual_touchpad_service:s0 +voiceinteraction u:object_r:voiceinteraction_service:s0 +vold u:object_r:vold_service:s0 +vr_hwc u:object_r:vr_hwc_service:s0 +vrflinger_vsync u:object_r:vrflinger_vsync_service:s0 +vrmanager u:object_r:vr_manager_service:s0 +wallpaper u:object_r:wallpaper_service:s0 +webviewupdate u:object_r:webviewupdate_service:s0 +wifip2p u:object_r:wifip2p_service:s0 +wifiscanner u:object_r:wifiscanner_service:s0 +wifi u:object_r:wifi_service:s0 +wifinl80211 u:object_r:wifinl80211_service:s0 +wifiaware u:object_r:wifiaware_service:s0 +wifirtt u:object_r:rttmanager_service:s0 +window u:object_r:window_service:s0 +* u:object_r:default_android_service:s0 diff --git a/prebuilts/api/30.0/private/servicemanager.te b/prebuilts/api/30.0/private/servicemanager.te new file mode 100644 index 000000000..629445204 --- /dev/null +++ b/prebuilts/api/30.0/private/servicemanager.te @@ -0,0 +1,7 @@ +typeattribute servicemanager coredomain; + +init_daemon_domain(servicemanager) + +read_runtime_log_tags(servicemanager) + +set_prop(servicemanager, ctl_interface_start_prop) diff --git a/prebuilts/api/30.0/private/sgdisk.te b/prebuilts/api/30.0/private/sgdisk.te new file mode 100644 index 000000000..a17342e01 --- /dev/null +++ b/prebuilts/api/30.0/private/sgdisk.te @@ -0,0 +1 @@ +typeattribute sgdisk coredomain; diff --git a/prebuilts/api/30.0/private/shared_relro.te b/prebuilts/api/30.0/private/shared_relro.te new file mode 100644 index 000000000..02f720682 --- /dev/null +++ b/prebuilts/api/30.0/private/shared_relro.te @@ -0,0 +1,5 @@ +typeattribute shared_relro coredomain; + +# The shared relro process is a Java program forked from the zygote, so it +# inherits from app to get basic permissions it needs to run. +app_domain(shared_relro) diff --git a/prebuilts/api/30.0/private/shell.te b/prebuilts/api/30.0/private/shell.te new file mode 100644 index 000000000..76ff0734d --- /dev/null +++ b/prebuilts/api/30.0/private/shell.te @@ -0,0 +1,92 @@ +typeattribute shell coredomain; + +# allow shell input injection +allow shell uhid_device:chr_file rw_file_perms; + +# systrace support - allow atrace to run +allow shell debugfs_tracing_debug:dir r_dir_perms; +allow shell debugfs_tracing:dir r_dir_perms; +allow shell debugfs_tracing:file rw_file_perms; +allow shell debugfs_trace_marker:file getattr; +allow shell atrace_exec:file rx_file_perms; + +userdebug_or_eng(` + allow shell debugfs_tracing_debug:file rw_file_perms; +') + +# read config.gz for CTS purposes +allow shell config_gz:file r_file_perms; + +# Run app_process. +# XXX Transition into its own domain? +app_domain(shell) + +# allow shell to call dumpsys storaged +binder_call(shell, storaged) + +# Perform SELinux access checks, needed for CTS +selinux_check_access(shell) +selinux_check_context(shell) + +# Control Perfetto traced and obtain traces from it. +# Needed for Studio and debugging. +unix_socket_connect(shell, traced_consumer, traced) + +# Allow shell binaries to write trace data to Perfetto. Used for testing and +# cmdline utils. +perfetto_producer(shell) + +domain_auto_trans(shell, vendor_shell_exec, vendor_shell) + +# Allow shell binaries to exec the perfetto cmdline util and have that +# transition into its own domain, so that it behaves consistently to +# when exec()-d by statsd. +domain_auto_trans(shell, perfetto_exec, perfetto) +# Allow to send SIGINT to perfetto when daemonized. +allow shell perfetto:process signal; + +# Allow shell to run adb shell cmd stats commands. Needed for CTS. +binder_call(shell, statsd); + +# Allow shell to read and unlink traces stored in /data/misc/perfetto-traces. +allow shell perfetto_traces_data_file:dir rw_dir_perms; +allow shell perfetto_traces_data_file:file { r_file_perms unlink }; + +# Allow shell to run adb shell cmd gpu commands. +binder_call(shell, gpuservice); + +# Allow shell to use atrace HAL +hal_client_domain(shell, hal_atrace) + +# For hostside tests such as CTS listening ports test. +allow shell proc_net_tcp_udp:file r_file_perms; + +# The dl.exec_linker* tests need to execute /system/bin/linker +# b/124789393 +allow shell system_linker_exec:file rx_file_perms; + +# Renderscript host side tests depend on being able to execute +# /system/bin/bcc (b/126388046) +allow shell rs_exec:file rx_file_perms; + +# Allow shell to start and comminicate with lpdumpd. +set_prop(shell, lpdumpd_prop); +binder_call(shell, lpdumpd) + +# Allow shell to set and read value of properties used for CTS tests of +# userspace reboot +set_prop(shell, userspace_reboot_test_prop) + +# Allow shell to get encryption policy of /data/local/tmp/, for CTS +allowxperm shell shell_data_file:dir ioctl { + FS_IOC_GET_ENCRYPTION_POLICY + FS_IOC_GET_ENCRYPTION_POLICY_EX +}; + +# Allow shell to execute simpleperf without a domain transition. +allow shell simpleperf_exec:file rx_file_perms; + +# Allow shell to call perf_event_open for profiling other shell processes, but +# not the whole system. +allow shell self:perf_event { open read write kernel }; +neverallow shell self:perf_event ~{ open read write kernel }; diff --git a/prebuilts/api/30.0/private/simpleperf.te b/prebuilts/api/30.0/private/simpleperf.te new file mode 100644 index 000000000..0639c1136 --- /dev/null +++ b/prebuilts/api/30.0/private/simpleperf.te @@ -0,0 +1,37 @@ +# Domain used when running /system/bin/simpleperf to profile a specific app. +# Entered either by the app itself exec-ing the binary, or through +# simpleperf_app_runner (with shell as its origin). Certain other domains +# (runas_app, shell) can also exec this binary without a domain transition. +typeattribute simpleperf coredomain; +type simpleperf_exec, system_file_type, exec_type, file_type; + +domain_auto_trans({ untrusted_app_all -runas_app }, simpleperf_exec, simpleperf) + +# When running in this domain, simpleperf is scoped to profiling an individual +# app. The necessary MAC permissions for profiling are more maintainable and +# consistent if simpleperf is marked as an app domain as well (as, for example, +# it will then see the same set of system libraries as the app). +app_domain(simpleperf) +untrusted_app_domain(simpleperf) + +# Allow ptrace attach to the target app, for reading JIT debug info (using +# process_vm_readv) during unwinding and symbolization. +allow simpleperf untrusted_app_all:process ptrace; + +# Allow using perf_event_open syscall for profiling the target app. +allow simpleperf self:perf_event { open read write kernel }; + +# Allow /proc/ access for the target app (for example, when trying to +# discover it by cmdline). +r_dir_file(simpleperf, untrusted_app_all) + +# Suppress denial logspam when simpleperf is trying to find a matching process +# by scanning /proc//cmdline files. The /proc/ directories are within +# the same domain as their respective processes, most of which this domain is +# not allowed to see. +dontaudit simpleperf domain:dir search; + +# Neverallows: + +# Profiling must be confined to the scope of an individual app. +neverallow simpleperf self:perf_event ~{ open read write kernel }; diff --git a/prebuilts/api/30.0/private/simpleperf_app_runner.te b/prebuilts/api/30.0/private/simpleperf_app_runner.te new file mode 100644 index 000000000..850182605 --- /dev/null +++ b/prebuilts/api/30.0/private/simpleperf_app_runner.te @@ -0,0 +1,3 @@ +typeattribute simpleperf_app_runner coredomain; + +domain_auto_trans(shell, simpleperf_app_runner_exec, simpleperf_app_runner) diff --git a/prebuilts/api/30.0/private/slideshow.te b/prebuilts/api/30.0/private/slideshow.te new file mode 100644 index 000000000..7dfa994ea --- /dev/null +++ b/prebuilts/api/30.0/private/slideshow.te @@ -0,0 +1 @@ +typeattribute slideshow coredomain; diff --git a/prebuilts/api/30.0/private/snapshotctl.te b/prebuilts/api/30.0/private/snapshotctl.te new file mode 100644 index 000000000..fb2bbcae7 --- /dev/null +++ b/prebuilts/api/30.0/private/snapshotctl.te @@ -0,0 +1,45 @@ +type snapshotctl, domain, coredomain; +type snapshotctl_exec, system_file_type, exec_type, file_type; + +# Allow init to run snapshotctl and do auto domain transfer. +init_daemon_domain(snapshotctl); + +# Allow to start gsid service. +set_prop(snapshotctl, ctl_gsid_prop) + +# Allow to talk to gsid. +binder_use(snapshotctl) +allow snapshotctl gsi_service:service_manager find; +binder_call(snapshotctl, gsid) + +# Allow to create/read/write/delete OTA metadata files for snapshot status and COW file status. +allow snapshotctl metadata_file:dir search; +allow snapshotctl ota_metadata_file:dir rw_dir_perms; +allow snapshotctl ota_metadata_file:file create_file_perms; + +# Allow to get A/B slot suffix from device tree or kernel cmdline. +r_dir_file(snapshotctl, sysfs_dt_firmware_android); +allow snapshotctl proc_cmdline:file r_file_perms; + +# Needed to (re-)map logical partitions. +allow snapshotctl block_device:dir r_dir_perms; +allow snapshotctl super_block_device:blk_file r_file_perms; + +# Interact with device-mapper to collapse snapshots. +allow snapshotctl dm_device:chr_file rw_file_perms; + +# Needed to mutate device-mapper nodes. +allow snapshotctl self:global_capability_class_set sys_admin; + +# Snapshotctl talk to boot control HAL to set merge status. +hwbinder_use(snapshotctl) +hal_client_domain(snapshotctl, hal_bootctl) + +# Allow snapshotctl to write to statsd socket. +unix_socket_send(snapshotctl, statsdw, statsd) + +# Logging +userdebug_or_eng(` + allow snapshotctl snapshotctl_log_data_file:dir rw_dir_perms; + allow snapshotctl snapshotctl_log_data_file:file create_file_perms; +') diff --git a/prebuilts/api/30.0/private/stats.te b/prebuilts/api/30.0/private/stats.te new file mode 100644 index 000000000..3e8a3d5fb --- /dev/null +++ b/prebuilts/api/30.0/private/stats.te @@ -0,0 +1,55 @@ +type stats, domain; +typeattribute stats coredomain; +type stats_exec, system_file_type, exec_type, file_type; + +# switch to stats domain for stats command +domain_auto_trans(shell, stats_exec, stats) + +# allow stats access to stdout from its parent shell. +allow stats shell:fd use; + +# allow stats to communicate use, read and write over the adb +# connection. +allow stats adbd:fd use; +allow stats adbd:unix_stream_socket { read write }; + +# allow adbd to reap stats +allow stats adbd:process { sigchld }; + +# Allow the stats command to talk to the statsd over the binder, and get +# back the stats report data from a ParcelFileDescriptor. +binder_use(stats) +allow stats stats_service:service_manager find; +binder_call(stats, statsd) +allow stats statsd:fifo_file write; + +# Only statsd can publish the binder service. +add_service(statsd, stats_service) + +# Allow pipes from (and only from) stats. +allow statsd stats:fd use; +allow statsd stats:fifo_file write; + +# Allow statsd to call back to stats with status updates. +binder_call(statsd, stats) + +### +### neverallow rules +### + +neverallow { + domain + -dumpstate + -gmscore_app + -gpuservice + -incidentd + -platform_app + -priv_app + -shell + -stats + -statsd + -surfaceflinger + -system_app + -system_server + -traceur_app +} stats_service:service_manager find; diff --git a/prebuilts/api/30.0/private/statsd.te b/prebuilts/api/30.0/private/statsd.te new file mode 100644 index 000000000..148315604 --- /dev/null +++ b/prebuilts/api/30.0/private/statsd.te @@ -0,0 +1,23 @@ +typeattribute statsd coredomain; + +init_daemon_domain(statsd) + +# Allow to exec the perfetto cmdline client and pass it the trace config on +# stdint through a pipe. It allows statsd to capture traces and hand them +# to Android dropbox. +allow statsd perfetto_exec:file rx_file_perms; +domain_auto_trans(statsd, perfetto_exec, perfetto) + +# Grant statsd with permissions to register the services. +allow statsd { + statscompanion_service +}:service_manager find; + +# Allow incidentd to obtain the statsd incident section. +allow statsd incidentd:fifo_file write; + +# Allow StatsCompanionService to pipe data to statsd. +allow statsd system_server:fifo_file { read getattr }; + +# Allow statsd to retrieve SF statistics over binder +binder_call(statsd, surfaceflinger); diff --git a/prebuilts/api/30.0/private/storaged.te b/prebuilts/api/30.0/private/storaged.te new file mode 100644 index 000000000..b7d4ae9ce --- /dev/null +++ b/prebuilts/api/30.0/private/storaged.te @@ -0,0 +1,67 @@ +# storaged daemon +type storaged, domain, coredomain, mlstrustedsubject; +type storaged_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(storaged) + +# Read access to pseudo filesystems +r_dir_file(storaged, domain) + +# Read /proc/uid_io/stats +allow storaged proc_uid_io_stats:file r_file_perms; + +# Read /data/system/packages.list +allow storaged system_data_file:file r_file_perms; +allow storaged packages_list_file:file r_file_perms; + +# Store storaged proto file +allow storaged storaged_data_file:dir rw_dir_perms; +allow storaged storaged_data_file:file create_file_perms; + +userdebug_or_eng(` + # Read access to debugfs + allow storaged debugfs_mmc:dir search; + allow storaged debugfs_mmc:file r_file_perms; +') + +# Needed to provide debug dump output via dumpsys pipes. +allow storaged shell:fd use; +allow storaged shell:fifo_file write; + +# Needed for GMScore to call dumpsys storaged +allow storaged priv_app:fd use; +# b/142672293: No other priv-app should need this allow rule now that GMS core runs in its own domain. +# Remove after no logs are seen for this rule. +userdebug_or_eng(` + auditallow storaged priv_app:fd use; +') +allow storaged gmscore_app:fd use; +allow storaged { privapp_data_file app_data_file }:file write; +allow storaged permission_service:service_manager find; + +# Binder permissions +add_service(storaged, storaged_service) + +binder_use(storaged) +binder_call(storaged, system_server) + +hal_client_domain(storaged, hal_health) + +# Implements a dumpsys interface. +allow storaged dumpstate:fd use; + +# use a subset of the package manager service +allow storaged package_native_service:service_manager find; + +# Kernel does extra check on CAP_DAC_OVERRIDE for libbinder when storaged is +# running as root. See b/35323867 #3. +dontaudit storaged self:global_capability_class_set { dac_override dac_read_search }; + +# For collecting bugreports. +allow storaged dumpstate:fifo_file write; + +### +### neverallow +### +neverallow storaged domain:process ptrace; +neverallow storaged self:capability_class_set *; diff --git a/prebuilts/api/30.0/private/su.te b/prebuilts/api/30.0/private/su.te new file mode 100644 index 000000000..16e47bbbf --- /dev/null +++ b/prebuilts/api/30.0/private/su.te @@ -0,0 +1,23 @@ +userdebug_or_eng(` + typeattribute su coredomain; + + domain_auto_trans(shell, su_exec, su) + # Allow dumpstate to call su on userdebug / eng builds to collect + # additional information. + domain_auto_trans(dumpstate, su_exec, su) + + # Make sure that dumpstate runs the same from the "su" domain as + # from the "init" domain. + domain_auto_trans(su, dumpstate_exec, dumpstate) + + # Put the incident command into its domain so it is the same on user, userdebug and eng. + domain_auto_trans(su, incident_exec, incident) + + # Put the perfetto command into its domain so it is the same on user, userdebug and eng. + domain_auto_trans(su, perfetto_exec, perfetto) + + # su is also permissive to permit setenforce. + permissive su; + + app_domain(su) +') diff --git a/prebuilts/api/30.0/private/surfaceflinger.te b/prebuilts/api/30.0/private/surfaceflinger.te new file mode 100644 index 000000000..cf709df31 --- /dev/null +++ b/prebuilts/api/30.0/private/surfaceflinger.te @@ -0,0 +1,142 @@ +# surfaceflinger - display compositor service + +typeattribute surfaceflinger coredomain; + +type surfaceflinger_exec, system_file_type, exec_type, file_type; +init_daemon_domain(surfaceflinger) +tmpfs_domain(surfaceflinger) + +typeattribute surfaceflinger mlstrustedsubject; +typeattribute surfaceflinger display_service_server; + +read_runtime_log_tags(surfaceflinger) + +# Perform HwBinder IPC. +hal_client_domain(surfaceflinger, hal_graphics_allocator) +hal_client_domain(surfaceflinger, hal_graphics_composer) +typeattribute surfaceflinger_tmpfs hal_graphics_composer_client_tmpfs; +hal_client_domain(surfaceflinger, hal_codec2) +hal_client_domain(surfaceflinger, hal_omx) +hal_client_domain(surfaceflinger, hal_configstore) +hal_client_domain(surfaceflinger, hal_power) +hal_client_domain(surfaceflinger, hal_bufferhub) +allow surfaceflinger hidl_token_hwservice:hwservice_manager find; + +# Perform Binder IPC. +binder_use(surfaceflinger) +binder_call(surfaceflinger, binderservicedomain) +binder_call(surfaceflinger, appdomain) +binder_call(surfaceflinger, bootanim) +binder_call(surfaceflinger, system_server); +binder_service(surfaceflinger) + +# Binder IPC to bu, presently runs in adbd domain. +binder_call(surfaceflinger, adbd) + +# Read /proc/pid files for Binder clients. +r_dir_file(surfaceflinger, binderservicedomain) +r_dir_file(surfaceflinger, appdomain) + +# Access the GPU. +allow surfaceflinger gpu_device:chr_file rw_file_perms; + +# Access /dev/graphics/fb0. +allow surfaceflinger graphics_device:dir search; +allow surfaceflinger graphics_device:chr_file rw_file_perms; + +# Access /dev/video1. +allow surfaceflinger video_device:dir r_dir_perms; +allow surfaceflinger video_device:chr_file rw_file_perms; + +# Create and use netlink kobject uevent sockets. +allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Set properties. +set_prop(surfaceflinger, system_prop) +set_prop(surfaceflinger, exported_system_prop) +set_prop(surfaceflinger, exported2_system_prop) +set_prop(surfaceflinger, exported3_system_prop) +set_prop(surfaceflinger, ctl_bootanim_prop) + +# Use open files supplied by an app. +allow surfaceflinger appdomain:fd use; +allow surfaceflinger { app_data_file privapp_data_file }:file { read write }; + +# Allow writing surface traces to /data/misc/wmtrace. +userdebug_or_eng(` + allow surfaceflinger wm_trace_data_file:dir rw_dir_perms; + allow surfaceflinger wm_trace_data_file:file { getattr setattr create w_file_perms }; +') + +# Needed to register as a Perfetto producer. +perfetto_producer(surfaceflinger) + +# Use socket supplied by adbd, for cmd gpu vkjson etc. +allow surfaceflinger adbd:unix_stream_socket { read write getattr }; + +# Allow a dumpstate triggered screenshot +binder_call(surfaceflinger, dumpstate) +binder_call(surfaceflinger, shell) +r_dir_file(surfaceflinger, dumpstate) + +# media.player service + +# do not use add_service() as hal_graphics_composer_default may be the +# provider as well +#add_service(surfaceflinger, surfaceflinger_service) +allow surfaceflinger surfaceflinger_service:service_manager { add find }; + +add_service(surfaceflinger, vrflinger_vsync_service) + +allow surfaceflinger mediaserver_service:service_manager find; +allow surfaceflinger permission_service:service_manager find; +allow surfaceflinger power_service:service_manager find; +allow surfaceflinger vr_manager_service:service_manager find; +allow surfaceflinger window_service:service_manager find; +allow surfaceflinger inputflinger_service:service_manager find; + + +# allow self to set SCHED_FIFO +allow surfaceflinger self:global_capability_class_set sys_nice; +allow surfaceflinger proc_meminfo:file r_file_perms; +r_dir_file(surfaceflinger, cgroup) +r_dir_file(surfaceflinger, system_file) +allow surfaceflinger tmpfs:dir r_dir_perms; +allow surfaceflinger system_server:fd use; +allow surfaceflinger system_server:unix_stream_socket { read write }; +allow surfaceflinger ion_device:chr_file r_file_perms; + +# pdx IPC +pdx_server(surfaceflinger, display_client) +pdx_server(surfaceflinger, display_manager) +pdx_server(surfaceflinger, display_screenshot) +pdx_server(surfaceflinger, display_vsync) + +pdx_client(surfaceflinger, bufferhub_client) +pdx_client(surfaceflinger, performance_client) + +# Allow supplying timestats statistics to statsd +allow surfaceflinger stats_service:service_manager find; +allow surfaceflinger statsmanager_service:service_manager find; +# TODO(146461633): remove this once native pullers talk to StatsManagerService +binder_call(surfaceflinger, statsd); + +# Allow pushing jank event atoms to statsd +userdebug_or_eng(` + unix_socket_send(surfaceflinger, statsdw, statsd) +') + +# Surfaceflinger should not be reading default vendor-defined properties. +dontaudit surfaceflinger vendor_default_prop:file read; + +### +### Neverallow rules +### +### surfaceflinger should NEVER do any of this + +# Do not allow accessing SDcard files as unsafe ejection could +# cause the kernel to kill the process. +neverallow surfaceflinger sdcard_type:file rw_file_perms; + +# b/68864350 +dontaudit surfaceflinger unlabeled:dir search; diff --git a/prebuilts/api/30.0/private/system_app.te b/prebuilts/api/30.0/private/system_app.te new file mode 100644 index 000000000..0b77bb372 --- /dev/null +++ b/prebuilts/api/30.0/private/system_app.te @@ -0,0 +1,171 @@ +### +### Apps that run with the system UID, e.g. com.android.system.ui, +### com.android.settings. These are not as privileged as the system +### server. +### + +typeattribute system_app coredomain; + +app_domain(system_app) +net_domain(system_app) +binder_service(system_app) + +# android.ui and system.ui +allow system_app rootfs:dir getattr; + +# Read and write /data/data subdirectory. +allow system_app system_app_data_file:dir create_dir_perms; +allow system_app system_app_data_file:{ file lnk_file } create_file_perms; + +# Read and write to /data/misc/user. +allow system_app misc_user_data_file:dir create_dir_perms; +allow system_app misc_user_data_file:file create_file_perms; + +# Access to vold-mounted storage for measuring free space +allow system_app mnt_media_rw_file:dir search; + +# Access to apex files stored on /data (b/136063500) +# Needed so that Settings can access NOTICE files inside apex +# files located in the assets/ directory. +allow system_app apex_data_file:dir search; +allow system_app staging_data_file:file r_file_perms; + +# Read wallpaper file. +allow system_app wallpaper_file:file r_file_perms; + +# Read icon file. +allow system_app icon_file:file r_file_perms; + +# Write to properties +set_prop(system_app, bluetooth_a2dp_offload_prop) +set_prop(system_app, bluetooth_audio_hal_prop) +set_prop(system_app, bluetooth_prop) +set_prop(system_app, debug_prop) +set_prop(system_app, system_prop) +set_prop(system_app, exported_bluetooth_prop) +set_prop(system_app, exported_system_prop) +set_prop(system_app, exported2_system_prop) +set_prop(system_app, exported3_system_prop) +set_prop(system_app, logd_prop) +set_prop(system_app, net_radio_prop) +set_prop(system_app, system_radio_prop) +set_prop(system_app, exported_system_radio_prop) +set_prop(system_app, log_tag_prop) +userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)') +auditallow system_app net_radio_prop:property_service set; +auditallow system_app system_radio_prop:property_service set; +auditallow system_app exported_system_radio_prop:property_service set; +# Allow Settings to enable Dynamic System Update +set_prop(system_app, dynamic_system_prop) + +# ctl interface +set_prop(system_app, ctl_default_prop) +set_prop(system_app, ctl_bugreport_prop) + +# Allow developer settings to query gsid status +get_prop(system_app, gsid_prop) + +# Create /data/anr/traces.txt. +allow system_app anr_data_file:dir ra_dir_perms; +allow system_app anr_data_file:file create_file_perms; + +# Settings need to access app name and icon from asec +allow system_app asec_apk_file:file r_file_perms; + +# Allow system_app (adb data loader) to write data to /data/incremental +allow system_app apk_data_file:file write; + +# Allow system app (adb data loader) to read logs +allow system_app incremental_control_file:file r_file_perms; + +# Allow system apps (like Settings) to interact with statsd +binder_call(system_app, statsd) + +# Allow system apps to interact with incidentd +binder_call(system_app, incidentd) + +# Allow system apps to interact with gpuservice +binder_call(system_app, gpuservice) + +# Allow system app to interact with Dumpstate HAL +hal_client_domain(system_app, hal_dumpstate) + +allow system_app servicemanager:service_manager list; +# TODO: scope this down? Too broad? +allow system_app { + service_manager_type + -apex_service + -dnsresolver_service + -dumpstate_service + -installd_service + -iorapd_service + -lpdump_service + -netd_service + -system_suspend_control_service + -virtual_touchpad_service + -vold_service + -vr_hwc_service + -default_android_service +}:service_manager find; +# suppress denials for services system_app should not be accessing. +dontaudit system_app { + dnsresolver_service + dumpstate_service + installd_service + iorapd_service + netd_service + virtual_touchpad_service + vold_service + vr_hwc_service +}:service_manager find; + +allow system_app keystore:keystore_key { + get_state + get + insert + delete + exist + list + reset + password + lock + unlock + is_empty + sign + verify + grant + duplicate + clear_uid + user_changed +}; + +# settings app reads /proc/version +allow system_app { + proc_version +}:file r_file_perms; + +# Settings app writes to /dev/stune/foreground/tasks. +allow system_app cgroup:file w_file_perms; + +control_logd(system_app) +read_runtime_log_tags(system_app) +get_prop(system_app, device_logging_prop) + +# allow system apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow system_app system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +### +### Neverallow rules +### + +# app domains which access /dev/fuse should not run as system_app +neverallow system_app fuse_device:chr_file *; + +# Apps which run as UID=system should not rely on any attacker controlled +# filesystem locations, such as /data/local/tmp. For /data/local/tmp, we +# allow writes to files passed by file descriptor to support dumpstate and +# bug reports, but not reads. +neverallow system_app shell_data_file:dir { no_w_dir_perms open search read }; +neverallow system_app shell_data_file:file { open read ioctl lock }; diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te new file mode 100644 index 000000000..bfac1a6ec --- /dev/null +++ b/prebuilts/api/30.0/private/system_server.te @@ -0,0 +1,1164 @@ +# +# System Server aka system_server spawned by zygote. +# Most of the framework services run in this process. +# + +typeattribute system_server coredomain; +typeattribute system_server mlstrustedsubject; +typeattribute system_server scheduler_service_server; +typeattribute system_server sensor_service_server; +typeattribute system_server stats_service_server; + +# Define a type for tmpfs-backed ashmem regions. +tmpfs_domain(system_server) + +# Create a socket for connections from crash_dump. +type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket"; + +# Create a socket for connections from zygotes. +type_transition system_server system_data_file:sock_file system_unsolzygote_socket "unsolzygotesocket"; + +allow system_server zygote_tmpfs:file read; +allow system_server appdomain_tmpfs:file { getattr map read write }; + +# For Incremental Service to check if incfs is available +allow system_server proc_filesystems:file r_file_perms; + +# To create files and get permission to fill blocks on Incremental File System +allow system_server incremental_control_file:file { ioctl r_file_perms }; +allowxperm system_server incremental_control_file:file ioctl { INCFS_IOCTL_CREATE_FILE INCFS_IOCTL_PERMIT_FILL }; + +# To get signature of an APK installed on Incremental File System and fill in data blocks +allowxperm system_server apk_data_file:file ioctl { INCFS_IOCTL_READ_SIGNATURE INCFS_IOCTL_FILL_BLOCKS }; + +# For art. +allow system_server dalvikcache_data_file:dir r_dir_perms; +allow system_server dalvikcache_data_file:file r_file_perms; + +# When running system server under --invoke-with, we'll try to load the boot image under the +# system server domain, following links to the system partition. +with_asan(`allow system_server dalvikcache_data_file:lnk_file r_file_perms;') + +# /data/resource-cache +allow system_server resourcecache_data_file:file r_file_perms; +allow system_server resourcecache_data_file:dir r_dir_perms; + +# ptrace to processes in the same domain for debugging crashes. +allow system_server self:process ptrace; + +# Child of the zygote. +allow system_server zygote:fd use; +allow system_server zygote:process sigchld; + +# May kill zygote on crashes. +allow system_server { + app_zygote + crash_dump + webview_zygote + zygote +}:process { sigkill signull }; + +# Read /system/bin/app_process. +allow system_server zygote_exec:file r_file_perms; + +# Needed to close the zygote socket, which involves getopt / getattr +allow system_server zygote:unix_stream_socket { getopt getattr }; + +# system server gets network and bluetooth permissions. +net_domain(system_server) +# in addition to ioctls whitelisted for all domains, also allow system_server +# to use privileged ioctls commands. Needed to set up VPNs. +allowxperm system_server self:udp_socket ioctl priv_sock_ioctls; +bluetooth_domain(system_server) + +# Allow setup of tcp keepalive offload. This gives system_server the permission to +# call ioctl on app domains' tcp sockets. Additional ioctl commands still need to +# be granted individually, except for a small set of safe values whitelisted in +# public/domain.te. +allow system_server appdomain:tcp_socket ioctl; + +# These are the capabilities assigned by the zygote to the +# system server. +allow system_server self:global_capability_class_set { + ipc_lock + kill + net_admin + net_bind_service + net_broadcast + net_raw + sys_boot + sys_nice + sys_ptrace + sys_time + sys_tty_config +}; + +# Trigger module auto-load. +allow system_server kernel:system module_request; + +# Allow alarmtimers to be set +allow system_server self:global_capability2_class_set wake_alarm; + +# Create and share netlink_netfilter_sockets for tetheroffload. +allow system_server self:netlink_netfilter_socket create_socket_perms_no_ioctl; + +# Create/use netlink_tcpdiag_socket for looking up connection UIDs for VPN apps. +allow system_server self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read }; + +# Use netlink uevent sockets. +allow system_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Use generic netlink sockets. +allow system_server self:netlink_socket create_socket_perms_no_ioctl; +allow system_server self:netlink_generic_socket create_socket_perms_no_ioctl; + +# libvintf reads the kernel config to verify vendor interface compatibility. +allow system_server config_gz:file { read open }; + +# Use generic "sockets" where the address family is not known +# to the kernel. The ioctl permission is specifically omitted here, but may +# be added to device specific policy along with the ioctl commands to be +# whitelisted. +allow system_server self:socket create_socket_perms_no_ioctl; + +# Set and get routes directly via netlink. +allow system_server self:netlink_route_socket nlmsg_write; + +# Kill apps. +allow system_server appdomain:process { getpgid sigkill signal }; +# signull allowed for kill(pid, 0) existence test. +allow system_server appdomain:process { signull }; + +# Set scheduling info for apps. +allow system_server appdomain:process { getsched setsched }; +allow system_server audioserver:process { getsched setsched }; +allow system_server hal_audio:process { getsched setsched }; +allow system_server hal_bluetooth:process { getsched setsched }; +allow system_server hal_codec2_server:process { getsched setsched }; +allow system_server hal_omx_server:process { getsched setsched }; +allow system_server mediaswcodec:process { getsched setsched }; +allow system_server cameraserver:process { getsched setsched }; +allow system_server hal_camera:process { getsched setsched }; +allow system_server mediaserver:process { getsched setsched }; +allow system_server bootanim:process { getsched setsched }; + +# Set scheduling info for psi monitor thread. +# TODO: delete this line b/131761776 +allow system_server kernel:process { getsched setsched }; + +# Allow system_server to write to /proc//* +allow system_server domain:file w_file_perms; + +# Read /proc/pid data for all domains. This is used by ProcessCpuTracker +# within system_server to keep track of memory and CPU usage for +# all processes on the device. In addition, /proc/pid files access is needed +# for dumping stack traces of native processes. +r_dir_file(system_server, domain) + +# Write /proc/uid_cputime/remove_uid_range. +allow system_server proc_uid_cputime_removeuid:file { w_file_perms getattr }; + +# Write /proc/uid_procstat/set. +allow system_server proc_uid_procstat_set:file { w_file_perms getattr }; + +# Write to /proc/sysrq-trigger. +allow system_server proc_sysrq:file rw_file_perms; + +# Delete /data/misc/stats-data/ and /data/misc/stats-service/ directories. +allow system_server stats_data_file:dir { open read remove_name search write }; +allow system_server stats_data_file:file unlink; + +# Read /sys/kernel/debug/wakeup_sources. +allow system_server debugfs_wakeup_sources:file r_file_perms; + +# Read /sys/kernel/ion/*. +allow system_server sysfs_ion:file r_file_perms; + +# The DhcpClient and WifiWatchdog use packet_sockets +allow system_server self:packet_socket create_socket_perms_no_ioctl; + +# 3rd party VPN clients require a tun_socket to be created +allow system_server self:tun_socket create_socket_perms_no_ioctl; + +# Talk to init and various daemons via sockets. +unix_socket_connect(system_server, lmkd, lmkd) +unix_socket_connect(system_server, mtpd, mtp) +unix_socket_connect(system_server, zygote, zygote) +unix_socket_connect(system_server, racoon, racoon) +unix_socket_connect(system_server, uncrypt, uncrypt) + +# Allow system_server to write to statsd. +unix_socket_send(system_server, statsdw, statsd) + +# Communicate over a socket created by surfaceflinger. +allow system_server surfaceflinger:unix_stream_socket { read write setopt }; + +allow system_server gpuservice:unix_stream_socket { read write setopt }; + +# Communicate over a socket created by webview_zygote. +allow system_server webview_zygote:unix_stream_socket { read write connectto setopt }; + +# Communicate over a socket created by app_zygote. +allow system_server app_zygote:unix_stream_socket { read write connectto setopt }; + +# Perform Binder IPC. +binder_use(system_server) +binder_call(system_server, appdomain) +binder_call(system_server, binderservicedomain) +binder_call(system_server, dumpstate) +binder_call(system_server, fingerprintd) +binder_call(system_server, gatekeeperd) +binder_call(system_server, idmap) +binder_call(system_server, installd) +binder_call(system_server, incidentd) +binder_call(system_server, iorapd) +binder_call(system_server, netd) +binder_call(system_server, notify_traceur) +binder_call(system_server, statsd) +binder_call(system_server, storaged) +binder_call(system_server, update_engine) +binder_call(system_server, vold) +binder_call(system_server, wificond) +binder_call(system_server, wpantund) +binder_service(system_server) + +# Use HALs +hal_client_domain(system_server, hal_allocator) +hal_client_domain(system_server, hal_audio) +hal_client_domain(system_server, hal_authsecret) +hal_client_domain(system_server, hal_broadcastradio) +hal_client_domain(system_server, hal_codec2) +hal_client_domain(system_server, hal_configstore) +hal_client_domain(system_server, hal_contexthub) +hal_client_domain(system_server, hal_face) +hal_client_domain(system_server, hal_fingerprint) +hal_client_domain(system_server, hal_gnss) +hal_client_domain(system_server, hal_graphics_allocator) +hal_client_domain(system_server, hal_health) +hal_client_domain(system_server, hal_input_classifier) +hal_client_domain(system_server, hal_ir) +hal_client_domain(system_server, hal_light) +hal_client_domain(system_server, hal_memtrack) +hal_client_domain(system_server, hal_neuralnetworks) +hal_client_domain(system_server, hal_oemlock) +hal_client_domain(system_server, hal_omx) +hal_client_domain(system_server, hal_power) +hal_client_domain(system_server, hal_power_stats) +hal_client_domain(system_server, hal_rebootescrow) +hal_client_domain(system_server, hal_sensors) +hal_client_domain(system_server, hal_tetheroffload) +hal_client_domain(system_server, hal_thermal) +hal_client_domain(system_server, hal_tv_cec) +hal_client_domain(system_server, hal_tv_input) +hal_client_domain(system_server, hal_usb) +hal_client_domain(system_server, hal_usb_gadget) +hal_client_domain(system_server, hal_vibrator) +hal_client_domain(system_server, hal_vr) +hal_client_domain(system_server, hal_weaver) +hal_client_domain(system_server, hal_wifi) +hal_client_domain(system_server, hal_wifi_hostapd) +hal_client_domain(system_server, hal_wifi_supplicant) + +# Talk with graphics composer fences +allow system_server hal_graphics_composer:fd use; + +# Use RenderScript always-passthrough HAL +allow system_server hal_renderscript_hwservice:hwservice_manager find; +allow system_server same_process_hal_file:file { execute read open getattr map }; + +# Talk to tombstoned to get ANR traces. +unix_socket_connect(system_server, tombstoned_intercept, tombstoned) + +# List HAL interfaces to get ANR traces. +allow system_server hwservicemanager:hwservice_manager list; + +# Send signals to trigger ANR traces. +allow system_server { + # This is derived from the list that system server defines as interesting native processes + # to dump during ANRs or watchdog aborts, defined in NATIVE_STACKS_OF_INTEREST in + # frameworks/base/services/core/java/com/android/server/Watchdog.java. + audioserver + cameraserver + drmserver + gpuservice + inputflinger + mediadrmserver + mediaextractor + mediametrics + mediaserver + mediaswcodec + netd + sdcardd + statsd + surfaceflinger + vold + + # This list comes from HAL_INTERFACES_OF_INTEREST in + # frameworks/base/services/core/java/com/android/server/Watchdog.java. + hal_audio_server + hal_bluetooth_server + hal_camera_server + hal_codec2_server + hal_face_server + hal_fingerprint_server + hal_gnss_server + hal_graphics_allocator_server + hal_graphics_composer_server + hal_health_server + hal_neuralnetworks_server + hal_omx_server + hal_power_stats_server + hal_sensors_server + hal_vr_server + system_suspend_server +}:process { signal }; + +# Use sockets received over binder from various services. +allow system_server audioserver:tcp_socket rw_socket_perms; +allow system_server audioserver:udp_socket rw_socket_perms; +allow system_server mediaserver:tcp_socket rw_socket_perms; +allow system_server mediaserver:udp_socket rw_socket_perms; + +# Use sockets received over binder from various services. +allow system_server mediadrmserver:tcp_socket rw_socket_perms; +allow system_server mediadrmserver:udp_socket rw_socket_perms; + +userdebug_or_eng(`perfetto_producer({ system_server })') + +# Get file context +allow system_server file_contexts_file:file r_file_perms; +# access for mac_permissions +allow system_server mac_perms_file: file r_file_perms; +# Check SELinux permissions. +selinux_check_access(system_server) + +allow system_server sysfs_type:dir search; + +r_dir_file(system_server, sysfs_android_usb) +allow system_server sysfs_android_usb:file w_file_perms; + +allow system_server sysfs_extcon:dir r_dir_perms; + +r_dir_file(system_server, sysfs_ipv4) +allow system_server sysfs_ipv4:file w_file_perms; + +r_dir_file(system_server, sysfs_rtc) +r_dir_file(system_server, sysfs_switch) +r_dir_file(system_server, sysfs_wakeup_reasons) + +allow system_server sysfs_nfc_power_writable:file rw_file_perms; +allow system_server sysfs_power:dir search; +allow system_server sysfs_power:file rw_file_perms; +allow system_server sysfs_thermal:dir search; +allow system_server sysfs_thermal:file r_file_perms; + +# TODO: Remove when HALs are forced into separate processes +allow system_server sysfs_vibrator:file { write append }; + +# TODO: added to match above sysfs rule. Remove me? +allow system_server sysfs_usb:file w_file_perms; + +# Access devices. +allow system_server device:dir r_dir_perms; +allow system_server mdns_socket:sock_file rw_file_perms; +allow system_server gpu_device:chr_file rw_file_perms; +allow system_server input_device:dir r_dir_perms; +allow system_server input_device:chr_file rw_file_perms; +allow system_server tty_device:chr_file rw_file_perms; +allow system_server usbaccessory_device:chr_file rw_file_perms; +allow system_server video_device:dir r_dir_perms; +allow system_server video_device:chr_file rw_file_perms; +allow system_server adbd_socket:sock_file rw_file_perms; +allow system_server rtc_device:chr_file rw_file_perms; +allow system_server audio_device:dir r_dir_perms; + +# write access to ALSA interfaces (/dev/snd/*) needed for MIDI +allow system_server audio_device:chr_file rw_file_perms; + +# tun device used for 3rd party vpn apps +allow system_server tun_device:chr_file rw_file_perms; +allowxperm system_server tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF }; + +# Manage data/ota_package +allow system_server ota_package_file:dir rw_dir_perms; +allow system_server ota_package_file:file create_file_perms; + +# Manage system data files. +allow system_server system_data_file:dir create_dir_perms; +allow system_server system_data_file:notdevfile_class_set create_file_perms; +allow system_server packages_list_file:file create_file_perms; +allow system_server keychain_data_file:dir create_dir_perms; +allow system_server keychain_data_file:file create_file_perms; +allow system_server keychain_data_file:lnk_file create_file_perms; + +# Manage /data/app. +allow system_server apk_data_file:dir create_dir_perms; +allow system_server apk_data_file:{ file lnk_file } { create_file_perms link }; +allow system_server apk_tmp_file:dir create_dir_perms; +allow system_server apk_tmp_file:file create_file_perms; + +# Access input configuration files in the /vendor directory +r_dir_file(system_server, vendor_keylayout_file) +r_dir_file(system_server, vendor_keychars_file) +r_dir_file(system_server, vendor_idc_file) + +# Access /vendor/{app,framework,overlay} +r_dir_file(system_server, vendor_app_file) +r_dir_file(system_server, vendor_framework_file) +r_dir_file(system_server, vendor_overlay_file) + +# Manage /data/app-private. +allow system_server apk_private_data_file:dir create_dir_perms; +allow system_server apk_private_data_file:file create_file_perms; +allow system_server apk_private_tmp_file:dir create_dir_perms; +allow system_server apk_private_tmp_file:file create_file_perms; + +# Manage files within asec containers. +allow system_server asec_apk_file:dir create_dir_perms; +allow system_server asec_apk_file:file create_file_perms; +allow system_server asec_public_file:file create_file_perms; + +# Manage /data/anr. +# +# TODO: Some of these permissions can be withdrawn once we've switched to the +# new stack dumping mechanism, see b/32064548 and the rules below. In particular, +# the system_server should never need to create a new anr_data_file:file or write +# to one, but it will still need to read and append to existing files. +allow system_server anr_data_file:dir create_dir_perms; +allow system_server anr_data_file:file create_file_perms; + +# New stack dumping scheme : request an output FD from tombstoned via a unix +# domain socket. +# +# Allow system_server to connect and write to the tombstoned java trace socket in +# order to dump its traces. Also allow the system server to write its traces to +# dumpstate during bugreport capture and incidentd during incident collection. +unix_socket_connect(system_server, tombstoned_java_trace, tombstoned) +allow system_server tombstoned:fd use; +allow system_server dumpstate:fifo_file append; +allow system_server incidentd:fifo_file append; +# Write to a pipe created from `adb shell` (for debuggerd -j `pidof system_server`) +userdebug_or_eng(` + allow system_server su:fifo_file append; +') + +# Allow system_server to read pipes from incidentd (used to deliver incident reports +# to dropbox) +allow system_server incidentd:fifo_file read; + +# Read /data/misc/incidents - only read. The fd will be sent over binder, +# with no DAC access to it, for dropbox to read. +allow system_server incident_data_file:file read; + +# Manage /data/misc/prereboot. +allow system_server prereboot_data_file:dir rw_dir_perms; +allow system_server prereboot_data_file:file create_file_perms; + +# Allow dropbox to read /data/misc/perfetto-traces. Only the fd is sent over +# binder. +allow system_server perfetto_traces_data_file:file read; +allow system_server perfetto:fd use; + +# Manage /data/backup. +allow system_server backup_data_file:dir create_dir_perms; +allow system_server backup_data_file:file create_file_perms; + +# Write to /data/system/dropbox +allow system_server dropbox_data_file:dir create_dir_perms; +allow system_server dropbox_data_file:file create_file_perms; + +# Write to /data/system/heapdump +allow system_server heapdump_data_file:dir rw_dir_perms; +allow system_server heapdump_data_file:file create_file_perms; + +# Manage /data/misc/adb. +allow system_server adb_keys_file:dir create_dir_perms; +allow system_server adb_keys_file:file create_file_perms; + +# Manage /data/misc/emergencynumberdb +allow system_server emergency_data_file:dir create_dir_perms; +allow system_server emergency_data_file:file create_file_perms; + +# Manage /data/misc/network_watchlist +allow system_server network_watchlist_data_file:dir create_dir_perms; +allow system_server network_watchlist_data_file:file create_file_perms; + +# Manage /data/misc/sms. +# TODO: Split into a separate type? +allow system_server radio_data_file:dir create_dir_perms; +allow system_server radio_data_file:file create_file_perms; + +# Manage /data/misc/systemkeys. +allow system_server systemkeys_data_file:dir create_dir_perms; +allow system_server systemkeys_data_file:file create_file_perms; + +# Manage /data/misc/textclassifier. +allow system_server textclassifier_data_file:dir create_dir_perms; +allow system_server textclassifier_data_file:file create_file_perms; + +# Access /data/tombstones. +allow system_server tombstone_data_file:dir r_dir_perms; +allow system_server tombstone_data_file:file r_file_perms; + +# Manage /data/misc/vpn. +allow system_server vpn_data_file:dir create_dir_perms; +allow system_server vpn_data_file:file create_file_perms; + +# Manage /data/misc/wifi. +allow system_server wifi_data_file:dir create_dir_perms; +allow system_server wifi_data_file:file create_file_perms; + +# Manage /data/misc/zoneinfo. +allow system_server zoneinfo_data_file:dir create_dir_perms; +allow system_server zoneinfo_data_file:file create_file_perms; + +# Manage /data/app-staging. +allow system_server staging_data_file:dir create_dir_perms; +allow system_server staging_data_file:file create_file_perms; + +# Walk /data/data subdirectories. +# Types extracted from seapp_contexts type= fields. +allow system_server { + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file + app_data_file + privapp_data_file +}:dir { getattr read search }; + +# Also permit for unlabeled /data/data subdirectories and +# for unlabeled asec containers on upgrades from 4.2. +allow system_server unlabeled:dir r_dir_perms; +# Read pkg.apk file before it has been relabeled by vold. +allow system_server unlabeled:file r_file_perms; + +# Populate com.android.providers.settings/databases/settings.db. +allow system_server system_app_data_file:dir create_dir_perms; +allow system_server system_app_data_file:file create_file_perms; + +# Receive and use open app data files passed over binder IPC. +# Types extracted from seapp_contexts type= fields. +allow system_server { + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file + app_data_file + privapp_data_file +}:file { getattr read write append map }; + +# Access to /data/media for measuring disk usage. +allow system_server media_rw_data_file:dir { search getattr open read }; + +# Receive and use open /data/media files passed over binder IPC. +# Also used for measuring disk usage. +allow system_server media_rw_data_file:file { getattr read write append }; + +# System server needs to setfscreate to packages_list_file when writing +# /data/system/packages.list +allow system_server system_server:process setfscreate; + +# Relabel apk files. +allow system_server { apk_tmp_file apk_private_tmp_file }:{ dir file } { relabelfrom relabelto }; +allow system_server { apk_data_file apk_private_data_file }:{ dir file } { relabelfrom relabelto }; + +# Relabel wallpaper. +allow system_server system_data_file:file relabelfrom; +allow system_server wallpaper_file:file relabelto; +allow system_server wallpaper_file:file { rw_file_perms rename unlink }; + +# Backup of wallpaper imagery uses temporary hard links to avoid data churn +allow system_server { system_data_file wallpaper_file }:file link; + +# ShortcutManager icons +allow system_server system_data_file:dir relabelfrom; +allow system_server shortcut_manager_icons:dir { create_dir_perms relabelto }; +allow system_server shortcut_manager_icons:file create_file_perms; + +# Manage ringtones. +allow system_server ringtone_file:dir { create_dir_perms relabelto }; +allow system_server ringtone_file:file create_file_perms; + +# Relabel icon file. +allow system_server icon_file:file relabelto; +allow system_server icon_file:file { rw_file_perms unlink }; + +# FingerprintService.java does a restorecon of the directory /data/system/users/[0-9]+/fpdata(/.*)? +allow system_server system_data_file:dir relabelfrom; + +# server_configurable_flags_data_file is used for storing server configurable flags which +# have been reset during current booting. system_server needs to read the data to perform related +# disaster recovery actions. +allow system_server server_configurable_flags_data_file:dir r_dir_perms; +allow system_server server_configurable_flags_data_file:file r_file_perms; + +# Property Service write +set_prop(system_server, system_prop) +set_prop(system_server, exported_system_prop) +set_prop(system_server, exported2_system_prop) +set_prop(system_server, exported3_system_prop) +set_prop(system_server, safemode_prop) +set_prop(system_server, theme_prop) +set_prop(system_server, dhcp_prop) +set_prop(system_server, net_radio_prop) +set_prop(system_server, net_dns_prop) +set_prop(system_server, system_radio_prop) +set_prop(system_server, exported_system_radio_prop) +set_prop(system_server, debug_prop) +set_prop(system_server, powerctl_prop) +set_prop(system_server, fingerprint_prop) +set_prop(system_server, exported_fingerprint_prop) +set_prop(system_server, device_logging_prop) +set_prop(system_server, dumpstate_options_prop) +set_prop(system_server, overlay_prop) +set_prop(system_server, exported_overlay_prop) +set_prop(system_server, pm_prop) +set_prop(system_server, exported_pm_prop) +set_prop(system_server, socket_hook_prop) +set_prop(system_server, audio_prop) +userdebug_or_eng(`set_prop(system_server, wifi_log_prop)') + +# ctl interface +set_prop(system_server, ctl_default_prop) +set_prop(system_server, ctl_bugreport_prop) +set_prop(system_server, ctl_gsid_prop) + +# cppreopt property +set_prop(system_server, cppreopt_prop) + +# server configurable flags properties +set_prop(system_server, device_config_input_native_boot_prop) +set_prop(system_server, device_config_netd_native_prop) +set_prop(system_server, device_config_activity_manager_native_boot_prop) +set_prop(system_server, device_config_runtime_native_boot_prop) +set_prop(system_server, device_config_runtime_native_prop) +set_prop(system_server, device_config_media_native_prop) +set_prop(system_server, device_config_storage_native_boot_prop) +set_prop(system_server, device_config_sys_traced_prop) +set_prop(system_server, device_config_window_manager_native_boot_prop) +set_prop(system_server, device_config_configuration_prop) + +# BootReceiver to read ro.boot.bootreason +get_prop(system_server, bootloader_boot_reason_prop) +# PowerManager to read sys.boot.reason +get_prop(system_server, system_boot_reason_prop) + +# Collect metrics on boot time created by init +get_prop(system_server, boottime_prop) + +# Read device's serial number from system properties +get_prop(system_server, serialno_prop) + +# Read/write the property which keeps track of whether this is the first start of system_server +set_prop(system_server, firstboot_prop) + +# Audio service in system server can read exported audio properties, +# such as camera shutter enforcement +get_prop(system_server, exported_audio_prop) + +# system server reads this property to keep track of whether server configurable flags have been +# reset during current boot. +get_prop(system_server, device_config_reset_performed_prop) + +# Read/write the property that enables Test Harness Mode +set_prop(system_server, test_harness_prop) + +# Read gsid.image_running. +get_prop(system_server, gsid_prop) + +# Read the property that mocks an OTA +get_prop(system_server, mock_ota_prop) + +# Read the property as feature flag for protecting apks with fs-verity. +get_prop(system_server, apk_verity_prop) + +# Read wifi.interface +get_prop(system_server, wifi_prop) + +# Create a socket for connections from debuggerd. +allow system_server system_ndebug_socket:sock_file create_file_perms; + +# Create a socket for connections from zygotes. +allow system_server system_unsolzygote_socket:sock_file create_file_perms; + +# Manage cache files. +allow system_server cache_file:lnk_file r_file_perms; +allow system_server { cache_file cache_recovery_file }:dir { relabelfrom create_dir_perms }; +allow system_server { cache_file cache_recovery_file }:file { relabelfrom create_file_perms }; +allow system_server { cache_file cache_recovery_file }:fifo_file create_file_perms; + +allow system_server system_file:dir r_dir_perms; +allow system_server system_file:lnk_file r_file_perms; + +# ART locks profile files. +allow system_server system_file:file lock; + +# LocationManager(e.g, GPS) needs to read and write +# to uart driver and ctrl proc entry +allow system_server gps_control:file rw_file_perms; + +# Allow system_server to use app-created sockets and pipes. +allow system_server appdomain:{ tcp_socket udp_socket } { getattr getopt setopt read write shutdown }; +allow system_server appdomain:{ fifo_file unix_stream_socket } { getattr read write }; + +# BackupManagerService needs to manipulate backup data files +allow system_server cache_backup_file:dir rw_dir_perms; +allow system_server cache_backup_file:file create_file_perms; +# LocalTransport works inside /cache/backup +allow system_server cache_private_backup_file:dir create_dir_perms; +allow system_server cache_private_backup_file:file create_file_perms; + +# Allow system to talk to usb device +allow system_server usb_device:chr_file rw_file_perms; +allow system_server usb_device:dir r_dir_perms; + +# Read from HW RNG (needed by EntropyMixer). +allow system_server hw_random_device:chr_file r_file_perms; + +# Read and delete files under /dev/fscklogs. +r_dir_file(system_server, fscklogs) +allow system_server fscklogs:dir { write remove_name }; +allow system_server fscklogs:file unlink; + +# logd access, system_server inherit logd write socket +# (urge is to deprecate this long term) +allow system_server zygote:unix_dgram_socket write; + +# Read from log daemon. +read_logd(system_server) +read_runtime_log_tags(system_server) + +# Be consistent with DAC permissions. Allow system_server to write to +# /sys/module/lowmemorykiller/parameters/adj +# /sys/module/lowmemorykiller/parameters/minfree +allow system_server sysfs_lowmemorykiller:file { getattr w_file_perms }; + +# Read /sys/fs/pstore/console-ramoops +# Don't worry about overly broad permissions for now, as there's +# only one file in /sys/fs/pstore +allow system_server pstorefs:dir r_dir_perms; +allow system_server pstorefs:file r_file_perms; + +# /sys access +allow system_server sysfs_zram:dir search; +allow system_server sysfs_zram:file rw_file_perms; + +add_service(system_server, system_server_service); +allow system_server audioserver_service:service_manager find; +allow system_server batteryproperties_service:service_manager find; +allow system_server cameraserver_service:service_manager find; +allow system_server dataloader_manager_service:service_manager find; +allow system_server dnsresolver_service:service_manager find; +allow system_server drmserver_service:service_manager find; +allow system_server dumpstate_service:service_manager find; +allow system_server fingerprintd_service:service_manager find; +allow system_server gatekeeper_service:service_manager find; +allow system_server gpu_service:service_manager find; +allow system_server gsi_service:service_manager find; +allow system_server hal_fingerprint_service:service_manager find; +allow system_server idmap_service:service_manager find; +allow system_server incident_service:service_manager find; +allow system_server incremental_service:service_manager find; +allow system_server installd_service:service_manager find; +allow system_server iorapd_service:service_manager find; +allow system_server keystore_service:service_manager find; +allow system_server mediaserver_service:service_manager find; +allow system_server mediametrics_service:service_manager find; +allow system_server mediaextractor_service:service_manager find; +allow system_server mediadrmserver_service:service_manager find; +allow system_server netd_service:service_manager find; +allow system_server nfc_service:service_manager find; +allow system_server radio_service:service_manager find; +allow system_server stats_service:service_manager find; +allow system_server storaged_service:service_manager find; +allow system_server surfaceflinger_service:service_manager find; +allow system_server update_engine_service:service_manager find; +allow system_server vold_service:service_manager find; +allow system_server wifinl80211_service:service_manager find; + +add_service(system_server, batteryproperties_service) + +allow system_server keystore:keystore_key { + get_state + get + insert + delete + exist + list + reset + password + lock + unlock + is_empty + sign + verify + grant + duplicate + clear_uid + add_auth + user_changed +}; + +# Allow system server to search and write to the persistent factory reset +# protection partition. This block device does not get wiped in a factory reset. +allow system_server block_device:dir search; +allow system_server frp_block_device:blk_file rw_file_perms; +allowxperm system_server frp_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; + +# Clean up old cgroups +allow system_server cgroup:dir { remove_name rmdir }; + +# /oem access +r_dir_file(system_server, oemfs) + +# Allow resolving per-user storage symlinks +allow system_server { mnt_user_file storage_file }:dir { getattr search }; +allow system_server { mnt_user_file storage_file }:lnk_file { getattr read }; + +# Allow statfs() on storage devices, which happens fast enough that +# we shouldn't be killed during unsafe removal +allow system_server sdcard_type:dir { getattr search }; + +# Traverse into expanded storage +allow system_server mnt_expand_file:dir r_dir_perms; + +# Allow system process to relabel the fingerprint directory after mkdir +# and delete the directory and files when no longer needed +allow system_server fingerprintd_data_file:dir { r_dir_perms remove_name rmdir relabelto write }; +allow system_server fingerprintd_data_file:file { getattr unlink }; + +userdebug_or_eng(` + # Allow system server to create and write method traces in /data/misc/trace. + allow system_server method_trace_data_file:dir w_dir_perms; + allow system_server method_trace_data_file:file { create w_file_perms }; + + # Allow system server to read dmesg + allow system_server kernel:system syslog_read; + + # Allow writing and removing window traces in /data/misc/wmtrace. + allow system_server wm_trace_data_file:dir rw_dir_perms; + allow system_server wm_trace_data_file:file { getattr setattr create unlink w_file_perms }; +') + +# For AppFuse. +allow system_server vold:fd use; +allow system_server fuse_device:chr_file { read write ioctl getattr }; +allow system_server app_fuse_file:file { read write getattr }; + +# For configuring sdcardfs +allow system_server configfs:dir { create_dir_perms }; +allow system_server configfs:file { getattr open create unlink write }; + +# Connect to adbd and use a socket transferred from it. +# Used for e.g. jdwp. +allow system_server adbd:unix_stream_socket connectto; +allow system_server adbd:fd use; +allow system_server adbd:unix_stream_socket { getattr getopt ioctl read write shutdown }; + +# Read service.adb.tls.port, persist.adb.wifi. properties +get_prop(system_server, adbd_prop) + +# Set persist.adb.tls_server.enable property +set_prop(system_server, system_adbd_prop) + +# Allow invoking tools like "timeout" +allow system_server toolbox_exec:file rx_file_perms; + +# Allow system process to setup and measure fs-verity +allowxperm system_server apk_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; + +# Postinstall +# +# For OTA dexopt, allow calls coming from postinstall. +binder_call(system_server, postinstall) + +allow system_server postinstall:fifo_file write; +allow system_server update_engine:fd use; +allow system_server update_engine:fifo_file write; + +# Access to /data/preloads +allow system_server preloads_data_file:file { r_file_perms unlink }; +allow system_server preloads_data_file:dir { r_dir_perms write remove_name rmdir }; +allow system_server preloads_media_file:file { r_file_perms unlink }; +allow system_server preloads_media_file:dir { r_dir_perms write remove_name rmdir }; + +r_dir_file(system_server, cgroup) +allow system_server ion_device:chr_file r_file_perms; + +r_dir_file(system_server, proc_asound) +r_dir_file(system_server, proc_net_type) +r_dir_file(system_server, proc_qtaguid_stat) +allow system_server { + proc_cmdline + proc_loadavg + proc_meminfo + proc_pagetypeinfo + proc_pipe_conf + proc_stat + proc_uid_cputime_showstat + proc_uid_io_stats + proc_uid_time_in_state + proc_uid_concurrent_active_time + proc_uid_concurrent_policy_time + proc_version + proc_vmallocinfo +}:file r_file_perms; + +allow system_server proc_uid_time_in_state:dir r_dir_perms; +allow system_server proc_uid_cpupower:file r_file_perms; + +r_dir_file(system_server, rootfs) + +# Allow WifiService to start, stop, and read wifi-specific trace events. +allow system_server debugfs_tracing_instances:dir search; +allow system_server debugfs_wifi_tracing:dir search; +allow system_server debugfs_wifi_tracing:file rw_file_perms; + +# Allow system_server to read tracepoint ids in order to attach BPF programs to them. +allow system_server debugfs_tracing:file r_file_perms; + +# allow system_server to exec shell, asanwrapper & zygote(app_process) on ASAN builds. Needed to run +# asanwrapper. +with_asan(` + allow system_server shell_exec:file rx_file_perms; + allow system_server asanwrapper_exec:file rx_file_perms; + allow system_server zygote_exec:file rx_file_perms; +') + +# allow system_server to read the eBPF maps that stores the traffic stats information and update +# the map after snapshot is recorded, and to read, update and run the maps and programs used for +# time in state accounting +allow system_server fs_bpf:dir search; +allow system_server fs_bpf:file { read write }; +allow system_server bpfloader:bpf { map_read map_write prog_run }; + +# ART Profiles. +# Allow system_server to open profile snapshots for read. +# System server never reads the actual content. It passes the descriptor to +# to privileged apps which acquire the permissions to inspect the profiles. +allow system_server user_profile_data_file:dir { getattr search }; +allow system_server user_profile_data_file:file { getattr open read }; + +# System server may dump profile data for debuggable apps in the /data/misc/profman. +# As such it needs to be able create files but it should never read from them. +allow system_server profman_dump_data_file:file { create getattr setattr w_file_perms}; +allow system_server profman_dump_data_file:dir w_dir_perms; + +# On userdebug build we may profile system server. Allow it to write and create its own profile. +userdebug_or_eng(` + allow system_server user_profile_data_file:file create_file_perms; +') +# Allow system server to load JVMTI agents under control of a property. +get_prop(system_server,system_jvmti_agent_prop) + +# UsbDeviceManager uses /dev/usb-ffs +allow system_server functionfs:dir search; +allow system_server functionfs:file rw_file_perms; + +# system_server contains time / time zone detection logic so reads the associated properties. +get_prop(system_server, time_prop) + +# system_server reads this property to know it should expect the lmkd sends notification to it +# on low memory kills. +get_prop(system_server, system_lmk_prop) + +### +### Neverallow rules +### +### system_server should NEVER do any of this + +# Do not allow opening files from external storage as unsafe ejection +# could cause the kernel to kill the system_server. +neverallow system_server sdcard_type:dir { open read write }; +neverallow system_server sdcard_type:file rw_file_perms; + +# system server should never be operating on zygote spawned app data +# files directly. Rather, they should always be passed via a +# file descriptor. +# Types extracted from seapp_contexts type= fields, excluding +# those types that system_server needs to open directly. +neverallow system_server { + bluetooth_data_file + nfc_data_file + shell_data_file + app_data_file + privapp_data_file +}:file { open create unlink link }; + +# Forking and execing is inherently dangerous and racy. See, for +# example, https://www.linuxprogrammingblog.com/threads-and-fork-think-twice-before-using-them +# Prevent the addition of new file execs to stop the problem from +# getting worse. b/28035297 +neverallow system_server { + file_type + -toolbox_exec + -logcat_exec + with_asan(`-shell_exec -asanwrapper_exec -zygote_exec') +}:file execute_no_trans; + +# Ensure that system_server doesn't perform any domain transitions other than +# transitioning to the crash_dump domain when a crash occurs. +neverallow system_server { domain -crash_dump }:process transition; +neverallow system_server *:process dyntransition; + +# Only allow crash_dump to connect to system_ndebug_socket. +neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write }; + +# Only allow zygotes to connect to system_unsolzygote_socket. +neverallow { + domain + -init + -system_server + -zygote + -app_zygote + -webview_zygote +} system_unsolzygote_socket:sock_file { open write }; + +# Only allow init, system_server, flags_health_check to set properties for server configurable flags +neverallow { + domain + -init + -system_server + -flags_health_check +} { + device_config_activity_manager_native_boot_prop + device_config_input_native_boot_prop + device_config_netd_native_prop + device_config_runtime_native_boot_prop + device_config_runtime_native_prop + device_config_media_native_prop + device_config_storage_native_boot_prop + device_config_sys_traced_prop + device_config_window_manager_native_boot_prop +}:property_service set; + +# system_server should never be executing dex2oat. This is either +# a bug (for example, bug 16317188), or represents an attempt by +# system server to dynamically load a dex file, something we do not +# want to allow. +neverallow system_server dex2oat_exec:file no_x_file_perms; + +# system_server should never execute or load executable shared libraries +# in /data. Executable files in /data are a persistence vector. +# https://bugs.chromium.org/p/project-zero/issues/detail?id=955 for example. +neverallow system_server data_file_type:file no_x_file_perms; + +# The only block device system_server should be accessing is +# the frp_block_device. This helps avoid a system_server to root +# escalation by writing to raw block devices. +neverallow system_server { dev_type -frp_block_device }:blk_file no_rw_file_perms; + +# system_server should never use JIT functionality +# See https://googleprojectzero.blogspot.com/2016/12/bitunmap-attacking-android-ashmem.html +# in the section titled "A Short ROP Chain" for why. +# However, in emulator builds without OpenGL passthrough, we use software +# rendering via SwiftShader, which requires JIT support. These builds are +# never shipped to users. +ifelse(target_requires_insecure_execmem_for_swiftshader, `true', + `allow system_server self:process execmem;', + `neverallow system_server self:process execmem;') +neverallow system_server { ashmem_device ashmem_libcutils_device }:chr_file execute; + +# TODO: deal with tmpfs_domain pub/priv split properly +neverallow system_server system_server_tmpfs:file execute; + +# Resources handed off by system_server_startup +allow system_server system_server_startup:fd use; +allow system_server system_server_startup_tmpfs:file { read write map }; +allow system_server system_server_startup:unix_dgram_socket write; + +# Allow system server to communicate to apexd +allow system_server apex_service:service_manager find; +allow system_server apexd:binder call; + +# Allow system server to scan /apex for flattened APEXes +allow system_server apex_mnt_dir:dir r_dir_perms; + +# Allow system server to communicate to system-suspend's control interface +allow system_server system_suspend_control_service:service_manager find; +binder_call(system_server, system_suspend) +binder_call(system_suspend, system_server) + +# Allow system server to communicate to system-suspend's wakelock interface +wakelock_use(system_server) + +# Allow the system server to read files under /data/apex. The system_server +# needs these privileges to compare file signatures while processing installs. +# +# Only apexd is allowed to create new entries or write to any file under /data/apex. +allow system_server apex_data_file:dir { getattr search }; +allow system_server apex_data_file:file r_file_perms; + +# Allow the system server to read files under /vendor/apex. This is where +# vendor APEX packages might be installed and system_server needs to parse +# these packages to inspect the signatures and other metadata. +allow system_server vendor_apex_file:dir { getattr search }; +allow system_server vendor_apex_file:file r_file_perms; + +# Allow the system server to manage relevant apex module data files. +allow system_server apex_module_data_file:dir { getattr search }; +allow system_server apex_permission_data_file:dir create_dir_perms; +allow system_server apex_permission_data_file:file create_file_perms; +allow system_server apex_wifi_data_file:dir create_dir_perms; +allow system_server apex_wifi_data_file:file create_file_perms; + +# Allow PasswordSlotManager rw access to /metadata/password_slots, so GSIs and the host image can +# communicate which slots are available for use. +allow system_server metadata_file:dir search; +allow system_server password_slot_metadata_file:dir rw_dir_perms; +allow system_server password_slot_metadata_file:file create_file_perms; + +# Allow init to set sysprop used to compute stats about userspace reboot. +set_prop(system_server, userspace_reboot_log_prop) + +# JVMTI agent settings are only readable from the system server. +neverallow { + domain + -system_server + -dumpstate + -init + -vendor_init +} { + system_jvmti_agent_prop +}:file no_rw_file_perms; + +# Read/Write /proc/pressure/memory +allow system_server proc_pressure_mem:file rw_file_perms; + +# dexoptanalyzer is currently used only for secondary dex files which +# system_server should never access. +neverallow system_server dexoptanalyzer_exec:file no_x_file_perms; + +# No ptracing others +neverallow system_server { domain -system_server }:process ptrace; + +# CAP_SYS_RESOURCE was traditionally needed for sensitive /proc/PID +# file read access. However, that is now unnecessary (b/34951864) +neverallow system_server system_server:global_capability_class_set sys_resource; + +# Only system_server/init should access /metadata/password_slots. +neverallow { domain -init -system_server } password_slot_metadata_file:dir *; +neverallow { + domain + -init + -system_server +} password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr }; +neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *; + +# Allow systemserver to read/write the invalidation property +set_prop(system_server, binder_cache_system_server_prop) +neverallow { domain -system_server -init } + binder_cache_system_server_prop:property_service set; + +# Allow system server to attach BPF programs to tracepoints. Deny read permission so that +# system_server cannot use this access to read perf event data like process stacks. +allow system_server self:perf_event { open write cpu kernel }; +neverallow system_server self:perf_event ~{ open write cpu kernel }; + +# Do not allow any domain other than init or system server to set the property +neverallow { domain -init -system_server } socket_hook_prop:property_service set; diff --git a/prebuilts/api/30.0/private/system_server_startup.te b/prebuilts/api/30.0/private/system_server_startup.te new file mode 100644 index 000000000..902941ed4 --- /dev/null +++ b/prebuilts/api/30.0/private/system_server_startup.te @@ -0,0 +1,16 @@ +type system_server_startup, domain, coredomain; +type system_server_startup_tmpfs, file_type; + +tmpfs_domain(system_server_startup) + +# Create JIT memory +allow system_server_startup self:process execmem; +allow system_server_startup system_server_startup_tmpfs:file { execute read write open map }; + +# Allow system_server_startup to run setcon() and enter the +# system_server domain +allow system_server_startup self:process setcurrent; +allow system_server_startup system_server:process dyntransition; + +# Child of the zygote. +allow system_server_startup zygote:process sigchld; diff --git a/prebuilts/api/30.0/private/system_suspend.te b/prebuilts/api/30.0/private/system_suspend.te new file mode 100644 index 000000000..d33dc8e85 --- /dev/null +++ b/prebuilts/api/30.0/private/system_suspend.te @@ -0,0 +1,26 @@ +type system_suspend, domain, coredomain, system_suspend_server; + +type system_suspend_exec, system_file_type, exec_type, file_type; +init_daemon_domain(system_suspend) + +# To serve ISuspendControlService.aidl. +binder_use(system_suspend) +add_service(system_suspend, system_suspend_control_service) + +# Access to /sys/power/{ wakeup_count, state } suspend interface. +allow system_suspend sysfs_power:file rw_file_perms; + +# Access to wakeup and suspend stats. +r_dir_file(system_suspend, sysfs_suspend_stats) +r_dir_file(system_suspend, sysfs_wakeup) +# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks. +allow system_suspend sysfs_type:dir search; + +neverallow { + domain + -atrace # tracing + -dumpstate # bug reports + -system_suspend # implements system_suspend_control_service + -system_server # configures system_suspend via ISuspendControlService + -traceur_app # tracing +} system_suspend_control_service:service_manager find; diff --git a/prebuilts/api/30.0/private/technical_debt.cil b/prebuilts/api/30.0/private/technical_debt.cil new file mode 100644 index 000000000..fdcd0a332 --- /dev/null +++ b/prebuilts/api/30.0/private/technical_debt.cil @@ -0,0 +1,65 @@ +; THIS IS A WORKAROUND for the current limitations of the module policy language +; This should be used sparingly until we figure out a saner way to achieve the +; stuff below, for example, by improving typeattribute statement of module +; language. +; +; NOTE: This file has no effect on recovery policy. + +; Apps, except isolated apps, are clients of Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_allocator_client; +; typeattribute hal_allocator_client halclientdomain; +(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app)))))) +(typeattributeset halclientdomain (hal_allocator_client)) + +; Apps, except isolated apps, are clients of OMX-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Codec2-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Drm-related services +; Unfortunately, we can't currently express this in module policy language: +(typeattributeset hal_drm_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Configstore HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_configstore_client; +(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Graphics Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_graphics_allocator_client; +(typeattributeset hal_graphics_allocator_client ((and (appdomain) ((not (isolated_app)))))) + +; Apps, except isolated apps, are clients of Cas HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_cas_client; +(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app)))))) + +; Domains hosting Camera HAL implementations are clients of Allocator HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute hal_camera hal_allocator_client; +(typeattributeset hal_allocator_client (hal_camera)) + +; Apps, except isolated apps, are clients of Neuralnetworks HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client; +(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app)))))) + +; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes. +; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators. +; Unfortunately, we can't currently express this in module policy language: +; typeattribute untrusted_app_visible_hwservice untrusted_app_visible_hwservice_violators; +; typeattribute untrusted_app_visible_halserver untrusted_app_visible_halserver_violators; +(typeattribute untrusted_app_visible_hwservice) +(typeattributeset untrusted_app_visible_hwservice_violators (untrusted_app_visible_hwservice)) +(typeattribute untrusted_app_visible_halserver) +(typeattributeset untrusted_app_visible_halserver_violators (untrusted_app_visible_halserver)) + +; Apps, except isolated apps, are clients of BufferHub HAL +; Unfortunately, we can't currently express this in module policy language: +; typeattribute { appdomain -isolated_app } hal_cas_client; +(typeattributeset hal_bufferhub_client ((and (appdomain) ((not (isolated_app)))))) diff --git a/prebuilts/api/30.0/private/tombstoned.te b/prebuilts/api/30.0/private/tombstoned.te new file mode 100644 index 000000000..305f9d006 --- /dev/null +++ b/prebuilts/api/30.0/private/tombstoned.te @@ -0,0 +1,3 @@ +typeattribute tombstoned coredomain; + +init_daemon_domain(tombstoned) diff --git a/prebuilts/api/30.0/private/toolbox.te b/prebuilts/api/30.0/private/toolbox.te new file mode 100644 index 000000000..a2b958dba --- /dev/null +++ b/prebuilts/api/30.0/private/toolbox.te @@ -0,0 +1,3 @@ +typeattribute toolbox coredomain; + +init_daemon_domain(toolbox) diff --git a/prebuilts/api/30.0/private/traced.te b/prebuilts/api/30.0/private/traced.te new file mode 100644 index 000000000..2410d7e30 --- /dev/null +++ b/prebuilts/api/30.0/private/traced.te @@ -0,0 +1,106 @@ +# Perfetto user-space tracing daemon (unprivileged) + +# type traced is defined under /public (because iorapd rules +# under public/ need to refer to it). +type traced_exec, system_file_type, exec_type, file_type; +type traced_tmpfs, file_type; + +# Allow init to exec the daemon. +init_daemon_domain(traced) +tmpfs_domain(traced) + +# Allow apps in other MLS contexts (for multi-user) to access +# share memory buffers created by traced. +typeattribute traced_tmpfs mlstrustedobject; + +# Allow traced to start with a lower scheduling class and change +# class accordingly to what defined in the config provided by +# the privileged process that controls it. +allow traced self:global_capability_class_set { sys_nice }; + +# Allow to pass a file descriptor for the output trace from "perfetto" (the +# cmdline client) and other shell binaries to traced and let traced write +# directly into that (rather than returning the trace contents over the socket). +allow traced perfetto:fd use; +allow traced shell:fd use; +allow traced shell:fifo_file { read write }; + +# Allow the service to create new files within /data/misc/perfetto-traces. +allow traced perfetto_traces_data_file:file create_file_perms; +allow traced perfetto_traces_data_file:dir rw_dir_perms; + +# Allow traceur to pass open file descriptors to traced, so traced can directly +# write into the output file without doing roundtrips over IPC. +allow traced traceur_app:fd use; +allow traced trace_data_file:file { read write }; + +# Allow iorapd to pass memfd descriptors to traced, so traced can directly +# write into the shmem buffer file without doing roundtrips over IPC. +allow traced iorapd:fd use; +allow traced iorapd_tmpfs:file { read write }; + +# Allow traced to use shared memory supplied by producers. Typically, traced +# (i.e. the tracing service) creates the shared memory used for data transfer +# from the producer. This rule allows an alternative scheme, where the producer +# creates the shared memory, that is then adopted by traced (after validating +# that it is appropriately sealed). +# This list has to replicate the tmpfs domains of all applicable domains that +# have perfetto_producer() macro applied to them. +# perfetto_tmpfs excluded as it should never need to use the producer-supplied +# shared memory scheme. +allow traced { + appdomain_tmpfs + heapprofd_tmpfs + surfaceflinger_tmpfs + traced_probes_tmpfs + userdebug_or_eng(`system_server_tmpfs') +}:file { getattr map read write }; + +# Allow traced to notify Traceur when a trace ends by setting the +# sys.trace.trace_end_signal property. +set_prop(traced, system_trace_prop) +# Allow to lazily start producers. +set_prop(traced, traced_lazy_prop) + +### +### Neverallow rules +### +### traced should NEVER do any of this + +# Disallow mapping executable memory (execstack and exec are already disallowed +# globally in domain.te). +neverallow traced self:process execmem; + +# Block device access. +neverallow traced dev_type:blk_file { read write }; + +# ptrace any other process +neverallow traced domain:process ptrace; + +# Disallows access to /data files, still allowing to write to file descriptors +# passed through the socket. +neverallow traced { + data_file_type + -perfetto_traces_data_file + -system_data_file + -system_data_root_file + # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a + # subsequent neverallow. Currently only getattr and search are allowed. + -vendor_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') +}:dir *; +neverallow traced { system_data_file }:dir ~{ getattr search }; +neverallow traced zoneinfo_data_file:dir ~r_dir_perms; +neverallow traced { data_file_type -zoneinfo_data_file }:lnk_file *; +neverallow traced { + data_file_type + -zoneinfo_data_file + -perfetto_traces_data_file + -trace_data_file + with_native_coverage(`-method_trace_data_file') +}:file ~write; + +# Only init is allowed to enter the traced domain via exec() +neverallow { domain -init } traced:process transition; +neverallow * traced:process dyntransition; diff --git a/prebuilts/api/30.0/private/traced_perf.te b/prebuilts/api/30.0/private/traced_perf.te new file mode 100644 index 000000000..9483e6cb4 --- /dev/null +++ b/prebuilts/api/30.0/private/traced_perf.te @@ -0,0 +1,58 @@ +# Performance profiler, backed by perf_event_open(2). +# See go/perfetto-perf-android. +typeattribute traced_perf coredomain; +typeattribute traced_perf mlstrustedsubject; + +type traced_perf_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(traced_perf) +perfetto_producer(traced_perf) + +# Allow traced_perf full use of perf_event_open(2). It will perform cpu-wide +# profiling, but retain samples only for profileable processes. +# Thread-specific profiling is still disallowed due to a PTRACE_MODE_ATTACH +# check (which would require a process:attach SELinux allow-rule). +allow traced_perf self:perf_event { open cpu kernel read write tracepoint }; + +# Allow CAP_KILL for delivery of dedicated signal to obtain proc-fds from a +# process. Allow CAP_DAC_READ_SEARCH for stack unwinding and symbolization of +# sampled stacks, which requires opening the backing libraries/executables (as +# symbols are usually not mapped into the process space). Not all such files +# are world-readable, e.g. odex files that included user profiles during +# profile-guided optimization. +allow traced_perf self:capability { kill dac_read_search }; + +# Allow reading /system/data/packages.list. +allow traced_perf packages_list_file:file r_file_perms; + +# Allow reading files for stack unwinding and symbolization. +r_dir_file(traced_perf, nativetest_data_file) +r_dir_file(traced_perf, system_file_type) +r_dir_file(traced_perf, apk_data_file) +r_dir_file(traced_perf, dalvikcache_data_file) +r_dir_file(traced_perf, vendor_file_type) + +# Do not audit the cases where traced_perf attempts to access /proc/[pid] for +# domains that it cannot read. +dontaudit traced_perf domain:dir { search getattr open }; + +# Do not audit failures to signal a process, as there are cases when this is +# expected (native processes on debug builds use the policy for enforcing which +# processes are profileable). +dontaudit traced_perf domain:process signal; + +# Never allow access to app data files +neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *; + +# Never allow profiling highly privileged processes. +never_profile_heap(`{ + bpfloader + init + kernel + keystore + llkd + logd + ueventd + vendor_init + vold +}') diff --git a/prebuilts/api/30.0/private/traced_probes.te b/prebuilts/api/30.0/private/traced_probes.te new file mode 100644 index 000000000..dd6ece0ed --- /dev/null +++ b/prebuilts/api/30.0/private/traced_probes.te @@ -0,0 +1,129 @@ +# Perfetto tracing probes, has tracefs access. +type traced_probes_exec, system_file_type, exec_type, file_type; +type traced_probes_tmpfs, file_type; + +# Allow init to exec the daemon. +init_daemon_domain(traced_probes) +tmpfs_domain(traced_probes) + +# Write trace data to the Perfetto traced damon. This requires connecting to its +# producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(traced_probes) + +# Allow traced_probes to access tracefs. +allow traced_probes debugfs_tracing:dir r_dir_perms; +allow traced_probes debugfs_tracing:file rw_file_perms; +allow traced_probes debugfs_trace_marker:file getattr; + +# TODO(primiano): temporarily I/O tracing categories are still +# userdebug only until we nail down the blacklist/whitelist. +userdebug_or_eng(` +allow traced_probes debugfs_tracing_debug:dir r_dir_perms; +allow traced_probes debugfs_tracing_debug:file rw_file_perms; +') + +# Allow traced_probes to start with a higher scheduling class and then downgrade +# itself. +allow traced_probes self:global_capability_class_set { sys_nice }; + +# Allow procfs access +r_dir_file(traced_probes, domain) + +# Allow to read packages.list file. +allow traced_probes packages_list_file:file r_file_perms; + +# Allow to log to kernel dmesg when starting / stopping ftrace. +allow traced_probes kmsg_device:chr_file write; + +# Allow traced_probes to list the system partition. +allow traced_probes system_file:dir { open read }; + +# Allow traced_probes to list some of the data partition. +allow traced_probes self:global_capability_class_set dac_read_search; + +allow traced_probes apk_data_file:dir { getattr open read search }; +allow traced_probes dalvikcache_data_file:dir { getattr open read search }; +userdebug_or_eng(` +# search and getattr are granted via domain and coredomain, respectively. +allow traced_probes system_data_file:dir { open read }; +') +allow traced_probes system_app_data_file:dir { getattr open read search }; +allow traced_probes backup_data_file:dir { getattr open read search }; +allow traced_probes bootstat_data_file:dir { getattr open read search }; +allow traced_probes update_engine_data_file:dir { getattr open read search }; +allow traced_probes update_engine_log_data_file:dir { getattr open read search }; +allow traced_probes user_profile_data_file:dir { getattr open read search }; + +# Allow traced_probes to run atrace. atrace pokes at system services to enable +# their userspace TRACE macros. +domain_auto_trans(traced_probes, atrace_exec, atrace); + +# Allow traced_probes to kill atrace on timeout. +allow traced_probes atrace:process sigkill; + +# Allow traced_probes to access /proc files for system stats. +# Note: trace data is NOT exposed to anything other than shell and privileged +# system apps that have access to the traced consumer socket. +allow traced_probes { + proc_meminfo + proc_vmstat + proc_stat +}:file r_file_perms; + +# Allow access to the IHealth and IPowerStats HAL service for tracing battery counters. +hal_client_domain(traced_probes, hal_health) +hal_client_domain(traced_probes, hal_power_stats) + +# Allow access to Atrace HAL for enabling vendor/device specific tracing categories. +hal_client_domain(traced_probes, hal_atrace) + +# On debug builds allow to ingest system logs into the trace. +userdebug_or_eng(`read_logd(traced_probes)') + +### +### Neverallow rules +### +### traced_probes should NEVER do any of this + +# Disallow mapping executable memory (execstack and exec are already disallowed +# globally in domain.te). +neverallow traced_probes self:process execmem; + +# Block device access. +neverallow traced_probes dev_type:blk_file { read write }; + +# ptrace any other app +neverallow traced_probes domain:process ptrace; + +# Disallows access to /data files. +neverallow traced_probes { + data_file_type + -apk_data_file + -dalvikcache_data_file + -system_data_file + -system_data_root_file + -system_app_data_file + -backup_data_file + -bootstat_data_file + -update_engine_data_file + -update_engine_log_data_file + -user_profile_data_file + # TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a + # subsequent neverallow. Currently only getattr and search are allowed. + -vendor_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') +}:dir *; +neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search }; +neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms; +neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *; +neverallow traced_probes { + data_file_type + -zoneinfo_data_file + -packages_list_file + with_native_coverage(`-method_trace_data_file') +}:file *; + +# Only init is allowed to enter the traced_probes domain via exec() +neverallow { domain -init } traced_probes:process transition; +neverallow * traced_probes:process dyntransition; diff --git a/prebuilts/api/30.0/private/traceur_app.te b/prebuilts/api/30.0/private/traceur_app.te new file mode 100644 index 000000000..94841df10 --- /dev/null +++ b/prebuilts/api/30.0/private/traceur_app.te @@ -0,0 +1,22 @@ +typeattribute traceur_app coredomain; + +app_domain(traceur_app); +allow traceur_app debugfs_tracing:file rw_file_perms; +allow traceur_app debugfs_tracing_debug:dir r_dir_perms; + +userdebug_or_eng(` + allow traceur_app debugfs_tracing_debug:file rw_file_perms; +') + +allow traceur_app trace_data_file:file create_file_perms; +allow traceur_app trace_data_file:dir rw_dir_perms; +allow traceur_app atrace_exec:file rx_file_perms; + +# To exec the perfetto cmdline client and pass it the trace config on +# stdint through a pipe. +allow traceur_app perfetto_exec:file rx_file_perms; + +# Allow to access traced's privileged consumer socket. +unix_socket_connect(traceur_app, traced_consumer, traced) + +dontaudit traceur_app debugfs_tracing_debug:file audit_access; diff --git a/prebuilts/api/30.0/private/tzdatacheck.te b/prebuilts/api/30.0/private/tzdatacheck.te new file mode 100644 index 000000000..502735cad --- /dev/null +++ b/prebuilts/api/30.0/private/tzdatacheck.te @@ -0,0 +1,3 @@ +typeattribute tzdatacheck coredomain; + +init_daemon_domain(tzdatacheck) diff --git a/prebuilts/api/30.0/private/ueventd.te b/prebuilts/api/30.0/private/ueventd.te new file mode 100644 index 000000000..1bd67735e --- /dev/null +++ b/prebuilts/api/30.0/private/ueventd.te @@ -0,0 +1,3 @@ +typeattribute ueventd coredomain; + +tmpfs_domain(ueventd) diff --git a/prebuilts/api/30.0/private/uncrypt.te b/prebuilts/api/30.0/private/uncrypt.te new file mode 100644 index 000000000..e4e9224d9 --- /dev/null +++ b/prebuilts/api/30.0/private/uncrypt.te @@ -0,0 +1,3 @@ +typeattribute uncrypt coredomain; + +init_daemon_domain(uncrypt) diff --git a/prebuilts/api/30.0/private/untrusted_app.te b/prebuilts/api/30.0/private/untrusted_app.te new file mode 100644 index 000000000..6e7a99cd8 --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app.te @@ -0,0 +1,16 @@ +### +### Untrusted apps. +### +### This file defines the rules for untrusted apps running with +### targetSdkVersion >= 30. +### +### See public/untrusted_app.te for more information about which apps are +### placed in this selinux domain. +### + +typeattribute untrusted_app coredomain; + +app_domain(untrusted_app) +untrusted_app_domain(untrusted_app) +net_domain(untrusted_app) +bluetooth_domain(untrusted_app) diff --git a/prebuilts/api/30.0/private/untrusted_app_25.te b/prebuilts/api/30.0/private/untrusted_app_25.te new file mode 100644 index 000000000..a1abc416b --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app_25.te @@ -0,0 +1,53 @@ +### +### Untrusted_app_25 +### +### This file defines the rules for untrusted apps running with +### targetSdkVersion <= 25. +### +### See public/untrusted_app.te for more information about which apps are +### placed in this selinux domain. +### + +typeattribute untrusted_app_25 coredomain; + +app_domain(untrusted_app_25) +untrusted_app_domain(untrusted_app_25) +net_domain(untrusted_app_25) +bluetooth_domain(untrusted_app_25) + +# b/35917228 - /proc/misc access +# This will go away in a future Android release +allow untrusted_app_25 proc_misc:file r_file_perms; + +# Access to /proc/tty/drivers, to allow apps to determine if they +# are running in an emulated environment. +# b/33214085 b/33814662 b/33791054 b/33211769 +# https://github.com/strazzere/anti-emulator/blob/master/AntiEmulator/src/diff/strazzere/anti/emulator/FindEmulator.java +# This will go away in a future Android release +allow untrusted_app_25 proc_tty_drivers:file r_file_perms; + +# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q. +# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23 +allow untrusted_app_25 { apk_data_file app_data_file asec_public_file }:file execmod; + +# The ability to call exec() on files in the apps home directories +# for targetApi<=25. This is also allowed for targetAPIs 26, 27, +# and 28 in untrusted_app_27.te. +allow untrusted_app_25 app_data_file:file execute_no_trans; +auditallow untrusted_app_25 app_data_file:file { execute execute_no_trans }; + +# The ability to invoke dex2oat. Historically required by ART, now only +# allowed for targetApi<=28 for compat reasons. +allow untrusted_app_25 dex2oat_exec:file rx_file_perms; +userdebug_or_eng(`auditallow untrusted_app_25 dex2oat_exec:file rx_file_perms;') + +# The ability to talk to /dev/ashmem directly. targetApi>=29 must use +# ASharedMemory instead. +allow untrusted_app_25 ashmem_device:chr_file rw_file_perms; +auditallow untrusted_app_25 ashmem_device:chr_file open; + +# Read /mnt/sdcard symlink. +allow untrusted_app_25 mnt_sdcard_file:lnk_file r_file_perms; + +# allow binding to netlink route sockets and sending RTM_GETLINK messages. +allow untrusted_app_25 self:netlink_route_socket { bind nlmsg_readpriv }; diff --git a/prebuilts/api/30.0/private/untrusted_app_27.te b/prebuilts/api/30.0/private/untrusted_app_27.te new file mode 100644 index 000000000..b7b6d7213 --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app_27.te @@ -0,0 +1,41 @@ +### +### Untrusted_27. +### +### This file defines the rules for untrusted apps running with +### 25 < targetSdkVersion <= 28. +### +### See public/untrusted_app.te for more information about which apps are +### placed in this selinux domain. +### + +typeattribute untrusted_app_27 coredomain; + +app_domain(untrusted_app_27) +untrusted_app_domain(untrusted_app_27) +net_domain(untrusted_app_27) +bluetooth_domain(untrusted_app_27) + +# Text relocation support for API < 23. This is now disallowed for targetSdkVersion>=Q. +# https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#text-relocations-enforced-for-api-level-23 +allow untrusted_app_27 { apk_data_file app_data_file asec_public_file }:file execmod; + +# The ability to call exec() on files in the apps home directories +# for targetApi 26, 27, and 28. +allow untrusted_app_27 app_data_file:file execute_no_trans; +auditallow untrusted_app_27 app_data_file:file { execute execute_no_trans }; + +# The ability to invoke dex2oat. Historically required by ART, now only +# allowed for targetApi<=28 for compat reasons. +allow untrusted_app_27 dex2oat_exec:file rx_file_perms; +userdebug_or_eng(`auditallow untrusted_app_27 dex2oat_exec:file rx_file_perms;') + +# The ability to talk to /dev/ashmem directly. targetApi>=29 must use +# ASharedMemory instead. +allow untrusted_app_27 ashmem_device:chr_file rw_file_perms; +auditallow untrusted_app_27 ashmem_device:chr_file open; + +# Read /mnt/sdcard symlink. +allow untrusted_app_27 mnt_sdcard_file:lnk_file r_file_perms; + +# allow binding to netlink route sockets and sending RTM_GETLINK messages. +allow untrusted_app_27 self:netlink_route_socket { bind nlmsg_readpriv }; diff --git a/prebuilts/api/30.0/private/untrusted_app_29.te b/prebuilts/api/30.0/private/untrusted_app_29.te new file mode 100644 index 000000000..344ae89bd --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app_29.te @@ -0,0 +1,19 @@ +### +### Untrusted_29. +### +### This file defines the rules for untrusted apps running with +### targetSdkVersion = 29. +### +### See public/untrusted_app.te for more information about which apps are +### placed in this selinux domain. +### + +typeattribute untrusted_app_29 coredomain; + +app_domain(untrusted_app_29) +untrusted_app_domain(untrusted_app_29) +net_domain(untrusted_app_29) +bluetooth_domain(untrusted_app_29) + +# allow binding to netlink route sockets and sending RTM_GETLINK messages. +allow untrusted_app_29 self:netlink_route_socket { bind nlmsg_readpriv }; diff --git a/prebuilts/api/30.0/private/untrusted_app_all.te b/prebuilts/api/30.0/private/untrusted_app_all.te new file mode 100644 index 000000000..d9fd5a12e --- /dev/null +++ b/prebuilts/api/30.0/private/untrusted_app_all.te @@ -0,0 +1,175 @@ +### +### Untrusted_app_all. +### +### This file defines the rules shared by all untrusted app domains except +### ephemeral_app for instant apps. +### Apps are labeled based on mac_permissions.xml (maps signer and +### optionally package name to seinfo value) and seapp_contexts (maps UID +### and optionally seinfo value to domain for process and type for data +### directory). The untrusted_app_all attribute is assigned to all default +### seapp_contexts for any app with UID between APP_AID (10000) +### and AID_ISOLATED_START (99000) if the app has no specific seinfo +### value as determined from mac_permissions.xml. In current AOSP, this +### attribute is assigned to all non-system apps as well as to any system apps +### that are not signed by the platform key. To move +### a system app into a specific domain, add a signer entry for it to +### mac_permissions.xml and assign it one of the pre-existing seinfo values +### or define and use a new seinfo value in both mac_permissions.xml and +### seapp_contexts. +### +### Note that rules that should apply to all untrusted apps must be in app.te or also +### added to ephemeral_app.te. + +# Some apps ship with shared libraries and binaries that they write out +# to their sandbox directory and then execute. +allow untrusted_app_all privapp_data_file:file { r_file_perms execute }; +allow untrusted_app_all app_data_file:file { r_file_perms execute }; +auditallow untrusted_app_all app_data_file:file execute; + +# Chrome Crashpad uses the the dynamic linker to load native executables +# from an APK (b/112050209, crbug.com/928422) +allow untrusted_app_all system_linker_exec:file execute_no_trans; + +# Follow priv-app symlinks. This is used for dynamite functionality. +allow untrusted_app_all privapp_data_file:lnk_file r_file_perms; + +# Allow handling of less common filesystem objects +allow untrusted_app_all app_data_file:{ lnk_file sock_file fifo_file } create_file_perms; + +# Allow loading and deleting executable shared libraries +# within an application home directory. Such shared libraries would be +# created by things like renderscript or via other mechanisms. +allow untrusted_app_all app_exec_data_file:file { r_file_perms execute unlink }; + +# ASEC +allow untrusted_app_all asec_apk_file:file r_file_perms; +allow untrusted_app_all asec_apk_file:dir r_dir_perms; +# Execute libs in asec containers. +allow untrusted_app_all asec_public_file:file { execute }; + +# Used by Finsky / Android "Verify Apps" functionality when +# running "adb install foo.apk". +# TODO: Long term, we don't want apps probing into shell data files. +# Figure out a way to remove these rules. +allow untrusted_app_all shell_data_file:file r_file_perms; +allow untrusted_app_all shell_data_file:dir r_dir_perms; + +# Allow traceur to pass file descriptors through a content provider to untrusted apps +# for the purpose of sharing files through e.g. gmail +allow untrusted_app_all trace_data_file:file { getattr read }; + +# untrusted apps should not be able to open trace data files, they should depend +# upon traceur to pass a file descriptor +neverallow untrusted_app_all trace_data_file:dir *; +neverallow untrusted_app_all trace_data_file:file { no_w_file_perms open }; + +# Allow to read staged apks. +allow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file {read getattr}; + +# Read and write system app data files passed over Binder. +# Motivating case was /data/data/com.android.settings/cache/*.jpg for +# cropping or taking user photos. +allow untrusted_app_all system_app_data_file:file { read write getattr }; + +# +# Rules migrated from old app domains coalesced into untrusted_app. +# This includes what used to be media_app, shared_app, and release_app. +# + +# Access to /data/media. +allow untrusted_app_all media_rw_data_file:dir create_dir_perms; +allow untrusted_app_all media_rw_data_file:file create_file_perms; + +# Traverse into /mnt/media_rw for bypassing FUSE daemon +# TODO: narrow this to just MediaProvider +allow untrusted_app_all mnt_media_rw_file:dir search; + +# allow cts to query all services +allow untrusted_app_all servicemanager:service_manager list; + +allow untrusted_app_all audioserver_service:service_manager find; +allow untrusted_app_all cameraserver_service:service_manager find; +allow untrusted_app_all drmserver_service:service_manager find; +allow untrusted_app_all mediaserver_service:service_manager find; +allow untrusted_app_all mediaextractor_service:service_manager find; +allow untrusted_app_all mediametrics_service:service_manager find; +allow untrusted_app_all mediadrmserver_service:service_manager find; +allow untrusted_app_all nfc_service:service_manager find; +allow untrusted_app_all radio_service:service_manager find; +allow untrusted_app_all app_api_service:service_manager find; +allow untrusted_app_all vr_manager_service:service_manager find; +allow untrusted_app_all gpu_service:service_manager find; + +# Allow untrusted apps to interact with gpuservice +binder_call(untrusted_app_all, gpuservice) + +# gdbserver for ndk-gdb ptrace attaches to app process. +allow untrusted_app_all self:process ptrace; + +# Android Studio Instant Run has the application connect to a +# runas_app socket listening in the abstract namespace. +# https://developer.android.com/studio/run/ +# b/123297648 +allow untrusted_app_all runas_app:unix_stream_socket connectto; + +# Untrusted apps need to be able to send a SIGCHLD to runas_app +# when running under a debugger (b/123612207) +allow untrusted_app_all runas_app:process sigchld; + +# Cts: HwRngTest +allow untrusted_app_all sysfs_hwrandom:dir search; +allow untrusted_app_all sysfs_hwrandom:file r_file_perms; + +# Allow apps to view preloaded media content +allow untrusted_app_all preloads_media_file:dir r_dir_perms; +allow untrusted_app_all preloads_media_file:file r_file_perms; +allow untrusted_app_all preloads_data_file:dir search; + +# Allow untrusted apps read / execute access to /vendor/app for there can +# be pre-installed vendor apps that package a library within themselves. +# TODO (b/37784178) Consider creating a special type for /vendor/app installed +# apps. +allow untrusted_app_all vendor_app_file:dir { open getattr read search }; +allow untrusted_app_all vendor_app_file:file { r_file_perms execute }; +allow untrusted_app_all vendor_app_file:lnk_file { open getattr read }; + +# Write app-specific trace data to the Perfetto traced damon. This requires +# connecting to its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(untrusted_app_all) + +# Allow profiling if the app opts in by being marked profileable/debuggable. +can_profile_heap(untrusted_app_all) +can_profile_perf(untrusted_app_all) + +# allow untrusted apps to use UDP sockets provided by the system server but not +# modify them other than to connect +allow untrusted_app_all system_server:udp_socket { + connect getattr read recvfrom sendto write getopt setopt }; + +# Allow the renderscript compiler to be run. +domain_auto_trans(untrusted_app_all, rs_exec, rs) + +# This is allowed for targetSdkVersion <= 25 but disallowed on newer versions. +dontaudit untrusted_app_all net_dns_prop:file read; + +# These have been disallowed since Android O. +# For P, we assume that apps are safely handling the denial. +dontaudit untrusted_app_all proc_stat:file read; +dontaudit untrusted_app_all proc_vmstat:file read; +dontaudit untrusted_app_all proc_uptime:file read; + +# Allow the allocation and use of ptys +# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm +create_pty(untrusted_app_all) + +# Allow access to kcov via its ioctl interface for coverage +# guided kernel fuzzing. +userdebug_or_eng(` + allow untrusted_app_all debugfs_kcov:file rw_file_perms; + allowxperm untrusted_app_all debugfs_kcov:file ioctl { KCOV_INIT_TRACE KCOV_ENABLE KCOV_DISABLE }; +') + +# Allow signalling simpleperf domain, which is the domain that the simpleperf +# profiler runs as when executed by the app. The signals are used to control +# the profiler (which would be profiling the app that is sending the signal). +allow untrusted_app_all simpleperf:process signal; diff --git a/prebuilts/api/30.0/private/update_engine.te b/prebuilts/api/30.0/private/update_engine.te new file mode 100644 index 000000000..e4e700919 --- /dev/null +++ b/prebuilts/api/30.0/private/update_engine.te @@ -0,0 +1,7 @@ +typeattribute update_engine coredomain; + +init_daemon_domain(update_engine); + +# Allow to talk to gsid. +allow update_engine gsi_service:service_manager find; +binder_call(update_engine, gsid) diff --git a/prebuilts/api/30.0/private/update_engine_common.te b/prebuilts/api/30.0/private/update_engine_common.te new file mode 100644 index 000000000..a7fb58471 --- /dev/null +++ b/prebuilts/api/30.0/private/update_engine_common.te @@ -0,0 +1,5 @@ +# type_transition must be private policy the domain_trans rules could stay +# public, but conceptually should go with this +# The postinstall program is run by update_engine_common and will always be tagged as a +# postinstall_file regardless of its attributes in the new system. +domain_auto_trans(update_engine_common, postinstall_file, postinstall) diff --git a/prebuilts/api/30.0/private/update_verifier.te b/prebuilts/api/30.0/private/update_verifier.te new file mode 100644 index 000000000..1b934d980 --- /dev/null +++ b/prebuilts/api/30.0/private/update_verifier.te @@ -0,0 +1,3 @@ +typeattribute update_verifier coredomain; + +init_daemon_domain(update_verifier) diff --git a/prebuilts/api/30.0/private/usbd.te b/prebuilts/api/30.0/private/usbd.te new file mode 100644 index 000000000..13a0ad7a6 --- /dev/null +++ b/prebuilts/api/30.0/private/usbd.te @@ -0,0 +1,12 @@ +typeattribute usbd coredomain; + +init_daemon_domain(usbd) + +# Access usb gadget hal +hal_client_domain(usbd, hal_usb_gadget) + +# Access persist.sys.usb.config +get_prop(usbd, system_prop) + +# start adbd during boot if adb is enabled +set_prop(usbd, ctl_default_prop) diff --git a/prebuilts/api/30.0/private/users b/prebuilts/api/30.0/private/users new file mode 100644 index 000000000..51b7b57e6 --- /dev/null +++ b/prebuilts/api/30.0/private/users @@ -0,0 +1 @@ +user u roles { r } level s0 range s0 - mls_systemhigh; diff --git a/prebuilts/api/30.0/private/vdc.te b/prebuilts/api/30.0/private/vdc.te new file mode 100644 index 000000000..bc7409eee --- /dev/null +++ b/prebuilts/api/30.0/private/vdc.te @@ -0,0 +1,3 @@ +typeattribute vdc coredomain; + +init_daemon_domain(vdc) diff --git a/prebuilts/api/30.0/private/vendor_init.te b/prebuilts/api/30.0/private/vendor_init.te new file mode 100644 index 000000000..6a68f1fed --- /dev/null +++ b/prebuilts/api/30.0/private/vendor_init.te @@ -0,0 +1,7 @@ +# Creating files on sysfs is impossible so this isn't a threat +# Sometimes we have to write to non-existent files to avoid conditional +# init behavior. See b/35303861 for an example. +dontaudit vendor_init sysfs:dir write; + +# TODO(b/140259336) We want to remove vendor_init in the long term but allow for now +allow vendor_init system_data_root_file:dir rw_dir_perms; diff --git a/prebuilts/api/30.0/private/viewcompiler.te b/prebuilts/api/30.0/private/viewcompiler.te new file mode 100644 index 000000000..d1f096441 --- /dev/null +++ b/prebuilts/api/30.0/private/viewcompiler.te @@ -0,0 +1,25 @@ +# viewcompiler +type viewcompiler, domain, coredomain, mlstrustedsubject; +type viewcompiler_exec, system_file_type, exec_type, file_type; +type viewcompiler_tmpfs, file_type; + +# Reading an APK opens a ZipArchive, which unpack to tmpfs. +# Use tmpfs_domain() which will give tmpfs files created by viewcompiler their +# own label, which differs from other labels created by other processes. +# This allows to distinguish in policy files created by viewcompiler vs other +# processes. +tmpfs_domain(viewcompiler) + +allow viewcompiler installd:fd use; + +# Include write permission for app data files so viewcompiler can generate +# compiled layout dex files +allow viewcompiler app_data_file:file { getattr write }; + +# Allow the view compiler to read resources from the apps APK. +allow viewcompiler apk_data_file:file { read map }; + +# priv-apps are moving to a world where they can only execute +# signed code. Make sure viewcompiler never can write to privapp +# directories to avoid introducing unsigned executable code +neverallow viewcompiler privapp_data_file:file no_w_file_perms; diff --git a/prebuilts/api/30.0/private/virtual_touchpad.te b/prebuilts/api/30.0/private/virtual_touchpad.te new file mode 100644 index 000000000..e735172fe --- /dev/null +++ b/prebuilts/api/30.0/private/virtual_touchpad.te @@ -0,0 +1,3 @@ +typeattribute virtual_touchpad coredomain; + +init_daemon_domain(virtual_touchpad) diff --git a/prebuilts/api/30.0/private/vold.te b/prebuilts/api/30.0/private/vold.te new file mode 100644 index 000000000..dea24a576 --- /dev/null +++ b/prebuilts/api/30.0/private/vold.te @@ -0,0 +1,19 @@ +typeattribute vold coredomain; + +init_daemon_domain(vold) + +# Switch to more restrictive domains when executing common tools +domain_auto_trans(vold, sgdisk_exec, sgdisk); +domain_auto_trans(vold, sdcardd_exec, sdcardd); + +# For a handful of probing tools, we choose an even more restrictive +# domain when working with untrusted block devices +domain_trans(vold, blkid_exec, blkid); +domain_trans(vold, blkid_exec, blkid_untrusted); +domain_trans(vold, fsck_exec, fsck); +domain_trans(vold, fsck_exec, fsck_untrusted); + +# Newly created storage dirs are always treated as mount stubs to prevent us +# from accidentally writing when the mount point isn't present. +type_transition vold storage_file:dir storage_stub_file; +type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; diff --git a/prebuilts/api/30.0/private/vold_prepare_subdirs.te b/prebuilts/api/30.0/private/vold_prepare_subdirs.te new file mode 100644 index 000000000..f3ec05859 --- /dev/null +++ b/prebuilts/api/30.0/private/vold_prepare_subdirs.te @@ -0,0 +1,45 @@ +domain_auto_trans(vold, vold_prepare_subdirs_exec, vold_prepare_subdirs) + +allow vold_prepare_subdirs system_file:file execute_no_trans; +allow vold_prepare_subdirs shell_exec:file rx_file_perms; +allow vold_prepare_subdirs toolbox_exec:file rx_file_perms; +allow vold_prepare_subdirs devpts:chr_file rw_file_perms; +allow vold_prepare_subdirs vold:fd use; +allow vold_prepare_subdirs vold:fifo_file { read write }; +allow vold_prepare_subdirs file_contexts_file:file r_file_perms; +allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner }; +allow vold_prepare_subdirs self:process setfscreate; +allow vold_prepare_subdirs { + system_data_file + vendor_data_file +}:dir { open read write add_name remove_name rmdir relabelfrom }; +allow vold_prepare_subdirs { + apex_module_data_file + apex_permission_data_file + apex_rollback_data_file + apex_wifi_data_file + backup_data_file + face_vendor_data_file + fingerprint_vendor_data_file + iris_vendor_data_file + rollback_data_file + storaged_data_file + vold_data_file +}:dir { create_dir_perms relabelto }; +allow vold_prepare_subdirs { + apex_module_data_file + apex_permission_data_file + apex_rollback_data_file + apex_wifi_data_file + backup_data_file + face_vendor_data_file + fingerprint_vendor_data_file + iris_vendor_data_file + rollback_data_file + storaged_data_file + system_data_file + vold_data_file +}:file { getattr unlink }; +allow vold_prepare_subdirs apex_mnt_dir:dir { open read }; + +dontaudit vold_prepare_subdirs { proc unlabeled }:file r_file_perms; diff --git a/prebuilts/api/30.0/private/vr_hwc.te b/prebuilts/api/30.0/private/vr_hwc.te new file mode 100644 index 000000000..053c03d98 --- /dev/null +++ b/prebuilts/api/30.0/private/vr_hwc.te @@ -0,0 +1,6 @@ +typeattribute vr_hwc coredomain; + +# Daemon started by init. +init_daemon_domain(vr_hwc) + +hal_server_domain(vr_hwc, hal_graphics_composer) diff --git a/prebuilts/api/30.0/private/vzwomatrigger_app.te b/prebuilts/api/30.0/private/vzwomatrigger_app.te new file mode 100644 index 000000000..8deb22bc8 --- /dev/null +++ b/prebuilts/api/30.0/private/vzwomatrigger_app.te @@ -0,0 +1,6 @@ +### +### A domain for further sandboxing the VzwOmaTrigger app. +### +type vzwomatrigger_app, domain; + +app_domain(vzwomatrigger_app) diff --git a/prebuilts/api/30.0/private/wait_for_keymaster.te b/prebuilts/api/30.0/private/wait_for_keymaster.te new file mode 100644 index 000000000..85a28da5f --- /dev/null +++ b/prebuilts/api/30.0/private/wait_for_keymaster.te @@ -0,0 +1,9 @@ +# wait_for_keymaster service +type wait_for_keymaster, domain, coredomain; +type wait_for_keymaster_exec, system_file_type, exec_type, file_type; + +init_daemon_domain(wait_for_keymaster) + +hal_client_domain(wait_for_keymaster, hal_keymaster) + +allow wait_for_keymaster kmsg_device:chr_file w_file_perms; diff --git a/prebuilts/api/30.0/private/watchdogd.te b/prebuilts/api/30.0/private/watchdogd.te new file mode 100644 index 000000000..91ece7052 --- /dev/null +++ b/prebuilts/api/30.0/private/watchdogd.te @@ -0,0 +1,3 @@ +typeattribute watchdogd coredomain; + +init_daemon_domain(watchdogd) diff --git a/prebuilts/api/30.0/private/webview_zygote.te b/prebuilts/api/30.0/private/webview_zygote.te new file mode 100644 index 000000000..969ab9cc9 --- /dev/null +++ b/prebuilts/api/30.0/private/webview_zygote.te @@ -0,0 +1,153 @@ +# webview_zygote is an auxiliary zygote process that is used to spawn +# isolated_app processes for rendering untrusted web content. + +typeattribute webview_zygote coredomain; + +# The webview_zygote needs to be able to transition domains. +typeattribute webview_zygote mlstrustedsubject; + +# Allow access to temporary files, which is normally permitted through +# a domain macro. +tmpfs_domain(webview_zygote); + +# Allow reading/executing installed binaries to enable preloading the +# installed WebView implementation. +allow webview_zygote apk_data_file:dir r_dir_perms; +allow webview_zygote apk_data_file:file { r_file_perms execute }; + +# Access to the WebView relro file. +allow webview_zygote shared_relro_file:dir search; +allow webview_zygote shared_relro_file:file r_file_perms; + +# Set the UID/GID of the process. +allow webview_zygote self:global_capability_class_set { setgid setuid }; +# Drop capabilities from bounding set. +allow webview_zygote self:global_capability_class_set setpcap; +# Switch SELinux context to app domains. +allow webview_zygote self:process setcurrent; +allow webview_zygote isolated_app:process dyntransition; + +# For art. +allow webview_zygote dalvikcache_data_file:dir r_dir_perms; +allow webview_zygote dalvikcache_data_file:lnk_file r_file_perms; +allow webview_zygote dalvikcache_data_file:file { r_file_perms execute }; + +# Allow webview_zygote to create JIT memory. +allow webview_zygote self:process execmem; + +# Allow webview_zygote to stat the files that it opens. It must +# be able to inspect them so that it can reopen them on fork +# if necessary: b/30963384. +allow webview_zygote debugfs_trace_marker:file getattr; + +# Allow webview_zygote to manage the pgroup of its children. +allow webview_zygote system_server:process getpgid; + +# Interaction between the webview_zygote and its children. +allow webview_zygote isolated_app:process setpgid; + +# TODO (b/63631799) fix this access +# Suppress denials to storage. Webview zygote should not be accessing. +dontaudit webview_zygote mnt_expand_file:dir getattr; + +# TODO (b/72957399) remove this when webview_zygote is reparented to +# app_process zygote +dontaudit webview_zygote dex2oat_exec:file execute; + +# Get seapp_contexts +allow webview_zygote seapp_contexts_file:file r_file_perms; +# Check validity of SELinux context before use. +selinux_check_context(webview_zygote) +# Check SELinux permissions. +selinux_check_access(webview_zygote) + +# Directory listing in /system. +allow webview_zygote system_file:dir r_dir_perms; + +# Read and inspect temporary files (like system properties) managed by zygote. +allow webview_zygote zygote_tmpfs:file { read getattr }; +# Child of zygote. +allow webview_zygote zygote:fd use; +allow webview_zygote zygote:process sigchld; + +# Allow apps access to /vendor/overlay +r_dir_file(webview_zygote, vendor_overlay_file) + +allow webview_zygote same_process_hal_file:file { execute read open getattr map }; + +allow webview_zygote system_data_file:lnk_file r_file_perms; + +# Send unsolicited message to system_server +unix_socket_send(webview_zygote, system_unsolzygote, system_server) + +##### +##### Neverallow +##### + +# Only permit transition to isolated_app. +neverallow webview_zygote { domain -isolated_app }:process dyntransition; + +# Only setcon() transitions, no exec() based transitions, except for crash_dump. +neverallow webview_zygote { domain -crash_dump }:process transition; + +# Must not exec() a program without changing domains. +# Having said that, exec() above is not allowed. +neverallow webview_zygote *:file execute_no_trans; + +# The only way to enter this domain is for the zygote to fork a new +# webview_zygote child. +neverallow { domain -zygote } webview_zygote:process dyntransition; + +# Disallow write access to properties. +neverallow webview_zygote property_socket:sock_file write; +neverallow webview_zygote property_type:property_service set; + +# Should not have any access to app data files. +neverallow webview_zygote { + app_data_file + privapp_data_file + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file +}:file { rwx_file_perms }; + +neverallow webview_zygote { + service_manager_type + -activity_service + -webviewupdate_service +}:service_manager find; + +# Isolated apps shouldn't be able to access the driver directly. +neverallow webview_zygote gpu_device:chr_file { rwx_file_perms }; + +# Do not allow webview_zygote access to /cache. +neverallow webview_zygote cache_file:dir ~{ r_dir_perms }; +neverallow webview_zygote cache_file:file ~{ read getattr }; + +# Do not allow most socket access. This is socket_class_set, excluding unix_dgram_socket, +# unix_stream_socket, and netlink_selinux_socket. +neverallow webview_zygote domain:{ + socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket + appletalk_socket netlink_route_socket netlink_tcpdiag_socket + netlink_nflog_socket netlink_xfrm_socket netlink_audit_socket + netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket + netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket + netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket + sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket + x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket + pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket + rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket + alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket + xdp_socket +} *; + +# Do not allow access to Bluetooth-related system properties. +# neverallow rules for Bluetooth-related data files are listed above. +neverallow webview_zygote { + bluetooth_a2dp_offload_prop + bluetooth_audio_hal_prop + bluetooth_prop + exported_bluetooth_prop +}:file create_file_perms; diff --git a/prebuilts/api/30.0/private/wificond.te b/prebuilts/api/30.0/private/wificond.te new file mode 100644 index 000000000..5476e3385 --- /dev/null +++ b/prebuilts/api/30.0/private/wificond.te @@ -0,0 +1,3 @@ +typeattribute wificond coredomain; + +init_daemon_domain(wificond) diff --git a/prebuilts/api/30.0/private/wpantund.te b/prebuilts/api/30.0/private/wpantund.te new file mode 100644 index 000000000..e91662cb7 --- /dev/null +++ b/prebuilts/api/30.0/private/wpantund.te @@ -0,0 +1,3 @@ +typeattribute wpantund coredomain; + +init_daemon_domain(wpantund) diff --git a/prebuilts/api/30.0/private/zygote.te b/prebuilts/api/30.0/private/zygote.te new file mode 100644 index 000000000..5f08f8d6b --- /dev/null +++ b/prebuilts/api/30.0/private/zygote.te @@ -0,0 +1,239 @@ +# zygote +typeattribute zygote coredomain; +typeattribute zygote mlstrustedsubject; + +init_daemon_domain(zygote) +tmpfs_domain(zygote) + +read_runtime_log_tags(zygote) + +# Override DAC on files and switch uid/gid. +allow zygote self:global_capability_class_set { dac_override dac_read_search setgid setuid fowner chown }; + +# Drop capabilities from bounding set. +allow zygote self:global_capability_class_set setpcap; + +# Switch SELinux context to app domains. +allow zygote self:process setcurrent; +allow zygote system_server_startup:process dyntransition; +allow zygote appdomain:process dyntransition; +allow zygote webview_zygote:process dyntransition; +allow zygote app_zygote:process dyntransition; + +# Allow zygote to read app /proc/pid dirs (b/10455872). +allow zygote appdomain:dir { getattr search }; +allow zygote appdomain:file { r_file_perms }; + +# Move children into the peer process group. +allow zygote system_server:process { getpgid setpgid }; +allow zygote appdomain:process { getpgid setpgid }; +allow zygote webview_zygote:process { getpgid setpgid }; +allow zygote app_zygote:process { getpgid setpgid }; + +# Read system data. +allow zygote system_data_file:dir r_dir_perms; +allow zygote system_data_file:file r_file_perms; + +# Write to /data/dalvik-cache. +allow zygote dalvikcache_data_file:dir create_dir_perms; +allow zygote dalvikcache_data_file:file create_file_perms; + +# Create symlinks in /data/dalvik-cache. +allow zygote dalvikcache_data_file:lnk_file create_file_perms; + +# Write to /data/resource-cache. +allow zygote resourcecache_data_file:dir rw_dir_perms; +allow zygote resourcecache_data_file:file create_file_perms; + +# For updateability, the zygote may fetch the current boot +# classpath from the dalvik cache. Integrity of the files +# is ensured by fsverity protection (checked in art_apex_boot_integrity). +allow zygote dalvikcache_data_file:file execute; + +# Bind mount on /data/data and mounted volumes +allow zygote { system_data_file mnt_expand_file }:dir mounton; + +# Relabel /data/user /data/user_de and /data/data +allow zygote tmpfs:{ dir lnk_file } relabelfrom; +allow zygote system_data_file:{ dir lnk_file } relabelto; + +# Zygote opens /mnt/expand to mount CE DE storage on each vol +allow zygote mnt_expand_file:dir { open read search relabelto }; + +# Bind mount subdirectories on /data/misc/profiles/cur +allow zygote { user_profile_data_file }:dir { mounton search }; + +# Create and bind dirs on /data/data +allow zygote tmpfs:dir { create_dir_perms mounton }; + +# Goes into media directory and bind mount obb directory +allow zygote media_rw_data_file:dir { getattr search }; + +# Read if sdcardfs is supported +allow zygote proc_filesystems:file r_file_perms; + +# Create symlink for /data/user/0 +allow zygote tmpfs:lnk_file create; + +allow zygote mirror_data_file:dir r_dir_perms; + +# Get inode of data directories +allow zygote { + system_data_file + radio_data_file + app_data_file + shell_data_file + bluetooth_data_file + privapp_data_file + nfc_data_file + mnt_expand_file +}:dir getattr; + +# Allow zygote to create JIT memory. +allow zygote self:process execmem; +allow zygote zygote_tmpfs:file execute; +allow zygote ashmem_libcutils_device:chr_file execute; + +# Execute idmap and dex2oat within zygote's own domain. +# TODO: Should either of these be transitioned to the same domain +# used by installd or stay in-domain for zygote? +allow zygote idmap_exec:file rx_file_perms; +allow zygote dex2oat_exec:file rx_file_perms; + +# Allow apps access to /vendor/overlay +r_dir_file(zygote, vendor_overlay_file) + +# Control cgroups. +allow zygote cgroup:dir create_dir_perms; +allow zygote cgroup:{ file lnk_file } r_file_perms; +allow zygote self:global_capability_class_set sys_admin; + +# Allow zygote to stat the files that it opens. The zygote must +# be able to inspect them so that it can reopen them on fork +# if necessary: b/30963384. +allow zygote pmsg_device:chr_file getattr; +allow zygote debugfs_trace_marker:file getattr; + +# Get seapp_contexts +allow zygote seapp_contexts_file:file r_file_perms; +# Check validity of SELinux context before use. +selinux_check_context(zygote) +# Check SELinux permissions. +selinux_check_access(zygote) + +# Native bridge functionality requires that zygote replaces +# /proc/cpuinfo with /system/lib//cpuinfo using a bind mount +allow zygote proc_cpuinfo:file mounton; + +# Allow remounting rootfs as MS_SLAVE. +allow zygote rootfs:dir mounton; +allow zygote tmpfs:filesystem { mount unmount }; +allow zygote fuse:filesystem { unmount }; +allow zygote sdcardfs:filesystem { unmount }; + +# Allow creating user-specific storage source if started before vold. +allow zygote mnt_user_file:dir { create_dir_perms mounton }; +allow zygote mnt_user_file:lnk_file create_file_perms; +allow zygote mnt_user_file:file create_file_perms; + +# Allow mounting user-specific storage source if started before vold. +allow zygote mnt_pass_through_file:dir { create_dir_perms mounton }; + +# Allowed to mount user-specific storage into place +allow zygote storage_file:dir { search mounton }; + +# Allow mounting and creating files, dirs on sdcardfs. +allow zygote { sdcard_type }:dir { create_dir_perms mounton }; +allow zygote { sdcard_type }:file { create_file_perms }; + +# Handle --invoke-with command when launching Zygote with a wrapper command. +allow zygote zygote_exec:file rx_file_perms; + +# Allow zygote to write to statsd. +unix_socket_send(zygote, statsdw, statsd) + +# Root fs. +r_dir_file(zygote, rootfs) + +# System file accesses. +r_dir_file(zygote, system_file) + +# /oem accesses. +allow zygote oemfs:dir search; + +userdebug_or_eng(` + # Allow zygote to create and write method traces in /data/misc/trace. + allow zygote method_trace_data_file:dir w_dir_perms; + allow zygote method_trace_data_file:file { create w_file_perms }; +') + +allow zygote ion_device:chr_file r_file_perms; +allow zygote tmpfs:dir r_dir_perms; + +allow zygote same_process_hal_file:file { execute read open getattr map }; + +# Let the zygote access overlays so it can initialize the AssetManager. +get_prop(zygote, overlay_prop) +get_prop(zygote, exported_overlay_prop) + +# Allow the zygote to access the runtime feature flag properties. +get_prop(zygote, device_config_runtime_native_prop) +get_prop(zygote, device_config_runtime_native_boot_prop) + +# Allow the zygote to access window manager native boot feature flags +# to initialize WindowManager static properties. +get_prop(zygote, device_config_window_manager_native_boot_prop) + +# ingore spurious denials +dontaudit zygote self:global_capability_class_set sys_resource; + +# Ignore spurious denials calling access() on fuse +# TODO(b/151316657): avoid the denials +dontaudit zygote media_rw_data_file:dir setattr; + +# Allow zygote to use ashmem fds from system_server. +allow zygote system_server:fd use; + +# Send unsolicited message to system_server +unix_socket_send(zygote, system_unsolzygote, system_server) + +# Allow zygote to access media_variant_prop for static initialization +get_prop(zygote, media_variant_prop) + +### +### neverallow rules +### + +# Ensure that all types assigned to app processes are included +# in the appdomain attribute, so that all allow and neverallow rules +# written on appdomain are applied to all app processes. +# This is achieved by ensuring that it is impossible for zygote to +# setcon (dyntransition) to any types other than those associated +# with appdomain plus system_server_startup, webview_zygote and +# app_zygote. +neverallow zygote ~{ + appdomain + system_server_startup + webview_zygote + app_zygote +}:process dyntransition; + +# Zygote should never execute anything from /data except for /data/dalvik-cache files. +neverallow zygote { + data_file_type + -dalvikcache_data_file # map PROT_EXEC +}:file no_x_file_perms; + +# Do not allow access to Bluetooth-related system properties and files +neverallow zygote { + bluetooth_a2dp_offload_prop + bluetooth_audio_hal_prop + bluetooth_prop + exported_bluetooth_prop +}:file create_file_perms; + +# Zygote should not be able to access app private data. +neverallow zygote { + privapp_data_file + app_data_file +}:dir ~getattr; diff --git a/prebuilts/api/30.0/public/adbd.te b/prebuilts/api/30.0/public/adbd.te new file mode 100644 index 000000000..4a1f63388 --- /dev/null +++ b/prebuilts/api/30.0/public/adbd.te @@ -0,0 +1,11 @@ +# adbd seclabel is specified in init.rc since +# it lives in the rootfs and has no unique file type. +type adbd, domain; +type adbd_exec, exec_type, file_type, system_file_type; + +# Only init is allowed to enter the adbd domain via exec() +neverallow { domain -init } adbd:process transition; +neverallow * adbd:process dyntransition; + +# Allow adbd start/stop mdnsd via ctl.start +set_prop(adbd, ctl_mdnsd_prop) diff --git a/prebuilts/api/30.0/public/aidl_lazy_test_server.te b/prebuilts/api/30.0/public/aidl_lazy_test_server.te new file mode 100644 index 000000000..626d0088b --- /dev/null +++ b/prebuilts/api/30.0/public/aidl_lazy_test_server.te @@ -0,0 +1,9 @@ +type aidl_lazy_test_server, domain; +type aidl_lazy_test_server_exec, exec_type, file_type, system_file_type; + +userdebug_or_eng(` + binder_use(aidl_lazy_test_server) + binder_call(aidl_lazy_test_server, binderservicedomain) + + add_service(aidl_lazy_test_server, aidl_lazy_test_service) +') diff --git a/prebuilts/api/30.0/public/apexd.te b/prebuilts/api/30.0/public/apexd.te new file mode 100644 index 000000000..93c257f5f --- /dev/null +++ b/prebuilts/api/30.0/public/apexd.te @@ -0,0 +1,15 @@ +# apexd -- manager for APEX packages +type apexd, domain; +type apexd_exec, exec_type, file_type, system_file_type; + +binder_use(apexd) +add_service(apexd, apex_service) +set_prop(apexd, apexd_prop) + +neverallow { domain -init -apexd -system_server } apex_service:service_manager find; +neverallow { domain -init -apexd -system_server -servicemanager } apexd:binder call; + +neverallow { domain userdebug_or_eng(`-crash_dump') } apexd:process ptrace; + +# only apexd can set apexd sysprop +neverallow { domain -apexd -init } apexd_prop:property_service set; diff --git a/prebuilts/api/30.0/public/app.te b/prebuilts/api/30.0/public/app.te new file mode 100644 index 000000000..9c635aa82 --- /dev/null +++ b/prebuilts/api/30.0/public/app.te @@ -0,0 +1,598 @@ +### +### Domain for all zygote spawned apps +### +### This file is the base policy for all zygote spawned apps. +### Other policy files, such as isolated_app.te, untrusted_app.te, etc +### extend from this policy. Only policies which should apply to ALL +### zygote spawned apps should be added here. +### +type appdomain_tmpfs, file_type; + +# WebView and other application-specific JIT compilers +allow appdomain self:process execmem; + +allow appdomain { ashmem_device ashmem_libcutils_device }:chr_file execute; + +# Receive and use open file descriptors inherited from zygote. +allow appdomain zygote:fd use; + +# gdbserver for ndk-gdb reads the zygote. +# valgrind needs mmap exec for zygote +allow appdomain zygote_exec:file rx_file_perms; + +# Notify zygote of death; +allow appdomain zygote:process sigchld; + +# Read /data/dalvik-cache. +allow appdomain dalvikcache_data_file:dir { search getattr }; +allow appdomain dalvikcache_data_file:file r_file_perms; + +# Read the /sdcard and /mnt/sdcard symlinks +allow { appdomain -isolated_app } rootfs:lnk_file r_file_perms; +allow { appdomain -isolated_app } tmpfs:lnk_file r_file_perms; + +# Search /storage/emulated tmpfs mount. +allow appdomain tmpfs:dir r_dir_perms; + +# Notify zygote of the wrapped process PID when using --invoke-with. +allow appdomain zygote:fifo_file write; + +userdebug_or_eng(` + # Allow apps to create and write method traces in /data/misc/trace. + allow appdomain method_trace_data_file:dir w_dir_perms; + allow appdomain method_trace_data_file:file { create w_file_perms }; +') + +# Notify shell and adbd of death when spawned via runas for ndk-gdb. +allow appdomain shell:process sigchld; +allow appdomain adbd:process sigchld; + +# child shell or gdbserver pty access for runas. +allow appdomain devpts:chr_file { getattr read write ioctl }; + +# Use pipes and sockets provided by system_server via binder or local socket. +allow appdomain system_server:fd use; +allow appdomain system_server:fifo_file rw_file_perms; +allow appdomain system_server:unix_stream_socket { read write setopt getattr getopt shutdown }; +allow appdomain system_server:tcp_socket { read write getattr getopt shutdown }; + +# For AppFuse. +allow appdomain vold:fd use; + +# Communication with other apps via fifos +allow appdomain appdomain:fifo_file rw_file_perms; + +# Communicate with surfaceflinger. +allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr getopt shutdown }; + +# App sandbox file accesses. +allow { appdomain -isolated_app } { app_data_file privapp_data_file }:dir create_dir_perms; +allow { appdomain -isolated_app } { app_data_file privapp_data_file }:file create_file_perms; + +# Traverse into expanded storage +allow appdomain mnt_expand_file:dir r_dir_perms; + +# Keychain and user-trusted credentials +r_dir_file(appdomain, keychain_data_file) +allow appdomain misc_user_data_file:dir r_dir_perms; +allow appdomain misc_user_data_file:file r_file_perms; + +# TextClassifier +r_dir_file({ appdomain -isolated_app }, textclassifier_data_file) + +# Access to OEM provided data and apps +allow appdomain oemfs:dir r_dir_perms; +allow appdomain oemfs:file rx_file_perms; + +# Execute the shell or other system executables. +allow { appdomain -ephemeral_app } shell_exec:file rx_file_perms; +allow { appdomain -ephemeral_app } toolbox_exec:file rx_file_perms; +allow appdomain system_file:file x_file_perms; +not_full_treble(`allow { appdomain -ephemeral_app } vendor_file:file x_file_perms;') + +# Renderscript needs the ability to read directories on /system +allow appdomain system_file:dir r_dir_perms; +allow appdomain system_file:lnk_file { getattr open read }; +# Renderscript specific permissions to open /system/vendor/lib64. +not_full_treble(` + allow appdomain vendor_file_type:dir r_dir_perms; + allow appdomain vendor_file_type:lnk_file { getattr open read }; +') + +full_treble_only(` + # For looking up Renderscript vendor drivers + allow { appdomain -isolated_app } vendor_file:dir { open read }; +') + +# Allow apps access to /vendor/app except for privileged +# apps which cannot be in /vendor. +r_dir_file({ appdomain -ephemeral_app }, vendor_app_file) +allow { appdomain -ephemeral_app } vendor_app_file:file execute; + +# Allow apps access to /vendor/overlay +r_dir_file(appdomain, vendor_overlay_file) + +# Allow apps access to /vendor/framework +# for vendor provided libraries. +r_dir_file(appdomain, vendor_framework_file) + +# Allow apps read / execute access to vendor public libraries. +allow appdomain vendor_public_lib_file:dir r_dir_perms; +allow appdomain vendor_public_lib_file:file { execute read open getattr map }; + +# Read/write wallpaper file (opened by system). +allow appdomain wallpaper_file:file { getattr read write map }; + +# Read/write cached ringtones (opened by system). +allow appdomain ringtone_file:file { getattr read write map }; + +# Read ShortcutManager icon files (opened by system). +allow appdomain shortcut_manager_icons:file { getattr read map }; + +# Read icon file (opened by system). +allow appdomain icon_file:file { getattr read map }; + +# Old stack dumping scheme : append to a global trace file (/data/anr/traces.txt). +# +# TODO: All of these permissions except for anr_data_file:file append can be +# withdrawn once we've switched to the new stack dumping mechanism, see b/32064548 +# and the rules below. +allow appdomain anr_data_file:dir search; +allow appdomain anr_data_file:file { open append }; + +# New stack dumping scheme : request an output FD from tombstoned via a unix +# domain socket. +# +# Allow apps to connect and write to the tombstoned java trace socket in +# order to dump their traces. Also allow them to append traces to pipes +# created by dumptrace. (Also see the rules below where they are given +# additional permissions to dumpstate pipes for other aspects of bug report +# creation). +unix_socket_connect(appdomain, tombstoned_java_trace, tombstoned) +allow appdomain tombstoned:fd use; +allow appdomain dumpstate:fifo_file append; +allow appdomain incidentd:fifo_file append; + +# Allow apps to send dump information to dumpstate +allow appdomain dumpstate:fd use; +allow appdomain dumpstate:unix_stream_socket { read write getopt getattr shutdown }; +allow appdomain dumpstate:fifo_file { write getattr }; +allow appdomain shell_data_file:file { write getattr }; + +# Allow apps to send dump information to incidentd +allow appdomain incidentd:fd use; +allow appdomain incidentd:fifo_file { write getattr }; + +# Allow apps to send information to statsd socket. +unix_socket_send(appdomain, statsdw, statsd) + +# Write profiles /data/misc/profiles +allow appdomain user_profile_data_file:dir { search write add_name }; +allow appdomain user_profile_data_file:file create_file_perms; + +# Send heap dumps to system_server via an already open file descriptor +# % adb shell am set-watch-heap com.android.systemui 1048576 +# % adb shell dumpsys procstats --start-testing +# debuggable builds only. +userdebug_or_eng(` + allow appdomain heapdump_data_file:file append; +') + +# /proc/net access. +# TODO(b/9496886) Audit access for removal. +# proc_net access for the negated domains below is granted (or not) in their +# individual .te files. +r_dir_file({ + appdomain + -ephemeral_app + -isolated_app + -platform_app + -priv_app + -shell + -system_app + -untrusted_app_all +}, proc_net_type) +# audit access for all these non-core app domains. +userdebug_or_eng(` + auditallow { + appdomain + -ephemeral_app + -isolated_app + -platform_app + -priv_app + -shell + -su + -system_app + -untrusted_app_all + } proc_net_type:{ dir file lnk_file } { getattr open read }; +') + +# Grant GPU access to all processes started by Zygote. +# They need that to render the standard UI. +allow { appdomain -isolated_app } gpu_device:chr_file rw_file_perms; + +# Use the Binder. +binder_use(appdomain) +# Perform binder IPC to binder services. +binder_call(appdomain, binderservicedomain) +# Perform binder IPC to other apps. +binder_call(appdomain, appdomain) +# Perform binder IPC to ephemeral apps. +binder_call(appdomain, ephemeral_app) + +# Talk with graphics composer fences +allow appdomain hal_graphics_composer:fd use; + +# Already connected, unnamed sockets being passed over some other IPC +# hence no sock_file or connectto permission. This appears to be how +# Chrome works, may need to be updated as more apps using isolated services +# are examined. +allow appdomain appdomain:unix_stream_socket { getopt getattr read write shutdown }; + +# Backup ability for every app. BMS opens and passes the fd +# to any app that has backup ability. Hence, no open permissions here. +allow appdomain backup_data_file:file { read write getattr map }; +allow appdomain cache_backup_file:file { read write getattr map }; +allow appdomain cache_backup_file:dir getattr; +# Backup ability using 'adb backup' +allow appdomain system_data_file:lnk_file r_file_perms; +allow appdomain system_data_file:file { getattr read map }; + +# Allow read/stat of /data/media files passed by Binder or local socket IPC. +allow { appdomain -isolated_app } media_rw_data_file:file { read getattr }; + +# Read and write /data/data/com.android.providers.telephony files passed over Binder. +allow { appdomain -isolated_app } radio_data_file:file { read write getattr }; + +# Allow access to external storage; we have several visible mount points under /storage +# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary +allow { appdomain -isolated_app -ephemeral_app } storage_file:dir r_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } storage_file:lnk_file r_file_perms; +allow { appdomain -isolated_app -ephemeral_app } mnt_user_file:dir r_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } mnt_user_file:lnk_file r_file_perms; + +# Read/write visible storage +allow { appdomain -isolated_app -ephemeral_app } sdcard_type:dir create_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } sdcard_type:file create_file_perms; +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:dir create_dir_perms; +allow { appdomain -isolated_app -ephemeral_app } media_rw_data_file:file create_file_perms; + +# Allow apps to use the USB Accessory interface. +# http://developer.android.com/guide/topics/connectivity/usb/accessory.html +# +# USB devices are first opened by the system server (USBDeviceManagerService) +# and the file descriptor is passed to the right Activity via binder. +allow { appdomain -isolated_app -ephemeral_app } usb_device:chr_file { read write getattr ioctl }; +allow { appdomain -isolated_app -ephemeral_app } usbaccessory_device:chr_file { read write getattr }; + +# For art. +allow appdomain dalvikcache_data_file:file execute; +allow appdomain dalvikcache_data_file:lnk_file r_file_perms; + +# Allow any app to read shared RELRO files. +allow appdomain shared_relro_file:dir search; +allow appdomain shared_relro_file:file r_file_perms; + +# Allow apps to read/execute installed binaries +allow appdomain apk_data_file:dir r_dir_perms; +allow appdomain apk_data_file:file rx_file_perms; + +# /data/resource-cache +allow appdomain resourcecache_data_file:file r_file_perms; +allow appdomain resourcecache_data_file:dir r_dir_perms; + +# logd access +read_logd(appdomain) +control_logd({ appdomain -ephemeral_app }) +# application inherit logd write socket (urge is to deprecate this long term) +allow appdomain zygote:unix_dgram_socket write; + +allow { appdomain -isolated_app -ephemeral_app } keystore:keystore_key { get_state get insert delete exist list sign verify }; + +use_keystore({ appdomain -isolated_app -ephemeral_app }) + +use_credstore({ appdomain -isolated_app -ephemeral_app }) + +allow appdomain console_device:chr_file { read write }; + +# only allow unprivileged socket ioctl commands +allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket } + ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; + +allow { appdomain -isolated_app } ion_device:chr_file r_file_perms; + +# Allow AAudio apps to use shared memory file descriptors from the HAL +allow { appdomain -isolated_app } hal_audio:fd use; + +# Allow app to access shared memory created by camera HAL1 +allow { appdomain -isolated_app } hal_camera:fd use; + +# RenderScript always-passthrough HAL +allow { appdomain -isolated_app } hal_renderscript_hwservice:hwservice_manager find; +allow appdomain same_process_hal_file:file { execute read open getattr map }; + +# TODO: switch to meminfo service +allow appdomain proc_meminfo:file r_file_perms; + +# For app fuse. +allow appdomain app_fuse_file:file { getattr read append write map }; + +pdx_client({ appdomain -isolated_app -ephemeral_app }, display_client) +pdx_client({ appdomain -isolated_app -ephemeral_app }, display_manager) +pdx_client({ appdomain -isolated_app -ephemeral_app }, display_vsync) +pdx_client({ appdomain -isolated_app -ephemeral_app }, performance_client) +# Apps do not directly open the IPC socket for bufferhubd. +pdx_use({ appdomain -isolated_app -ephemeral_app }, bufferhub_client) + +### +### CTS-specific rules +### + +# For cts/tests/tests/permission/src/android/permission/cts/FileSystemPermissionTest.java. +# testRunAsHasCorrectCapabilities +allow appdomain runas_exec:file getattr; +# Others are either allowed elsewhere or not desired. + +# Apps receive an open tun fd from the framework for +# device traffic. Do not allow untrusted app to directly open tun_device +allow { appdomain -isolated_app -ephemeral_app } tun_device:chr_file { read write getattr append ioctl }; +allowxperm { appdomain -isolated_app -ephemeral_app } tun_device:chr_file ioctl TUNGETIFF; + +# Connect to adbd and use a socket transferred from it. +# This is used for e.g. adb backup/restore. +allow appdomain adbd:unix_stream_socket connectto; +allow appdomain adbd:fd use; +allow appdomain adbd:unix_stream_socket { getattr getopt ioctl read write shutdown }; + +allow appdomain cache_file:dir getattr; + +# Allow apps to run with asanwrapper. +with_asan(`allow appdomain asanwrapper_exec:file rx_file_perms;') + +# Read access to FDs from the DropboxManagerService. +allow appdomain dropbox_data_file:file { getattr read }; + +# Read tmpfs types from these processes. +allow appdomain audioserver_tmpfs:file { getattr map read write }; +allow appdomain system_server_tmpfs:file { getattr map read write }; +allow appdomain zygote_tmpfs:file { map read }; + +### +### Neverallow rules +### +### These are things that Android apps should NEVER be able to do +### + +# Superuser capabilities. +# bluetooth requires net_admin and wake_alarm. network stack app requires net_admin. +neverallow { appdomain -bluetooth -network_stack } self:capability_class_set *; + +# Block device access. +neverallow appdomain dev_type:blk_file { read write }; + +# Access to any of the following character devices. +neverallow appdomain { + audio_device + camera_device + dm_device + radio_device + rpmsg_device + video_device +}:chr_file { read write }; + +# Note: Try expanding list of app domains in the future. +neverallow { untrusted_app isolated_app shell } graphics_device:chr_file { read write }; + +neverallow { appdomain -nfc } nfc_device:chr_file + { read write }; +neverallow { appdomain -bluetooth } hci_attach_dev:chr_file + { read write }; +neverallow appdomain tee_device:chr_file { read write }; + +# Privileged netlink socket interfaces. +neverallow { appdomain -network_stack } + domain:{ + netlink_tcpdiag_socket + netlink_nflog_socket + netlink_xfrm_socket + netlink_audit_socket + netlink_dnrt_socket + } *; + +# These messages are broadcast messages from the kernel to userspace. +# Do not allow the writing of netlink messages, which has been a source +# of rooting vulns in the past. +neverallow appdomain domain:netlink_kobject_uevent_socket { write append }; + +# Sockets under /dev/socket that are not specifically typed. +neverallow appdomain socket_device:sock_file write; + +# Unix domain sockets. +neverallow appdomain adbd_socket:sock_file write; +neverallow { appdomain -radio } rild_socket:sock_file write; + +# ptrace access to non-app domains. +neverallow appdomain { domain -appdomain }:process ptrace; + +# The Android security model guarantees the confidentiality and integrity +# of application data and execution state. Ptrace bypasses those +# confidentiality guarantees. Disallow ptrace access from system components +# to apps. Crash_dump is excluded, as it needs ptrace access to +# produce stack traces. llkd is excluded, as it needs ptrace access to +# inspect stack traces for live lock conditions. + +neverallow { + domain + -appdomain + -crash_dump + userdebug_or_eng(`-llkd') +} appdomain:process ptrace; + +# Read or write access to /proc/pid entries for any non-app domain. +# A different form of hidepid=2 like protections +neverallow appdomain { domain -appdomain }:file no_w_file_perms; +neverallow { appdomain -shell } { domain -appdomain }:file no_rw_file_perms; + +# signal access to non-app domains. +# sigchld allowed for parent death notification. +# signull allowed for kill(pid, 0) existence test. +# All others prohibited. +# -perfetto is to allow shell (which is an appdomain) to kill perfetto +# (see private/shell.te). +neverallow appdomain { domain -appdomain -perfetto }:process + { sigkill sigstop signal }; + +# Write to rootfs. +neverallow appdomain rootfs:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; + +# Write to /system. +neverallow appdomain system_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; + +# Write to entrypoint executables. +neverallow appdomain exec_type:file + { create write setattr relabelfrom relabelto append unlink link rename }; + +# Write to system-owned parts of /data. +# This is the default type for anything under /data not otherwise +# specified in file_contexts. Define a different type for portions +# that should be writable by apps. +neverallow appdomain system_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; + +# Write to various other parts of /data. +neverallow appdomain drm_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -platform_app -system_app } + apk_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -platform_app -system_app } + apk_tmp_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -platform_app } + apk_private_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -platform_app } + apk_private_tmp_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -shell } + shell_data_file:dir_file_class_set + { create setattr relabelfrom relabelto append unlink link rename }; +neverallow { appdomain -bluetooth } + bluetooth_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow { domain -credstore -init } credstore_data_file:dir_file_class_set *; +neverallow appdomain + keystore_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow appdomain + systemkeys_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow appdomain + wifi_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; +neverallow appdomain + dhcp_data_file:dir_file_class_set + { create write setattr relabelfrom relabelto append unlink link rename }; + +# access tmp apk files +neverallow { appdomain -untrusted_app_all -platform_app -priv_app } + { apk_tmp_file apk_private_tmp_file }:dir_file_class_set *; + +neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:{ devfile_class_set dir fifo_file lnk_file sock_file } *; +neverallow untrusted_app_all { apk_tmp_file apk_private_tmp_file }:file ~{ getattr read }; + +# Access to factory files. +neverallow appdomain efs_file:dir_file_class_set write; +neverallow { appdomain -shell } efs_file:dir_file_class_set read; + +# Write to various pseudo file systems. +neverallow { appdomain -bluetooth -nfc } + sysfs:dir_file_class_set write; +neverallow appdomain + proc:dir_file_class_set write; + +# Access to syslog(2) or /proc/kmsg. +neverallow appdomain kernel:system { syslog_read syslog_mod syslog_console }; + +# SELinux is not an API for apps to use +neverallow { appdomain -shell } *:security { compute_av check_context }; +neverallow { appdomain -shell } *:netlink_selinux_socket *; + +# Ability to perform any filesystem operation other than statfs(2). +# i.e. no mount(2), unmount(2), etc. +neverallow appdomain fs_type:filesystem ~getattr; + +# prevent creation/manipulation of globally readable symlinks +neverallow appdomain { + apk_data_file + cache_file + cache_recovery_file + dev_type + rootfs + system_file + tmpfs +}:lnk_file no_w_file_perms; + +# Blacklist app domains not allowed to execute from /data +neverallow { + bluetooth + isolated_app + nfc + radio + shared_relro + system_app +} { + data_file_type + -dalvikcache_data_file + -system_data_file # shared libs in apks + -apk_data_file +}:file no_x_file_perms; + +# Applications should use the activity model for receiving events +neverallow { + appdomain + -shell # bugreport +} input_device:chr_file ~getattr; + +# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains. +# neverallow rules for access to Bluetooth-related data files are above. +neverallow { + appdomain + -bluetooth + -system_app +} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms; + + +# Don't allow apps access to storage configuration properties. +neverallow appdomain storage_config_prop:file no_rw_file_perms; + +# Apps cannot access proc_uid_time_in_state +neverallow appdomain proc_uid_time_in_state:file *; + +# Apps cannot access proc_uid_concurrent_active_time +neverallow appdomain proc_uid_concurrent_active_time:file *; + +# Apps cannot access proc_uid_concurrent_policy_time +neverallow appdomain proc_uid_concurrent_policy_time:file *; + +# Apps cannot access proc_uid_cpupower +neverallow appdomain proc_uid_cpupower:file *; + +# Apps may not read /proc/net/{tcp,tcp6,udp,udp6}. These files leak information across the +# application boundary. VPN apps may use the ConnectivityManager.getConnectionOwnerUid() API to +# perform UID lookups. +neverallow { appdomain -shell } proc_net_tcp_udp:file *; + +# Apps cannot access bootstrap files. The bootstrap files are only for +# extremely early processes (like init, etc.) which are started before +# the runtime APEX is activated and Bionic libs are provided from there. +# If app process accesses (or even load/execute) the bootstrap files, +# it might cause problems such as ODR violation, etc. +neverallow appdomain system_bootstrap_lib_file:file + { open read write append execute execute_no_trans map }; +neverallow appdomain system_bootstrap_lib_file:dir + { open read getattr search }; diff --git a/prebuilts/api/30.0/public/app_zygote.te b/prebuilts/api/30.0/public/app_zygote.te new file mode 100644 index 000000000..4c1ec9652 --- /dev/null +++ b/prebuilts/api/30.0/public/app_zygote.te @@ -0,0 +1,6 @@ +# app_zygote is an auxiliary zygote process that is used to spawn +# isolated service processes for individual applications. It is +# spawned from the regular zygote process as a "child zygote". + +type app_zygote, domain; +type app_zygote_tmpfs, file_type; diff --git a/prebuilts/api/30.0/public/asan_extract.te b/prebuilts/api/30.0/public/asan_extract.te new file mode 100644 index 000000000..15c5a09fd --- /dev/null +++ b/prebuilts/api/30.0/public/asan_extract.te @@ -0,0 +1,36 @@ +# asan_extract +# +# This command set moves the artifact corresponding to the current slot +# from /data/ota to /data/dalvik-cache. + +with_asan(` + type asan_extract, domain, coredomain; + type asan_extract_exec, exec_type, file_type; + + # Allow asan_extract to execute itself using #!/system/bin/sh + allow asan_extract shell_exec:file rx_file_perms; + + # We execute log, rm, gzip and tar. + allow asan_extract toolbox_exec:file rx_file_perms; + allow asan_extract system_file:file execute_no_trans; + + # asan_extract deletes old /data/lib. + allow asan_extract system_file:dir { open read remove_name rmdir write }; + allow asan_extract system_file:file unlink; + + # asan_extract untars ASAN libraries into /data. + allow asan_extract system_data_file:dir create_dir_perms ; + allow asan_extract system_data_file:{ file lnk_file } create_file_perms ; + + # Relabel the libraries with restorecon. + allow asan_extract file_contexts_file:file r_file_perms; + allow asan_extract system_data_file:{ dir file } relabelfrom; + allow asan_extract system_file:dir { relabelto setattr }; + allow asan_extract system_file:file relabelto; + + # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser). + allow asan_extract system_data_file:file execute; + + # We need to signal a reboot when done. + set_prop(asan_extract, powerctl_prop) +') diff --git a/prebuilts/api/30.0/public/attributes b/prebuilts/api/30.0/public/attributes new file mode 100644 index 000000000..19623afd6 --- /dev/null +++ b/prebuilts/api/30.0/public/attributes @@ -0,0 +1,365 @@ +###################################### +# Attribute declarations +# + +# All types used for devices. +# On change, update CHECK_FC_ASSERT_ATTRS +# in tools/checkfc.c +attribute dev_type; + +# All types used for processes. +attribute domain; + +# All types used for filesystems. +# On change, update CHECK_FC_ASSERT_ATTRS +# definition in tools/checkfc.c. +attribute fs_type; + +# All types used for context= mounts. +attribute contextmount_type; + +# All types used for files that can exist on a labeled fs. +# Do not use for pseudo file types. +# On change, update CHECK_FC_ASSERT_ATTRS +# definition in tools/checkfc.c. +attribute file_type; + +# All types used for domain entry points. +attribute exec_type; + +# All types used for /data files. +attribute data_file_type; +expandattribute data_file_type false; +# All types in /data, not in /data/vendor +attribute core_data_file_type; +expandattribute core_data_file_type false; + +# All types in /system +attribute system_file_type; + +# All types in /vendor +attribute vendor_file_type; + +# All types used for procfs files. +attribute proc_type; +expandattribute proc_type false; + +# Types in /proc/net, excluding qtaguid types. +# TODO(b/9496886) Lock down access to /proc/net. +# This attribute is used to audit access to proc_net. it is temporary and will +# be removed. +attribute proc_net_type; +expandattribute proc_net_type true; + +# All types used for sysfs files. +attribute sysfs_type; + +# All types use for debugfs files. +attribute debugfs_type; + +# Attribute used for all sdcards +attribute sdcard_type; + +# All types used for nodes/hosts. +attribute node_type; + +# All types used for network interfaces. +attribute netif_type; + +# All types used for network ports. +attribute port_type; + +# All types used for property service +# On change, update CHECK_PC_ASSERT_ATTRS +# definition in tools/checkfc.c. +attribute property_type; + +# All properties defined in core SELinux policy. Should not be +# used by device specific properties +attribute core_property_type; + +# All properties used to configure log filtering. +attribute log_property_type; + +# All properties that are not specific to device but are added from +# outside of AOSP. (e.g. OEM-specific properties) +# These properties are not accessible from device-specific domains +attribute extended_core_property_type; + +# Properties used for representing ownership. All properties should have one +# of: system_property_type, product_property_type, or vendor_property_type. + +# All properties defined by /system. +attribute system_property_type; + +# All /system-defined properties used only in /system. +attribute system_internal_property_type; + +# All /system-defined properties which can't be written outside /system. +attribute system_restricted_property_type; + +# All /system-defined properties with no restrictions. +attribute system_public_property_type; + +# All properties defined by /product. +# Currently there are no enforcements between /system and /product, so for now +# /product attributes are just replaced to /system attributes. +define(`product_property_type', `system_property_type') +define(`product_internal_type', `system_internal_property_type') +define(`product_restricted_type', `system_restricted_property_type') +define(`product_public_type', `system_public_property_type') + +# All properties defined by /vendor. +attribute vendor_property_type; + +# All /vendor-defined properties used only in /vendor. +attribute vendor_internal_property_type; + +# All /vendor-defined properties which can't be written outside /vendor. +attribute vendor_restricted_property_type; + +# All /vendor-defined properties with no restrictions. +attribute vendor_public_property_type; + +# All service_manager types created by system_server +attribute system_server_service; + +# services which should be available to all but isolated apps +attribute app_api_service; + +# services which should be available to all ephemeral apps +attribute ephemeral_app_api_service; + +# services which export only system_api +attribute system_api_service; + +# services which served by vendor and also using the copy of libbinder on +# system (for instance via libbinder_ndk). services using a different copy +# of libbinder currently need their own context manager (e.g. +# vndservicemanager) +attribute vendor_service; + +# All types used for services managed by servicemanager. +# On change, update CHECK_SC_ASSERT_ATTRS +# definition in tools/checkfc.c. +attribute service_manager_type; + +# All types used for services managed by hwservicemanager +attribute hwservice_manager_type; + +# All HwBinder services guaranteed to be passthrough. These services always run +# in the process of their clients, and thus operate with the same access as +# their clients. +attribute same_process_hwservice; + +# All HwBinder services guaranteed to be offered only by core domain components +attribute coredomain_hwservice; + +# All HwBinder services that untrusted apps can't directly access +attribute protected_hwservice; + +# All types used for services managed by vndservicemanager +attribute vndservice_manager_type; + + +# All domains that can override MLS restrictions. +# i.e. processes that can read up and write down. +attribute mlstrustedsubject; + +# All types that can override MLS restrictions. +# i.e. files that can be read by lower and written by higher +attribute mlstrustedobject; + +# All domains used for apps. +attribute appdomain; + +# All third party apps. +attribute untrusted_app_all; + +# All domains used for apps with network access. +attribute netdomain; + +# All domains used for apps with bluetooth access. +attribute bluetoothdomain; + +# All domains used for binder service domains. +attribute binderservicedomain; + +# update_engine related domains that need to apply an update and run +# postinstall. This includes the background daemon and the sideload tool from +# recovery for A/B devices. +attribute update_engine_common; + +# All core domains (as opposed to vendor/device-specific domains) +attribute coredomain; + +# All socket devices owned by core domain components +attribute coredomain_socket; +expandattribute coredomain_socket false; + +# All vendor domains which violate the requirement of not using Binder +# TODO(b/35870313): Remove this once there are no violations +attribute binder_in_vendor_violators; +expandattribute binder_in_vendor_violators false; + +# All vendor domains which violate the requirement of not using sockets for +# communicating with core components +# TODO(b/36577153): Remove this once there are no violations +attribute socket_between_core_and_vendor_violators; +expandattribute socket_between_core_and_vendor_violators false; + +# All vendor domains which violate the requirement of not executing +# system processes +# TODO(b/36463595) +attribute vendor_executes_system_violators; +expandattribute vendor_executes_system_violators false; + +# All domains which violate the requirement of not sharing files by path +# between between vendor and core domains. +# TODO(b/34980020) +attribute data_between_core_and_vendor_violators; +expandattribute data_between_core_and_vendor_violators false; + +# All system domains which violate the requirement of not executing vendor +# binaries/libraries. +# TODO(b/62041836) +attribute system_executes_vendor_violators; +expandattribute system_executes_vendor_violators false; + +# All system domains which violate the requirement of not writing vendor +# properties. +# TODO(b/78598545): Remove this once there are no violations +attribute system_writes_vendor_properties_violators; +expandattribute system_writes_vendor_properties_violators false; + +# All system domains which violate the requirement of not writing to +# /mnt/vendor/*. Must not be used on devices launched with P or later. +attribute system_writes_mnt_vendor_violators; +expandattribute system_writes_mnt_vendor_violators false; + +# hwservices that are accessible from untrusted applications +# WARNING: Use of this attribute should be avoided unless +# absolutely necessary. It is a temporary allowance to aid the +# transition to treble and will be removed in a future platform +# version, requiring all hwservices that are labeled with this +# attribute to be submitted to AOSP in order to maintain their +# app-visibility. +attribute untrusted_app_visible_hwservice_violators; +expandattribute untrusted_app_visible_hwservice_violators false; + +# halserver domains that are accessible to untrusted applications. These +# domains are typically those hosting hwservices attributed by the +# untrusted_app_visible_hwservice_violators. +# WARNING: Use of this attribute should be avoided unless absolutely necessary. +# It is a temporary allowance to aid the transition to treble and will be +# removed in the future platform version, requiring all halserver domains that +# are labeled with this attribute to be submitted to AOSP in order to maintain +# their app-visibility. +attribute untrusted_app_visible_halserver_violators; +expandattribute untrusted_app_visible_halserver_violators false; + +# PDX services +attribute pdx_endpoint_dir_type; +attribute pdx_endpoint_socket_type; +expandattribute pdx_endpoint_socket_type false; +attribute pdx_channel_socket_type; +expandattribute pdx_channel_socket_type false; + +pdx_service_attributes(display_client) +pdx_service_attributes(display_manager) +pdx_service_attributes(display_screenshot) +pdx_service_attributes(display_vsync) +pdx_service_attributes(performance_client) +pdx_service_attributes(bufferhub_client) + +# All HAL servers +attribute halserverdomain; +# All HAL clients +attribute halclientdomain; +expandattribute halclientdomain true; + +# Exempt for halserverdomain to access sockets. Only builds for automotive +# device types are allowed to use this attribute (enforced by CTS). +# Unlike phone, in a car many modules are external from Android perspective and +# HALs should be able to communicate with those devices through sockets. +attribute hal_automotive_socket_exemption; + +# HALs +hal_attribute(allocator); +hal_attribute(atrace); +hal_attribute(audio); +hal_attribute(audiocontrol); +hal_attribute(authsecret); +hal_attribute(bluetooth); +hal_attribute(bootctl); +hal_attribute(bufferhub); +hal_attribute(broadcastradio); +hal_attribute(camera); +hal_attribute(can_bus); +hal_attribute(can_controller); +hal_attribute(cas); +hal_attribute(codec2); +hal_attribute(configstore); +hal_attribute(confirmationui); +hal_attribute(contexthub); +hal_attribute(drm); +hal_attribute(dumpstate); +hal_attribute(evs); +hal_attribute(face); +hal_attribute(fingerprint); +hal_attribute(gatekeeper); +hal_attribute(gnss); +hal_attribute(graphics_allocator); +hal_attribute(graphics_composer); +hal_attribute(health); +hal_attribute(health_storage); +hal_attribute(identity); +hal_attribute(input_classifier); +hal_attribute(ir); +hal_attribute(keymaster); +hal_attribute(light); +hal_attribute(lowpan); +hal_attribute(memtrack); +hal_attribute(neuralnetworks); +hal_attribute(nfc); +hal_attribute(oemlock); +hal_attribute(omx); +hal_attribute(power); +hal_attribute(power_stats); +hal_attribute(rebootescrow); +hal_attribute(secure_element); +hal_attribute(sensors); +hal_attribute(telephony); +hal_attribute(tetheroffload); +hal_attribute(thermal); +hal_attribute(tv_cec); +hal_attribute(tv_input); +hal_attribute(tv_tuner); +hal_attribute(usb); +hal_attribute(usb_gadget); +hal_attribute(vehicle); +hal_attribute(vibrator); +hal_attribute(vr); +hal_attribute(weaver); +hal_attribute(wifi); +hal_attribute(wifi_hostapd); +hal_attribute(wifi_supplicant); + +# HwBinder services offered across the core-vendor boundary +# +# We annotate server domains with x_server to loosen the coupling between +# system and vendor images. For example, it should be possible to move a service +# from one core domain to another, without having to update the vendor image +# which contains clients of this service. + +attribute automotive_display_service_server; +attribute camera_service_server; +attribute display_service_server; +attribute scheduler_service_server; +attribute sensor_service_server; +attribute stats_service_server; +attribute system_suspend_server; +attribute wifi_keystore_service_server; + +# All types used for super partition block devices. +attribute super_block_device_type; diff --git a/prebuilts/api/30.0/public/audioserver.te b/prebuilts/api/30.0/public/audioserver.te new file mode 100644 index 000000000..a8a33cc5a --- /dev/null +++ b/prebuilts/api/30.0/public/audioserver.te @@ -0,0 +1,6 @@ +# audioserver - audio services daemon +type audioserver, domain; +type audioserver_tmpfs, file_type; + +# Allow audioserver to signal audio HAL processes and dump their stacks. +allow audioserver hal_audio_server:process signal; diff --git a/prebuilts/api/30.0/public/blkid.te b/prebuilts/api/30.0/public/blkid.te new file mode 100644 index 000000000..dabe01452 --- /dev/null +++ b/prebuilts/api/30.0/public/blkid.te @@ -0,0 +1,2 @@ +# blkid called from vold +type blkid, domain; diff --git a/prebuilts/api/30.0/public/blkid_untrusted.te b/prebuilts/api/30.0/public/blkid_untrusted.te new file mode 100644 index 000000000..4be4c0cb2 --- /dev/null +++ b/prebuilts/api/30.0/public/blkid_untrusted.te @@ -0,0 +1,2 @@ +# blkid for untrusted block devices +type blkid_untrusted, domain; diff --git a/prebuilts/api/30.0/public/bluetooth.te b/prebuilts/api/30.0/public/bluetooth.te new file mode 100644 index 000000000..9b3442aa5 --- /dev/null +++ b/prebuilts/api/30.0/public/bluetooth.te @@ -0,0 +1,2 @@ +# bluetooth subsystem +type bluetooth, domain; diff --git a/prebuilts/api/30.0/public/bootanim.te b/prebuilts/api/30.0/public/bootanim.te new file mode 100644 index 000000000..e8cb98bbc --- /dev/null +++ b/prebuilts/api/30.0/public/bootanim.te @@ -0,0 +1,42 @@ +# bootanimation oneshot service +type bootanim, domain; +type bootanim_exec, system_file_type, exec_type, file_type; + +hal_client_domain(bootanim, hal_configstore) +hal_client_domain(bootanim, hal_graphics_allocator) +hal_client_domain(bootanim, hal_graphics_composer) + +binder_use(bootanim) +binder_call(bootanim, surfaceflinger) +binder_call(bootanim, audioserver) + +hwbinder_use(bootanim) + +allow bootanim gpu_device:chr_file rw_file_perms; + +# /oem access +allow bootanim oemfs:dir search; +allow bootanim oemfs:file r_file_perms; + +allow bootanim audio_device:dir r_dir_perms; +allow bootanim audio_device:chr_file rw_file_perms; + +allow bootanim audioserver_service:service_manager find; +allow bootanim surfaceflinger_service:service_manager find; + +# Allow access to ion memory allocation device +allow bootanim ion_device:chr_file rw_file_perms; +allow bootanim hal_graphics_allocator:fd use; + +# Fences +allow bootanim hal_graphics_composer:fd use; + +# Read access to pseudo filesystems. +allow bootanim proc_meminfo:file r_file_perms; + +# System file accesses. +allow bootanim system_file:dir r_dir_perms; + +# Read ro.boot.bootreason b/30654343 +get_prop(bootanim, bootloader_boot_reason_prop) + diff --git a/prebuilts/api/30.0/public/bootstat.te b/prebuilts/api/30.0/public/bootstat.te new file mode 100644 index 000000000..e91f2a5e5 --- /dev/null +++ b/prebuilts/api/30.0/public/bootstat.te @@ -0,0 +1,64 @@ +# bootstat command +type bootstat, domain; +type bootstat_exec, system_file_type, exec_type, file_type; + +read_runtime_log_tags(bootstat) + +# Allow persistent storage in /data/misc/bootstat. +allow bootstat bootstat_data_file:dir rw_dir_perms; +allow bootstat bootstat_data_file:file create_file_perms; + +# Collect metrics on boot time created by init +get_prop(bootstat, boottime_prop) + +# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) +set_prop(bootstat, bootloader_boot_reason_prop) +set_prop(bootstat, system_boot_reason_prop) +set_prop(bootstat, last_boot_reason_prop) +allow bootstat metadata_file:dir search; +allow bootstat metadata_bootstat_file:dir rw_dir_perms; +allow bootstat metadata_bootstat_file:file create_file_perms; + +# ToDo: TBI move access for the following to a system health HAL + +# Allow access to /sys/fs/pstore/ and syslog +allow bootstat pstorefs:dir search; +allow bootstat pstorefs:file r_file_perms; +allow bootstat kernel:system syslog_read; + +# Allow access to reading the logs to read aspects of system health +read_logd(bootstat) + +# Allow bootstat write to statsd. +unix_socket_send(bootstat, statsdw, statsd) + +# ToDo: end + +neverallow { + domain + -bootanim + -bootstat + -dumpstate + userdebug_or_eng(`-incidentd') + -init + -recovery + -shell + -system_server +} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; +# ... and refine, as these components should not set the last boot reason +neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; + +neverallow { + domain + -bootstat + -init + -system_server +} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; +# ... and refine ... for a ro propertly no less ... keep this _tight_ +neverallow system_server bootloader_boot_reason_prop:property_service set; + +neverallow { + domain + -bootstat + -init +} system_boot_reason_prop:property_service set; diff --git a/prebuilts/api/30.0/public/bufferhubd.te b/prebuilts/api/30.0/public/bufferhubd.te new file mode 100644 index 000000000..37edb5dce --- /dev/null +++ b/prebuilts/api/30.0/public/bufferhubd.te @@ -0,0 +1,25 @@ +# bufferhubd +type bufferhubd, domain, mlstrustedsubject; +type bufferhubd_exec, system_file_type, exec_type, file_type; + +hal_client_domain(bufferhubd, hal_graphics_allocator) + +# TODO(b/112338294): remove these after migrate to Binder +pdx_server(bufferhubd, bufferhub_client) +pdx_client(bufferhubd, performance_client) + +# Access the GPU. +allow bufferhubd gpu_device:chr_file rw_file_perms; + +# Access /dev/ion +allow bufferhubd ion_device:chr_file r_file_perms; + +# Receive sync fence FDs from hal_omx_server. Note that hal_omx_server never directly +# connects to bufferhubd via PDX. Instead, a VR app acts as a bridge between +# those two: it talks to hal_omx_server via Binder and talks to bufferhubd via PDX. +# Thus, there is no need to use pdx_client macro. +allow bufferhubd hal_omx_server:fd use; + +# Codec2 is similar to OMX +allow bufferhubd hal_codec2_server:fd use; + diff --git a/prebuilts/api/30.0/public/camera_service_server.te b/prebuilts/api/30.0/public/camera_service_server.te new file mode 100644 index 000000000..352e1b7aa --- /dev/null +++ b/prebuilts/api/30.0/public/camera_service_server.te @@ -0,0 +1 @@ +add_hwservice(camera_service_server, fwk_camera_hwservice) diff --git a/prebuilts/api/30.0/public/cameraserver.te b/prebuilts/api/30.0/public/cameraserver.te new file mode 100644 index 000000000..13ef1f738 --- /dev/null +++ b/prebuilts/api/30.0/public/cameraserver.te @@ -0,0 +1,74 @@ +# cameraserver - camera daemon +type cameraserver, domain; +type cameraserver_exec, system_file_type, exec_type, file_type; +type cameraserver_tmpfs, file_type; + +binder_use(cameraserver) +binder_call(cameraserver, binderservicedomain) +binder_call(cameraserver, appdomain) +binder_service(cameraserver) + +hal_client_domain(cameraserver, hal_camera) + +hal_client_domain(cameraserver, hal_graphics_allocator) + +allow cameraserver ion_device:chr_file rw_file_perms; + +# Talk with graphics composer fences +allow cameraserver hal_graphics_composer:fd use; + +add_service(cameraserver, cameraserver_service) +add_hwservice(cameraserver, fwk_camera_hwservice) + +allow cameraserver activity_service:service_manager find; +allow cameraserver appops_service:service_manager find; +allow cameraserver audioserver_service:service_manager find; +allow cameraserver batterystats_service:service_manager find; +allow cameraserver cameraproxy_service:service_manager find; +allow cameraserver mediaserver_service:service_manager find; +allow cameraserver processinfo_service:service_manager find; +allow cameraserver scheduling_policy_service:service_manager find; +allow cameraserver sensor_privacy_service:service_manager find; +allow cameraserver surfaceflinger_service:service_manager find; + +allow cameraserver hidl_token_hwservice:hwservice_manager find; + +### +### neverallow rules +### + +# cameraserver should never execute any executable without a +# domain transition +neverallow cameraserver { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow cameraserver domain:{ tcp_socket udp_socket rawip_socket } *; + +# Allow shell commands from ADB for CTS testing/dumping +allow cameraserver adbd:fd use; +allow cameraserver adbd:unix_stream_socket { read write }; +allow cameraserver shell:fd use; +allow cameraserver shell:unix_stream_socket { read write }; +allow cameraserver shell:fifo_file { read write }; + +# Allow to talk with media codec +allow cameraserver mediametrics_service:service_manager find; +hal_client_domain(cameraserver, hal_codec2) +hal_client_domain(cameraserver, hal_omx) +hal_client_domain(cameraserver, hal_allocator) + +# Allow shell commands from ADB for CTS testing/dumping +userdebug_or_eng(` + allow cameraserver su:fd use; + allow cameraserver su:fifo_file { read write }; + allow cameraserver su:unix_stream_socket { read write }; +') diff --git a/prebuilts/api/30.0/public/charger.te b/prebuilts/api/30.0/public/charger.te new file mode 100644 index 000000000..4b341ead3 --- /dev/null +++ b/prebuilts/api/30.0/public/charger.te @@ -0,0 +1,48 @@ +type charger, domain; +type charger_exec, system_file_type, exec_type, file_type; + +# Write to /dev/kmsg +allow charger kmsg_device:chr_file rw_file_perms; + +# Read access to pseudo filesystems. +r_dir_file(charger, rootfs) +r_dir_file(charger, cgroup) + +# Allow to read /sys/class/power_supply directory +allow charger sysfs_type:dir r_dir_perms; + +allow charger self:global_capability_class_set { sys_tty_config }; +allow charger self:global_capability_class_set sys_boot; + +wakelock_use(charger) + +allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Read/write to /sys/power/state +allow charger sysfs_power:file rw_file_perms; + +r_dir_file(charger, sysfs_batteryinfo) + +# Read /sys/fs/pstore/console-ramoops +# Don't worry about overly broad permissions for now, as there's +# only one file in /sys/fs/pstore +allow charger pstorefs:dir r_dir_perms; +allow charger pstorefs:file r_file_perms; + +allow charger graphics_device:dir r_dir_perms; +allow charger graphics_device:chr_file rw_file_perms; +allow charger input_device:dir r_dir_perms; +allow charger input_device:chr_file r_file_perms; +allow charger tty_device:chr_file rw_file_perms; +allow charger proc_sysrq:file rw_file_perms; + +# charger needs to tell init to continue the boot +# process when running in charger mode. +set_prop(charger, system_prop) +set_prop(charger, exported_system_prop) +set_prop(charger, exported2_system_prop) +set_prop(charger, exported3_system_prop) + +get_prop(charger, charger_prop) + +hal_client_domain(charger, hal_health) diff --git a/prebuilts/api/30.0/public/crash_dump.te b/prebuilts/api/30.0/public/crash_dump.te new file mode 100644 index 000000000..5188d1958 --- /dev/null +++ b/prebuilts/api/30.0/public/crash_dump.te @@ -0,0 +1,68 @@ +type crash_dump, domain; +type crash_dump_exec, system_file_type, exec_type, file_type; + +# crash_dump might inherit CAP_SYS_PTRACE from a privileged process, +# which will result in an audit log even when it's allowed to trace. +dontaudit crash_dump self:global_capability_class_set { sys_ptrace }; + +userdebug_or_eng(` + allow crash_dump logd:process { ptrace signal sigchld sigstop sigkill }; + + # Let crash_dump write to /dev/kmsg_debug crashes that happen before logd comes up. + allow crash_dump kmsg_debug_device:chr_file { open append }; +') + +# Use inherited file descriptors +allow crash_dump domain:fd use; + +# Read/write IPC pipes inherited from crashing processes. +allow crash_dump domain:fifo_file { read write }; + +# Append to pipes given to us by processes requesting dumps (e.g. dumpstate) +allow crash_dump domain:fifo_file { append }; + +r_dir_file(crash_dump, domain) +allow crash_dump exec_type:file r_file_perms; + +# Read /data/dalvik-cache. +allow crash_dump dalvikcache_data_file:dir { search getattr }; +allow crash_dump dalvikcache_data_file:file r_file_perms; + +# Read APK files. +r_dir_file(crash_dump, apk_data_file); + +# Read all /vendor +r_dir_file(crash_dump, { vendor_file same_process_hal_file }) + +# Talk to tombstoned +unix_socket_connect(crash_dump, tombstoned_crash, tombstoned) + +# Talk to ActivityManager. +unix_socket_connect(crash_dump, system_ndebug, system_server) + +# Append to ANR files. +allow crash_dump anr_data_file:file { append getattr }; + +# Append to tombstone files. +allow crash_dump tombstone_data_file:file { append getattr }; + +# crash_dump writes out logcat logs at the bottom of tombstones, +# which is super useful in some cases. +unix_socket_connect(crash_dump, logdr, logd) + +# Crash dump is not intended to access the following files. Since these +# are WAI, suppress the denials to clean up the logs. +dontaudit crash_dump { + core_data_file_type + vendor_file_type +}:dir search; +dontaudit crash_dump system_data_file:file read; +dontaudit crash_dump property_type:file read; + +### +### neverallow assertions +### + +# A domain transition must occur for crash_dump to get the privileges needed to trace the process. +# Do not allow the execution of crash_dump without a domain transition. +neverallow domain crash_dump_exec:file execute_no_trans; diff --git a/prebuilts/api/30.0/public/credstore.te b/prebuilts/api/30.0/public/credstore.te new file mode 100644 index 000000000..db16a8dcb --- /dev/null +++ b/prebuilts/api/30.0/public/credstore.te @@ -0,0 +1,16 @@ +type credstore, domain; +type credstore_exec, system_file_type, exec_type, file_type; + +# credstore daemon +binder_use(credstore) +binder_service(credstore) +binder_call(credstore, system_server) + +allow credstore credstore_data_file:dir create_dir_perms; +allow credstore credstore_data_file:file create_file_perms; + +add_service(credstore, credstore_service) +allow credstore sec_key_att_app_id_provider_service:service_manager find; +allow credstore dropbox_service:service_manager find; + +r_dir_file(credstore, cgroup) diff --git a/prebuilts/api/30.0/public/device.te b/prebuilts/api/30.0/public/device.te new file mode 100644 index 000000000..32563d67c --- /dev/null +++ b/prebuilts/api/30.0/public/device.te @@ -0,0 +1,114 @@ +# Device types +type device, dev_type, fs_type; +type ashmem_device, dev_type, mlstrustedobject; +type ashmem_libcutils_device, dev_type, mlstrustedobject; +type audio_device, dev_type; +type binder_device, dev_type, mlstrustedobject; +type hwbinder_device, dev_type, mlstrustedobject; +type vndbinder_device, dev_type; +type block_device, dev_type; +type camera_device, dev_type; +type dm_device, dev_type; +type keychord_device, dev_type; +type loop_control_device, dev_type; +type loop_device, dev_type; +type pmsg_device, dev_type, mlstrustedobject; +type radio_device, dev_type; +type ram_device, dev_type; +type rtc_device, dev_type; +type vold_device, dev_type; +type console_device, dev_type; +type fscklogs, dev_type; +# GPU (used by most UI apps) +type gpu_device, dev_type, mlstrustedobject; +type graphics_device, dev_type; +type hw_random_device, dev_type; +type input_device, dev_type; +type port_device, dev_type; +type lowpan_device, dev_type; +type mtp_device, dev_type, mlstrustedobject; +type nfc_device, dev_type; +type ptmx_device, dev_type, mlstrustedobject; +type kmsg_device, dev_type; +type kmsg_debug_device, dev_type; +type null_device, dev_type, mlstrustedobject; +type random_device, dev_type, mlstrustedobject; +type secure_element_device, dev_type; +type sensors_device, dev_type; +type serial_device, dev_type; +type socket_device, dev_type; +type owntty_device, dev_type, mlstrustedobject; +type tty_device, dev_type; +type video_device, dev_type; +type zero_device, dev_type, mlstrustedobject; +type fuse_device, dev_type, mlstrustedobject; +type iio_device, dev_type; +type ion_device, dev_type, mlstrustedobject; +type qtaguid_device, dev_type; +type watchdog_device, dev_type; +type uhid_device, dev_type; +type uio_device, dev_type; +type tun_device, dev_type, mlstrustedobject; +type usbaccessory_device, dev_type, mlstrustedobject; +type usb_device, dev_type, mlstrustedobject; +type usb_serial_device, dev_type; +type properties_device, dev_type; +type properties_serial, dev_type; +type property_info, dev_type; + +# All devices have a uart for the hci +# attach service. The uart dev node +# varies per device. This type +# is used in per device policy +type hci_attach_dev, dev_type; + +# All devices have a rpmsg device for +# achieving remoteproc and rpmsg modules +type rpmsg_device, dev_type; + +# Partition layout block device +type root_block_device, dev_type; + +# factory reset protection block device +type frp_block_device, dev_type; + +# System block device mounted on /system. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type system_block_device, dev_type; + +# Recovery block device. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type recovery_block_device, dev_type; + +# boot block device. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type boot_block_device, dev_type; + +# Userdata block device mounted on /data. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type userdata_block_device, dev_type; + +# Cache block device mounted on /cache. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type cache_block_device, dev_type; + +# Block device for any swap partition. +type swap_block_device, dev_type; + +# Metadata block device used for encryption metadata. +# Assign this type to the partition specified by the encryptable= +# mount option in your fstab file in the entry for userdata. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type metadata_block_device, dev_type; + +# The 'misc' partition used by recovery and A/B. +# Documented at https://source.android.com/devices/bootloader/partitions-images +type misc_block_device, dev_type; + +# 'super' partition to be used for logical partitioning. +type super_block_device, super_block_device_type, dev_type; + +# sdcard devices; normally vold uses the vold_block_device label and creates a +# separate device node. gsid, however, accesses the original devide node +# created through uevents, so we use a separate label. +type sdcard_block_device, dev_type; diff --git a/prebuilts/api/30.0/public/dhcp.te b/prebuilts/api/30.0/public/dhcp.te new file mode 100644 index 000000000..4f2369d2d --- /dev/null +++ b/prebuilts/api/30.0/public/dhcp.te @@ -0,0 +1,30 @@ +type dhcp, domain; +type dhcp_exec, system_file_type, exec_type, file_type; + +net_domain(dhcp) + +allow dhcp cgroup:dir { create write add_name }; +allow dhcp self:global_capability_class_set { setgid setuid net_admin net_raw net_bind_service }; +allow dhcp self:packet_socket create_socket_perms_no_ioctl; +allow dhcp self:netlink_route_socket nlmsg_write; +allow dhcp shell_exec:file rx_file_perms; +allow dhcp system_file:file rx_file_perms; +not_full_treble(`allow dhcp vendor_file:file rx_file_perms;') + +# dhcpcd runs dhcpcd-hooks/*, which runs getprop / setprop (toolbox_exec) +allow dhcp toolbox_exec:file rx_file_perms; + +# For /proc/sys/net/ipv4/conf/*/promote_secondaries +allow dhcp proc_net_type:file write; + +set_prop(dhcp, dhcp_prop) +set_prop(dhcp, pan_result_prop) + +allow dhcp dhcp_data_file:dir create_dir_perms; +allow dhcp dhcp_data_file:file create_file_perms; + +# PAN connections +allow dhcp netd:fd use; +allow dhcp netd:fifo_file rw_file_perms; +allow dhcp netd:{ dgram_socket_class_set unix_stream_socket } { read write }; +allow dhcp netd:{ netlink_kobject_uevent_socket netlink_route_socket netlink_nflog_socket } { read write }; diff --git a/prebuilts/api/30.0/public/display_service_server.te b/prebuilts/api/30.0/public/display_service_server.te new file mode 100644 index 000000000..c5839fa54 --- /dev/null +++ b/prebuilts/api/30.0/public/display_service_server.te @@ -0,0 +1 @@ +add_hwservice(display_service_server, fwk_display_hwservice) diff --git a/prebuilts/api/30.0/public/dnsmasq.te b/prebuilts/api/30.0/public/dnsmasq.te new file mode 100644 index 000000000..86f1eb1c9 --- /dev/null +++ b/prebuilts/api/30.0/public/dnsmasq.te @@ -0,0 +1,28 @@ +# DNS, DHCP services +type dnsmasq, domain; +type dnsmasq_exec, system_file_type, exec_type, file_type; + +net_domain(dnsmasq) +allowxperm dnsmasq self:udp_socket ioctl priv_sock_ioctls; + +# TODO: Run with dhcp group to avoid need for dac_override. +allow dnsmasq self:global_capability_class_set { dac_override dac_read_search }; + +allow dnsmasq self:global_capability_class_set { net_admin net_raw net_bind_service setgid setuid }; + +allow dnsmasq dhcp_data_file:dir w_dir_perms; +allow dnsmasq dhcp_data_file:file create_file_perms; + +# Inherit and use open files from netd. +allow dnsmasq netd:fd use; +allow dnsmasq netd:fifo_file { getattr read write }; +# TODO: Investigate whether these inherited sockets should be closed on exec. +allow dnsmasq netd:netlink_kobject_uevent_socket { read write }; +allow dnsmasq netd:netlink_nflog_socket { read write }; +allow dnsmasq netd:netlink_route_socket { read write }; +allow dnsmasq netd:unix_stream_socket { getattr read write }; +allow dnsmasq netd:unix_dgram_socket { read write }; +allow dnsmasq netd:udp_socket { read write }; + +# sometimes a network device vanishes and we try to load module netdev-{devicename} +dontaudit dnsmasq kernel:system module_request; diff --git a/prebuilts/api/30.0/public/domain.te b/prebuilts/api/30.0/public/domain.te new file mode 100644 index 000000000..265489647 --- /dev/null +++ b/prebuilts/api/30.0/public/domain.te @@ -0,0 +1,1416 @@ +# Rules for all domains. + +# Allow reaping by init. +allow domain init:process sigchld; + +# Intra-domain accesses. +allow domain self:process { + fork + sigchld + sigkill + sigstop + signull + signal + getsched + setsched + getsession + getpgid + setpgid + getcap + setcap + getattr + setrlimit +}; +allow domain self:fd use; +allow domain proc:dir r_dir_perms; +allow domain proc_net_type:dir search; +r_dir_file(domain, self) +allow domain self:{ fifo_file file } rw_file_perms; +allow domain self:unix_dgram_socket { create_socket_perms sendto }; +allow domain self:unix_stream_socket { create_stream_socket_perms connectto }; + +# Inherit or receive open files from others. +allow domain init:fd use; + +userdebug_or_eng(` + allow domain su:fd use; + allow domain su:unix_stream_socket { connectto getattr getopt read write shutdown }; + allow domain su:unix_dgram_socket sendto; + + allow { domain -init } su:binder { call transfer }; + + # Running something like "pm dump com.android.bluetooth" requires + # fifo writes + allow domain su:fifo_file { write getattr }; + + # allow "gdbserver --attach" to work for su. + allow domain su:process sigchld; + + # Allow writing coredumps to /cores/* + allow domain coredump_file:file create_file_perms; + allow domain coredump_file:dir ra_dir_perms; +') + +with_native_coverage(` + # Allow writing coverage information to /data/misc/trace + allow domain method_trace_data_file:dir create_dir_perms; + allow domain method_trace_data_file:file create_file_perms; +') + +# Root fs. +allow domain tmpfs:dir { getattr search }; +allow domain rootfs:dir search; +allow domain rootfs:lnk_file { read getattr }; + +# Device accesses. +allow domain device:dir search; +allow domain dev_type:lnk_file r_file_perms; +allow domain devpts:dir search; +allow domain socket_device:dir r_dir_perms; +allow domain owntty_device:chr_file rw_file_perms; +allow domain null_device:chr_file rw_file_perms; +allow domain zero_device:chr_file rw_file_perms; + +# /dev/ashmem is being deprecated by means of constraining and eventually +# removing all "open" permissions. We preserve the other permissions. +allow domain ashmem_device:chr_file { getattr read ioctl lock map append write }; +# This device is used by libcutils, which is accessible to everyone. +allow domain ashmem_libcutils_device:chr_file rw_file_perms; + +# /dev/binder can be accessed by ... everyone! :) +allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms; + +# /dev/binderfs needs to be accessed by everyone too! +allow domain binderfs:dir { getattr search }; +allow domain binderfs_logs_proc:dir search; + +allow { domain -servicemanager -vndservicemanager -isolated_app } hwbinder_device:chr_file rw_file_perms; +allow domain ptmx_device:chr_file rw_file_perms; +allow domain random_device:chr_file rw_file_perms; +allow domain proc_random:dir r_dir_perms; +allow domain proc_random:file r_file_perms; +allow domain properties_device:dir { search getattr }; +allow domain properties_serial:file r_file_perms; +allow domain property_info:file r_file_perms; + +# Public readable properties +get_prop(domain, debug_prop) +get_prop(domain, exported_config_prop) +get_prop(domain, exported_default_prop) +get_prop(domain, exported_dumpstate_prop) +get_prop(domain, exported_fingerprint_prop) +get_prop(domain, exported_radio_prop) +get_prop(domain, exported_secure_prop) +get_prop(domain, exported_system_prop) +get_prop(domain, exported_vold_prop) +get_prop(domain, exported2_default_prop) +get_prop(domain, logd_prop) +get_prop(domain, socket_hook_prop) +get_prop(domain, vendor_socket_hook_prop) +get_prop(domain, vndk_prop) + +# Binder cache properties are world-readable +get_prop(domain, binder_cache_bluetooth_server_prop) +get_prop(domain, binder_cache_system_server_prop) +get_prop(domain, binder_cache_telephony_server_prop) + +# Let everyone read log properties, so that liblog can avoid sending unloggable +# messages to logd. +get_prop(domain, log_property_type) +dontaudit domain property_type:file audit_access; +allow domain property_contexts_file:file r_file_perms; + +allow domain init:key search; +allow domain vold:key search; + +# logd access +write_logd(domain) + +# Directory/link file access for path resolution. +allow domain { + system_file + system_lib_file + system_seccomp_policy_file + system_security_cacerts_file +}:dir r_dir_perms; +allow domain system_file:lnk_file { getattr read }; + +# Global access to /system/etc/security/cacerts/*, /system/etc/seccomp_policy/*, /system/lib[64]/*, +# /(system|product|system_ext)/etc/(group|passwd), linker and its config. +allow domain system_seccomp_policy_file:file r_file_perms; +# cacerts are accessible from public Java API. +allow domain system_security_cacerts_file:file r_file_perms; +allow domain system_group_file:file r_file_perms; +allow domain system_passwd_file:file r_file_perms; +allow domain system_linker_exec:file { execute read open getattr map }; +allow domain system_linker_config_file:file r_file_perms; +allow domain system_lib_file:file { execute read open getattr map }; +# To allow following symlinks at /system/bin/linker, /system/lib/libc.so, etc. +allow domain system_linker_exec:lnk_file { read open getattr }; +allow domain system_lib_file:lnk_file { read open getattr }; + +allow domain system_event_log_tags_file:file r_file_perms; + +allow { appdomain coredomain } system_file:file { execute read open getattr map }; + +# Make sure system/vendor split doesn not affect non-treble +# devices +not_full_treble(` + allow domain system_file:file { execute read open getattr map }; + allow domain vendor_file_type:dir { search getattr }; + allow domain vendor_file_type:file { execute read open getattr map }; + allow domain vendor_file_type:lnk_file { getattr read }; +') + +# All domains are allowed to open and read directories +# that contain HAL implementations (e.g. passthrough +# HALs require clients to have these permissions) +allow domain vendor_hal_file:dir r_dir_perms; + +# Everyone can read and execute all same process HALs +allow domain same_process_hal_file:dir r_dir_perms; +allow { + domain + -coredomain # access is explicitly granted to individual coredomains +} same_process_hal_file:file { execute read open getattr map }; + +# Any process can load vndk-sp libraries, which are system libraries +# used by same process HALs +allow domain vndk_sp_file:dir r_dir_perms; +allow domain vndk_sp_file:file { execute read open getattr map }; + +# All domains get access to /vendor/etc +allow domain vendor_configs_file:dir r_dir_perms; +allow domain vendor_configs_file:file { read open getattr map }; + +full_treble_only(` + # Allow all domains to be able to follow /system/vendor and/or + # /vendor/odm symlinks. + allow domain vendor_file_type:lnk_file { getattr open read }; + + # This is required to be able to search & read /vendor/lib64 + # in order to lookup vendor libraries. The execute permission + # for coredomains is granted *only* for same process HALs + allow domain vendor_file:dir { getattr search }; + + # Allow reading and executing out of /vendor to all vendor domains + allow { domain -coredomain } vendor_file_type:dir r_dir_perms; + allow { domain -coredomain } vendor_file_type:file { read open getattr execute map }; + allow { domain -coredomain } vendor_file_type:lnk_file { getattr read }; +') + +# read and stat any sysfs symlinks +allow domain sysfs:lnk_file { getattr read }; + +# libc references /data/misc/zoneinfo and /system/usr/share/zoneinfo for +# timezone related information. +# This directory is considered to be a VNDK-stable +allow domain { system_zoneinfo_file zoneinfo_data_file }:file r_file_perms; +allow domain { system_zoneinfo_file zoneinfo_data_file }:dir r_dir_perms; + +# Lots of processes access current CPU information +r_dir_file(domain, sysfs_devices_system_cpu) + +r_dir_file(domain, sysfs_usb); + +# If kernel CONFIG_TRANSPARENT_HUGEPAGE is enabled, libjemalloc5 (statically +# included by libc) reads /sys/kernel/mm/transparent_hugepage/enabled. +allow domain sysfs_transparent_hugepage:dir search; +allow domain sysfs_transparent_hugepage:file r_file_perms; + +# files under /data. +not_full_treble(` + allow domain system_data_file:dir getattr; +') +allow { coredomain appdomain } system_data_file:dir getattr; +# /data has the label system_data_root_file. Vendor components need the search +# permission on system_data_root_file for path traversal to /data/vendor. +allow domain system_data_root_file:dir { search getattr } ; +allow domain system_data_file:dir search; +# TODO restrict this to non-coredomain +allow domain vendor_data_file:dir { getattr search }; + +# required by the dynamic linker +allow domain proc:lnk_file { getattr read }; + +# /proc/cpuinfo +allow domain proc_cpuinfo:file r_file_perms; + +# /dev/cpu_variant:.* +allow domain dev_cpu_variant:file r_file_perms; + +# profiling needs to read /proc/sys/kernel/perf_event_max_sample_rate +allow domain proc_perf:file r_file_perms; + +# toybox loads libselinux which stats /sys/fs/selinux/ +allow domain selinuxfs:dir search; +allow domain selinuxfs:file getattr; +allow domain sysfs:dir search; +allow domain selinuxfs:filesystem getattr; + +# Almost all processes log tracing information to +# /sys/kernel/debug/tracing/trace_marker +# The reason behind this is documented in b/6513400 +allow domain debugfs:dir search; +allow domain debugfs_tracing:dir search; +allow domain debugfs_tracing_debug:dir search; +allow domain debugfs_trace_marker:file w_file_perms; + +# Filesystem access. +allow domain fs_type:filesystem getattr; +allow domain fs_type:dir getattr; + +# Restrict all domains to a whitelist for common socket types. Additional +# ioctl commands may be added to individual domains, but this sets safe +# defaults for all processes. Note that granting this whitelist to domain does +# not grant the ioctl permission on these socket types. That must be granted +# separately. +allowxperm domain domain:{ icmp_socket rawip_socket tcp_socket udp_socket } + ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; +# default whitelist for unix sockets. +allowxperm domain { domain pdx_channel_socket_type }:{ unix_dgram_socket unix_stream_socket } + ioctl unpriv_unix_sock_ioctls; + +# Restrict PTYs to only whitelisted ioctls. +# Note that granting this whitelist to domain does +# not grant the wider ioctl permission. That must be granted +# separately. +allowxperm domain devpts:chr_file ioctl unpriv_tty_ioctls; + +# All domains must clearly enumerate what ioctls they use +# on filesystem objects (plain files, directories, symbolic links, +# named pipes, and named sockets). We start off with a safe set. +allowxperm domain { file_type fs_type domain dev_type }:{ dir notdevfile_class_set blk_file } ioctl { FIOCLEX FIONCLEX }; + +# If a domain has ioctl access to tun_device, it must clearly enumerate the +# ioctls used. Safe defaults are listed below. +allowxperm domain tun_device:chr_file ioctl { FIOCLEX FIONCLEX }; + +# Allow a process to make a determination whether a file descriptor +# for a plain file or pipe (fifo_file) is a tty. Note that granting +# this whitelist to domain does not grant the ioctl permission to +# these files. That must be granted separately. +allowxperm domain { file_type fs_type }:file ioctl { TCGETS }; +allowxperm domain domain:fifo_file ioctl { TCGETS }; + +# If a domain has access to perform an ioctl on a block device, allow these +# very common, benign ioctls +allowxperm domain dev_type:blk_file ioctl { BLKGETSIZE64 BLKSSZGET }; + +# Support sqlite F2FS specific optimizations +# ioctl permission on the specific file type is still required +# TODO: consider only compiling these rules if we know the +# /data partition is F2FS +allowxperm domain { file_type sdcard_type }:file ioctl { + F2FS_IOC_ABORT_VOLATILE_WRITE + F2FS_IOC_COMMIT_ATOMIC_WRITE + F2FS_IOC_GET_FEATURES + F2FS_IOC_GET_PIN_FILE + F2FS_IOC_SET_PIN_FILE + F2FS_IOC_START_ATOMIC_WRITE +}; + +# Workaround for policy compiler being too aggressive and removing hwservice_manager_type +# when it's not explicitly used in allow rules +allow { domain -domain } hwservice_manager_type:hwservice_manager { add find }; +# Workaround for policy compiler being too aggressive and removing vndservice_manager_type +# when it's not explicitly used in allow rules +allow { domain -domain } vndservice_manager_type:service_manager { add find }; + +# Under ASAN, processes will try to read /data, as the sanitized libraries are there. +with_asan(`allow domain system_data_file:dir getattr;') +# Under ASAN, /system/asan.options needs to be globally accessible. +with_asan(`allow domain system_asan_options_file:file r_file_perms;') + +# read APEX dir and stat any symlink pointing to APEXs. +allow domain apex_mnt_dir:dir { getattr search }; +allow domain apex_mnt_dir:lnk_file r_file_perms; + +### +### neverallow rules +### + +# All ioctls on file-like objects (except chr_file and blk_file) and +# sockets must be restricted to a whitelist. +neverallowxperm * *:{ dir notdevfile_class_set socket_class_set blk_file } ioctl { 0 }; + +# b/68014825 and https://android-review.googlesource.com/516535 +# rfc6093 says that processes should not use the TCP urgent mechanism +neverallowxperm domain domain:socket_class_set ioctl { SIOCATMARK }; + +# TIOCSTI is only ever used for exploits. Block it. +# b/33073072, b/7530569 +# http://www.openwall.com/lists/oss-security/2016/09/26/14 +neverallowxperm * devpts:chr_file ioctl TIOCSTI; + +# Do not allow any domain other than init to create unlabeled files. +neverallow { domain -init -recovery } unlabeled:dir_file_class_set create; + +# Limit device node creation to these whitelisted domains. +neverallow { + domain + -kernel + -init + -ueventd + -vold +} self:global_capability_class_set mknod; + +# No process can map low memory (< CONFIG_LSM_MMAP_MIN_ADDR). +neverallow * self:memprotect mmap_zero; + +# No domain needs mac_override as it is unused by SELinux. +neverallow * self:global_capability2_class_set mac_override; + +# Disallow attempts to set contexts not defined in current policy +# This helps guarantee that unknown or dangerous contents will not ever +# be set. +neverallow * self:global_capability2_class_set mac_admin; + +# Once the policy has been loaded there shall be none to modify the policy. +# It is sealed. +neverallow * kernel:security load_policy; + +# Only init prior to switching context should be able to set enforcing mode. +# init starts in kernel domain and switches to init domain via setcon in +# the init.rc, so the setenforce occurs while still in kernel. After +# switching domains, there is never any need to setenforce again by init. +neverallow * kernel:security setenforce; +neverallow { domain -kernel } kernel:security setcheckreqprot; + +# No booleans in AOSP policy, so no need to ever set them. +neverallow * kernel:security setbool; + +# Adjusting the AVC cache threshold. +# Not presently allowed to anything in policy, but possibly something +# that could be set from init.rc. +neverallow { domain -init } kernel:security setsecparam; + +# Only init, ueventd, shell and system_server should be able to access HW RNG +neverallow { + domain + -init + -shell # For CTS and is restricted to getattr in shell.te + -system_server + -ueventd +} hw_random_device:chr_file *; +# b/78174219 b/64114943 +neverallow { + domain + -shell # stat of /dev, getattr only + -ueventd +} keychord_device:chr_file *; + +# Ensure that all entrypoint executables are in exec_type or postinstall_file. +neverallow * { file_type -exec_type -postinstall_file }:file entrypoint; + +# The dynamic linker always calls access(2) on the path. Don't generate SElinux +# denials since the linker does not actually access the path in case the path +# does not exist or isn't accessible for the process. +dontaudit domain postinstall_mnt_dir:dir audit_access; + +#Ensure that nothing in userspace can access /dev/port +neverallow { + domain + -shell # Shell user should not have any abilities outside of getattr + -ueventd +} port_device:chr_file *; +neverallow * port_device:chr_file ~{ create relabelto unlink setattr getattr }; +# Only init should be able to configure kernel usermodehelpers or +# security-sensitive proc settings. +neverallow { domain -init } usermodehelper:file { append write }; +neverallow { domain -init -ueventd } sysfs_usermodehelper:file { append write }; +neverallow { domain -init -vendor_init } proc_security:file { append open read write }; + +# Init can't do anything with binder calls. If this neverallow rule is being +# triggered, it's probably due to a service with no SELinux domain. +neverallow * init:binder *; +neverallow * vendor_init:binder *; + +# Don't allow raw read/write/open access to block_device +# Rather force a relabel to a more specific type +neverallow { domain -kernel -init -recovery } block_device:blk_file { open read write }; + +# Do not allow renaming of block files or character files +# Ability to do so can lead to possible use in an exploit chain +# e.g. https://googleprojectzero.blogspot.com/2016/12/chrome-os-exploit-one-byte-overflow-and.html +neverallow * *:{ blk_file chr_file } rename; + +# Don't allow raw read/write/open access to generic devices. +# Rather force a relabel to a more specific type. +neverallow domain device:chr_file { open read write }; + +# Files from cache should never be executed +neverallow domain { cache_file cache_backup_file cache_private_backup_file cache_recovery_file }:file execute; + +# Protect most domains from executing arbitrary content from /data. +neverallow { + domain + -appdomain +} { + data_file_type + -dalvikcache_data_file + -system_data_file # shared libs in apks + -apk_data_file +}:file no_x_file_perms; + +# The test files and executables MUST not be accessible to any domain +neverallow { domain userdebug_or_eng(`-kernel') } nativetest_data_file:file_class_set no_w_file_perms; +neverallow domain nativetest_data_file:dir no_w_dir_perms; +neverallow { domain userdebug_or_eng(`-shell') } nativetest_data_file:file no_x_file_perms; + +# Only the init property service should write to /data/property and /dev/__properties__ +neverallow { domain -init } property_data_file:dir no_w_dir_perms; +neverallow { domain -init } property_data_file:file { no_w_file_perms no_x_file_perms }; +neverallow { domain -init } property_type:file { no_w_file_perms no_x_file_perms }; +neverallow { domain -init } properties_device:file { no_w_file_perms no_x_file_perms }; +neverallow { domain -init } properties_serial:file { no_w_file_perms no_x_file_perms }; + +# Nobody should be doing writes to /system & /vendor +# These partitions are intended to be read-only and must never be +# modified. Doing so would violate important Android security guarantees +# and invalidate dm-verity signatures. +neverallow { + domain + with_asan(`-asan_extract') + recovery_only(`userdebug_or_eng(`-fastbootd')') +} { + system_file_type + vendor_file_type + exec_type +}:dir_file_class_set { create write setattr relabelfrom append unlink link rename }; + +neverallow { domain -kernel with_asan(`-asan_extract') } { system_file_type vendor_file_type exec_type }:dir_file_class_set relabelto; + +# Don't allow mounting on top of /system files or directories +neverallow * exec_type:dir_file_class_set mounton; +neverallow { domain -init } { system_file_type vendor_file_type }:dir_file_class_set mounton; + +# Nothing should be writing to files in the rootfs. +neverallow * rootfs:file { create write setattr relabelto append unlink link rename }; + +# Restrict context mounts to specific types marked with +# the contextmount_type attribute. +neverallow * {fs_type -contextmount_type}:filesystem relabelto; + +# Ensure that context mount types are not writable, to ensure that +# the write to /system restriction above is not bypassed via context= +# mount to another type. +neverallow * contextmount_type:dir_file_class_set + { create setattr relabelfrom relabelto append link rename }; +neverallow { domain recovery_only(`userdebug_or_eng(`-fastbootd')') } contextmount_type:dir_file_class_set { write unlink }; + +# Do not allow service_manager add for default service labels. +# Instead domains should use a more specific type such as +# system_app_service rather than the generic type. +# New service_types are defined in {,hw,vnd}service.te and new mappings +# from service name to service_type are defined in {,hw,vnd}service_contexts. +neverallow * default_android_service:service_manager *; +neverallow * default_android_vndservice:service_manager *; +neverallow * default_android_hwservice:hwservice_manager *; + +# Looking up the base class/interface of all HwBinder services is a bad idea. +# hwservicemanager currently offer such lookups only to make it so that security +# decisions are expressed in SELinux policy. However, it's unclear whether this +# lookup has security implications. If it doesn't, hwservicemanager should be +# modified to not offer this lookup. +# This rule can be removed if hwservicemanager is modified to not permit these +# lookups. +neverallow * hidl_base_hwservice:hwservice_manager find; + +# Require that domains explicitly label unknown properties, and do not allow +# anyone but init to modify unknown properties. +neverallow { domain -init -vendor_init } default_prop:property_service set; +neverallow { domain -init -vendor_init } mmc_prop:property_service set; +neverallow { domain -init -vendor_init } vndk_prop:property_service set; + +compatible_property_only(` + neverallow { domain -init } default_prop:property_service set; + neverallow { domain -init } mmc_prop:property_service set; + neverallow { domain -init -vendor_init } exported_default_prop:property_service set; + neverallow { domain -init } exported_secure_prop:property_service set; + neverallow { domain -init } exported2_default_prop:property_service set; + neverallow { domain -init -vendor_init } exported3_default_prop:property_service set; + neverallow { domain -init -vendor_init } vendor_default_prop:property_service set; + neverallow { domain -init -vendor_init } storage_config_prop:property_service set; +') + +# Only core domains are allowed to access package_manager properties +neverallow { domain -init -system_server } pm_prop:property_service set; +neverallow { domain -coredomain } pm_prop:file no_rw_file_perms; + +compatible_property_only(` + neverallow { domain -init -system_server -vendor_init } exported_pm_prop:property_service set; + neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms; +') + +# Do not allow reading device's serial number from system properties except form +# a few whitelisted domains. +neverallow { + domain + -adbd + -dumpstate + -fastbootd + -hal_camera_server + -hal_cas_server + -hal_drm_server + userdebug_or_eng(`-incidentd') + -init + -mediadrmserver + -mediaserver + -recovery + -shell + -system_server + -vendor_init +} serialno_prop:file r_file_perms; + +# Do not allow reading the last boot timestamp from system properties +neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms; + +neverallow { + domain + -init + -recovery + -system_server + -shell # Shell is further restricted in shell.te + -ueventd # Further restricted in ueventd.te +} frp_block_device:blk_file no_rw_file_perms; + +# The metadata block device is set aside for device encryption and +# verified boot metadata. It may be reset at will and should not +# be used by other domains. +neverallow { + domain + -init + -recovery + -vold + -e2fs + -fsck + -fastbootd +} metadata_block_device:blk_file { append link rename write open read ioctl lock }; + +# No domain other than recovery, update_engine and fastbootd can write to system partition(s). +neverallow { + domain + -fastbootd + userdebug_or_eng(`-fsck') + userdebug_or_eng(`-init') + -recovery + -update_engine +} system_block_device:blk_file { write append }; + +# No domains other than a select few can access the misc_block_device. This +# block device is reserved for OTA use. +# Do not assert this rule on userdebug/eng builds, due to some devices using +# this partition for testing purposes. +neverallow { + domain + userdebug_or_eng(`-domain') # exclude debuggable builds + -fastbootd + -hal_bootctl_server + -init + -uncrypt + -update_engine + -vendor_init + -vendor_misc_writer + -vold + -recovery + -ueventd +} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock }; + +# Only (hw|vnd|)servicemanager should be able to register with binder as the context manager +neverallow { domain -servicemanager -hwservicemanager -vndservicemanager } *:binder set_context_mgr; +# The service managers are only allowed to access their own device node +neverallow servicemanager hwbinder_device:chr_file no_rw_file_perms; +neverallow servicemanager vndbinder_device:chr_file no_rw_file_perms; +neverallow hwservicemanager binder_device:chr_file no_rw_file_perms; +neverallow hwservicemanager vndbinder_device:chr_file no_rw_file_perms; +neverallow vndservicemanager binder_device:chr_file no_rw_file_perms; +neverallow vndservicemanager hwbinder_device:chr_file no_rw_file_perms; + +# system services cant add vendor services +neverallow { + coredomain +} vendor_service:service_manager add; + +full_treble_only(` + # vendor services cant add system services + neverallow { + domain + -coredomain + -binder_in_vendor_violators # TODO(b/131617943) remove once all violators are gone + } { + service_manager_type + -vendor_service + }:service_manager add; +') + +full_treble_only(` + # Vendor apps are permited to use only stable public services. If they were to use arbitrary + # services which can change any time framework/core is updated, breakage is likely. + neverallow { + appdomain + -coredomain + } { + service_manager_type + -app_api_service + -ephemeral_app_api_service + -audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed + -cameraserver_service + -drmserver_service + -hal_light_service # TODO(b/148154485) remove once all violators are gone + -credstore_service + -keystore_service + -mediadrmserver_service + -mediaextractor_service + -mediametrics_service + -mediaserver_service + -nfc_service + -radio_service + -virtual_touchpad_service + -vr_hwc_service + -vr_manager_service + }:service_manager find; +') + +# On full TREBLE devices, only vendor components, shell, and su can use VendorBinder. +full_treble_only(` + neverallow { + coredomain + -shell + userdebug_or_eng(`-su') + -ueventd # uevent is granted create for this device, but we still neverallow I/O below + } vndbinder_device:chr_file rw_file_perms; +') +full_treble_only(` + neverallow ueventd vndbinder_device:chr_file { read write append ioctl }; +') +full_treble_only(` + neverallow { + coredomain + -shell + userdebug_or_eng(`-su') + } vndservice_manager_type:service_manager *; +') +full_treble_only(` + neverallow { + coredomain + -shell + userdebug_or_eng(`-su') + } vndservicemanager:binder *; +') + +# On full TREBLE devices, socket communications between core components and vendor components are +# not permitted. + # Most general rules first, more specific rules below. + + # Core domains are not permitted to initiate communications to vendor domain sockets. + # We are not restricting the use of already established sockets because it is fine for a process + # to obtain an already established socket via some public/official/stable API and then exchange + # data with its peer over that socket. The wire format in this scenario is dicatated by the API + # and thus does not break the core-vendor separation. +full_treble_only(` + neverallow_establish_socket_comms({ + coredomain + -init + -adbd + }, { + domain + -coredomain + -socket_between_core_and_vendor_violators + }); +') + # Vendor domains are not permitted to initiate communications to core domain sockets +full_treble_only(` + neverallow_establish_socket_comms({ + domain + -coredomain + -appdomain + -socket_between_core_and_vendor_violators + }, { + coredomain + -logd # Logging by writing to logd Unix domain socket is public API + -netd # netdomain needs this + -mdnsd # netdomain needs this + userdebug_or_eng(`-su') # communications with su are permitted only on userdebug or eng builds + -init + -tombstoned # linker to tombstoned + userdebug_or_eng(`-heapprofd') + userdebug_or_eng(`-traced_perf') + }); +') + + # Vendor domains are not permitted to initiate create/open sockets owned by core domains +full_treble_only(` + neverallow { + domain + -coredomain + -appdomain # appdomain restrictions below + -data_between_core_and_vendor_violators # b/70393317 + -socket_between_core_and_vendor_violators + -vendor_init + } { + coredomain_socket + core_data_file_type + unlabeled # used only by core domains + }:sock_file ~{ append getattr ioctl read write }; +') +full_treble_only(` + neverallow { + appdomain + -coredomain + } { + coredomain_socket + unlabeled # used only by core domains + core_data_file_type + -app_data_file + -privapp_data_file + -pdx_endpoint_socket_type # used by VR layer + -pdx_channel_socket_type # used by VR layer + }:sock_file ~{ append getattr ioctl read write }; +') + + # Core domains are not permitted to create/open sockets owned by vendor domains +full_treble_only(` + neverallow { + coredomain + -init + -ueventd + -socket_between_core_and_vendor_violators + } { + file_type + dev_type + -coredomain_socket + -core_data_file_type + -unlabeled + }:sock_file ~{ append getattr ioctl read write }; +') + +# On TREBLE devices, vendor and system components are only allowed to share +# files by passing open FDs over hwbinder. Ban all directory access and all file +# accesses other than what can be applied to an open FD such as +# ioctl/stat/read/write/append. This is enforced by segregating /data. +# Vendor domains may directly access file in /data/vendor by path, but may only +# access files outside of /data/vendor via an open FD passed over hwbinder. +# Likewise, core domains may only directly access files outside /data/vendor by +# path and files in /data/vendor by open FD. +full_treble_only(` + # only coredomains may only access core_data_file_type, particularly not + # /data/vendor + neverallow { + coredomain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -data_between_core_and_vendor_violators + -init + -vold_prepare_subdirs + } { + data_file_type + -core_data_file_type + }:file_class_set ~{ append getattr ioctl read write map }; +') +full_treble_only(` + neverallow { + coredomain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -data_between_core_and_vendor_violators + -init + -vold_prepare_subdirs + } { + data_file_type + -core_data_file_type + # TODO(b/72998741) Remove exemption. Further restricted in a subsequent + # neverallow. Currently only getattr and search are allowed. + -vendor_data_file + }:dir *; + +') +full_treble_only(` + # vendor domains may only access files in /data/vendor, never core_data_file_types + neverallow { + domain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -coredomain + -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up + -vendor_init + } { + core_data_file_type + # libc includes functions like mktime and localtime which attempt to access + # files in /data/misc/zoneinfo/tzdata and /system/usr/share/zoneinfo/tzdata. + # These functions are considered vndk-stable and thus must be allowed for + # all processes. + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') + }:file_class_set ~{ append getattr ioctl read write map }; + neverallow { + vendor_init + -data_between_core_and_vendor_violators + } { + core_data_file_type + -unencrypted_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') + }:file_class_set ~{ append getattr ioctl read write map }; + # vendor init needs to be able to read unencrypted_data_file to create directories with FBE. + # The vendor init binary lives on the system partition so there is not a concern with stability. + neverallow vendor_init unencrypted_data_file:file ~r_file_perms; +') +full_treble_only(` + # vendor domains may only access dirs in /data/vendor, never core_data_file_types + neverallow { + domain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -coredomain + -data_between_core_and_vendor_violators + -vendor_init + } { + core_data_file_type + -system_data_file # default label for files on /data. Covered below... + -system_data_root_file + -vendor_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') + }:dir *; + neverallow { + vendor_init + -data_between_core_and_vendor_violators + } { + core_data_file_type + -unencrypted_data_file + -system_data_file + -system_data_root_file + -vendor_data_file + -zoneinfo_data_file + with_native_coverage(`-method_trace_data_file') + }:dir *; + # vendor init needs to be able to read unencrypted_data_file to create directories with FBE. + # The vendor init binary lives on the system partition so there is not a concern with stability. + neverallow vendor_init unencrypted_data_file:dir ~search; +') +full_treble_only(` + # vendor domains may only access dirs in /data/vendor, never core_data_file_types + neverallow { + domain + -appdomain # TODO(b/34980020) remove exemption for appdomain + -coredomain + -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up + } { + system_data_file # default label for files on /data. Covered below + }:dir ~{ getattr search }; +') + +full_treble_only(` + # coredomains may not access dirs in /data/vendor. + neverallow { + coredomain + -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up + -init + -vold # vold creates per-user storage for both system and vendor + -vold_prepare_subdirs + } { + vendor_data_file # default label for files on /data. Covered below + }:dir ~{ getattr search }; +') + +full_treble_only(` + # coredomains may not access dirs in /data/vendor. + neverallow { + coredomain + -data_between_core_and_vendor_violators # TODO(b/34980020) Remove once all violators have been cleaned up + -init + } { + vendor_data_file # default label for files on /data/vendor{,_ce,_de}. + }:file_class_set ~{ append getattr ioctl read write map }; +') + +full_treble_only(` + # Non-vendor domains are not allowed to file execute shell + # from vendor + neverallow { + coredomain + -init + -shell + -ueventd + } vendor_shell_exec:file { execute execute_no_trans }; +') + +full_treble_only(` + # Do not allow vendor components to execute files from system + # except for the ones whitelist here. + neverallow { + domain + -coredomain + -appdomain + -vendor_executes_system_violators + -vendor_init + } { + system_file_type + -system_lib_file + -system_linker_exec + -crash_dump_exec + -iorap_prefetcherd_exec + -iorap_inode2filename_exec + -netutils_wrapper_exec + userdebug_or_eng(`-tcpdump_exec') + }:file { entrypoint execute execute_no_trans }; +') + +full_treble_only(` + # Do not allow system components to execute files from vendor + # except for the ones whitelisted here. + neverallow { + coredomain + -init + -shell + -system_executes_vendor_violators + -ueventd + } { + vendor_file_type + -same_process_hal_file + -vndk_sp_file + -vendor_app_file + -vendor_public_lib_file + }:file execute; +') + +full_treble_only(` + neverallow { + coredomain + -shell + -system_executes_vendor_violators + } { + vendor_file_type + -same_process_hal_file + }:file execute_no_trans; +') + +full_treble_only(` + # Do not allow system components access to /vendor files except for the + # ones whitelisted here. + neverallow { + coredomain + # TODO(b/37168747): clean up fwk access to /vendor + -crash_dump + -init # starts vendor executables + -iorap_inode2filename + -iorap_prefetcherd + -kernel # loads /vendor/firmware + userdebug_or_eng(`-heapprofd') + -shell + -system_executes_vendor_violators + -traced_perf # library/binary access for symbolization + -ueventd # reads /vendor/ueventd.rc + -vold # loads incremental fs driver + } { + vendor_file_type + -same_process_hal_file + -vendor_app_file + -vendor_apex_file + -vendor_configs_file + -vendor_framework_file + -vendor_idc_file + -vendor_keychars_file + -vendor_keylayout_file + -vendor_overlay_file + -vendor_public_lib_file + -vendor_task_profiles_file + -vndk_sp_file + }:file *; +') + +full_treble_only(` + # Do not allow vendor components access to /system files except for the + # ones whitelisted here. + neverallow { + domain + -appdomain + -coredomain + -vendor_executes_system_violators + # vendor_init needs access to init_exec for domain transition. vendor_init + # neverallows are covered in public/vendor_init.te + -vendor_init + } { + system_file_type + -crash_dump_exec + -file_contexts_file + -iorap_inode2filename_exec + -netutils_wrapper_exec + -property_contexts_file + -system_event_log_tags_file + -system_group_file + -system_lib_file + with_asan(`-system_asan_options_file') + -system_linker_exec + -system_linker_config_file + -system_passwd_file + -system_seccomp_policy_file + -system_security_cacerts_file + -system_zoneinfo_file + -task_profiles_file + userdebug_or_eng(`-tcpdump_exec') + }:file *; +') + +# Only system_server should be able to send commands via the zygote socket +neverallow { domain -zygote -system_server } zygote:unix_stream_socket connectto; +neverallow { domain -system_server } zygote_socket:sock_file write; + +neverallow { domain -system_server -webview_zygote -app_zygote } webview_zygote:unix_stream_socket connectto; +neverallow { domain -system_server } webview_zygote:sock_file write; +neverallow { domain -system_server } app_zygote:sock_file write; + +neverallow { + domain + -tombstoned + -crash_dump + -dumpstate + -incidentd + -system_server + + # Processes that can't exec crash_dump + -hal_codec2_server + -hal_omx_server + -mediaextractor +} tombstoned_crash_socket:unix_stream_socket connectto; + +# Never allow anyone except dumpstate, incidentd, or the system server to connect or write to +# the tombstoned intercept socket. +neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:sock_file write; +neverallow { domain -dumpstate -incidentd -system_server } tombstoned_intercept_socket:unix_stream_socket connectto; + +# Android does not support System V IPCs. +# +# The reason for this is due to the fact that, by design, they lead to global +# kernel resource leakage. +# +# For example, there is no way to automatically release a SysV semaphore +# allocated in the kernel when: +# +# - a buggy or malicious process exits +# - a non-buggy and non-malicious process crashes or is explicitly killed. +# +# Killing processes automatically to make room for new ones is an +# important part of Android's application lifecycle implementation. This means +# that, even assuming only non-buggy and non-malicious code, it is very likely +# that over time, the kernel global tables used to implement SysV IPCs will fill +# up. +neverallow * *:{ shm sem msg msgq } *; + +# Do not mount on top of symlinks, fifos, or sockets. +# Feature parity with Chromium LSM. +neverallow * { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton; + +# Nobody should be able to execute su on user builds. +# On userdebug/eng builds, only dumpstate, shell, and +# su itself execute su. +neverallow { domain userdebug_or_eng(`-dumpstate -shell -su') } su_exec:file no_x_file_perms; + +# Do not allow the introduction of new execmod rules. Text relocations +# and modification of executable pages are unsafe. +# The only exceptions are for NDK text relocations associated with +# https://code.google.com/p/android/issues/detail?id=23203 +# which, long term, need to go away. +neverallow * { + file_type + -apk_data_file + -app_data_file + -asec_public_file +}:file execmod; + +# Do not allow making the stack or heap executable. +# We would also like to minimize execmem but it seems to be +# required by some device-specific service domains. +neverallow * self:process { execstack execheap }; + +# Do not allow the introduction of new execmod rules. Text relocations +# and modification of executable pages are unsafe. +neverallow { domain -untrusted_app_25 -untrusted_app_27 } file_type:file execmod; + +neverallow { domain -init } proc:{ file dir } mounton; + +# Ensure that all types assigned to processes are included +# in the domain attribute, so that all allow and neverallow rules +# written on domain are applied to all processes. +# This is achieved by ensuring that it is impossible to transition +# from a domain to a non-domain type and vice versa. +# TODO - rework this: neverallow domain ~domain:process { transition dyntransition }; +neverallow ~domain domain:process { transition dyntransition }; + +# +# Only system_app and system_server should be creating or writing +# their files. The proper way to share files is to setup +# type transitions to a more specific type or assigning a type +# to its parent directory via a file_contexts entry. +# Example type transition: +# mydomain.te:file_type_auto_trans(mydomain, system_data_file, new_file_type) +# +neverallow { + domain + -system_server + -system_app + -init + -toolbox # TODO(b/141108496) We want to remove toolbox + -installd # for relabelfrom and unlink, check for this in explicit neverallow + -vold_prepare_subdirs # For unlink + with_asan(`-asan_extract') +} system_data_file:file no_w_file_perms; +# do not grant anything greater than r_file_perms and relabelfrom unlink +# to installd +neverallow installd system_data_file:file ~{ r_file_perms relabelfrom unlink }; + +# respect system_app sandboxes +neverallow { + domain + -appdomain # finer-grained rules for appdomain are listed below + -system_server #populate com.android.providers.settings/databases/settings.db. + -installd # creation of app sandbox + -iorap_inode2filename + -traced_probes # resolve inodes for i/o tracing. + # only needs open and read, the rest is neverallow in + # traced_probes.te. +} system_app_data_file:dir_file_class_set { create unlink open }; +neverallow { + isolated_app + untrusted_app_all # finer-grained rules for appdomain are listed below + ephemeral_app + priv_app +} system_app_data_file:dir_file_class_set { create unlink open }; + +# +# Only these domains should transition to shell domain. This domain is +# permissible for the "shell user". If you need a process to exec a shell +# script with differing privilege, define a domain and set up a transition. +# +neverallow { + domain + -adbd + -init + -runas + -zygote +} shell:process { transition dyntransition }; + +# Only domains spawned from zygote, runas and simpleperf_app_runner may have +# the appdomain attribute. simpleperf is excluded as a domain transitioned to +# when running an app-scoped profiling session. +neverallow { domain -simpleperf_app_runner -runas -app_zygote -webview_zygote -zygote } { + appdomain -shell -simpleperf userdebug_or_eng(`-su') +}:process { transition dyntransition }; + +# Minimize read access to shell- or app-writable symlinks. +# This is to prevent malicious symlink attacks. +neverallow { + domain + -appdomain + -installd +} { app_data_file privapp_data_file }:lnk_file read; + +neverallow { + domain + -shell + userdebug_or_eng(`-uncrypt') + -installd +} shell_data_file:lnk_file read; + +# In addition to the symlink reading restrictions above, restrict +# write access to shell owned directories. The /data/local/tmp +# directory is untrustworthy, and non-whitelisted domains should +# not be trusting any content in those directories. +neverallow { + domain + -adbd + -dumpstate + -installd + -init + -shell + -vold +} shell_data_file:dir no_w_dir_perms; + +neverallow { + domain + -adbd + -appdomain + -dumpstate + -init + -installd + -simpleperf_app_runner + -system_server # why? + userdebug_or_eng(`-uncrypt') +} shell_data_file:dir { open search }; + +# Same as above for /data/local/tmp files. We allow shell files +# to be passed around by file descriptor, but not directly opened. +neverallow { + domain + -adbd + -appdomain + -dumpstate + -installd + userdebug_or_eng(`-uncrypt') +} shell_data_file:file open; + +# servicemanager and vndservicemanager are the only processes which handle the +# service_manager list request +neverallow * ~{ + servicemanager + vndservicemanager + }:service_manager list; + +# hwservicemanager is the only process which handles hw list requests +neverallow * ~{ + hwservicemanager + }:hwservice_manager list; + +# only service_manager_types can be added to service_manager +# TODO - rework this: neverallow * ~service_manager_type:service_manager { add find }; + +# Prevent assigning non property types to properties +# TODO - rework this: neverallow * ~property_type:property_service set; + +# Domain types should never be assigned to any files other +# than the /proc/pid files associated with a process. The +# executable file used to enter a domain should be labeled +# with its own _exec type, not with the domain type. +# Conventionally, this looks something like: +# $ cat mydaemon.te +# type mydaemon, domain; +# type mydaemon_exec, exec_type, file_type; +# init_daemon_domain(mydaemon) +# $ grep mydaemon file_contexts +# /system/bin/mydaemon -- u:object_r:mydaemon_exec:s0 +neverallow * domain:file { execute execute_no_trans entrypoint }; + +# Do not allow access to the generic debugfs label. This is too broad. +# Instead, if access to part of debugfs is desired, it should have a +# more specific label. +# TODO: fix dumpstate +neverallow { domain -init -vendor_init -dumpstate } debugfs:{ file lnk_file } no_rw_file_perms; + +# Do not allow executable files in debugfs. +neverallow domain debugfs_type:file { execute execute_no_trans }; + +# Profiles contain untrusted data and profman parses that. We should only run +# in from installd forked processes. +neverallow { + domain + -installd + -profman +} profman_exec:file no_x_file_perms; + +# Enforce restrictions on kernel module origin. +# Do not allow kernel module loading except from system, +# vendor, and boot partitions. +neverallow * ~{ system_file_type vendor_file_type rootfs }:system module_load; + +# Only allow filesystem caps to be set at build time. Runtime changes +# to filesystem capabilities are not permitted. +neverallow * self:global_capability_class_set setfcap; + +# Enforce AT_SECURE for executing crash_dump. +neverallow domain crash_dump:process noatsecure; + +# Do not permit non-core domains to register HwBinder services which are +# guaranteed to be provided by core domains only. +neverallow ~coredomain coredomain_hwservice:hwservice_manager add; + +# Do not permit the registeration of HwBinder services which are guaranteed to +# be passthrough only (i.e., run in the process of their clients instead of a +# separate server process). +neverallow * same_process_hwservice:hwservice_manager add; + +# On TREBLE devices, most coredomains should not access vendor_files. +# TODO(b/71553434): Remove exceptions here. +full_treble_only(` + neverallow { + coredomain + -appdomain + -bootanim + -crash_dump + -heapprofd + -init + -iorap_inode2filename + -iorap_prefetcherd + -kernel + -traced_perf + -ueventd + } vendor_file:file { no_w_file_perms no_x_file_perms open }; +') + +# If an already existing file is opened with O_CREAT, the kernel might generate +# a false report of a create denial. Silence these denials and make sure that +# inappropriate permissions are not granted. + +# These filesystems don't allow files or directories to be created, so the permission +# to do so should never be granted. +neverallow domain { + proc_type + sysfs_type +}:dir { add_name create link remove_name rename reparent rmdir write }; + +# cgroupfs directories can be created, but not files within them. +neverallow domain cgroup:file create; + +dontaudit domain proc_type:dir write; +dontaudit domain sysfs_type:dir write; +dontaudit domain cgroup:file create; + +# These are only needed in permissive mode - in enforcing mode the +# directory write check fails and so these are never attempted. +userdebug_or_eng(` + dontaudit domain proc_type:dir add_name; + dontaudit domain sysfs_type:dir add_name; + dontaudit domain proc_type:file create; + dontaudit domain sysfs_type:file create; +') + +# Platform must not have access to /mnt/vendor. +neverallow { + coredomain + -init + -ueventd + -vold + -system_writes_mnt_vendor_violators +} mnt_vendor_file:dir *; + +# Only apps are allowed access to vendor public libraries. +full_treble_only(` + neverallow { + coredomain + -appdomain + } vendor_public_lib_file:file { execute execute_no_trans }; +') + +# Vendor domian must not have access to /mnt/product. +neverallow { + domain + -coredomain +} mnt_product_file:dir *; + +# Platform must not have access to sysfs_batteryinfo, but should do it via health HAL and healthd +full_treble_only(` + neverallow { + coredomain + -healthd + -shell + # Generate uevents for health info + -ueventd + # Recovery uses health HAL passthrough implementation. + -recovery + # Charger uses health HAL passthrough implementation. + -charger + # TODO(b/110891300): remove this exception + -incidentd + } sysfs_batteryinfo:file { open read }; +') + +neverallow { + domain + -hal_codec2_server + -hal_omx_server +} hal_codec2_hwservice:hwservice_manager add; + +# Only apps targetting < Q are allowed to open /dev/ashmem directly. +# Apps must use ASharedMemory NDK API. Native code must use libcutils API. +neverallow { + domain + -ephemeral_app # We don't distinguish ephemeral apps based on target API. + -untrusted_app_25 + -untrusted_app_27 +} ashmem_device:chr_file open; diff --git a/prebuilts/api/30.0/public/drmserver.te b/prebuilts/api/30.0/public/drmserver.te new file mode 100644 index 000000000..12c080aeb --- /dev/null +++ b/prebuilts/api/30.0/public/drmserver.te @@ -0,0 +1,59 @@ +# drmserver - DRM service +type drmserver, domain; +type drmserver_exec, system_file_type, exec_type, file_type; + +typeattribute drmserver mlstrustedsubject; + +net_domain(drmserver) + +# Perform Binder IPC to system server. +binder_use(drmserver) +binder_call(drmserver, system_server) +binder_call(drmserver, appdomain) +binder_call(drmserver, mediametrics) +binder_service(drmserver) +# Inherit or receive open files from system_server. +allow drmserver system_server:fd use; + +# Perform Binder IPC to mediaserver +binder_call(drmserver, mediaserver) + +allow drmserver sdcard_type:dir search; +allow drmserver drm_data_file:dir create_dir_perms; +allow drmserver drm_data_file:file create_file_perms; +allow drmserver { app_data_file privapp_data_file }:file { read write getattr map }; +allow drmserver sdcard_type:file { read write getattr map }; +r_dir_file(drmserver, efs_file) + +type drmserver_socket, file_type; + +# /data/app/tlcd_sock socket file. +# Clearly, /data/app is the most logical place to create a socket. Not. +allow drmserver apk_data_file:dir rw_dir_perms; +allow drmserver drmserver_socket:sock_file create_file_perms; +# Delete old socket file if present. +allow drmserver apk_data_file:sock_file unlink; + +# After taking a video, drmserver looks at the video file. +r_dir_file(drmserver, media_rw_data_file) + +# Read resources from open apk files passed over Binder. +allow drmserver apk_data_file:file { read getattr map }; +allow drmserver asec_apk_file:file { read getattr map }; +allow drmserver ringtone_file:file { read getattr map }; + +# Read /data/data/com.android.providers.telephony files passed over Binder. +allow drmserver radio_data_file:file { read getattr map }; + +# /oem access +allow drmserver oemfs:dir search; +allow drmserver oemfs:file r_file_perms; + +add_service(drmserver, drmserver_service) +allow drmserver permission_service:service_manager find; +allow drmserver mediametrics_service:service_manager find; + +selinux_check_access(drmserver) + +r_dir_file(drmserver, cgroup) +r_dir_file(drmserver, system_file) diff --git a/prebuilts/api/30.0/public/dumpstate.te b/prebuilts/api/30.0/public/dumpstate.te new file mode 100644 index 000000000..55705a9b3 --- /dev/null +++ b/prebuilts/api/30.0/public/dumpstate.te @@ -0,0 +1,357 @@ +# dumpstate +type dumpstate, domain, mlstrustedsubject; +type dumpstate_exec, system_file_type, exec_type, file_type; + +net_domain(dumpstate) +binder_use(dumpstate) +wakelock_use(dumpstate) + +# Allow setting process priority, protect from OOM killer, and dropping +# privileges by switching UID / GID +allow dumpstate self:global_capability_class_set { setuid setgid sys_resource }; + +# Allow dumpstate to scan through /proc/pid for all processes +r_dir_file(dumpstate, domain) + +allow dumpstate self:global_capability_class_set { + # Send signals to processes + kill + # Run iptables + net_raw + net_admin +}; + +# Allow executing files on system, such as: +# /system/bin/toolbox +# /system/bin/logcat +# /system/bin/dumpsys +allow dumpstate system_file:file execute_no_trans; +not_full_treble(`allow dumpstate vendor_file:file execute_no_trans;') +allow dumpstate toolbox_exec:file rx_file_perms; + +# hidl searches for files in /system/lib(64)/hw/ +allow dumpstate system_file:dir r_dir_perms; + +# Create and write into /data/anr/ +allow dumpstate self:global_capability_class_set { dac_override dac_read_search chown fowner fsetid }; +allow dumpstate anr_data_file:dir rw_dir_perms; +allow dumpstate anr_data_file:file create_file_perms; + +# Allow reading /data/system/uiderrors.txt +# TODO: scope this down. +allow dumpstate system_data_file:file r_file_perms; + +# Allow dumpstate to append into privileged apps private files. +allow dumpstate privapp_data_file:file append; + +# Read dmesg +allow dumpstate self:global_capability2_class_set syslog; +allow dumpstate kernel:system syslog_read; + +# Read /sys/fs/pstore/console-ramoops +allow dumpstate pstorefs:dir r_dir_perms; +allow dumpstate pstorefs:file r_file_perms; + +# Get process attributes +allow dumpstate domain:process getattr; + +# Signal java processes to dump their stack +allow dumpstate { appdomain system_server zygote }:process signal; + +# Signal native processes to dump their stack. +allow dumpstate { + # This list comes from native_processes_to_dump in dumputils/dump_utils.c + audioserver + cameraserver + drmserver + inputflinger + mediadrmserver + mediaextractor + mediametrics + mediaserver + mediaswcodec + sdcardd + surfaceflinger + vold + + # This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c + hal_audio_server + hal_bluetooth_server + hal_camera_server + hal_codec2_server + hal_drm_server + hal_face_server + hal_fingerprint_server + hal_graphics_allocator_server + hal_graphics_composer_server + hal_health_server + hal_omx_server + hal_power_server + hal_power_stats_server + hal_sensors_server + hal_thermal_server + hal_vr_server + system_suspend_server +}:process signal; + +# Connect to tombstoned to intercept dumps. +unix_socket_connect(dumpstate, tombstoned_intercept, tombstoned) + +# Access to /sys +allow dumpstate sysfs_type:dir r_dir_perms; + +allow dumpstate { + sysfs_devices_block + sysfs_dm + sysfs_loop + sysfs_usb + sysfs_zram +}:file r_file_perms; + +# Other random bits of data we want to collect +allow dumpstate debugfs:file r_file_perms; +auditallow dumpstate debugfs:file r_file_perms; + +allow dumpstate debugfs_mmc:file r_file_perms; + +# df for +allow dumpstate { + block_device + cache_file + metadata_file + rootfs + selinuxfs + storage_file + tmpfs +}:dir { search getattr }; +allow dumpstate fuse_device:chr_file getattr; +allow dumpstate { dm_device cache_block_device }:blk_file getattr; +allow dumpstate { cache_file rootfs }:lnk_file { getattr read }; + +# Read /dev/cpuctl and /dev/cpuset +r_dir_file(dumpstate, cgroup) + +# Allow dumpstate to make binder calls to any binder service +binder_call(dumpstate, binderservicedomain) +binder_call(dumpstate, { appdomain netd wificond }) + +hal_client_domain(dumpstate, hal_dumpstate) +hal_client_domain(dumpstate, hal_wifi) +hal_client_domain(dumpstate, hal_graphics_allocator) +# Vibrate the device after we are done collecting the bugreport +hal_client_domain(dumpstate, hal_vibrator) + +# Reading /proc/PID/maps of other processes +allow dumpstate self:global_capability_class_set sys_ptrace; + +# Allow the bugreport service to create a file in +# /data/data/com.android.shell/files/bugreports/bugreport +allow dumpstate shell_data_file:dir create_dir_perms; +allow dumpstate shell_data_file:file create_file_perms; + +# Run a shell. +allow dumpstate shell_exec:file rx_file_perms; + +# For running am and similar framework commands. +# Run /system/bin/app_process. +allow dumpstate zygote_exec:file rx_file_perms; + +# For Bluetooth +allow dumpstate bluetooth_data_file:dir search; +allow dumpstate bluetooth_logs_data_file:dir r_dir_perms; +allow dumpstate bluetooth_logs_data_file:file r_file_perms; + +# Dumpstate calls screencap, which grabs a screenshot. Needs gpu access +allow dumpstate gpu_device:chr_file rw_file_perms; + +# logd access +read_logd(dumpstate) +control_logd(dumpstate) +read_runtime_log_tags(dumpstate) + +# Read files in /proc +allow dumpstate { + proc_buddyinfo + proc_cmdline + proc_meminfo + proc_modules + proc_net_type + proc_pipe_conf + proc_pagetypeinfo + proc_qtaguid_ctrl + proc_qtaguid_stat + proc_slabinfo + proc_version + proc_vmallocinfo + proc_vmstat +}:file r_file_perms; + +# Read network state info files. +allow dumpstate net_data_file:dir search; +allow dumpstate net_data_file:file r_file_perms; + +# List sockets via ss. +allow dumpstate self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read }; + +# Access /data/tombstones. +allow dumpstate tombstone_data_file:dir r_dir_perms; +allow dumpstate tombstone_data_file:file r_file_perms; + +# Access /cache/recovery +allow dumpstate cache_recovery_file:dir r_dir_perms; +allow dumpstate cache_recovery_file:file r_file_perms; + +# Access /data/misc/recovery +allow dumpstate recovery_data_file:dir r_dir_perms; +allow dumpstate recovery_data_file:file r_file_perms; + +#Access /data/misc/update_engine_log +allow dumpstate update_engine_log_data_file:dir r_dir_perms; +allow dumpstate update_engine_log_data_file:file r_file_perms; + +# Access /data/misc/profiles/{cur,ref}/ +userdebug_or_eng(` + allow dumpstate user_profile_data_file:dir r_dir_perms; + allow dumpstate user_profile_data_file:file r_file_perms; +') + +# Access /data/misc/logd +allow dumpstate misc_logd_file:dir r_dir_perms; +allow dumpstate misc_logd_file:file r_file_perms; + +# Access /data/misc/prereboot +allow dumpstate prereboot_data_file:dir r_dir_perms; +allow dumpstate prereboot_data_file:file r_file_perms; + +allow dumpstate app_fuse_file:dir r_dir_perms; +allow dumpstate overlayfs_file:dir r_dir_perms; + +allow dumpstate { + service_manager_type + -apex_service + -dumpstate_service + -gatekeeper_service + -virtual_touchpad_service + -vold_service + -vr_hwc_service + -default_android_service +}:service_manager find; +# suppress denials for services dumpstate should not be accessing. +dontaudit dumpstate { + apex_service + dumpstate_service + gatekeeper_service + virtual_touchpad_service + vold_service + vr_hwc_service +}:service_manager find; + +# Most of these are neverallowed. +dontaudit dumpstate hwservice_manager_type:hwservice_manager find; + +allow dumpstate servicemanager:service_manager list; +allow dumpstate hwservicemanager:hwservice_manager list; + +allow dumpstate devpts:chr_file rw_file_perms; + +# Set properties. +# dumpstate_prop is used to share state with the Shell app. +set_prop(dumpstate, dumpstate_prop) +set_prop(dumpstate, exported_dumpstate_prop) +# dumpstate_options_prop is used to pass extra command-line args. +set_prop(dumpstate, dumpstate_options_prop) + +# Read any system properties +get_prop(dumpstate, property_type) + +# Access to /data/media. +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow dumpstate media_rw_data_file:dir getattr; +allow dumpstate proc_interrupts:file r_file_perms; +allow dumpstate proc_zoneinfo:file r_file_perms; + +# Create a service for talking back to system_server +add_service(dumpstate, dumpstate_service) + +# use /dev/ion for screen capture +allow dumpstate ion_device:chr_file r_file_perms; + +# Allow dumpstate to run top +allow dumpstate proc_stat:file r_file_perms; + +allow dumpstate proc_pressure_cpu:file r_file_perms; +allow dumpstate proc_pressure_mem:file r_file_perms; +allow dumpstate proc_pressure_io:file r_file_perms; + +# Allow dumpstate to talk to installd over binder +binder_call(dumpstate, installd); + +# Allow dumpstate to talk to iorapd over binder. +binder_call(dumpstate, iorapd) + +# Allow dumpstate to run ip xfrm policy +allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read }; + +# Allow dumpstate to run iotop +allow dumpstate self:netlink_socket create_socket_perms_no_ioctl; +# newer kernels (e.g. 4.4) have a new class for sockets +allow dumpstate self:netlink_generic_socket create_socket_perms_no_ioctl; + +# Allow dumpstate to run ss +allow dumpstate { domain pdx_channel_socket_type pdx_endpoint_socket_type }:socket_class_set getattr; + +# Allow dumpstate to read linkerconfig directory +allow dumpstate linkerconfig_file:dir { read open }; + +# For when dumpstate runs df +dontaudit dumpstate { + mnt_vendor_file + mirror_data_file + mnt_user_file +}:dir search; +dontaudit dumpstate { + apex_mnt_dir + linkerconfig_file + mirror_data_file + mnt_user_file +}:dir getattr; + +# Allow dumpstate to talk to bufferhubd over binder +binder_call(dumpstate, bufferhubd); + +# Allow dumpstate to talk to mediaswcodec over binder +binder_call(dumpstate, mediaswcodec); + +# Allow dumpstate to talk to these stable AIDL services over binder +binder_call(dumpstate, hal_rebootescrow_server) +allow hal_rebootescrow_server dumpstate:fifo_file write; +allow hal_rebootescrow_server dumpstate:fd use; + +# Allow dumpstate to kill vendor dumpstate service by init +set_prop(dumpstate, ctl_dumpstate_prop) + +#Access /data/misc/snapshotctl_log +allow dumpstate snapshotctl_log_data_file:dir r_dir_perms; +allow dumpstate snapshotctl_log_data_file:file r_file_perms; + +#Allow access to /dev/binderfs/binder_logs +allow dumpstate binderfs_logs:dir r_dir_perms; +allow dumpstate binderfs_logs:file r_file_perms; + +### +### neverallow rules +### + +# dumpstate has capability sys_ptrace, but should only use that capability for +# accessing sensitive /proc/PID files, never for using ptrace attach. +neverallow dumpstate *:process ptrace; + +# only system_server, dumpstate, traceur_app and shell can find the dumpstate service +neverallow { + domain + -system_server + -shell + -traceur_app + -dumpstate +} dumpstate_service:service_manager find; diff --git a/prebuilts/api/30.0/public/e2fs.te b/prebuilts/api/30.0/public/e2fs.te new file mode 100644 index 000000000..dd5bd69de --- /dev/null +++ b/prebuilts/api/30.0/public/e2fs.te @@ -0,0 +1,26 @@ +type e2fs, domain, coredomain; +type e2fs_exec, system_file_type, exec_type, file_type; + +allow e2fs devpts:chr_file { read write getattr ioctl }; + +allow e2fs dev_type:blk_file getattr; +allow e2fs block_device:dir search; +allow e2fs userdata_block_device:blk_file rw_file_perms; +allow e2fs metadata_block_device:blk_file rw_file_perms; +allow e2fs dm_device:blk_file rw_file_perms; +allowxperm e2fs { userdata_block_device metadata_block_device dm_device }:blk_file ioctl { + BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET +}; + +allow e2fs { + proc_filesystems + proc_mounts + proc_swaps +}:file r_file_perms; + +# access /sys/fs/ext4/features +allow e2fs sysfs_fs_ext4_features:dir search; +allow e2fs sysfs_fs_ext4_features:file r_file_perms; + +# access SELinux context files +allow e2fs file_contexts_file:file r_file_perms; diff --git a/prebuilts/api/30.0/public/ephemeral_app.te b/prebuilts/api/30.0/public/ephemeral_app.te new file mode 100644 index 000000000..dc39a22b5 --- /dev/null +++ b/prebuilts/api/30.0/public/ephemeral_app.te @@ -0,0 +1,14 @@ +### +### Ephemeral apps. +### +### This file defines the security policy for apps with the ephemeral +### feature. +### +### The ephemeral_app domain is a reduced permissions sandbox allowing +### ephemeral applications to be safely installed and run. Non ephemeral +### applications may also opt-in to ephemeral to take advantage of the +### additional security features. +### +### PackageManager flags an app as ephemeral at install time. + +type ephemeral_app, domain; diff --git a/prebuilts/api/30.0/public/fastbootd.te b/prebuilts/api/30.0/public/fastbootd.te new file mode 100644 index 000000000..f10e6492d --- /dev/null +++ b/prebuilts/api/30.0/public/fastbootd.te @@ -0,0 +1,133 @@ +# fastbootd (used in recovery init.rc for /sbin/fastbootd) + +# Declare the domain unconditionally so we can always reference it +# in neverallow rules. +type fastbootd, domain; + +# But the allow rules are only included in the recovery policy. +# Otherwise fastbootd is only allowed the domain rules. +recovery_only(` + # fastbootd can only use HALs in passthrough mode + passthrough_hal_client_domain(fastbootd, hal_bootctl) + + # Access /dev/usb-ffs/fastbootd/ep0 + allow fastbootd functionfs:dir search; + allow fastbootd functionfs:file rw_file_perms; + + allowxperm fastbootd functionfs:file ioctl { FUNCTIONFS_ENDPOINT_DESC }; + # Log to serial + allow fastbootd kmsg_device:chr_file { open getattr write }; + + # battery info + allow fastbootd sysfs_batteryinfo:file r_file_perms; + + allow fastbootd device:dir r_dir_perms; + + # Reboot the device + set_prop(fastbootd, powerctl_prop) + + # Read serial number of the device from system properties + get_prop(fastbootd, serialno_prop) + + # For dev/block/by-name dir + allow fastbootd block_device:dir r_dir_perms; + + # Needed for DM_DEV_CREATE ioctl call + allow fastbootd self:capability sys_admin; + + # Set sys.usb.ffs.ready. + set_prop(fastbootd, ffs_prop) + set_prop(fastbootd, exported_ffs_prop) + + unix_socket_connect(fastbootd, recovery, recovery) + + # Required for flashing + allow fastbootd dm_device:chr_file rw_file_perms; + allow fastbootd dm_device:blk_file rw_file_perms; + + allow fastbootd cache_block_device:blk_file rw_file_perms; + allow fastbootd super_block_device_type:blk_file rw_file_perms; + allow fastbootd { + boot_block_device + metadata_block_device + system_block_device + userdata_block_device + }:blk_file { w_file_perms getattr ioctl }; + + # For disabling/wiping GSI, and for modifying/deleting files created via + # libfiemap. + allow fastbootd metadata_block_device:blk_file r_file_perms; + allow fastbootd {rootfs tmpfs}:dir mounton; + allow fastbootd metadata_file:dir { search getattr }; + allow fastbootd gsi_metadata_file:dir rw_dir_perms; + allow fastbootd gsi_metadata_file:file create_file_perms; + + allowxperm fastbootd super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; + + allowxperm fastbootd { + metadata_block_device + userdata_block_device + dm_device + cache_block_device + }:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; + + allow fastbootd misc_block_device:blk_file rw_file_perms; + + allow fastbootd proc_cmdline:file r_file_perms; + allow fastbootd rootfs:dir r_dir_perms; + + # Needed to read fstab node from device tree. + allow fastbootd sysfs_dt_firmware_android:file r_file_perms; + allow fastbootd sysfs_dt_firmware_android:dir r_dir_perms; + + # Needed because libdm reads sysfs to validate when a dm path is ready. + r_dir_file(fastbootd, sysfs_dm) + + # Needed for realpath() call to resolve symlinks. + allow fastbootd block_device:dir getattr; + userdebug_or_eng(` + # Refined manipulation of /mnt/scratch, without these perms resorts + # to deleting scratch partition when partition(s) are flashed. + allow fastbootd self:process setfscreate; + allow fastbootd cache_file:dir search; + allow fastbootd proc_filesystems:file { getattr open read }; + allow fastbootd self:capability sys_rawio; + dontaudit fastbootd kernel:system module_request; + allowxperm fastbootd dev_type:blk_file ioctl BLKROSET; + allow fastbootd overlayfs_file:dir { create_dir_perms mounton }; + allow fastbootd { + system_file_type + unlabeled + vendor_file_type + }:dir { remove_name rmdir search write }; + allow fastbootd { + overlayfs_file + system_file_type + unlabeled + vendor_file_type + }:{ file lnk_file } unlink; + allow fastbootd tmpfs:dir rw_dir_perms; + allow fastbootd labeledfs:filesystem { mount unmount }; + get_prop(fastbootd, persistent_properties_ready_prop) + ') + + # Allow using libfiemap/gsid directly (no binder in recovery). + set_prop(fastbootd, gsid_prop) + allow fastbootd gsi_metadata_file:dir search; + allow fastbootd ota_metadata_file:dir rw_dir_perms; + allow fastbootd ota_metadata_file:file create_file_perms; + + # Determine allocation scheme (whether B partitions needs to be + # at the second half of super. + get_prop(fastbootd, virtual_ab_prop) +') + +### +### neverallow rules +### + +# Write permission is required to wipe userdata +# until recovery supports vold. +neverallow fastbootd { + data_file_type +}:file { no_x_file_perms }; diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te new file mode 100644 index 000000000..462e71d21 --- /dev/null +++ b/prebuilts/api/30.0/public/file.te @@ -0,0 +1,543 @@ +# Filesystem types +type labeledfs, fs_type; +type pipefs, fs_type; +type sockfs, fs_type; +type rootfs, fs_type; +type proc, fs_type, proc_type; +type binderfs, fs_type; +type binderfs_logs, fs_type; +type binderfs_logs_proc, fs_type; +# Security-sensitive proc nodes that should not be writable to most. +type proc_security, fs_type, proc_type; +type proc_drop_caches, fs_type, proc_type; +type proc_overcommit_memory, fs_type, proc_type; +type proc_min_free_order_shift, fs_type, proc_type; +type proc_kpageflags, fs_type, proc_type; +# proc, sysfs, or other nodes that permit configuration of kernel usermodehelpers. +type usermodehelper, fs_type, proc_type; +type sysfs_usermodehelper, fs_type, sysfs_type; +type proc_qtaguid_ctrl, fs_type, mlstrustedobject, proc_type; +type proc_qtaguid_stat, fs_type, mlstrustedobject, proc_type; +type proc_bluetooth_writable, fs_type, proc_type; +type proc_abi, fs_type, proc_type; +type proc_asound, fs_type, proc_type; +type proc_buddyinfo, fs_type, proc_type; +type proc_cmdline, fs_type, proc_type; +type proc_cpuinfo, fs_type, proc_type; +type proc_dirty, fs_type, proc_type; +type proc_diskstats, fs_type, proc_type; +type proc_extra_free_kbytes, fs_type, proc_type; +type proc_filesystems, fs_type, proc_type; +type proc_fs_verity, fs_type, proc_type; +type proc_hostname, fs_type, proc_type; +type proc_hung_task, fs_type, proc_type; +type proc_interrupts, fs_type, proc_type; +type proc_iomem, fs_type, proc_type; +type proc_keys, fs_type, proc_type; +type proc_kmsg, fs_type, proc_type; +type proc_loadavg, fs_type, proc_type; +type proc_lowmemorykiller, fs_type, proc_type; +type proc_max_map_count, fs_type, proc_type; +type proc_meminfo, fs_type, proc_type; +type proc_misc, fs_type, proc_type; +type proc_modules, fs_type, proc_type; +type proc_mounts, fs_type, proc_type; +type proc_net, fs_type, proc_type, proc_net_type; +type proc_net_tcp_udp, fs_type, proc_type; +type proc_page_cluster, fs_type, proc_type; +type proc_pagetypeinfo, fs_type, proc_type; +type proc_panic, fs_type, proc_type; +type proc_perf, fs_type, proc_type; +type proc_pid_max, fs_type, proc_type; +type proc_pipe_conf, fs_type, proc_type; +type proc_pressure_cpu, fs_type, proc_type; +type proc_pressure_io, fs_type, proc_type; +type proc_pressure_mem, fs_type, proc_type; +type proc_random, fs_type, proc_type; +type proc_sched, fs_type, proc_type; +type proc_slabinfo, fs_type, proc_type; +type proc_stat, fs_type, proc_type; +type proc_swaps, fs_type, proc_type; +type proc_sysrq, fs_type, proc_type; +type proc_timer, fs_type, proc_type; +type proc_tty_drivers, fs_type, proc_type; +type proc_uid_cputime_showstat, fs_type, proc_type; +type proc_uid_cputime_removeuid, fs_type, proc_type; +type proc_uid_io_stats, fs_type, proc_type; +type proc_uid_procstat_set, fs_type, proc_type; +type proc_uid_time_in_state, fs_type, proc_type; +type proc_uid_concurrent_active_time, fs_type, proc_type; +type proc_uid_concurrent_policy_time, fs_type, proc_type; +type proc_uid_cpupower, fs_type, proc_type; +type proc_uptime, fs_type, proc_type; +type proc_version, fs_type, proc_type; +type proc_vmallocinfo, fs_type, proc_type; +type proc_vmstat, fs_type, proc_type; +type proc_zoneinfo, fs_type, proc_type; +type selinuxfs, fs_type, mlstrustedobject; +type cgroup, fs_type, mlstrustedobject; +type cgroup_bpf, fs_type; +type sysfs, fs_type, sysfs_type, mlstrustedobject; +type sysfs_android_usb, fs_type, sysfs_type; +type sysfs_uio, sysfs_type, fs_type; +type sysfs_batteryinfo, fs_type, sysfs_type; +type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject; +type sysfs_devices_block, fs_type, sysfs_type; +type sysfs_dm, fs_type, sysfs_type; +type sysfs_dm_verity, fs_type, sysfs_type; +type sysfs_dt_firmware_android, fs_type, sysfs_type; +type sysfs_extcon, fs_type, sysfs_type; +type sysfs_ion, fs_type, sysfs_type; +type sysfs_ipv4, fs_type, sysfs_type; +type sysfs_kernel_notes, fs_type, sysfs_type, mlstrustedobject; +type sysfs_leds, fs_type, sysfs_type; +type sysfs_loop, fs_type, sysfs_type; +type sysfs_hwrandom, fs_type, sysfs_type; +type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject; +type sysfs_wake_lock, fs_type, sysfs_type; +type sysfs_net, fs_type, sysfs_type; +type sysfs_power, fs_type, sysfs_type; +type sysfs_rtc, fs_type, sysfs_type; +type sysfs_suspend_stats, fs_type, sysfs_type; +type sysfs_switch, fs_type, sysfs_type; +type sysfs_transparent_hugepage, fs_type, sysfs_type; +type sysfs_usb, fs_type, sysfs_type; +type sysfs_wakeup, fs_type, sysfs_type; +type sysfs_wakeup_reasons, fs_type, sysfs_type; +type sysfs_fs_ext4_features, sysfs_type, fs_type; +type sysfs_fs_f2fs, sysfs_type, fs_type; +type fs_bpf, fs_type; +type configfs, fs_type; +# /sys/devices/system/cpu +type sysfs_devices_system_cpu, fs_type, sysfs_type; +# /sys/module/lowmemorykiller +type sysfs_lowmemorykiller, fs_type, sysfs_type; +# /sys/module/wlan/parameters/fwpath +type sysfs_wlan_fwpath, fs_type, sysfs_type; +type sysfs_vibrator, fs_type, sysfs_type; + +type sysfs_thermal, sysfs_type, fs_type; + +type sysfs_zram, fs_type, sysfs_type; +type sysfs_zram_uevent, fs_type, sysfs_type; +type inotify, fs_type, mlstrustedobject; +type devpts, fs_type, mlstrustedobject; +type tmpfs, fs_type; +type shm, fs_type; +type mqueue, fs_type; +type fuse, sdcard_type, fs_type, mlstrustedobject; +type sdcardfs, sdcard_type, fs_type, mlstrustedobject; +type vfat, sdcard_type, fs_type, mlstrustedobject; +type exfat, sdcard_type, fs_type, mlstrustedobject; +type debugfs, fs_type, debugfs_type; +type debugfs_mmc, fs_type, debugfs_type; +type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject; +type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject; +type debugfs_tracing_debug, fs_type, debugfs_type, mlstrustedobject; +type debugfs_tracing_instances, fs_type, debugfs_type; +type debugfs_wakeup_sources, fs_type, debugfs_type; +type debugfs_wifi_tracing, fs_type, debugfs_type; +type securityfs, fs_type; + +type pstorefs, fs_type; +type functionfs, fs_type, mlstrustedobject; +type oemfs, fs_type, contextmount_type; +type usbfs, fs_type; +type binfmt_miscfs, fs_type; +type app_fusefs, fs_type, contextmount_type; + +# File types +type unlabeled, file_type; + +# Default type for anything under /system. +type system_file, system_file_type, file_type; +# Default type for /system/asan.options +type system_asan_options_file, system_file_type, file_type; +# Type for /system/etc/event-log-tags (liblog implementation detail) +type system_event_log_tags_file, system_file_type, file_type; +# Default type for anything under /system/lib[64]. +type system_lib_file, system_file_type, file_type; +# system libraries that are available only to bootstrap processes +type system_bootstrap_lib_file, system_file_type, file_type; +# Default type for the group file /system/etc/group. +type system_group_file, system_file_type, file_type; +# Default type for linker executable /system/bin/linker[64]. +type system_linker_exec, system_file_type, file_type; +# Default type for linker config /system/etc/ld.config.*. +type system_linker_config_file, system_file_type, file_type; +# Default type for the passwd file /system/etc/passwd. +type system_passwd_file, system_file_type, file_type; +# Default type for linker config /system/etc/seccomp_policy/*. +type system_seccomp_policy_file, system_file_type, file_type; +# Default type for cacerts in /system/etc/security/cacerts/*. +type system_security_cacerts_file, system_file_type, file_type; +# Default type for /system/bin/tcpdump. +type tcpdump_exec, system_file_type, exec_type, file_type; +# Default type for zoneinfo files in /system/usr/share/zoneinfo/*. +type system_zoneinfo_file, system_file_type, file_type; +# Cgroups description file under /system/etc/cgroups.json +type cgroup_desc_file, system_file_type, file_type; +# Vendor cgroups description file under /vendor/etc/cgroups.json +type vendor_cgroup_desc_file, vendor_file_type, file_type; +# Task profiles file under /system/etc/task_profiles.json +type task_profiles_file, system_file_type, file_type; +# Vendor task profiles file under /vendor/etc/task_profiles.json +type vendor_task_profiles_file, vendor_file_type, file_type; +# Type for /system/apex/com.android.art +type art_apex_dir, system_file_type, file_type; +# /linkerconfig(/.*)? +type linkerconfig_file, file_type; +# Control files under /data/incremental +type incremental_control_file, file_type, data_file_type, core_data_file_type; + +# Default type for directories search for +# HAL implementations +type vendor_hal_file, vendor_file_type, file_type; +# Default type for under /vendor or /system/vendor +type vendor_file, vendor_file_type, file_type; +# Default type for everything in /vendor/app +type vendor_app_file, vendor_file_type, file_type; +# Default type for everything under /vendor/etc/ +type vendor_configs_file, vendor_file_type, file_type; +# Default type for all *same process* HALs and their lib/bin dependencies. +# e.g. libEGL_xxx.so, android.hardware.graphics.mapper@2.0-impl.so +type same_process_hal_file, vendor_file_type, file_type; +# Default type for vndk-sp libs. /vendor/lib/vndk-sp +type vndk_sp_file, vendor_file_type, file_type; +# Default type for everything in /vendor/framework +type vendor_framework_file, vendor_file_type, file_type; +# Default type for everything in /vendor/overlay +type vendor_overlay_file, vendor_file_type, file_type; +# Type for all vendor public libraries. These libs should only be exposed to +# apps. ABI stability of these libs is vendor's responsibility. +type vendor_public_lib_file, vendor_file_type, file_type; + +# Input configuration +type vendor_keylayout_file, vendor_file_type, file_type; +type vendor_keychars_file, vendor_file_type, file_type; +type vendor_idc_file, vendor_file_type, file_type; + +# /metadata partition itself +type metadata_file, file_type; +# Vold files within /metadata +type vold_metadata_file, file_type; +# GSI files within /metadata +type gsi_metadata_file, file_type; +# system_server shares Weaver slot information in /metadata +type password_slot_metadata_file, file_type; +# APEX files within /metadata +type apex_metadata_file, file_type; +# libsnapshot files within /metadata +type ota_metadata_file, file_type; +# property files within /metadata/bootstat +type metadata_bootstat_file, file_type; + +# Type for /dev/cpu_variant:.*. +type dev_cpu_variant, file_type; +# Speedup access for trusted applications to the runtime event tags +type runtime_event_log_tags_file, file_type; +# Type for /system/bin/logcat. +type logcat_exec, system_file_type, exec_type, file_type; +# Speedup access to cgroup map file +type cgroup_rc_file, file_type; +# /cores for coredumps on userdebug / eng builds +type coredump_file, file_type; +# Type of /data itself +type system_data_root_file, file_type, data_file_type, core_data_file_type; +# Default type for anything under /data. +type system_data_file, file_type, data_file_type, core_data_file_type; +# Type for /data/system/packages.list. +# TODO(b/129332765): Narrow down permissions to this. +# Find out users of system_data_file that should be granted only this. +type packages_list_file, file_type, data_file_type, core_data_file_type; +# Default type for anything under /data/vendor{_ce,_de}. +type vendor_data_file, file_type, data_file_type; +# Unencrypted data +type unencrypted_data_file, file_type, data_file_type, core_data_file_type; +# installd-create files in /data/misc/installd such as layout_version +type install_data_file, file_type, data_file_type, core_data_file_type; +# /data/drm - DRM plugin data +type drm_data_file, file_type, data_file_type, core_data_file_type; +# /data/adb - adb debugging files +type adb_data_file, file_type, data_file_type, core_data_file_type; +# /data/anr - ANR traces +type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/tombstones - core dumps +type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/vendor/tombstones/wifi - vendor wifi dumps +type tombstone_wifi_data_file, file_type, data_file_type; +# /data/apex - APEX data files +type apex_data_file, file_type, data_file_type, core_data_file_type; +# /data/app - user-installed apps +type apk_data_file, file_type, data_file_type, core_data_file_type; +type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/app-private - forward-locked apps +type apk_private_data_file, file_type, data_file_type, core_data_file_type; +type apk_private_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/dalvik-cache +type dalvikcache_data_file, file_type, data_file_type, core_data_file_type; +# /data/ota +type ota_data_file, file_type, data_file_type, core_data_file_type; +# /data/ota_package +type ota_package_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/misc/profiles +type user_profile_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/misc/profman +type profman_dump_data_file, file_type, data_file_type, core_data_file_type; +# /data/misc/prereboot +type prereboot_data_file, file_type, data_file_type, core_data_file_type; +# /data/resource-cache +type resourcecache_data_file, file_type, data_file_type, core_data_file_type; +# /data/local - writable by shell +type shell_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/property +type property_data_file, file_type, data_file_type, core_data_file_type; +# /data/bootchart +type bootchart_data_file, file_type, data_file_type, core_data_file_type; +# /data/system/dropbox +type dropbox_data_file, file_type, data_file_type, core_data_file_type; +# /data/system/heapdump +type heapdump_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/nativetest +type nativetest_data_file, file_type, data_file_type, core_data_file_type; +# /data/system_de/0/ringtones +type ringtone_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# /data/preloads +type preloads_data_file, file_type, data_file_type, core_data_file_type; +# /data/preloads/media +type preloads_media_file, file_type, data_file_type, core_data_file_type; +# /data/misc/dhcp and /data/misc/dhcp-6.8.2 +type dhcp_data_file, file_type, data_file_type, core_data_file_type; +# /data/server_configurable_flags +type server_configurable_flags_data_file, file_type, data_file_type, core_data_file_type; +# /data/app-staging +type staging_data_file, file_type, data_file_type, core_data_file_type; +# /vendor/apex +type vendor_apex_file, vendor_file_type, file_type; + +# Mount locations managed by vold +type mnt_media_rw_file, file_type; +type mnt_user_file, file_type; +type mnt_pass_through_file, file_type; +type mnt_expand_file, file_type; +type mnt_sdcard_file, file_type; +type storage_file, file_type; + +# Label for storage dirs which are just mount stubs +type mnt_media_rw_stub_file, file_type; +type storage_stub_file, file_type; + +# Mount location for read-write vendor partitions. +type mnt_vendor_file, file_type; + +# Mount location for read-write product partitions. +type mnt_product_file, file_type; + +# Mount point used for APEX images +type apex_mnt_dir, file_type; + +# /postinstall: Mount point used by update_engine to run postinstall. +type postinstall_mnt_dir, file_type; +# Files inside the /postinstall mountpoint are all labeled as postinstall_file. +type postinstall_file, file_type; +# /postinstall/apex: Mount point used for APEX images within /postinstall. +type postinstall_apex_mnt_dir, file_type; + +# /data_mirror: Contains mirror directory for storing all apps data. +type mirror_data_file, file_type, core_data_file_type; + +# /data/misc subdirectories +type adb_keys_file, file_type, data_file_type, core_data_file_type; +type apex_module_data_file, file_type, data_file_type, core_data_file_type; +type apex_permission_data_file, file_type, data_file_type, core_data_file_type; +type apex_rollback_data_file, file_type, data_file_type, core_data_file_type; +type apex_wifi_data_file, file_type, data_file_type, core_data_file_type; +type audio_data_file, file_type, data_file_type, core_data_file_type; +type audioserver_data_file, file_type, data_file_type, core_data_file_type; +type bluetooth_data_file, file_type, data_file_type, core_data_file_type; +type bluetooth_logs_data_file, file_type, data_file_type, core_data_file_type; +type bootstat_data_file, file_type, data_file_type, core_data_file_type; +type boottrace_data_file, file_type, data_file_type, core_data_file_type; +type camera_data_file, file_type, data_file_type, core_data_file_type; +type credstore_data_file, file_type, data_file_type, core_data_file_type; +type gatekeeper_data_file, file_type, data_file_type, core_data_file_type; +type incident_data_file, file_type, data_file_type, core_data_file_type; +type keychain_data_file, file_type, data_file_type, core_data_file_type; +type keystore_data_file, file_type, data_file_type, core_data_file_type; +type media_data_file, file_type, data_file_type, core_data_file_type; +type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +type misc_user_data_file, file_type, data_file_type, core_data_file_type; +type net_data_file, file_type, data_file_type, core_data_file_type; +type network_watchlist_data_file, file_type, data_file_type, core_data_file_type; +type nfc_data_file, file_type, data_file_type, core_data_file_type; +type radio_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +type recovery_data_file, file_type, data_file_type, core_data_file_type; +type shared_relro_file, file_type, data_file_type, core_data_file_type; +type snapshotctl_log_data_file, file_type, data_file_type, core_data_file_type; +type stats_data_file, file_type, data_file_type, core_data_file_type; +type systemkeys_data_file, file_type, data_file_type, core_data_file_type; +type textclassifier_data_file, file_type, data_file_type, core_data_file_type; +type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +type vpn_data_file, file_type, data_file_type, core_data_file_type; +type wifi_data_file, file_type, data_file_type, core_data_file_type; +type zoneinfo_data_file, file_type, data_file_type, core_data_file_type; +type vold_data_file, file_type, data_file_type, core_data_file_type; +type iorapd_data_file, file_type, data_file_type, core_data_file_type; +type tee_data_file, file_type, data_file_type; +type update_engine_data_file, file_type, data_file_type, core_data_file_type; +type update_engine_log_data_file, file_type, data_file_type, core_data_file_type; +# /data/misc/trace for method traces on userdebug / eng builds +type method_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +type gsi_data_file, file_type, data_file_type, core_data_file_type; + +# /data/data subdirectories - app sandboxes +type app_data_file, file_type, data_file_type, core_data_file_type; +# /data/data subdirectories - priv-app sandboxes +type privapp_data_file, file_type, data_file_type, core_data_file_type; +# /data/data subdirectory for system UID apps. +type system_app_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Compatibility with type name used in Android 4.3 and 4.4. +# Default type for anything under /cache +type cache_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Type for /cache/overlay /mnt/scratch/overlay +type overlayfs_file, file_type, data_file_type, core_data_file_type; +# Type for /cache/backup_stage/* (fd interchange with apps) +type cache_backup_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# type for anything under /cache/backup (local transport storage) +type cache_private_backup_file, file_type, data_file_type, core_data_file_type; +# Type for anything under /cache/recovery +type cache_recovery_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Default type for anything under /efs +type efs_file, file_type; +# Type for wallpaper file. +type wallpaper_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Type for shortcut manager icon file. +type shortcut_manager_icons, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Type for user icon file. +type icon_file, file_type, data_file_type, core_data_file_type; +# /mnt/asec +type asec_apk_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Elements of asec files (/mnt/asec) that are world readable +type asec_public_file, file_type, data_file_type, core_data_file_type; +# /data/app-asec +type asec_image_file, file_type, data_file_type, core_data_file_type; +# /data/backup and /data/secure/backup +type backup_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# All devices have bluetooth efs files. But they +# vary per device, so this type is used in per +# device policy +type bluetooth_efs_file, file_type; +# Type for fingerprint template file +type fingerprintd_data_file, file_type, data_file_type, core_data_file_type; +# Type for _new_ fingerprint template file +type fingerprint_vendor_data_file, file_type, data_file_type; +# Type for appfuse file. +type app_fuse_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; +# Type for face template file +type face_vendor_data_file, file_type, data_file_type; +# Type for iris template file +type iris_vendor_data_file, file_type, data_file_type; + +# Socket types +type adbd_socket, file_type, coredomain_socket; +type bluetooth_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; +type dnsproxyd_socket, file_type, coredomain_socket, mlstrustedobject; +type dumpstate_socket, file_type, coredomain_socket; +type fwmarkd_socket, file_type, coredomain_socket, mlstrustedobject; +type lmkd_socket, file_type, coredomain_socket; +type logd_socket, file_type, coredomain_socket, mlstrustedobject; +type logdr_socket, file_type, coredomain_socket, mlstrustedobject; +type logdw_socket, file_type, coredomain_socket, mlstrustedobject; +type mdns_socket, file_type, coredomain_socket; +type mdnsd_socket, file_type, coredomain_socket, mlstrustedobject; +type misc_logd_file, coredomain_socket, file_type, data_file_type, core_data_file_type; +type mtpd_socket, file_type, coredomain_socket; +type property_socket, file_type, coredomain_socket, mlstrustedobject; +type racoon_socket, file_type, coredomain_socket; +type recovery_socket, file_type, coredomain_socket; +type rild_socket, file_type; +type rild_debug_socket, file_type; +type statsdw_socket, file_type, coredomain_socket, mlstrustedobject; +type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket; +type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; +type system_unsolzygote_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject; +type tombstoned_crash_socket, file_type, coredomain_socket, mlstrustedobject; +type tombstoned_java_trace_socket, file_type, mlstrustedobject; +type tombstoned_intercept_socket, file_type, coredomain_socket; +type traced_consumer_socket, file_type, coredomain_socket, mlstrustedobject; +type traced_perf_socket, file_type, coredomain_socket, mlstrustedobject; +type traced_producer_socket, file_type, coredomain_socket, mlstrustedobject; +type uncrypt_socket, file_type, coredomain_socket; +type wpa_socket, file_type, data_file_type, core_data_file_type; +type zygote_socket, file_type, coredomain_socket; +type heapprofd_socket, file_type, coredomain_socket, mlstrustedobject; +# UART (for GPS) control proc file +type gps_control, file_type; + +# PDX endpoint types +type pdx_display_dir, pdx_endpoint_dir_type, file_type; +type pdx_performance_dir, pdx_endpoint_dir_type, file_type; +type pdx_bufferhub_dir, pdx_endpoint_dir_type, file_type; + +pdx_service_socket_types(display_client, pdx_display_dir) +pdx_service_socket_types(display_manager, pdx_display_dir) +pdx_service_socket_types(display_screenshot, pdx_display_dir) +pdx_service_socket_types(display_vsync, pdx_display_dir) +pdx_service_socket_types(performance_client, pdx_performance_dir) +pdx_service_socket_types(bufferhub_client, pdx_bufferhub_dir) + +# file_contexts files +type file_contexts_file, system_file_type, file_type; + +# mac_permissions file +type mac_perms_file, system_file_type, file_type; + +# property_contexts file +type property_contexts_file, system_file_type, file_type; + +# seapp_contexts file +type seapp_contexts_file, system_file_type, file_type; + +# sepolicy files binary and others +type sepolicy_file, system_file_type, file_type; + +# service_contexts file +type service_contexts_file, system_file_type, file_type; + +# nonplat service_contexts file (only accessible on non full-treble devices) +type nonplat_service_contexts_file, vendor_file_type, file_type; + +# hwservice_contexts file +type hwservice_contexts_file, system_file_type, file_type; + +# vndservice_contexts file +type vndservice_contexts_file, file_type; + +# Allow files to be created in their appropriate filesystems. +allow fs_type self:filesystem associate; +allow cgroup tmpfs:filesystem associate; +allow cgroup_bpf tmpfs:filesystem associate; +allow cgroup_rc_file tmpfs:filesystem associate; +allow sysfs_type sysfs:filesystem associate; +allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate; +allow file_type labeledfs:filesystem associate; +allow file_type tmpfs:filesystem associate; +allow file_type rootfs:filesystem associate; +allow dev_type tmpfs:filesystem associate; +allow app_fuse_file app_fusefs:filesystem associate; +allow postinstall_file self:filesystem associate; + +# asanwrapper (run a sanitized app_process, to be used with wrap properties) +with_asan(`type asanwrapper_exec, exec_type, file_type;') + +# Deprecated in SDK version 28 +type audiohal_data_file, file_type, data_file_type, core_data_file_type; + +# It's a bug to assign the file_type attribute and fs_type attribute +# to any type. Do not allow it. +# +# For example, the following is a bug: +# type apk_data_file, file_type, data_file_type, fs_type; +# Should be: +# type apk_data_file, file_type, data_file_type; +neverallow fs_type file_type:filesystem associate; diff --git a/prebuilts/api/30.0/public/fingerprintd.te b/prebuilts/api/30.0/public/fingerprintd.te new file mode 100644 index 000000000..ff7a884e3 --- /dev/null +++ b/prebuilts/api/30.0/public/fingerprintd.te @@ -0,0 +1,26 @@ +type fingerprintd, domain; +type fingerprintd_exec, system_file_type, exec_type, file_type; + +binder_use(fingerprintd) + +# Scan through /system/lib64/hw looking for installed HALs +allow fingerprintd system_file:dir r_dir_perms; + +# need to find KeyStore and add self +add_service(fingerprintd, fingerprintd_service) + +# allow HAL module to read dir contents +allow fingerprintd fingerprintd_data_file:file { create_file_perms }; + +# allow HAL module to read/write/unlink contents of this dir +allow fingerprintd fingerprintd_data_file:dir rw_dir_perms; + +# Need to add auth tokens to KeyStore +use_keystore(fingerprintd) +allow fingerprintd keystore:keystore_key { add_auth }; + +# For permissions checking +binder_call(fingerprintd, system_server); +allow fingerprintd permission_service:service_manager find; + +allow fingerprintd ion_device:chr_file r_file_perms; diff --git a/prebuilts/api/30.0/public/flags_health_check.te b/prebuilts/api/30.0/public/flags_health_check.te new file mode 100644 index 000000000..6315d44e4 --- /dev/null +++ b/prebuilts/api/30.0/public/flags_health_check.te @@ -0,0 +1,35 @@ +# The flags_health_check command run by init. +type flags_health_check, domain, coredomain; +type flags_health_check_exec, system_file_type, exec_type, file_type; + +set_prop(flags_health_check, device_config_boot_count_prop) +set_prop(flags_health_check, device_config_reset_performed_prop) +set_prop(flags_health_check, device_config_runtime_native_boot_prop) +set_prop(flags_health_check, device_config_runtime_native_prop) +set_prop(flags_health_check, device_config_input_native_boot_prop) +set_prop(flags_health_check, device_config_netd_native_prop) +set_prop(flags_health_check, device_config_activity_manager_native_boot_prop) +set_prop(flags_health_check, device_config_media_native_prop) +set_prop(flags_health_check, device_config_storage_native_boot_prop) +set_prop(flags_health_check, device_config_sys_traced_prop) +set_prop(flags_health_check, device_config_window_manager_native_boot_prop) +set_prop(flags_health_check, device_config_configuration_prop) + +allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms; +allow flags_health_check server_configurable_flags_data_file:file create_file_perms; + +# system property device_config_boot_count_prop is used for deciding when to perform server +# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a +# wrong timing, trigger server configurable flag related disaster recovery, which will override +# server configured values of all flags with default values. +neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set; + +# system property device_config_reset_performed_prop is used for indicating whether server +# configurable flags have been reset during booting. Mistakenly modified by unrelated components can +# cause bad server configurable flags synced back to device. +neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set; + +# server_configurable_flags_data_file is used for storing whether server configurable flags which +# have been reset during current booting. Mistakenly modified by unrelated components can +# cause bad server configurable flags synced back to device. +neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms; diff --git a/prebuilts/api/30.0/public/fsck.te b/prebuilts/api/30.0/public/fsck.te new file mode 100644 index 000000000..7a9fbeef1 --- /dev/null +++ b/prebuilts/api/30.0/public/fsck.te @@ -0,0 +1,68 @@ +# Any fsck program run by init +type fsck, domain; +type fsck_exec, system_file_type, exec_type, file_type; + +# /dev/__null__ created by init prior to policy load, +# open fd inherited by fsck. +allow fsck tmpfs:chr_file { read write ioctl }; + +# Inherit and use pty created by android_fork_execvp_ext(). +allow fsck devpts:chr_file { read write ioctl getattr }; + +# Allow stdin/out back to vold +allow fsck vold:fd use; +allow fsck vold:fifo_file { read write getattr }; + +# Run fsck on certain block devices +allow fsck block_device:dir search; +allow fsck userdata_block_device:blk_file rw_file_perms; +allow fsck cache_block_device:blk_file rw_file_perms; +allow fsck dm_device:blk_file rw_file_perms; +userdebug_or_eng(` +allow fsck system_block_device:blk_file rw_file_perms; +') + +# For the block devices where we have ioctl access, +# allow at a minimum the following common fsck ioctls. +allowxperm fsck dev_type:blk_file ioctl { + BLKDISCARDZEROES + BLKROGET +}; + +# To determine if it is safe to run fsck on a filesystem, e2fsck +# must first determine if the filesystem is mounted. To do that, +# e2fsck scans through /proc/mounts and collects all the mounted +# block devices. With that information, it runs stat() on each block +# device, comparing the major and minor numbers to the filesystem +# passed in on the command line. If there is a match, then the filesystem +# is currently mounted and running fsck is dangerous. +# Allow stat access to all block devices so that fsck can compare +# major/minor values. +allow fsck dev_type:blk_file getattr; + +allow fsck { + proc_mounts + proc_swaps +}:file r_file_perms; +allow fsck rootfs:dir r_dir_perms; + +### +### neverallow rules +### + +# fsck should never be run on these block devices +neverallow fsck { + boot_block_device + frp_block_device + recovery_block_device + root_block_device + swap_block_device + system_block_device + userdebug_or_eng(`-system_block_device') + vold_device +}:blk_file no_rw_file_perms; + +# Only allow entry from init or vold via fsck binaries +neverallow { domain -init -vold } fsck:process transition; +neverallow * fsck:process dyntransition; +neverallow fsck { file_type fs_type -fsck_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/public/fsck_untrusted.te b/prebuilts/api/30.0/public/fsck_untrusted.te new file mode 100644 index 000000000..8510c9424 --- /dev/null +++ b/prebuilts/api/30.0/public/fsck_untrusted.te @@ -0,0 +1,49 @@ +# Any fsck program run on untrusted block devices +type fsck_untrusted, domain; + +# Inherit and use pty created by android_fork_execvp_ext(). +allow fsck_untrusted devpts:chr_file { read write ioctl getattr }; + +# Allow stdin/out back to vold +allow fsck_untrusted vold:fd use; +allow fsck_untrusted vold:fifo_file { read write getattr }; + +# Run fsck on vold block devices +allow fsck_untrusted block_device:dir search; +allow fsck_untrusted vold_device:blk_file rw_file_perms; + +allow fsck_untrusted proc_mounts:file r_file_perms; + +# To determine if it is safe to run fsck on a filesystem, e2fsck +# must first determine if the filesystem is mounted. To do that, +# e2fsck scans through /proc/mounts and collects all the mounted +# block devices. With that information, it runs stat() on each block +# device, comparing the major and minor numbers to the filesystem +# passed in on the command line. If there is a match, then the filesystem +# is currently mounted and running fsck is dangerous. +# Allow stat access to all block devices so that fsck can compare +# major/minor values. +allow fsck_untrusted dev_type:blk_file getattr; + +### +### neverallow rules +### + +# Untrusted fsck should never be run on block devices holding sensitive data +neverallow fsck_untrusted { + boot_block_device + frp_block_device + metadata_block_device + recovery_block_device + root_block_device + swap_block_device + system_block_device + userdata_block_device + cache_block_device + dm_device +}:blk_file no_rw_file_perms; + +# Only allow entry from vold via fsck binaries +neverallow { domain -vold } fsck_untrusted:process transition; +neverallow * fsck_untrusted:process dyntransition; +neverallow fsck_untrusted { file_type fs_type -fsck_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/public/fwk_bufferhub.te b/prebuilts/api/30.0/public/fwk_bufferhub.te new file mode 100644 index 000000000..03486bd1e --- /dev/null +++ b/prebuilts/api/30.0/public/fwk_bufferhub.te @@ -0,0 +1,4 @@ +binder_call(hal_bufferhub_client, hal_bufferhub_server) +binder_call(hal_bufferhub_server, hal_bufferhub_client) + +hal_attribute_hwservice(hal_bufferhub, fwk_bufferhub_hwservice) diff --git a/prebuilts/api/30.0/public/gatekeeperd.te b/prebuilts/api/30.0/public/gatekeeperd.te new file mode 100644 index 000000000..dc46d0789 --- /dev/null +++ b/prebuilts/api/30.0/public/gatekeeperd.te @@ -0,0 +1,41 @@ +type gatekeeperd, domain; +type gatekeeperd_exec, system_file_type, exec_type, file_type; + +# gatekeeperd +binder_service(gatekeeperd) +binder_use(gatekeeperd) + +### Rules needed when Gatekeeper HAL runs inside gatekeeperd process. +### These rules should eventually be granted only when needed. +allow gatekeeperd ion_device:chr_file r_file_perms; +# Load HAL implementation +allow gatekeeperd system_file:dir r_dir_perms; +### + +### Rules needed when Gatekeeper HAL runs outside of gatekeeperd process. +### These rules should eventually be granted only when needed. +hal_client_domain(gatekeeperd, hal_gatekeeper) +### + +# need to find KeyStore and add self +add_service(gatekeeperd, gatekeeper_service) + +# Need to add auth tokens to KeyStore +use_keystore(gatekeeperd) +allow gatekeeperd keystore:keystore_key { add_auth }; + +# For permissions checking +allow gatekeeperd system_server:binder call; +allow gatekeeperd permission_service:service_manager find; + +# for SID file access +allow gatekeeperd gatekeeper_data_file:dir rw_dir_perms; +allow gatekeeperd gatekeeper_data_file:file create_file_perms; + +# For hardware properties retrieval +allow gatekeeperd hardware_properties_service:service_manager find; + +# For checking whether GSI is running +get_prop(gatekeeperd, gsid_prop) + +r_dir_file(gatekeeperd, cgroup) diff --git a/prebuilts/api/30.0/public/global_macros b/prebuilts/api/30.0/public/global_macros new file mode 100644 index 000000000..2c87fde5e --- /dev/null +++ b/prebuilts/api/30.0/public/global_macros @@ -0,0 +1,51 @@ +##################################### +# Common groupings of object classes. +# +define(`capability_class_set', `{ capability capability2 cap_userns cap2_userns }') +define(`global_capability_class_set', `{ capability cap_userns }') +define(`global_capability2_class_set', `{ capability2 cap2_userns }') + +define(`devfile_class_set', `{ chr_file blk_file }') +define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }') +define(`file_class_set', `{ devfile_class_set notdevfile_class_set }') +define(`dir_file_class_set', `{ dir file_class_set }') + +define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket }') +define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }') +define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket sctp_socket }') +define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }') +define(`network_socket_class_set', `{ icmp_socket rawip_socket tcp_socket udp_socket }') + +define(`ipc_class_set', `{ sem msgq shm ipc }') + +##################################### +# Common groupings of permissions. +# +define(`x_file_perms', `{ getattr execute execute_no_trans map }') +define(`r_file_perms', `{ getattr open read ioctl lock map watch watch_reads }') +define(`w_file_perms', `{ open append write lock map }') +define(`rx_file_perms', `{ r_file_perms x_file_perms }') +define(`ra_file_perms', `{ r_file_perms append }') +define(`rw_file_perms', `{ r_file_perms w_file_perms }') +define(`rwx_file_perms', `{ rw_file_perms x_file_perms }') +define(`create_file_perms', `{ create rename setattr unlink rw_file_perms }') + +define(`r_dir_perms', `{ open getattr read search ioctl lock watch watch_reads }') +define(`w_dir_perms', `{ open search write add_name remove_name lock }') +define(`ra_dir_perms', `{ r_dir_perms add_name write }') +define(`rw_dir_perms', `{ r_dir_perms w_dir_perms }') +define(`create_dir_perms', `{ create reparent rename rmdir setattr rw_dir_perms }') + +define(`r_ipc_perms', `{ getattr read associate unix_read }') +define(`w_ipc_perms', `{ write unix_write }') +define(`rw_ipc_perms', `{ r_ipc_perms w_ipc_perms }') +define(`create_ipc_perms', `{ create setattr destroy rw_ipc_perms }') + +##################################### +# Common socket permission sets. +define(`rw_socket_perms', `{ ioctl read getattr write setattr lock append bind connect getopt setopt shutdown map }') +define(`rw_socket_perms_no_ioctl', `{ read getattr write setattr lock append bind connect getopt setopt shutdown map }') +define(`create_socket_perms', `{ create rw_socket_perms }') +define(`create_socket_perms_no_ioctl', `{ create rw_socket_perms_no_ioctl }') +define(`rw_stream_socket_perms', `{ rw_socket_perms listen accept }') +define(`create_stream_socket_perms', `{ create rw_stream_socket_perms }') diff --git a/prebuilts/api/30.0/public/gmscore_app.te b/prebuilts/api/30.0/public/gmscore_app.te new file mode 100644 index 000000000..b574bf39c --- /dev/null +++ b/prebuilts/api/30.0/public/gmscore_app.te @@ -0,0 +1,5 @@ +### +### A domain for further sandboxing the PrebuiltGMSCore app. +### + +type gmscore_app, domain; diff --git a/prebuilts/api/30.0/public/gpuservice.te b/prebuilts/api/30.0/public/gpuservice.te new file mode 100644 index 000000000..c862d0b7f --- /dev/null +++ b/prebuilts/api/30.0/public/gpuservice.te @@ -0,0 +1,2 @@ +# gpuservice - server for gpu stats and other gpu related services +type gpuservice, domain; diff --git a/prebuilts/api/30.0/public/hal_allocator.te b/prebuilts/api/30.0/public/hal_allocator.te new file mode 100644 index 000000000..6417b6289 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_allocator.te @@ -0,0 +1,6 @@ +# HwBinder IPC from client to server +binder_call(hal_allocator_client, hal_allocator_server) + +hal_attribute_hwservice(hal_allocator, hidl_allocator_hwservice) +allow hal_allocator_client hidl_memory_hwservice:hwservice_manager find; +allow hal_allocator_client same_process_hal_file:file { execute read open getattr map }; diff --git a/prebuilts/api/30.0/public/hal_atrace.te b/prebuilts/api/30.0/public/hal_atrace.te new file mode 100644 index 000000000..51d9237f9 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_atrace.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_atrace_client, hal_atrace_server) + +hal_attribute_hwservice(hal_atrace, hal_atrace_hwservice) diff --git a/prebuilts/api/30.0/public/hal_audio.te b/prebuilts/api/30.0/public/hal_audio.te new file mode 100644 index 000000000..d54b2b250 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_audio.te @@ -0,0 +1,41 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_audio_client, hal_audio_server) +binder_call(hal_audio_server, hal_audio_client) + +hal_attribute_hwservice(hal_audio, hal_audio_hwservice) + +allow hal_audio ion_device:chr_file r_file_perms; + +r_dir_file(hal_audio, proc) +r_dir_file(hal_audio, proc_asound) +allow hal_audio_server audio_device:dir r_dir_perms; +allow hal_audio_server audio_device:chr_file rw_file_perms; + +# Needed to provide debug dump output via dumpsys' pipes. +allow hal_audio shell:fd use; +allow hal_audio shell:fifo_file write; +allow hal_audio dumpstate:fd use; +allow hal_audio dumpstate:fifo_file write; + +# Needed to allow sound trigger hal to access shared memory from apps. +allow hal_audio_server appdomain:fd use; + +# allow hal audio to use vnbinder +vndbinder_use(hal_audio) + +### +### neverallow rules +### + +# Should never execute any executable without a domain transition +neverallow hal_audio_server { file_type fs_type }:file execute_no_trans; + +# Should never need network access. +# Disallow network sockets. +neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *; + +# Only audio HAL may directly access the audio hardware +neverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *; + +get_prop(hal_audio, bluetooth_a2dp_offload_prop) +get_prop(hal_audio, bluetooth_audio_hal_prop) diff --git a/prebuilts/api/30.0/public/hal_audiocontrol.te b/prebuilts/api/30.0/public/hal_audiocontrol.te new file mode 100644 index 000000000..4a52b8954 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_audiocontrol.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_audiocontrol_client, hal_audiocontrol_server) +binder_call(hal_audiocontrol_server, hal_audiocontrol_client) + +hal_attribute_hwservice(hal_audiocontrol, hal_audiocontrol_hwservice) diff --git a/prebuilts/api/30.0/public/hal_authsecret.te b/prebuilts/api/30.0/public/hal_authsecret.te new file mode 100644 index 000000000..daf8d4877 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_authsecret.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_authsecret_client, hal_authsecret_server) + +hal_attribute_hwservice(hal_authsecret, hal_authsecret_hwservice) diff --git a/prebuilts/api/30.0/public/hal_bluetooth.te b/prebuilts/api/30.0/public/hal_bluetooth.te new file mode 100644 index 000000000..97177bad7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_bluetooth.te @@ -0,0 +1,32 @@ +# HwBinder IPC from clients into server, and callbacks +binder_call(hal_bluetooth_client, hal_bluetooth_server) +binder_call(hal_bluetooth_server, hal_bluetooth_client) + +hal_attribute_hwservice(hal_bluetooth, hal_bluetooth_hwservice) + +wakelock_use(hal_bluetooth); + +# The HAL toggles rfkill to power the chip off/on. +allow hal_bluetooth self:global_capability_class_set net_admin; + +# bluetooth factory file accesses. +r_dir_file(hal_bluetooth, bluetooth_efs_file) + +allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms; + +# sysfs access. +r_dir_file(hal_bluetooth, sysfs_type) +allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms; +allow hal_bluetooth self:global_capability2_class_set wake_alarm; + +# Allow write access to bluetooth-specific properties +set_prop(hal_bluetooth, bluetooth_a2dp_offload_prop) +set_prop(hal_bluetooth, bluetooth_audio_hal_prop) +set_prop(hal_bluetooth, bluetooth_prop) +set_prop(hal_bluetooth, exported_bluetooth_prop) + +# /proc access (bluesleep etc.). +allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms; + +# allow to run with real-time scheduling policy +allow hal_bluetooth self:global_capability_class_set sys_nice; diff --git a/prebuilts/api/30.0/public/hal_bootctl.te b/prebuilts/api/30.0/public/hal_bootctl.te new file mode 100644 index 000000000..be9975f89 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_bootctl.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_bootctl_client, hal_bootctl_server) +binder_call(hal_bootctl_server, hal_bootctl_client) + +hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice) diff --git a/prebuilts/api/30.0/public/hal_broadcastradio.te b/prebuilts/api/30.0/public/hal_broadcastradio.te new file mode 100644 index 000000000..84a25970f --- /dev/null +++ b/prebuilts/api/30.0/public/hal_broadcastradio.te @@ -0,0 +1,4 @@ +binder_call(hal_broadcastradio_client, hal_broadcastradio_server) +binder_call(hal_broadcastradio_server, hal_broadcastradio_client) + +hal_attribute_hwservice(hal_broadcastradio, hal_broadcastradio_hwservice) diff --git a/prebuilts/api/30.0/public/hal_camera.te b/prebuilts/api/30.0/public/hal_camera.te new file mode 100644 index 000000000..77216e4a3 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_camera.te @@ -0,0 +1,36 @@ +# HwBinder IPC from clients to server and callbacks +binder_call(hal_camera_client, hal_camera_server) +binder_call(hal_camera_server, hal_camera_client) + +hal_attribute_hwservice(hal_camera, hal_camera_hwservice) + +allow hal_camera device:dir r_dir_perms; +allow hal_camera video_device:dir r_dir_perms; +allow hal_camera video_device:chr_file rw_file_perms; +allow hal_camera camera_device:chr_file rw_file_perms; +allow hal_camera ion_device:chr_file rw_file_perms; +# Both the client and the server need to use the graphics allocator +allow { hal_camera_client hal_camera_server } hal_graphics_allocator:fd use; + +# Allow hal_camera to use fd from app,gralloc,and ashmem HAL +allow hal_camera { appdomain -isolated_app }:fd use; +allow hal_camera surfaceflinger:fd use; +allow hal_camera hal_allocator_server:fd use; + +# Needed to provide debug dump output via dumpsys' pipes. +allow hal_camera shell:fd use; +allow hal_camera shell:fifo_file write; + +### +### neverallow rules +### + +# hal_camera should never execute any executable without a +# domain transition +neverallow hal_camera_server { file_type fs_type }:file execute_no_trans; + +# hal_camera should never need network access. Disallow network sockets. +neverallow hal_camera_server domain:{ tcp_socket udp_socket rawip_socket } *; + +# Only camera HAL may directly access the camera hardware +neverallow { halserverdomain -hal_camera_server } camera_device:chr_file *; diff --git a/prebuilts/api/30.0/public/hal_can.te b/prebuilts/api/30.0/public/hal_can.te new file mode 100644 index 000000000..c75495b36 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_can.te @@ -0,0 +1,9 @@ +# CAN controller +binder_call(hal_can_controller_client, hal_can_controller_server) +add_hwservice(hal_can_controller_server, hal_can_controller_hwservice) +allow hal_can_controller_client hal_can_controller_hwservice:hwservice_manager find; + +# CAN bus +binder_call(hal_can_bus_client, hal_can_bus_server) +add_hwservice(hal_can_bus_server, hal_can_bus_hwservice) +allow hal_can_bus_client hal_can_bus_hwservice:hwservice_manager find; diff --git a/prebuilts/api/30.0/public/hal_cas.te b/prebuilts/api/30.0/public/hal_cas.te new file mode 100644 index 000000000..7de6a1353 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_cas.te @@ -0,0 +1,34 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_cas_client, hal_cas_server) +binder_call(hal_cas_server, hal_cas_client) + +hal_attribute_hwservice(hal_cas, hal_cas_hwservice) +allow hal_cas_server hidl_memory_hwservice:hwservice_manager find; + +# Permit reading device's serial number from system properties +get_prop(hal_cas_server, serialno_prop) + +# Read files already opened under /data +allow hal_cas system_data_file:file { getattr read }; + +# Read access to pseudo filesystems +r_dir_file(hal_cas, cgroup) +allow hal_cas cgroup:dir { search write }; +allow hal_cas cgroup:file w_file_perms; + +# Allow access to ion memory allocation device +allow hal_cas ion_device:chr_file rw_file_perms; +allow hal_cas hal_graphics_allocator:fd use; + +allow hal_cas tee_device:chr_file rw_file_perms; + +### +### neverallow rules +### + +# hal_cas should never execute any executable without a +# domain transition +neverallow hal_cas_server { file_type fs_type }:file execute_no_trans; + +# do not allow privileged socket ioctl commands +neverallowxperm hal_cas_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; diff --git a/prebuilts/api/30.0/public/hal_codec2.te b/prebuilts/api/30.0/public/hal_codec2.te new file mode 100644 index 000000000..8c7816a88 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_codec2.te @@ -0,0 +1,25 @@ +get_prop(hal_codec2_client, media_variant_prop) +get_prop(hal_codec2_server, media_variant_prop) + +binder_call(hal_codec2_client, hal_codec2_server) +binder_call(hal_codec2_server, hal_codec2_client) + +hal_attribute_hwservice(hal_codec2, hal_codec2_hwservice) + +# The following permissions are added to hal_codec2_server because vendor and +# vndk libraries provided for Codec2 implementation need them. + +# Allow server access to composer sync fences +allow hal_codec2_server hal_graphics_composer:fd use; + +# Allow both server and client access to ion +allow hal_codec2_server ion_device:chr_file r_file_perms; + +# Allow server access to camera HAL's fences +allow hal_codec2_server hal_camera:fd use; + +# Receive gralloc buffer FDs from bufferhubd. +allow hal_codec2_server bufferhubd:fd use; + +allow hal_codec2_client ion_device:chr_file r_file_perms; + diff --git a/prebuilts/api/30.0/public/hal_configstore.te b/prebuilts/api/30.0/public/hal_configstore.te new file mode 100644 index 000000000..069da4791 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_configstore.te @@ -0,0 +1,69 @@ +# HwBinder IPC from client to server +binder_call(hal_configstore_client, hal_configstore_server) + +hal_attribute_hwservice(hal_configstore, hal_configstore_ISurfaceFlingerConfigs) + +# hal_configstore runs with a strict seccomp filter. Use crash_dump's +# fallback path to collect crash data. +crash_dump_fallback(hal_configstore_server) + +### +### neverallow rules +### + +# Should never execute an executable without a domain transition +neverallow hal_configstore_server { file_type fs_type }:file execute_no_trans; + +# Should never need network access. Disallow sockets except for +# for unix stream/dgram sockets used for logging/debugging. +neverallow hal_configstore_server domain:{ + rawip_socket tcp_socket udp_socket + netlink_route_socket netlink_selinux_socket + socket netlink_socket packet_socket key_socket appletalk_socket + netlink_tcpdiag_socket netlink_nflog_socket + netlink_xfrm_socket netlink_audit_socket + netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket + netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket + netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket + netlink_rdma_socket netlink_crypto_socket +} *; +neverallow hal_configstore_server { + domain + -hal_configstore_server + -logd + userdebug_or_eng(`-su') + -tombstoned + userdebug_or_eng(`-heapprofd') + userdebug_or_eng(`-traced_perf') +}:{ unix_dgram_socket unix_stream_socket } *; + +# Should never need access to anything on /data +neverallow hal_configstore_server { + data_file_type + -anr_data_file # for crash dump collection + -tombstone_data_file # for crash dump collection + -zoneinfo_data_file # granted to domain + with_native_coverage(`-method_trace_data_file') +}:{ file fifo_file sock_file } *; + +# Should never need sdcard access +neverallow hal_configstore_server { + sdcard_type + fuse sdcardfs vfat exfat # manual expansion for completeness +}:dir ~getattr; +neverallow hal_configstore_server { + sdcard_type + fuse sdcardfs vfat exfat # manual expansion for completeness +}:file *; + +# Do not permit access to service_manager and vndservice_manager +neverallow hal_configstore_server *:service_manager *; + +# No privileged capabilities +neverallow hal_configstore_server self:capability_class_set *; + +# No ptracing other processes +neverallow hal_configstore_server *:process ptrace; + +# no relabeling +neverallow hal_configstore_server *:dir_file_class_set { relabelfrom relabelto }; diff --git a/prebuilts/api/30.0/public/hal_confirmationui.te b/prebuilts/api/30.0/public/hal_confirmationui.te new file mode 100644 index 000000000..5d2e4b7a1 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_confirmationui.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_confirmationui_client, hal_confirmationui_server) + +hal_attribute_hwservice(hal_confirmationui, hal_confirmationui_hwservice) diff --git a/prebuilts/api/30.0/public/hal_contexthub.te b/prebuilts/api/30.0/public/hal_contexthub.te new file mode 100644 index 000000000..34acb38d6 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_contexthub.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_contexthub_client, hal_contexthub_server) +binder_call(hal_contexthub_server, hal_contexthub_client) + +hal_attribute_hwservice(hal_contexthub, hal_contexthub_hwservice) diff --git a/prebuilts/api/30.0/public/hal_drm.te b/prebuilts/api/30.0/public/hal_drm.te new file mode 100644 index 000000000..598749134 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_drm.te @@ -0,0 +1,52 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_drm_client, hal_drm_server) +binder_call(hal_drm_server, hal_drm_client) + +hal_attribute_hwservice(hal_drm, hal_drm_hwservice) + +allow hal_drm hidl_memory_hwservice:hwservice_manager find; + +# Required by Widevine DRM (b/22990512) +allow hal_drm self:process execmem; + +# Permit reading device's serial number from system properties +get_prop(hal_drm, serialno_prop) + +# Read files already opened under /data +allow hal_drm system_data_file:file { getattr read }; + +# Read access to pseudo filesystems +r_dir_file(hal_drm, cgroup) +allow hal_drm cgroup:dir { search write }; +allow hal_drm cgroup:file w_file_perms; + +# Allow access to ion memory allocation device +allow hal_drm ion_device:chr_file rw_file_perms; +allow hal_drm hal_graphics_allocator:fd use; + +# Allow access to hidl_memory allocation service +allow hal_drm hal_allocator_server:fd use; + +# Allow access to fds allocated by mediaserver +allow hal_drm mediaserver:fd use; + +allow hal_drm sysfs:file r_file_perms; + +allow hal_drm tee_device:chr_file rw_file_perms; + +allow hal_drm_server { appdomain -isolated_app }:fd use; + +# only allow unprivileged socket ioctl commands +allowxperm hal_drm self:{ rawip_socket tcp_socket udp_socket } + ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; + +### +### neverallow rules +### + +# hal_drm should never execute any executable without a +# domain transition +neverallow hal_drm_server { file_type fs_type }:file execute_no_trans; + +# do not allow privileged socket ioctl commands +neverallowxperm hal_drm_server domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; diff --git a/prebuilts/api/30.0/public/hal_dumpstate.te b/prebuilts/api/30.0/public/hal_dumpstate.te new file mode 100644 index 000000000..b7676ed29 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_dumpstate.te @@ -0,0 +1,10 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_dumpstate_client, hal_dumpstate_server) +binder_call(hal_dumpstate_server, hal_dumpstate_client) + +hal_attribute_hwservice(hal_dumpstate, hal_dumpstate_hwservice) + +# write bug reports in /data/data/com.android.shell/files/bugreports/bugreport +allow hal_dumpstate shell_data_file:file write; +# allow reading /proc/interrupts for all hal impls +allow hal_dumpstate proc_interrupts:file r_file_perms; diff --git a/prebuilts/api/30.0/public/hal_evs.te b/prebuilts/api/30.0/public/hal_evs.te new file mode 100644 index 000000000..789333af7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_evs.te @@ -0,0 +1,5 @@ +hwbinder_use(hal_evs_client) +hwbinder_use(hal_evs_server) +binder_call(hal_evs_client, hal_evs_server) +binder_call(hal_evs_server, hal_evs_client) +hal_attribute_hwservice(hal_evs, hal_evs_hwservice) diff --git a/prebuilts/api/30.0/public/hal_face.te b/prebuilts/api/30.0/public/hal_face.te new file mode 100644 index 000000000..b25058642 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_face.te @@ -0,0 +1,12 @@ +# Allow HwBinder IPC from client to server, and vice versa for callbacks. +binder_call(hal_face_client, hal_face_server) +binder_call(hal_face_server, hal_face_client) + +hal_attribute_hwservice(hal_face, hal_face_hwservice) + +# Allow access to the ion memory allocation device. +allow hal_face ion_device:chr_file r_file_perms; + +# Allow read/write access to the face template directory. +allow hal_face face_vendor_data_file:file create_file_perms; +allow hal_face face_vendor_data_file:dir rw_dir_perms; diff --git a/prebuilts/api/30.0/public/hal_fingerprint.te b/prebuilts/api/30.0/public/hal_fingerprint.te new file mode 100644 index 000000000..b673e291b --- /dev/null +++ b/prebuilts/api/30.0/public/hal_fingerprint.te @@ -0,0 +1,16 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_fingerprint_client, hal_fingerprint_server) +binder_call(hal_fingerprint_server, hal_fingerprint_client) + +hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice) + +# For memory allocation +allow hal_fingerprint ion_device:chr_file r_file_perms; + +allow hal_fingerprint fingerprint_vendor_data_file:file { create_file_perms }; +allow hal_fingerprint fingerprint_vendor_data_file:dir rw_dir_perms; + +r_dir_file(hal_fingerprint, cgroup) +r_dir_file(hal_fingerprint, sysfs) + + diff --git a/prebuilts/api/30.0/public/hal_gatekeeper.te b/prebuilts/api/30.0/public/hal_gatekeeper.te new file mode 100644 index 000000000..b918f88a2 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_gatekeeper.te @@ -0,0 +1,7 @@ +binder_call(hal_gatekeeper_client, hal_gatekeeper_server) + +hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice) + +# TEE access. +allow hal_gatekeeper tee_device:chr_file rw_file_perms; +allow hal_gatekeeper ion_device:chr_file r_file_perms; diff --git a/prebuilts/api/30.0/public/hal_gnss.te b/prebuilts/api/30.0/public/hal_gnss.te new file mode 100644 index 000000000..9bfc4ec36 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_gnss.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_gnss_client, hal_gnss_server) +binder_call(hal_gnss_server, hal_gnss_client) + +hal_attribute_hwservice(hal_gnss, hal_gnss_hwservice) diff --git a/prebuilts/api/30.0/public/hal_graphics_allocator.te b/prebuilts/api/30.0/public/hal_graphics_allocator.te new file mode 100644 index 000000000..991e147c7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_graphics_allocator.te @@ -0,0 +1,13 @@ +# HwBinder IPC from client to server +binder_call(hal_graphics_allocator_client, hal_graphics_allocator_server) + +hal_attribute_hwservice(hal_graphics_allocator, hal_graphics_allocator_hwservice) +allow hal_graphics_allocator_client hal_graphics_mapper_hwservice:hwservice_manager find; +allow hal_graphics_allocator_client same_process_hal_file:file { execute read open getattr map }; + +# GPU device access +allow hal_graphics_allocator gpu_device:chr_file rw_file_perms; +allow hal_graphics_allocator ion_device:chr_file r_file_perms; + +# allow to run with real-time scheduling policy +allow hal_graphics_allocator self:global_capability_class_set sys_nice; diff --git a/prebuilts/api/30.0/public/hal_graphics_composer.te b/prebuilts/api/30.0/public/hal_graphics_composer.te new file mode 100644 index 000000000..cb4a1307f --- /dev/null +++ b/prebuilts/api/30.0/public/hal_graphics_composer.te @@ -0,0 +1,31 @@ +type hal_graphics_composer_server_tmpfs, file_type; +attribute hal_graphics_composer_client_tmpfs; +expandattribute hal_graphics_composer_client_tmpfs true; + +# HwBinder IPC from client to server, and callbacks +binder_call(hal_graphics_composer_client, hal_graphics_composer_server) +binder_call(hal_graphics_composer_server, hal_graphics_composer_client) +allow hal_graphics_composer_client hal_graphics_composer_server_tmpfs:file { getattr map read write }; +allow hal_graphics_composer_server hal_graphics_composer_client_tmpfs:file { getattr map read write }; + +hal_attribute_hwservice(hal_graphics_composer, hal_graphics_composer_hwservice) + +# Coordinate with hal_graphics_mapper +allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find; + +# GPU device access +allow hal_graphics_composer gpu_device:chr_file rw_file_perms; +allow hal_graphics_composer ion_device:chr_file r_file_perms; +allow hal_graphics_composer hal_graphics_allocator:fd use; + +# Access /dev/graphics/fb0. +allow hal_graphics_composer graphics_device:dir search; +allow hal_graphics_composer graphics_device:chr_file rw_file_perms; + +# Fences +allow hal_graphics_composer system_server:fd use; +allow hal_graphics_composer bootanim:fd use; +allow hal_graphics_composer appdomain:fd use; + +# allow self to set SCHED_FIFO +allow hal_graphics_composer self:global_capability_class_set sys_nice; diff --git a/prebuilts/api/30.0/public/hal_health.te b/prebuilts/api/30.0/public/hal_health.te new file mode 100644 index 000000000..dc7d0836e --- /dev/null +++ b/prebuilts/api/30.0/public/hal_health.te @@ -0,0 +1,27 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_health_client, hal_health_server) +binder_call(hal_health_server, hal_health_client) + +hal_attribute_hwservice(hal_health, hal_health_hwservice) + +# Common rules for a health service. + +# Allow to listen to uevents for updates +allow hal_health_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Allow to read /sys/class/power_supply directory +allow hal_health_server sysfs:dir r_dir_perms; + +# Allow to read files under /sys/class/power_supply. Implementations typically have symlinks +# to vendor specific files. Vendors should mark sysfs_batteryinfo on all files read by health +# HAL service. +r_dir_file(hal_health_server, sysfs_batteryinfo) + +# Allow to wake up to send periodic events +wakelock_use(hal_health_server) + +# Write to /dev/kmsg +allow hal_health_server kmsg_device:chr_file { getattr w_file_perms }; + +# Allow to use timerfd to wake itself up periodically to send health info. +allow hal_health_server self:capability2 wake_alarm; diff --git a/prebuilts/api/30.0/public/hal_health_storage.te b/prebuilts/api/30.0/public/hal_health_storage.te new file mode 100644 index 000000000..61e609b68 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_health_storage.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_health_storage_client, hal_health_storage_server) +binder_call(hal_health_storage_server, hal_health_storage_client) + +hal_attribute_hwservice(hal_health_storage, hal_health_storage_hwservice) diff --git a/prebuilts/api/30.0/public/hal_identity.te b/prebuilts/api/30.0/public/hal_identity.te new file mode 100644 index 000000000..3a95743c2 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_identity.te @@ -0,0 +1,7 @@ +# HwBinder IPC from client to server +binder_call(hal_identity_client, hal_identity_server) + +add_service(hal_identity_server, hal_identity_service) +binder_call(hal_identity_server, servicemanager) + +allow hal_identity_client hal_identity_service:service_manager find; diff --git a/prebuilts/api/30.0/public/hal_input_classifier.te b/prebuilts/api/30.0/public/hal_input_classifier.te new file mode 100644 index 000000000..70a4b7deb --- /dev/null +++ b/prebuilts/api/30.0/public/hal_input_classifier.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_input_classifier_client, hal_input_classifier_server) + +hal_attribute_hwservice(hal_input_classifier, hal_input_classifier_hwservice) diff --git a/prebuilts/api/30.0/public/hal_ir.te b/prebuilts/api/30.0/public/hal_ir.te new file mode 100644 index 000000000..29555f74c --- /dev/null +++ b/prebuilts/api/30.0/public/hal_ir.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_ir_client, hal_ir_server) +binder_call(hal_ir_server, hal_ir_client) + +hal_attribute_hwservice(hal_ir, hal_ir_hwservice) diff --git a/prebuilts/api/30.0/public/hal_keymaster.te b/prebuilts/api/30.0/public/hal_keymaster.te new file mode 100644 index 000000000..3e164ade9 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_keymaster.te @@ -0,0 +1,7 @@ +# HwBinder IPC from client to server +binder_call(hal_keymaster_client, hal_keymaster_server) + +hal_attribute_hwservice(hal_keymaster, hal_keymaster_hwservice) + +allow hal_keymaster tee_device:chr_file rw_file_perms; +allow hal_keymaster ion_device:chr_file r_file_perms; diff --git a/prebuilts/api/30.0/public/hal_light.te b/prebuilts/api/30.0/public/hal_light.te new file mode 100644 index 000000000..7054d7b32 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_light.te @@ -0,0 +1,19 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_light_client, hal_light_server) +binder_call(hal_light_server, hal_light_client) + +hal_attribute_hwservice(hal_light, hal_light_hwservice) + +# client finds and uses server via service_manager +allow hal_light_client hal_light_service:service_manager find; +binder_use(hal_light_client) + +# server adds itself via service_manager +add_service(hal_light_server, hal_light_service) +binder_call(hal_light_server, servicemanager) + +allow hal_light_server dumpstate:fifo_file write; + +allow hal_light sysfs_leds:lnk_file read; +allow hal_light sysfs_leds:file rw_file_perms; +allow hal_light sysfs_leds:dir r_dir_perms; diff --git a/prebuilts/api/30.0/public/hal_lowpan.te b/prebuilts/api/30.0/public/hal_lowpan.te new file mode 100644 index 000000000..6fb95e943 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_lowpan.te @@ -0,0 +1,20 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_lowpan_client, hal_lowpan_server) +binder_call(hal_lowpan_server, hal_lowpan_client) + + +# Allow hal_lowpan_client to be able to find the hal_lowpan_server +hal_attribute_hwservice(hal_lowpan, hal_lowpan_hwservice) + +# hal_lowpan domain can write/read to/from lowpan_prop +set_prop(hal_lowpan_server, lowpan_prop) + +# Allow hal_lowpan_server to open lowpan_devices +allow hal_lowpan_server lowpan_device:chr_file rw_file_perms; + +### +### neverallow rules +### + +# Only LoWPAN HAL may directly access LoWPAN hardware +neverallow { domain -hal_lowpan_server -init -ueventd } lowpan_device:chr_file ~getattr; diff --git a/prebuilts/api/30.0/public/hal_memtrack.te b/prebuilts/api/30.0/public/hal_memtrack.te new file mode 100644 index 000000000..ed93a29a4 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_memtrack.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_memtrack_client, hal_memtrack_server) + +hal_attribute_hwservice(hal_memtrack, hal_memtrack_hwservice) diff --git a/prebuilts/api/30.0/public/hal_neuralnetworks.te b/prebuilts/api/30.0/public/hal_neuralnetworks.te new file mode 100644 index 000000000..f8d6ff5a7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_neuralnetworks.te @@ -0,0 +1,27 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server) +binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client) + +hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice) +allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find; +allow hal_neuralnetworks hal_allocator:fd use; +allow hal_neuralnetworks hal_graphics_mapper_hwservice:hwservice_manager find; +allow hal_neuralnetworks hal_graphics_allocator:fd use; + +# Allow NN HAL service to use a client-provided fd residing in /data/data/. +allow hal_neuralnetworks_server app_data_file:file { read write getattr map }; +allow hal_neuralnetworks_server privapp_data_file:file { read write getattr map }; + +# Allow NN HAL service to use a client-provided fd residing in /data/local/tmp/. +allow hal_neuralnetworks_server shell_data_file:file { read write getattr map }; + +# Allow NN HAL service to read a client-provided ION memory fd. +allow hal_neuralnetworks_server ion_device:chr_file r_file_perms; + +# Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product +# property to determine whether to deny NNAPI extensions use for apps +# on product partition (apps in GSI are not allowed to use NNAPI extensions). +get_prop(hal_neuralnetworks_client, nnapi_ext_deny_product_prop); +# This property is only expected to be found in /product/build.prop, +# allow to be set only by init. +neverallow { domain -init } nnapi_ext_deny_product_prop:property_service set; diff --git a/prebuilts/api/30.0/public/hal_neverallows.te b/prebuilts/api/30.0/public/hal_neverallows.te new file mode 100644 index 000000000..411787826 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_neverallows.te @@ -0,0 +1,61 @@ +# only HALs responsible for network hardware should have privileged +# network capabilities +neverallow { + halserverdomain + -hal_bluetooth_server + -hal_can_controller_server + -hal_wifi_server + -hal_wifi_hostapd_server + -hal_wifi_supplicant_server + -hal_telephony_server +} self:global_capability_class_set { net_admin net_raw }; + +# Unless a HAL's job is to communicate over the network, or control network +# hardware, it should not be using network sockets. +# NOTE: HALs for automotive devices have an exemption from this rule because in +# a car it is common to have external modules and HALs need to communicate to +# those modules using network. Using this exemption for non-automotive builds +# will result in CTS failure. +neverallow { + halserverdomain + -hal_automotive_socket_exemption + -hal_can_controller_server + -hal_tetheroffload_server + -hal_wifi_server + -hal_wifi_hostapd_server + -hal_wifi_supplicant_server + -hal_telephony_server +} domain:{ tcp_socket udp_socket rawip_socket } *; + +### +# HALs are defined as an attribute and so a given domain could hypothetically +# have multiple HALs in it (or even all of them) with the subsequent policy of +# the domain comprised of the union of all the HALs. +# +# This is a problem because +# 1) Security sensitive components should only be accessed by specific HALs. +# 2) hwbinder_call and the restrictions it provides cannot be reasoned about in +# the platform. +# 3) The platform cannot reason about defense in depth if there are +# monolithic domains etc. +# +# As an example, hal_keymaster and hal_gatekeeper can access the TEE and while +# its OK for them to share a process its not OK with them to share processes +# with other hals. +# +# The following neverallow rules, in conjuntion with CTS tests, assert that +# these security principles are adhered to. +# +# Do not allow a hal to exec another process without a domain transition. +# TODO remove exemptions. +neverallow { + halserverdomain + -hal_dumpstate_server + -hal_telephony_server +} { file_type fs_type }:file execute_no_trans; +# Do not allow a process other than init to transition into a HAL domain. +neverallow { domain -init } halserverdomain:process transition; +# Only allow transitioning to a domain by running its executable. Do not +# allow transitioning into a HAL domain by use of seclabel in an +# init.*.rc script. +neverallow * halserverdomain:process dyntransition; diff --git a/prebuilts/api/30.0/public/hal_nfc.te b/prebuilts/api/30.0/public/hal_nfc.te new file mode 100644 index 000000000..7cef4a17d --- /dev/null +++ b/prebuilts/api/30.0/public/hal_nfc.te @@ -0,0 +1,11 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_nfc_client, hal_nfc_server) +binder_call(hal_nfc_server, hal_nfc_client) + +hal_attribute_hwservice(hal_nfc, hal_nfc_hwservice) + +# Set NFC properties (used by bcm2079x HAL). +set_prop(hal_nfc, nfc_prop) + +# NFC device access. +allow hal_nfc nfc_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/public/hal_oemlock.te b/prebuilts/api/30.0/public/hal_oemlock.te new file mode 100644 index 000000000..26b2b4265 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_oemlock.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_oemlock_client, hal_oemlock_server) + +hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice) diff --git a/prebuilts/api/30.0/public/hal_omx.te b/prebuilts/api/30.0/public/hal_omx.te new file mode 100644 index 000000000..8e74383d3 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_omx.te @@ -0,0 +1,49 @@ +# applies all permissions to hal_omx NOT hal_omx_server +# since OMX must always be in its own process. + +binder_call(hal_omx_server, binderservicedomain) +binder_call(hal_omx_server, { appdomain -isolated_app }) + +# Allow hal_omx_server access to composer sync fences +allow hal_omx_server hal_graphics_composer:fd use; + +allow hal_omx_server ion_device:chr_file rw_file_perms; +allow hal_omx_server hal_camera:fd use; + +crash_dump_fallback(hal_omx_server) + +# Recieve gralloc buffer FDs from bufferhubd. Note that hal_omx_server never +# directly connects to bufferhubd via PDX. Instead, a VR app acts as a bridge +# between those two: it talks to hal_omx_server via Binder and talks to bufferhubd +# via PDX. Thus, there is no need to use pdx_client macro. +allow hal_omx_server bufferhubd:fd use; + +hal_attribute_hwservice(hal_omx, hal_omx_hwservice) + +allow hal_omx_client hidl_token_hwservice:hwservice_manager find; + +get_prop(hal_omx_client, media_variant_prop) +get_prop(hal_omx_server, media_variant_prop) + +binder_call(hal_omx_client, hal_omx_server) +binder_call(hal_omx_server, hal_omx_client) + +### +### neverallow rules +### + +# hal_omx_server should never execute any executable without a +# domain transition +neverallow hal_omx_server { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow hal_omx_server domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/hal_power.te b/prebuilts/api/30.0/public/hal_power.te new file mode 100644 index 000000000..c94771b57 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_power.te @@ -0,0 +1,10 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_power_client, hal_power_server) +binder_call(hal_power_server, hal_power_client) + +hal_attribute_hwservice(hal_power, hal_power_hwservice) + +add_service(hal_power_server, hal_power_service) +binder_call(hal_power_server, servicemanager) +binder_call(hal_power_client, servicemanager) +allow hal_power_client hal_power_service:service_manager find; diff --git a/prebuilts/api/30.0/public/hal_power_stats.te b/prebuilts/api/30.0/public/hal_power_stats.te new file mode 100644 index 000000000..2c04008bd --- /dev/null +++ b/prebuilts/api/30.0/public/hal_power_stats.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_power_stats_client, hal_power_stats_server) +binder_call(hal_power_stats_server, hal_power_stats_client) + +hal_attribute_hwservice(hal_power_stats, hal_power_stats_hwservice) diff --git a/prebuilts/api/30.0/public/hal_rebootescrow.te b/prebuilts/api/30.0/public/hal_rebootescrow.te new file mode 100644 index 000000000..4352630ba --- /dev/null +++ b/prebuilts/api/30.0/public/hal_rebootescrow.te @@ -0,0 +1,7 @@ +# HwBinder IPC from client to server +binder_call(hal_rebootescrow_client, hal_rebootescrow_server) + +add_service(hal_rebootescrow_server, hal_rebootescrow_service) +binder_use(hal_rebootescrow_server) + +allow hal_rebootescrow_client hal_rebootescrow_service:service_manager find; diff --git a/prebuilts/api/30.0/public/hal_secure_element.te b/prebuilts/api/30.0/public/hal_secure_element.te new file mode 100644 index 000000000..3724d35b0 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_secure_element.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_secure_element_client, hal_secure_element_server) +binder_call(hal_secure_element_server, hal_secure_element_client) + +hal_attribute_hwservice(hal_secure_element, hal_secure_element_hwservice) diff --git a/prebuilts/api/30.0/public/hal_sensors.te b/prebuilts/api/30.0/public/hal_sensors.te new file mode 100644 index 000000000..06e76f1e1 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_sensors.te @@ -0,0 +1,14 @@ +# HwBinder IPC from client to server +binder_call(hal_sensors_client, hal_sensors_server) + +hal_attribute_hwservice(hal_sensors, hal_sensors_hwservice) + +# Allow sensor hals to access ashmem memory allocated by apps +allow hal_sensors { appdomain -isolated_app }:fd use; + +# Allow sensor hals to access ashmem memory allocated by android.hidl.allocator +# fd is passed in from framework sensorservice HAL. +allow hal_sensors hal_allocator:fd use; + +# allow to run with real-time scheduling policy +allow hal_sensors self:global_capability_class_set sys_nice; diff --git a/prebuilts/api/30.0/public/hal_telephony.te b/prebuilts/api/30.0/public/hal_telephony.te new file mode 100644 index 000000000..3e4b65dfa --- /dev/null +++ b/prebuilts/api/30.0/public/hal_telephony.te @@ -0,0 +1,42 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_telephony_client, hal_telephony_server) +binder_call(hal_telephony_server, hal_telephony_client) + +hal_attribute_hwservice(hal_telephony, hal_telephony_hwservice) + +allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls; + +allow hal_telephony_server self:netlink_route_socket nlmsg_write; +allow hal_telephony_server kernel:system module_request; +allow hal_telephony_server self:global_capability_class_set { setpcap setgid setuid net_admin net_raw }; +allow hal_telephony_server cgroup:dir create_dir_perms; +allow hal_telephony_server cgroup:{ file lnk_file } r_file_perms; +allow hal_telephony_server radio_device:chr_file rw_file_perms; +allow hal_telephony_server radio_device:blk_file r_file_perms; +allow hal_telephony_server efs_file:dir create_dir_perms; +allow hal_telephony_server efs_file:file create_file_perms; +allow hal_telephony_server vendor_shell_exec:file rx_file_perms; +allow hal_telephony_server bluetooth_efs_file:file r_file_perms; +allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms; + +# property service +set_prop(hal_telephony_server, radio_prop) +set_prop(hal_telephony_server, exported_radio_prop) +set_prop(hal_telephony_server, exported2_radio_prop) +set_prop(hal_telephony_server, exported3_radio_prop) + +allow hal_telephony_server tty_device:chr_file rw_file_perms; + +# Allow hal_telephony_server to create and use netlink sockets. +allow hal_telephony_server self:netlink_socket create_socket_perms_no_ioctl; +allow hal_telephony_server self:netlink_generic_socket create_socket_perms_no_ioctl; +allow hal_telephony_server self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +# Access to wake locks +wakelock_use(hal_telephony_server) + +r_dir_file(hal_telephony_server, proc_net_type) +r_dir_file(hal_telephony_server, sysfs_type) + +# granting the ioctl permission for hal_telephony_server should be device specific +allow hal_telephony_server self:socket create_socket_perms_no_ioctl; diff --git a/prebuilts/api/30.0/public/hal_tetheroffload.te b/prebuilts/api/30.0/public/hal_tetheroffload.te new file mode 100644 index 000000000..cf5172366 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_tetheroffload.te @@ -0,0 +1,8 @@ +## HwBinder IPC from client to server, and callbacks +binder_call(hal_tetheroffload_client, hal_tetheroffload_server) +binder_call(hal_tetheroffload_server, hal_tetheroffload_client) + +hal_attribute_hwservice(hal_tetheroffload, hal_tetheroffload_hwservice) + +# allow the client to pass the server already open netlink sockets +allow hal_tetheroffload_server hal_tetheroffload_client:netlink_netfilter_socket { getattr read setopt write }; diff --git a/prebuilts/api/30.0/public/hal_thermal.te b/prebuilts/api/30.0/public/hal_thermal.te new file mode 100644 index 000000000..2115da1b9 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_thermal.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_thermal_client, hal_thermal_server) +binder_call(hal_thermal_server, hal_thermal_client) + +hal_attribute_hwservice(hal_thermal, hal_thermal_hwservice) diff --git a/prebuilts/api/30.0/public/hal_tv_cec.te b/prebuilts/api/30.0/public/hal_tv_cec.te new file mode 100644 index 000000000..658490474 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_tv_cec.te @@ -0,0 +1,5 @@ +# HwBinder IPC from clients into server, and callbacks +binder_call(hal_tv_cec_client, hal_tv_cec_server) +binder_call(hal_tv_cec_server, hal_tv_cec_client) + +hal_attribute_hwservice(hal_tv_cec, hal_tv_cec_hwservice) diff --git a/prebuilts/api/30.0/public/hal_tv_input.te b/prebuilts/api/30.0/public/hal_tv_input.te new file mode 100644 index 000000000..5a5bdda16 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_tv_input.te @@ -0,0 +1,5 @@ +# HwBinder IPC from clients into server, and callbacks +binder_call(hal_tv_input_client, hal_tv_input_server) +binder_call(hal_tv_input_server, hal_tv_input_client) + +hal_attribute_hwservice(hal_tv_input, hal_tv_input_hwservice) diff --git a/prebuilts/api/30.0/public/hal_tv_tuner.te b/prebuilts/api/30.0/public/hal_tv_tuner.te new file mode 100644 index 000000000..0da4ec704 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_tv_tuner.te @@ -0,0 +1,4 @@ +binder_call(hal_tv_tuner_client, hal_tv_tuner_server) +binder_call(hal_tv_tuner_server, hal_tv_tuner_client) + +hal_attribute_hwservice(hal_tv_tuner, hal_tv_tuner_hwservice) diff --git a/prebuilts/api/30.0/public/hal_usb.te b/prebuilts/api/30.0/public/hal_usb.te new file mode 100644 index 000000000..38bc49a21 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_usb.te @@ -0,0 +1,18 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_usb_client, hal_usb_server) +binder_call(hal_usb_server, hal_usb_client) + +hal_attribute_hwservice(hal_usb, hal_usb_hwservice) + +allow hal_usb self:netlink_kobject_uevent_socket create; +allow hal_usb self:netlink_kobject_uevent_socket setopt; +allow hal_usb self:netlink_kobject_uevent_socket getopt; +allow hal_usb self:netlink_kobject_uevent_socket bind; +allow hal_usb self:netlink_kobject_uevent_socket read; +allow hal_usb sysfs:dir open; +allow hal_usb sysfs:dir read; +allow hal_usb sysfs:file read; +allow hal_usb sysfs:file open; +allow hal_usb sysfs:file write; +allow hal_usb sysfs:file getattr; + diff --git a/prebuilts/api/30.0/public/hal_usb_gadget.te b/prebuilts/api/30.0/public/hal_usb_gadget.te new file mode 100644 index 000000000..a474652f7 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_usb_gadget.te @@ -0,0 +1,13 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_usb_gadget_client, hal_usb_gadget_server) +binder_call(hal_usb_gadget_server, hal_usb_gadget_client) + +hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice) + +# Configuring usb gadget functions +allow hal_usb_gadget_server configfs:lnk_file { read create unlink}; +allow hal_usb_gadget_server configfs:dir rw_dir_perms; +allow hal_usb_gadget_server configfs:file create_file_perms; +allow hal_usb_gadget_server functionfs:dir { read search }; +allow hal_usb_gadget_server functionfs:file read; + diff --git a/prebuilts/api/30.0/public/hal_vehicle.te b/prebuilts/api/30.0/public/hal_vehicle.te new file mode 100644 index 000000000..6855d1469 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_vehicle.te @@ -0,0 +1,6 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_vehicle_client, hal_vehicle_server) +binder_call(hal_vehicle_server, hal_vehicle_client) + + +hal_attribute_hwservice(hal_vehicle, hal_vehicle_hwservice) diff --git a/prebuilts/api/30.0/public/hal_vibrator.te b/prebuilts/api/30.0/public/hal_vibrator.te new file mode 100644 index 000000000..a34621d37 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_vibrator.te @@ -0,0 +1,16 @@ +# HwBinder IPC client/server +binder_call(hal_vibrator_client, hal_vibrator_server) +binder_call(hal_vibrator_server, hal_vibrator_client); + +hal_attribute_hwservice(hal_vibrator, hal_vibrator_hwservice) + +add_service(hal_vibrator_server, hal_vibrator_service) +binder_call(hal_vibrator_server, servicemanager) + +allow hal_vibrator_client hal_vibrator_service:service_manager find; + +allow hal_vibrator_server dumpstate:fifo_file write; + +# vibrator sysfs rw access +allow hal_vibrator sysfs_vibrator:file rw_file_perms; +allow hal_vibrator sysfs_vibrator:dir search; diff --git a/prebuilts/api/30.0/public/hal_vr.te b/prebuilts/api/30.0/public/hal_vr.te new file mode 100644 index 000000000..e52c77fba --- /dev/null +++ b/prebuilts/api/30.0/public/hal_vr.te @@ -0,0 +1,5 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_vr_client, hal_vr_server) +binder_call(hal_vr_server, hal_vr_client) + +hal_attribute_hwservice(hal_vr, hal_vr_hwservice) diff --git a/prebuilts/api/30.0/public/hal_weaver.te b/prebuilts/api/30.0/public/hal_weaver.te new file mode 100644 index 000000000..36d1306e2 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_weaver.te @@ -0,0 +1,4 @@ +# HwBinder IPC from client to server +binder_call(hal_weaver_client, hal_weaver_server) + +hal_attribute_hwservice(hal_weaver, hal_weaver_hwservice) diff --git a/prebuilts/api/30.0/public/hal_wifi.te b/prebuilts/api/30.0/public/hal_wifi.te new file mode 100644 index 000000000..ecc13597a --- /dev/null +++ b/prebuilts/api/30.0/public/hal_wifi.te @@ -0,0 +1,31 @@ +# HwBinder IPC from client to server, and callbacks +binder_call(hal_wifi_client, hal_wifi_server) +binder_call(hal_wifi_server, hal_wifi_client) + +hal_attribute_hwservice(hal_wifi, hal_wifi_hwservice) + +r_dir_file(hal_wifi, proc_net_type) +r_dir_file(hal_wifi, sysfs_type) + +set_prop(hal_wifi, exported_wifi_prop) +set_prop(hal_wifi, wifi_prop) + +# allow hal wifi set interfaces up and down and get the factory MAC +allow hal_wifi self:udp_socket create_socket_perms; +allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL }; + +allow hal_wifi self:global_capability_class_set { net_admin net_raw }; +# allow hal_wifi to speak to nl80211 in the kernel +allow hal_wifi self:netlink_socket create_socket_perms_no_ioctl; +# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets +allow hal_wifi self:netlink_generic_socket create_socket_perms_no_ioctl; +# hal_wifi writes firmware paths to this file. +allow hal_wifi sysfs_wlan_fwpath:file { w_file_perms }; +# allow hal_wifi to access /proc/modules to check if Wi-Fi driver is loaded +allow hal_wifi proc_modules:file { getattr open read }; +# Allow hal_wifi to send dump info to dumpstate +allow hal_wifi dumpstate:fifo_file write; + +# allow hal_wifi to write into /data/vendor/tombstones/wifi +allow hal_wifi_server tombstone_wifi_data_file:dir rw_dir_perms; +allow hal_wifi_server tombstone_wifi_data_file:file create_file_perms; diff --git a/prebuilts/api/30.0/public/hal_wifi_hostapd.te b/prebuilts/api/30.0/public/hal_wifi_hostapd.te new file mode 100644 index 000000000..12d72b649 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_wifi_hostapd.te @@ -0,0 +1,27 @@ +# HwBinder IPC from client to server +binder_call(hal_wifi_hostapd_client, hal_wifi_hostapd_server) +binder_call(hal_wifi_hostapd_server, hal_wifi_hostapd_client) + +hal_attribute_hwservice(hal_wifi_hostapd, hal_wifi_hostapd_hwservice) + +allow hal_wifi_hostapd_server self:global_capability_class_set { net_admin net_raw }; + +allow hal_wifi_hostapd_server sysfs_net:dir search; + +# Allow hal_wifi_hostapd to access /proc/net/psched +allow hal_wifi_hostapd_server proc_net_type:file { getattr open read }; + +# Various socket permissions. +allowxperm hal_wifi_hostapd_server self:udp_socket ioctl priv_sock_ioctls; +allow hal_wifi_hostapd_server self:netlink_socket create_socket_perms_no_ioctl; +allow hal_wifi_hostapd_server self:netlink_generic_socket create_socket_perms_no_ioctl; +allow hal_wifi_hostapd_server self:packet_socket create_socket_perms_no_ioctl; +allow hal_wifi_hostapd_server self:netlink_route_socket nlmsg_write; + +### +### neverallow rules +### + +# hal_wifi_hostapd should not trust any data from sdcards +neverallow hal_wifi_hostapd_server sdcard_type:dir ~getattr; +neverallow hal_wifi_hostapd_server sdcard_type:file *; diff --git a/prebuilts/api/30.0/public/hal_wifi_supplicant.te b/prebuilts/api/30.0/public/hal_wifi_supplicant.te new file mode 100644 index 000000000..6004c3327 --- /dev/null +++ b/prebuilts/api/30.0/public/hal_wifi_supplicant.te @@ -0,0 +1,28 @@ +# HwBinder IPC from client to server +binder_call(hal_wifi_supplicant_client, hal_wifi_supplicant_server) +binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client) + +hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice) + +# in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls. +allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls; + +r_dir_file(hal_wifi_supplicant, sysfs_type) +r_dir_file(hal_wifi_supplicant, proc_net_type) + +allow hal_wifi_supplicant kernel:system module_request; +allow hal_wifi_supplicant self:global_capability_class_set { setuid net_admin setgid net_raw }; +allow hal_wifi_supplicant cgroup:dir create_dir_perms; +allow hal_wifi_supplicant self:netlink_route_socket nlmsg_write; +allow hal_wifi_supplicant self:netlink_socket create_socket_perms_no_ioctl; +allow hal_wifi_supplicant self:netlink_generic_socket create_socket_perms_no_ioctl; +allow hal_wifi_supplicant self:packet_socket create_socket_perms; +allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls }; + +### +### neverallow rules +### + +# wpa_supplicant should not trust any data from sdcards +neverallow hal_wifi_supplicant_server sdcard_type:dir ~getattr; +neverallow hal_wifi_supplicant_server sdcard_type:file *; diff --git a/prebuilts/api/30.0/public/healthd.te b/prebuilts/api/30.0/public/healthd.te new file mode 100644 index 000000000..7ea23e1c3 --- /dev/null +++ b/prebuilts/api/30.0/public/healthd.te @@ -0,0 +1,56 @@ +# healthd - battery/charger monitoring service daemon +type healthd, domain; +type healthd_exec, system_file_type, exec_type, file_type; + +# Write to /dev/kmsg +allow healthd kmsg_device:chr_file rw_file_perms; + +# Read access to pseudo filesystems. +allow healthd sysfs_type:dir search; +# Allow to read /sys/class/power_supply directory. +allow healthd sysfs:dir r_dir_perms; +r_dir_file(healthd, rootfs) +r_dir_file(healthd, cgroup) + +allow healthd self:global_capability_class_set { sys_tty_config }; +allow healthd self:global_capability_class_set sys_boot; +dontaudit healthd self:global_capability_class_set sys_resource; + +allow healthd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +wakelock_use(healthd) + +hal_client_domain(healthd, hal_health) + +# Read/write to /sys/power/state +allow healthd sysfs_power:file rw_file_perms; + +# TODO: added to match above sysfs rule. Remove me? +allow healthd sysfs_usb:file write; + +r_dir_file(healthd, sysfs_batteryinfo) + +### +### healthd: charger mode +### + +# Read /sys/fs/pstore/console-ramoops +# Don't worry about overly broad permissions for now, as there's +# only one file in /sys/fs/pstore +allow healthd pstorefs:dir r_dir_perms; +allow healthd pstorefs:file r_file_perms; + +allow healthd graphics_device:dir r_dir_perms; +allow healthd graphics_device:chr_file rw_file_perms; +allow healthd input_device:dir r_dir_perms; +allow healthd input_device:chr_file r_file_perms; +allow healthd tty_device:chr_file rw_file_perms; +allow healthd ashmem_device:chr_file execute; +allow healthd proc_sysrq:file rw_file_perms; + +# Healthd needs to tell init to continue the boot +# process when running in charger mode. +set_prop(healthd, system_prop) +set_prop(healthd, exported_system_prop) +set_prop(healthd, exported2_system_prop) +set_prop(healthd, exported3_system_prop) diff --git a/prebuilts/api/30.0/public/heapprofd.te b/prebuilts/api/30.0/public/heapprofd.te new file mode 100644 index 000000000..7ceb23feb --- /dev/null +++ b/prebuilts/api/30.0/public/heapprofd.te @@ -0,0 +1 @@ +type heapprofd, domain, coredomain; diff --git a/prebuilts/api/30.0/public/hwservice.te b/prebuilts/api/30.0/public/hwservice.te new file mode 100644 index 000000000..6f223ddc1 --- /dev/null +++ b/prebuilts/api/30.0/public/hwservice.te @@ -0,0 +1,102 @@ +# hwservice types. By default most of the HALs are protected_hwservice, which means +# access from untrusted apps is prohibited. +type default_android_hwservice, hwservice_manager_type, protected_hwservice; +type fwk_camera_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type fwk_automotive_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type hal_atrace_hwservice, hwservice_manager_type, protected_hwservice; +type hal_audio_hwservice, hwservice_manager_type, protected_hwservice; +type hal_audiocontrol_hwservice, hwservice_manager_type, protected_hwservice; +type hal_authsecret_hwservice, hwservice_manager_type, protected_hwservice; +type hal_bluetooth_hwservice, hwservice_manager_type, protected_hwservice; +type hal_bootctl_hwservice, hwservice_manager_type, protected_hwservice; +type hal_broadcastradio_hwservice, hwservice_manager_type, protected_hwservice; +type hal_camera_hwservice, hwservice_manager_type, protected_hwservice; +type hal_can_bus_hwservice, hwservice_manager_type, protected_hwservice; +type hal_can_controller_hwservice, hwservice_manager_type, protected_hwservice; +type hal_confirmationui_hwservice, hwservice_manager_type, protected_hwservice; +type hal_contexthub_hwservice, hwservice_manager_type, protected_hwservice; +type hal_dumpstate_hwservice, hwservice_manager_type, protected_hwservice; +type hal_evs_hwservice, hwservice_manager_type, protected_hwservice; +type hal_face_hwservice, hwservice_manager_type, protected_hwservice; +type hal_fingerprint_hwservice, hwservice_manager_type, protected_hwservice; +type hal_gatekeeper_hwservice, hwservice_manager_type, protected_hwservice; +type hal_gnss_hwservice, hwservice_manager_type, protected_hwservice; +type hal_graphics_composer_hwservice, hwservice_manager_type, protected_hwservice; +type hal_health_hwservice, hwservice_manager_type, protected_hwservice; +type hal_health_storage_hwservice, hwservice_manager_type, protected_hwservice; +type hal_input_classifier_hwservice, hwservice_manager_type, protected_hwservice; +type hal_ir_hwservice, hwservice_manager_type, protected_hwservice; +type hal_keymaster_hwservice, hwservice_manager_type, protected_hwservice; +type hal_light_hwservice, hwservice_manager_type, protected_hwservice; +type hal_lowpan_hwservice, hwservice_manager_type, protected_hwservice; +type hal_memtrack_hwservice, hwservice_manager_type, protected_hwservice; +type hal_nfc_hwservice, hwservice_manager_type, protected_hwservice; +type hal_oemlock_hwservice, hwservice_manager_type, protected_hwservice; +type hal_power_hwservice, hwservice_manager_type, protected_hwservice; +type hal_power_stats_hwservice, hwservice_manager_type, protected_hwservice; +type hal_secure_element_hwservice, hwservice_manager_type, protected_hwservice; +type hal_sensors_hwservice, hwservice_manager_type, protected_hwservice; +type hal_telephony_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tetheroffload_hwservice, hwservice_manager_type, protected_hwservice; +type hal_thermal_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_cec_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_input_hwservice, hwservice_manager_type, protected_hwservice; +type hal_tv_tuner_hwservice, hwservice_manager_type, protected_hwservice; +type hal_usb_gadget_hwservice, hwservice_manager_type, protected_hwservice; +type hal_usb_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vehicle_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vibrator_hwservice, hwservice_manager_type, protected_hwservice; +type hal_vr_hwservice, hwservice_manager_type, protected_hwservice; +type hal_weaver_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_hostapd_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_hwservice, hwservice_manager_type, protected_hwservice; +type hal_wifi_supplicant_hwservice, hwservice_manager_type, protected_hwservice; +type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice; +type thermalcallback_hwservice, hwservice_manager_type, protected_hwservice; + +# Following is the hwservices that are explicitly not marked with protected_hwservice. +# These are directly accessible from untrusted apps. +# - same process services: because they by definition run in the process +# of the client and thus have the same access as the client domain in which +# the process runs +# - coredomain_hwservice: are considered safer than ordinary hwservices which +# are from vendor partition +# - hal_configstore_ISurfaceFlingerConfigs: becuase it has specifically been +# designed for use by any domain. +# - hal_graphics_allocator_hwservice: because these operations are also offered +# by surfaceflinger Binder service, which apps are permitted to access +# - hal_omx_hwservice: because this is a HwBinder version of the mediacodec +# Binder service which apps were permitted to access. +# - hal_codec2_hwservice: because this is a newer version of hal_omx_hwservice. +# - hal_drm_hwservice: versions > API 29 are designed specifically with +# untrusted app access in mind. +type fwk_bufferhub_hwservice, hwservice_manager_type, coredomain_hwservice; +type hal_cas_hwservice, hwservice_manager_type; +type hal_codec2_hwservice, hwservice_manager_type; +type hal_configstore_ISurfaceFlingerConfigs, hwservice_manager_type; +type hal_drm_hwservice, hwservice_manager_type; +type hal_graphics_allocator_hwservice, hwservice_manager_type; +type hal_graphics_mapper_hwservice, hwservice_manager_type, same_process_hwservice; +type hal_neuralnetworks_hwservice, hwservice_manager_type; +type hal_omx_hwservice, hwservice_manager_type; +type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice; +type hidl_allocator_hwservice, hwservice_manager_type, coredomain_hwservice; +type hidl_base_hwservice, hwservice_manager_type; +type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice; +type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice; +type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice; + +### +### Neverallow rules +### + +# hwservicemanager handles registering or looking up named services. +# It does not make sense to register or lookup something which is not a +# hwservice. Trigger a compile error if this occurs. +neverallow domain ~hwservice_manager_type:hwservice_manager { add find }; diff --git a/prebuilts/api/30.0/public/hwservicemanager.te b/prebuilts/api/30.0/public/hwservicemanager.te new file mode 100644 index 000000000..7f0381564 --- /dev/null +++ b/prebuilts/api/30.0/public/hwservicemanager.te @@ -0,0 +1,22 @@ +# hwservicemanager - the Binder context manager for HAL services +type hwservicemanager, domain, mlstrustedsubject; +type hwservicemanager_exec, system_file_type, exec_type, file_type; + +# Note that we do not use the binder_* macros here. +# hwservicemanager provides name service (aka context manager) +# for hwbinder. +# Additionally, it initiates binder IPC calls to +# clients who request service notifications. The permission +# to do this is granted in the hwbinder_use macro. +allow hwservicemanager self:binder set_context_mgr; + +set_prop(hwservicemanager, hwservicemanager_prop) + +# Scan through /system/lib64/hw looking for installed HALs +allow hwservicemanager system_file:dir r_dir_perms; + +# Read hwservice_contexts +allow hwservicemanager hwservice_contexts_file:file r_file_perms; + +# Check SELinux permissions. +selinux_check_access(hwservicemanager) diff --git a/prebuilts/api/30.0/public/idmap.te b/prebuilts/api/30.0/public/idmap.te new file mode 100644 index 000000000..f41f573ea --- /dev/null +++ b/prebuilts/api/30.0/public/idmap.te @@ -0,0 +1,31 @@ +# idmap, when executed by installd +type idmap, domain; +type idmap_exec, system_file_type, exec_type, file_type; + +# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077) +# Use open file to /data/resource-cache file inherited from installd. +allow idmap installd:fd use; +allow idmap resourcecache_data_file:file create_file_perms; +allow idmap resourcecache_data_file:dir rw_dir_perms; + +# Ignore reading /proc//maps after a fork. +dontaudit idmap installd:file read; + +# Open and read from target and overlay apk files passed by argument. +allow idmap apk_data_file:file r_file_perms; +allow idmap apk_data_file:dir search; + +# Allow /data/app/vmdl*.tmp, /data/app-private/vmdl*.tmp files +allow idmap { apk_tmp_file apk_private_tmp_file }:file r_file_perms; +allow idmap { apk_tmp_file apk_private_tmp_file }:dir search; + +# Allow apps access to /vendor/app +r_dir_file(idmap, vendor_app_file) + +# Allow apps access to /vendor/overlay +r_dir_file(idmap, vendor_overlay_file) + +# Allow the idmap2d binary to register as a service and communicate via AIDL +binder_use(idmap) +binder_service(idmap) +add_service(idmap, idmap_service) diff --git a/prebuilts/api/30.0/public/incident.te b/prebuilts/api/30.0/public/incident.te new file mode 100644 index 000000000..ce57bf650 --- /dev/null +++ b/prebuilts/api/30.0/public/incident.te @@ -0,0 +1,8 @@ +# The incident command is used to call into the incidentd service to +# take an incident report (binary, shared bugreport), download incident +# reports that have already been taken, and monitor for new ones. +# It doesn't do anything else. + +# incident +type incident, domain; + diff --git a/prebuilts/api/30.0/public/incident_helper.te b/prebuilts/api/30.0/public/incident_helper.te new file mode 100644 index 000000000..bca101869 --- /dev/null +++ b/prebuilts/api/30.0/public/incident_helper.te @@ -0,0 +1,5 @@ +# The incident_helper is called by incidentd and +# can only read/write data from/to incidentd + +# incident_helper +type incident_helper, domain; diff --git a/prebuilts/api/30.0/public/incidentd.te b/prebuilts/api/30.0/public/incidentd.te new file mode 100644 index 000000000..b03249c88 --- /dev/null +++ b/prebuilts/api/30.0/public/incidentd.te @@ -0,0 +1,3 @@ +# incidentd +type incidentd, domain; + diff --git a/prebuilts/api/30.0/public/init.te b/prebuilts/api/30.0/public/init.te new file mode 100644 index 000000000..403b4c5e6 --- /dev/null +++ b/prebuilts/api/30.0/public/init.te @@ -0,0 +1,634 @@ +# init is its own domain. +type init, domain, mlstrustedsubject; +type init_exec, system_file_type, exec_type, file_type; +type init_tmpfs, file_type; + +# /dev/__null__ node created by init. +allow init tmpfs:chr_file { create setattr unlink rw_file_perms }; + +# +# init direct restorecon calls. +# +# /dev/kmsg +allow init tmpfs:chr_file relabelfrom; +allow init kmsg_device:chr_file { getattr write relabelto }; +# /dev/kmsg_debug +userdebug_or_eng(` + allow init kmsg_debug_device:chr_file { open write relabelto }; +') +# /dev/__properties__ +allow init properties_device:dir relabelto; +allow init properties_serial:file { write relabelto }; +allow init property_type:file { append create getattr map open read relabelto rename setattr unlink write }; +# /dev/__properties__/property_info +allow init properties_device:file create_file_perms; +allow init property_info:file relabelto; +# /dev/event-log-tags +allow init device:file relabelfrom; +allow init runtime_event_log_tags_file:file { open write setattr relabelto create }; +# /dev/socket +allow init { device socket_device }:dir relabelto; +# allow init to establish connection and communicate with lmkd +unix_socket_connect(init, lmkd, lmkd) +# Relabel /dev nodes created in first stage init, /dev/null, /dev/ptmx, /dev/random, /dev/urandom +allow init { null_device ptmx_device random_device } : chr_file relabelto; +# /dev/device-mapper, /dev/block(/.*)? +allow init tmpfs:{ chr_file blk_file } relabelfrom; +allow init tmpfs:blk_file getattr; +allow init block_device:{ dir blk_file lnk_file } relabelto; +allow init dm_device:{ chr_file blk_file } relabelto; +allow init kernel:fd use; +# restorecon for early mount device symlinks +allow init tmpfs:lnk_file { getattr read relabelfrom }; +allow init { + metadata_block_device + misc_block_device + recovery_block_device + system_block_device + userdata_block_device +}:{ blk_file lnk_file } relabelto; + +allow init super_block_device:lnk_file relabelto; + +# Create /mnt/sdcard -> /storage/self/primary symlink. +allow init mnt_sdcard_file:lnk_file create; + +# setrlimit +allow init self:global_capability_class_set sys_resource; + +# Remove /dev/.booting and load /debug_ramdisk/* files +allow init tmpfs:file { getattr unlink }; + +# Access pty created for fsck. +allow init devpts:chr_file { read write open }; + +# Create /dev/fscklogs files. +allow init fscklogs:file create_file_perms; + +# Access /dev/__null__ node created prior to initial policy load. +allow init tmpfs:chr_file write; + +# Access /dev/console. +allow init console_device:chr_file rw_file_perms; + +# Access /dev/tty0. +allow init tty_device:chr_file rw_file_perms; + +# Call mount(2). +allow init self:global_capability_class_set sys_admin; + +# Call setns(2). +allow init self:global_capability_class_set sys_chroot; + +# Create and mount on directories in /. +allow init rootfs:dir create_dir_perms; +allow init { + rootfs + cache_file + cgroup + linkerconfig_file + storage_file + mnt_user_file + system_data_file + system_data_root_file + system_file + vendor_file + postinstall_mnt_dir + mirror_data_file +}:dir mounton; +allow init cgroup_bpf:dir { create mounton }; + +# Mount bpf fs on sys/fs/bpf +allow init fs_bpf:dir mounton; + +# Mount on /dev/usb-ffs/adb. +allow init device:dir mounton; + +# Mount tmpfs on /apex +allow init apex_mnt_dir:dir mounton; + +# Bind-mount on /system/apex/com.android.art +allow init art_apex_dir:dir mounton; + +# Create and remove symlinks in /. +allow init rootfs:lnk_file { create unlink }; + +# Mount debugfs on /sys/kernel/debug. +allow init sysfs:dir mounton; + +# Create cgroups mount points in tmpfs and mount cgroups on them. +allow init tmpfs:dir create_dir_perms; +allow init tmpfs:dir mounton; +allow init cgroup:dir create_dir_perms; +allow init cgroup:file rw_file_perms; +allow init cgroup_rc_file:file rw_file_perms; +allow init cgroup_desc_file:file r_file_perms; +allow init vendor_cgroup_desc_file:file r_file_perms; + +# /config +allow init configfs:dir mounton; +allow init configfs:dir create_dir_perms; +allow init configfs:{ file lnk_file } create_file_perms; + +# /metadata +allow init metadata_file:dir mounton; + +# Use tmpfs as /data, used for booting when /data is encrypted +allow init tmpfs:dir relabelfrom; + +# Create directories under /dev/cpuctl after chowning it to system. +allow init self:global_capability_class_set { dac_override dac_read_search }; + +# Set system clock. +allow init self:global_capability_class_set sys_time; + +allow init self:global_capability_class_set { sys_rawio mknod }; + +# Mounting filesystems from block devices. +allow init dev_type:blk_file r_file_perms; +allowxperm init dev_type:blk_file ioctl BLKROSET; + +# Mounting filesystems. +# Only allow relabelto for types used in context= mount options, +# which should all be assigned the contextmount_type attribute. +# This can be done in device-specific policy via type or typeattribute +# declarations. +allow init fs_type:filesystem ~relabelto; +allow init unlabeled:filesystem ~relabelto; +allow init contextmount_type:filesystem relabelto; + +# Allow read-only access to context= mounted filesystems. +allow init contextmount_type:dir r_dir_perms; +allow init contextmount_type:notdevfile_class_set r_file_perms; + +# restorecon /adb_keys or any other rootfs files and directories to a more +# specific type. +allow init rootfs:{ dir file } relabelfrom; + +# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files. +# chown/chmod require open+read+setattr required for open()+fchown/fchmod(). +# system/core/init.rc requires at least cache_file and data_file_type. +# init..rc files often include device-specific types, so +# we just allow all file types except /system files here. +allow init self:global_capability_class_set { chown fowner fsetid }; + +allow init { + file_type + -app_data_file + -exec_type + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -system_app_data_file + -system_file_type + -vendor_file_type +}:dir { create search getattr open read setattr ioctl }; + +allow init { + file_type + -app_data_file + -exec_type + -iorapd_data_file + -credstore_data_file + -keystore_data_file + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -shell_data_file + -system_app_data_file + -system_file_type + -vendor_file_type + -vold_data_file +}:dir { write add_name remove_name rmdir relabelfrom }; + +allow init { + file_type + -app_data_file + -exec_type + -gsi_data_file + -iorapd_data_file + -credstore_data_file + -keystore_data_file + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -runtime_event_log_tags_file + -shell_data_file + -system_app_data_file + -system_file_type + -vendor_file_type + -vold_data_file +}:file { create getattr open read write setattr relabelfrom unlink map }; + +allow init { + file_type + -app_data_file + -exec_type + -gsi_data_file + -iorapd_data_file + -credstore_data_file + -keystore_data_file + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -shell_data_file + -system_app_data_file + -system_file_type + -vendor_file_type + -vold_data_file +}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink }; + +allow init { + file_type + -apex_mnt_dir + -app_data_file + -exec_type + -gsi_data_file + -iorapd_data_file + -credstore_data_file + -keystore_data_file + -misc_logd_file + -nativetest_data_file + -privapp_data_file + -shell_data_file + -system_app_data_file + -system_file_type + -vendor_file_type + -vold_data_file +}:lnk_file { create getattr setattr relabelfrom unlink }; + +allow init cache_file:lnk_file r_file_perms; + +allow init { + file_type + -system_file_type + -vendor_file_type + -exec_type + -app_data_file + -privapp_data_file +}:dir_file_class_set relabelto; + +allow init { sysfs debugfs debugfs_tracing debugfs_tracing_debug }:{ dir file lnk_file } { getattr relabelfrom }; +allow init { sysfs_type debugfs_type }:{ dir file lnk_file } { relabelto getattr }; +allow init dev_type:dir create_dir_perms; +allow init dev_type:lnk_file create; + +# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on +allow init debugfs_tracing:file w_file_perms; + +# Setup and control wifi event tracing (see wifi-events.rc) +allow init debugfs_tracing_instances:dir create_dir_perms; +allow init debugfs_tracing_instances:file w_file_perms; +allow init debugfs_wifi_tracing:file w_file_perms; + +# chown/chmod on pseudo files. +allow init { + fs_type + -contextmount_type + -keychord_device + -proc_type + -sdcard_type + -sysfs_type + -rootfs +}:file { open read setattr }; +allow init { fs_type -contextmount_type -sdcard_type -rootfs }:dir { open read setattr search }; + +allow init { + binder_device + console_device + devpts + dm_device + hwbinder_device + hw_random_device + input_device + kmsg_device + null_device + owntty_device + pmsg_device + ptmx_device + random_device + tty_device + zero_device +}:chr_file { read open }; + +# chown/chmod on devices. +allow init { + dev_type + -keychord_device + -port_device +}:chr_file setattr; + +# Unlabeled file access for upgrades from 4.2. +allow init unlabeled:dir { create_dir_perms relabelfrom }; +allow init unlabeled:notdevfile_class_set { create_file_perms relabelfrom }; + +# Any operation that can modify the kernel ring buffer, e.g. clear +# or a read that consumes the messages that were read. +allow init kernel:system syslog_mod; +allow init self:global_capability2_class_set syslog; + +# init access to /proc. +r_dir_file(init, proc_net_type) +allow init proc_filesystems:file r_file_perms; + +userdebug_or_eng(` + # Overlayfs workdir write access check during mount to permit remount,rw + allow init overlayfs_file:dir { relabelfrom mounton write }; + allow init overlayfs_file:file { append }; + allow init system_block_device:blk_file { write }; +') + +allow init { + proc # b/67049235 processes /proc//* files are mislabeled. + proc_cmdline + proc_diskstats + proc_kmsg # Open /proc/kmsg for logd service. + proc_meminfo + proc_stat # Read /proc/stat for bootchart. + proc_uptime + proc_version +}:file r_file_perms; + +allow init { + proc_abi + proc_dirty + proc_hostname + proc_hung_task + proc_extra_free_kbytes + proc_net_type + proc_max_map_count + proc_min_free_order_shift + proc_overcommit_memory # /proc/sys/vm/overcommit_memory + proc_panic + proc_page_cluster + proc_perf + proc_sched + proc_sysrq +}:file w_file_perms; + +allow init { + proc_security +}:file rw_file_perms; + +# init chmod/chown access to /proc files. +allow init { + proc_cmdline + proc_kmsg + proc_net + proc_qtaguid_stat + proc_slabinfo + proc_sysrq + proc_qtaguid_ctrl + proc_vmallocinfo +}:file setattr; + +# init access to /sys files. +allow init { + sysfs_android_usb + sysfs_dm_verity + sysfs_leds + sysfs_power + sysfs_fs_f2fs + sysfs_dm +}:file w_file_perms; + +allow init { + sysfs_dt_firmware_android + sysfs_fs_ext4_features +}:file r_file_perms; + +allow init { + sysfs_zram +}:file rw_file_perms; + +# allow init to create loop devices with /dev/loop-control +allow init loop_control_device:chr_file rw_file_perms; +allow init loop_device:blk_file rw_file_perms; +allowxperm init loop_device:blk_file ioctl { + LOOP_SET_FD + LOOP_CLR_FD + LOOP_CTL_GET_FREE + LOOP_SET_BLOCK_SIZE + LOOP_SET_DIRECT_IO +}; + +# Allow init to write to vibrator/trigger +allow init sysfs_vibrator:file w_file_perms; + +# init chmod/chown access to /sys files. +allow init { + sysfs_android_usb + sysfs_devices_system_cpu + sysfs_ipv4 + sysfs_leds + sysfs_lowmemorykiller + sysfs_power + sysfs_vibrator + sysfs_wake_lock + sysfs_zram +}:file setattr; + +# Set usermodehelpers. +allow init { usermodehelper sysfs_usermodehelper }:file rw_file_perms; + +allow init self:global_capability_class_set net_admin; + +# Reboot. +allow init self:global_capability_class_set sys_boot; + +# Init will create /data/misc/logd when the property persist.logd.logpersistd is "logcatd". +# Init will also walk through the directory as part of a recursive restorecon. +allow init misc_logd_file:dir { add_name open create read getattr setattr search write }; +allow init misc_logd_file:file { open create getattr setattr write }; + +# Support "adb shell stop" +allow init self:global_capability_class_set kill; +allow init domain:process { getpgid sigkill signal }; + +# Init creates credstore's directory on boot, and walks through +# the directory as part of a recursive restorecon. +allow init credstore_data_file:dir { open create read getattr setattr search }; +allow init credstore_data_file:file { getattr }; + +# Init creates keystore's directory on boot, and walks through +# the directory as part of a recursive restorecon. +allow init keystore_data_file:dir { open create read getattr setattr search }; +allow init keystore_data_file:file { getattr }; + +# Init creates vold's directory on boot, and walks through +# the directory as part of a recursive restorecon. +allow init vold_data_file:dir { open create read getattr setattr search }; +allow init vold_data_file:file { getattr }; + +# Init creates /data/local/tmp at boot +allow init shell_data_file:dir { open create read getattr setattr search }; +allow init shell_data_file:file { getattr }; + +# Set UID, GID, and adjust capability bounding set for services. +allow init self:global_capability_class_set { setuid setgid setpcap }; + +# For bootchart to read the /proc/$pid/cmdline file of each process, +# we need to have following line to allow init to have access +# to different domains. +r_dir_file(init, domain) + +# Use setexeccon(), setfscreatecon(), and setsockcreatecon(). +# setexec is for services with seclabel options. +# setfscreate is for labeling directories and socket files. +# setsockcreate is for labeling local/unix domain sockets. +allow init self:process { setexec setfscreate setsockcreate }; + +# Get file context +allow init file_contexts_file:file r_file_perms; + +# sepolicy access +allow init sepolicy_file:file r_file_perms; + +# Perform SELinux access checks on setting properties. +selinux_check_access(init) + +# Ask the kernel for the new context on services to label their sockets. +allow init kernel:security compute_create; + +# Create sockets for the services. +allow init domain:unix_stream_socket { create bind setopt }; +allow init domain:unix_dgram_socket { create bind setopt }; + +# Create /data/property and files within it. +allow init property_data_file:dir create_dir_perms; +allow init property_data_file:file create_file_perms; + +# Set any property. +allow init property_type:property_service set; + +# Send an SELinux userspace denial to the kernel audit subsystem, +# so it can be picked up and processed by logd. These denials are +# generated when an attempt to set a property is denied by policy. +allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay }; +allow init self:global_capability_class_set audit_write; + +# Run "ifup lo" to bring up the localhost interface +allow init self:udp_socket { create ioctl }; +# in addition to unpriv ioctls granted to all domains, init also needs: +allowxperm init self:udp_socket ioctl SIOCSIFFLAGS; +allow init self:global_capability_class_set net_raw; + +# Set scheduling info for psi monitor thread. +# TODO: delete or revise this line b/131761776 +allow init kernel:process { getsched setsched }; + +# swapon() needs write access to swap device +# system/core/fs_mgr/fs_mgr.c - fs_mgr_swapon_all +allow init swap_block_device:blk_file rw_file_perms; + +# Read from /dev/hw_random if present. +# system/core/init/init.c - mix_hwrng_into_linux_rng_action +allow init hw_random_device:chr_file r_file_perms; + +# Create and access /dev files without a specific type, +# e.g. /dev/.coldboot_done, /dev/.booting +# TODO: Move these files into their own type unless they are +# only ever accessed by init. +allow init device:file create_file_perms; + +# keychord retrieval from /dev/input/ devices +allow init input_device:dir r_dir_perms; +allow init input_device:chr_file rw_file_perms; + +# Access device mapper for setting up dm-verity +allow init dm_device:chr_file rw_file_perms; +allow init dm_device:blk_file rw_file_perms; + +# Access metadata block device for storing dm-verity state +allow init metadata_block_device:blk_file rw_file_perms; + +# Read /sys/fs/pstore/console-ramoops to detect restarts caused +# by dm-verity detecting corrupted blocks +allow init pstorefs:dir search; +allow init pstorefs:file r_file_perms; +allow init kernel:system syslog_read; + +# linux keyring configuration +allow init init:key { write search setattr }; + +# Allow init to create /data/unencrypted +allow init unencrypted_data_file:dir create_dir_perms; + +# Set encryption policy on dirs in /data +allowxperm init { data_file_type unlabeled }:dir ioctl { + FS_IOC_GET_ENCRYPTION_POLICY + FS_IOC_SET_ENCRYPTION_POLICY +}; + +# Raw writes to misc block device +allow init misc_block_device:blk_file w_file_perms; + +r_dir_file(init, system_file) +r_dir_file(init, vendor_file_type) + +allow init system_data_file:file { getattr read }; +allow init system_data_file:lnk_file r_file_perms; + +# For init to be able to run shell scripts from vendor +allow init vendor_shell_exec:file execute; + +# Metadata setup +allow init vold_metadata_file:dir create_dir_perms; +allow init vold_metadata_file:file getattr; +allow init metadata_bootstat_file:dir create_dir_perms; +allow init metadata_bootstat_file:file w_file_perms; + +# Allow init to touch PSI monitors +allow init proc_pressure_mem:file { rw_file_perms setattr }; + +# init is using bootstrap bionic +allow init system_bootstrap_lib_file:dir r_dir_perms; +allow init system_bootstrap_lib_file:file { execute read open getattr map }; + +# stat the root dir of fuse filesystems (for the mount handler) +allow init fuse:dir { search getattr }; + +### +### neverallow rules +### + +# The init domain is only entered via an exec based transition from the +# kernel domain, never via setcon(). +neverallow domain init:process dyntransition; +neverallow { domain -kernel } init:process transition; +neverallow init { file_type fs_type -init_exec }:file entrypoint; + +# Never read/follow symlinks created by shell or untrusted apps. +neverallow init shell_data_file:lnk_file read; +neverallow init { app_data_file privapp_data_file }:lnk_file read; + +# init should never execute a program without changing to another domain. +neverallow init { file_type fs_type }:file execute_no_trans; + +# The use of sensitive environment variables, such as LD_PRELOAD, is disallowed +# when init is executing other binaries. The use of LD_PRELOAD for init spawned +# services is generally considered a no-no, as it injects libraries which the +# binary was not expecting. This is especially problematic for APEXes. The use +# of LD_PRELOAD via APEXes is a layering violation, and inappropriately loads +# code into a process which wasn't expecting that code, with potentially +# unexpected side effects. (b/140789528) +neverallow init *:process noatsecure; + +# init can never add binder services +neverallow init service_manager_type:service_manager { add find }; +# init can never list binder services +neverallow init servicemanager:service_manager list; + +# Init should not be creating subdirectories in /data/local/tmp +neverallow init shell_data_file:dir { write add_name remove_name }; + +# Init should not access sysfs node that are not explicitly labeled. +neverallow init sysfs:file { open read write }; + +# No domain should be allowed to ptrace init. +neverallow * init:process ptrace; + +# init owns the root of /data +# TODO(b/140259336) We want to remove vendor_init +# TODO(b/141108496) We want to remove toolbox +neverallow { domain -init -toolbox -vendor_init -vold } system_data_root_file:dir { write add_name remove_name }; diff --git a/prebuilts/api/30.0/public/inputflinger.te b/prebuilts/api/30.0/public/inputflinger.te new file mode 100644 index 000000000..c3f4da858 --- /dev/null +++ b/prebuilts/api/30.0/public/inputflinger.te @@ -0,0 +1,15 @@ +# inputflinger +type inputflinger, domain; +type inputflinger_exec, system_file_type, exec_type, file_type; + +binder_use(inputflinger) +binder_service(inputflinger) + +binder_call(inputflinger, system_server) + +wakelock_use(inputflinger) + +allow inputflinger input_device:dir r_dir_perms; +allow inputflinger input_device:chr_file rw_file_perms; + +r_dir_file(inputflinger, cgroup) diff --git a/prebuilts/api/30.0/public/installd.te b/prebuilts/api/30.0/public/installd.te new file mode 100644 index 000000000..c8cc89d5d --- /dev/null +++ b/prebuilts/api/30.0/public/installd.te @@ -0,0 +1,190 @@ +# installer daemon +type installd, domain; +type installd_exec, system_file_type, exec_type, file_type; +typeattribute installd mlstrustedsubject; +allow installd self:global_capability_class_set { chown dac_override dac_read_search fowner fsetid setgid setuid sys_admin }; + +# Allow labeling of files under /data/app/com.example/oat/ +allow installd dalvikcache_data_file:dir relabelto; +allow installd dalvikcache_data_file:file { relabelto link }; + +# Allow movement of APK files between volumes +allow installd apk_data_file:dir { create_dir_perms relabelfrom }; +allow installd apk_data_file:file { create_file_perms relabelfrom link }; +allow installd apk_data_file:lnk_file { create r_file_perms unlink }; + +# FS_IOC_ENABLE_VERITY and FS_IOC_MEASURE_VERITY (or in old implementation used in installd, +# FS_IOC_SET_VERITY_MEASUREMENT) ioctls on APKs in /data/app, to support fsverity. +# TODO(b/120629632): this path is deprecated, remove when possible. +allowxperm installd apk_data_file:file ioctl { + FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY +}; + +allow installd asec_apk_file:file r_file_perms; +allow installd apk_tmp_file:file { r_file_perms unlink }; +allow installd apk_tmp_file:dir { relabelfrom create_dir_perms }; +allow installd oemfs:dir r_dir_perms; +allow installd oemfs:file r_file_perms; +allow installd cgroup:dir create_dir_perms; +allow installd mnt_expand_file:dir { search getattr }; +# Check validity of SELinux context before use. +selinux_check_context(installd) + +r_dir_file(installd, rootfs) +# Scan through APKs in /system/app and /system/priv-app +r_dir_file(installd, system_file) +# Scan through APKs in /vendor/app +r_dir_file(installd, vendor_app_file) +# Scan through JARs in /vendor/framework +r_dir_file(installd, vendor_framework_file) +# Scan through Runtime Resource Overlay APKs in /vendor/overlay +r_dir_file(installd, vendor_overlay_file) +# Get file context +allow installd file_contexts_file:file r_file_perms; +# Get seapp_context +allow installd seapp_contexts_file:file r_file_perms; + +# Search /data/app-asec and stat files in it. +allow installd asec_image_file:dir search; +allow installd asec_image_file:file getattr; + +# Create /data/user and /data/user/0 if necessary. +# Also required to initially create /data/data subdirectories +# and lib symlinks before the setfilecon call. May want to +# move symlink creation after setfilecon in installd. +allow installd system_data_file:dir create_dir_perms; +# Also, allow read for lnk_file so that we can process /data/user/0 links when +# optimizing application code. +allow installd system_data_file:lnk_file { create getattr read setattr unlink }; + +# Manage lower filesystem via pass_through mounts +allow installd mnt_pass_through_file:dir r_dir_perms; + +# Upgrade /data/media for multi-user if necessary. +allow installd media_rw_data_file:dir create_dir_perms; +allow installd media_rw_data_file:file { getattr unlink }; +# restorecon new /data/media directory. +allow installd system_data_file:dir relabelfrom; +allow installd media_rw_data_file:dir relabelto; + +# Delete /data/media files through sdcardfs, instead of going behind its back +allow installd tmpfs:dir r_dir_perms; +allow installd storage_file:dir search; +allow installd sdcard_type:dir { search open read write remove_name getattr rmdir }; +allow installd sdcard_type:file { getattr unlink }; + +# Create app's mirror data directory in /data_mirror, and bind mount the real directory to it +allow installd mirror_data_file:dir { create_dir_perms mounton }; + +# Upgrade /data/misc/keychain for multi-user if necessary. +allow installd misc_user_data_file:dir create_dir_perms; +allow installd misc_user_data_file:file create_file_perms; +allow installd keychain_data_file:dir create_dir_perms; +allow installd keychain_data_file:file {r_file_perms unlink}; + +# Create /data/misc/installd/layout_version.* file +allow installd install_data_file:file create_file_perms; +allow installd install_data_file:dir rw_dir_perms; + +# Create files under /data/dalvik-cache. +allow installd dalvikcache_data_file:dir create_dir_perms; +allow installd dalvikcache_data_file:file create_file_perms; +allow installd dalvikcache_data_file:lnk_file getattr; + +# Create files under /data/resource-cache. +allow installd resourcecache_data_file:dir rw_dir_perms; +allow installd resourcecache_data_file:file create_file_perms; + +# Upgrade from unlabeled userdata. +# Just need enough to remove and/or relabel it. +allow installd unlabeled:dir { getattr search relabelfrom rw_dir_perms rmdir }; +allow installd unlabeled:notdevfile_class_set { getattr relabelfrom rename unlink setattr }; +# Read pkg.apk file for input during dexopt. +allow installd unlabeled:file r_file_perms; + +# Upgrade from before system_app_data_file was used for system UID apps. +# Just need enough to relabel it and to unlink removed package files. +# Directory access covered by earlier rule above. +allow installd system_data_file:notdevfile_class_set { getattr relabelfrom unlink }; + +# Manage /data/data subdirectories, including initially labeling them +# upon creation via setfilecon or running restorecon_recursive, +# setting owner/mode, creating symlinks within them, and deleting them +# upon package uninstall. + +# Types extracted from seapp_contexts type= fields. +allow installd { + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file + app_data_file + privapp_data_file +}:dir { create_dir_perms relabelfrom relabelto }; + +allow installd { + system_app_data_file + bluetooth_data_file + nfc_data_file + radio_data_file + shell_data_file + app_data_file + privapp_data_file +}:notdevfile_class_set { create_file_perms relabelfrom relabelto }; + +# Allow zygote to unmount mirror directories +allow installd labeledfs:filesystem unmount; + +# Similar for the files under /data/misc/profiles/ +allow installd user_profile_data_file:dir create_dir_perms; +allow installd user_profile_data_file:file create_file_perms; +allow installd user_profile_data_file:dir rmdir; +allow installd user_profile_data_file:file unlink; + +# Files created/updated by profman dumps. +allow installd profman_dump_data_file:dir { search add_name write }; +allow installd profman_dump_data_file:file { create setattr open write }; + +# Create and use pty created by android_fork_execvp(). +allow installd devpts:chr_file rw_file_perms; + +# execute toybox for app relocation +allow installd toolbox_exec:file rx_file_perms; + +# Allow installd to publish a binder service and make binder calls. +binder_use(installd) +add_service(installd, installd_service) +allow installd dumpstate:fifo_file { getattr write }; + +# Allow installd to call into the system server so it can check permissions. +binder_call(installd, system_server) +allow installd permission_service:service_manager find; + +# Allow installd to read and write quotas +allow installd block_device:dir { search }; +allow installd labeledfs:filesystem { quotaget quotamod }; + +# Allow installd to delete from /data/preloads when trimming data caches +# TODO b/34690396 Remove when time-based purge policy for preloads is implemented in system_server +allow installd preloads_data_file:file { r_file_perms unlink }; +allow installd preloads_data_file:dir { r_dir_perms write remove_name rmdir }; +allow installd preloads_media_file:file { r_file_perms unlink }; +allow installd preloads_media_file:dir { r_dir_perms write remove_name rmdir }; + +# Allow installd to read /proc/filesystems +allow installd proc_filesystems:file r_file_perms; + +### +### Neverallow rules +### + +# only system_server, installd, dumpstate, and servicemanager may interact with installd over binder +neverallow { domain -system_server -dumpstate -installd } installd_service:service_manager find; +neverallow { domain -system_server -dumpstate -servicemanager } installd:binder call; +neverallow installd { + domain + -system_server + -servicemanager + userdebug_or_eng(`-su') +}:binder call; diff --git a/prebuilts/api/30.0/public/ioctl_defines b/prebuilts/api/30.0/public/ioctl_defines new file mode 100644 index 000000000..4cc3bba51 --- /dev/null +++ b/prebuilts/api/30.0/public/ioctl_defines @@ -0,0 +1,2728 @@ +define(`ADD_NEW_DISK', `0x40140921') +define(`ADV7842_CMD_RAM_TEST', `0x000056c0') +define(`AGPIOC_ACQUIRE', `0x00004101') +define(`AGPIOC_ALLOCATE', `0xc0084106') +define(`AGPIOC_BIND', `0x40084108') +define(`AGPIOC_CHIPSET_FLUSH', `0x0000410a') +define(`AGPIOC_DEALLOCATE', `0x40044107') +define(`AGPIOC_INFO', `0x80084100') +define(`AGPIOC_PROTECT', `0x40084105') +define(`AGPIOC_RELEASE', `0x00004102') +define(`AGPIOC_RESERVE', `0x40084104') +define(`AGPIOC_SETUP', `0x40084103') +define(`AGPIOC_UNBIND', `0x40084109') +define(`AMDKFD_IOC_CREATE_QUEUE', `0xc0584b02') +define(`AMDKFD_IOC_DESTROY_QUEUE', `0xc0084b03') +define(`AMDKFD_IOC_GET_CLOCK_COUNTERS', `0xc0284b05') +define(`AMDKFD_IOC_GET_PROCESS_APERTURES', `0x81904b06') +define(`AMDKFD_IOC_GET_VERSION', `0x80084b01') +define(`AMDKFD_IOC_SET_MEMORY_POLICY', `0x40204b04') +define(`AMDKFD_IOC_UPDATE_QUEUE', `0x40184b07') +define(`ANDROID_ALARM_SET_RTC', `0x40106105') +define(`ANDROID_ALARM_WAIT', `0x00006101') +define(`APEI_ERST_CLEAR_RECORD', `0x40084501') +define(`APEI_ERST_GET_RECORD_COUNT', `0x80044502') +define(`APM_IOC_STANDBY', `0x00004101') +define(`APM_IOC_SUSPEND', `0x00004102') +define(`ASHMEM_GET_NAME', `0x81007702') +define(`ASHMEM_GET_PIN_STATUS', `0x00007709') +define(`ASHMEM_GET_PROT_MASK', `0x00007706') +define(`ASHMEM_GET_SIZE', `0x00007704') +define(`ASHMEM_PIN', `0x40087707') +define(`ASHMEM_PURGE_ALL_CACHES', `0x0000770a') +define(`ASHMEM_SET_NAME', `0x41007701') +define(`ASHMEM_SET_PROT_MASK', `0x40087705') +define(`ASHMEM_SET_SIZE', `0x40087703') +define(`ASHMEM_UNPIN', `0x40087708') +define(`ATM_ADDADDR', `0x40106188') +define(`ATM_ADDLECSADDR', `0x4010618e') +define(`ATM_ADDPARTY', `0x401061f4') +define(`ATMARPD_CTRL', `0x000061e1') +define(`ATMARP_ENCAP', `0x000061e5') +define(`ATMARP_MKIP', `0x000061e2') +define(`ATMARP_SETENTRY', `0x000061e3') +define(`ATM_DELADDR', `0x40106189') +define(`ATM_DELLECSADDR', `0x4010618f') +define(`ATM_DROPPARTY', `0x400461f5') +define(`ATM_GETADDR', `0x40106186') +define(`ATM_GETCIRANGE', `0x4010618a') +define(`ATM_GETESI', `0x40106185') +define(`ATM_GETLECSADDR', `0x40106190') +define(`ATM_GETLINKRATE', `0x40106181') +define(`ATM_GETLOOP', `0x40106152') +define(`ATM_GETNAMES', `0x40106183') +define(`ATM_GETSTAT', `0x40106150') +define(`ATM_GETSTATZ', `0x40106151') +define(`ATM_GETTYPE', `0x40106184') +define(`ATMLEC_CTRL', `0x000061d0') +define(`ATMLEC_DATA', `0x000061d1') +define(`ATMLEC_MCAST', `0x000061d2') +define(`ATMMPC_CTRL', `0x000061d8') +define(`ATMMPC_DATA', `0x000061d9') +define(`ATM_NEWBACKENDIF', `0x400261f3') +define(`ATM_QUERYLOOP', `0x40106154') +define(`ATM_RSTADDR', `0x40106187') +define(`ATM_SETBACKEND', `0x400261f2') +define(`ATM_SETCIRANGE', `0x4010618b') +define(`ATM_SETESI', `0x4010618c') +define(`ATM_SETESIF', `0x4010618d') +define(`ATM_SETLOOP', `0x40106153') +define(`ATM_SETSC', `0x400461f1') +define(`ATMSIGD_CTRL', `0x000061f0') +define(`ATMTCP_CREATE', `0x0000618e') +define(`ATMTCP_REMOVE', `0x0000618f') +define(`AUDIO_BILINGUAL_CHANNEL_SELECT', `0x00006f14') +define(`AUDIO_CHANNEL_SELECT', `0x00006f09') +define(`AUDIO_CLEAR_BUFFER', `0x00006f0c') +define(`AUDIO_CONTINUE', `0x00006f04') +define(`AUDIO_GET_CAPABILITIES', `0x80046f0b') +define(`AUDIO_GET_PTS', `0x80086f13') +define(`AUDIO_GET_STATUS', `0x80206f0a') +define(`AUDIO_PAUSE', `0x00006f03') +define(`AUDIO_PLAY', `0x00006f02') +define(`AUDIO_SELECT_SOURCE', `0x00006f05') +define(`AUDIO_SET_ATTRIBUTES', `0x40026f11') +define(`AUDIO_SET_AV_SYNC', `0x00006f07') +define(`AUDIO_SET_BYPASS_MODE', `0x00006f08') +define(`AUDIO_SET_EXT_ID', `0x00006f10') +define(`AUDIO_SET_ID', `0x00006f0d') +define(`AUDIO_SET_KARAOKE', `0x400c6f12') +define(`AUDIO_SET_MIXER', `0x40086f0e') +define(`AUDIO_SET_MUTE', `0x00006f06') +define(`AUDIO_SET_STREAMTYPE', `0x00006f0f') +define(`AUDIO_STOP', `0x00006f01') +define(`AUTOFS_DEV_IOCTL_ASKUMOUNT', `0xc018937d') +define(`AUTOFS_DEV_IOCTL_CATATONIC', `0xc0189379') +define(`AUTOFS_DEV_IOCTL_CLOSEMOUNT', `0xc0189375') +define(`AUTOFS_DEV_IOCTL_EXPIRE', `0xc018937c') +define(`AUTOFS_DEV_IOCTL_FAIL', `0xc0189377') +define(`AUTOFS_DEV_IOCTL_ISMOUNTPOINT', `0xc018937e') +define(`AUTOFS_DEV_IOCTL_OPENMOUNT', `0xc0189374') +define(`AUTOFS_DEV_IOCTL_PROTOSUBVER', `0xc0189373') +define(`AUTOFS_DEV_IOCTL_PROTOVER', `0xc0189372') +define(`AUTOFS_DEV_IOCTL_READY', `0xc0189376') +define(`AUTOFS_DEV_IOCTL_REQUESTER', `0xc018937b') +define(`AUTOFS_DEV_IOCTL_SETPIPEFD', `0xc0189378') +define(`AUTOFS_DEV_IOCTL_TIMEOUT', `0xc018937a') +define(`AUTOFS_DEV_IOCTL_VERSION', `0xc0189371') +define(`AUTOFS_IOC_ASKUMOUNT', `0x80049370') +define(`AUTOFS_IOC_CATATONIC', `0x00009362') +define(`AUTOFS_IOC_EXPIRE', `0x810c9365') +define(`AUTOFS_IOC_EXPIRE_MULTI', `0x40049366') +define(`AUTOFS_IOC_FAIL', `0x00009361') +define(`AUTOFS_IOC_PROTOSUBVER', `0x80049367') +define(`AUTOFS_IOC_PROTOVER', `0x80049363') +define(`AUTOFS_IOC_READY', `0x00009360') +define(`AUTOFS_IOC_SETTIMEOUT', `0xc0089364') +define(`AUTOFS_IOC_SETTIMEOUT32', `0xc0049364') +define(`BC_ACQUIRE', `0x40046305') +define(`BC_ACQUIRE_DONE', `0x40106309') +define(`BC_ACQUIRE_RESULT', `0x40046302') +define(`BC_ATTEMPT_ACQUIRE', `0x4008630a') +define(`BC_CLEAR_DEATH_NOTIFICATION', `0x400c630f') +define(`BC_DEAD_BINDER_DONE', `0x40086310') +define(`BC_DECREFS', `0x40046307') +define(`BC_ENTER_LOOPER', `0x0000630c') +define(`BC_EXIT_LOOPER', `0x0000630d') +define(`BC_FREE_BUFFER', `0x40086303') +define(`BC_INCREFS', `0x40046304') +define(`BC_INCREFS_DONE', `0x40106308') +define(`BC_REGISTER_LOOPER', `0x0000630b') +define(`BC_RELEASE', `0x40046306') +define(`BC_REPLY', `0x40406301') +define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e') +define(`BC_TRANSACTION', `0x40406300') +define(`BINDER_SET_CONTEXT_MGR', `0x40046207') +define(`BINDER_SET_IDLE_PRIORITY', `0x40046206') +define(`BINDER_SET_IDLE_TIMEOUT', `0x40086203') +define(`BINDER_SET_MAX_THREADS', `0x40046205') +define(`BINDER_THREAD_EXIT', `0x40046208') +define(`BINDER_VERSION', `0xc0046209') +define(`BINDER_WRITE_READ', `0xc0306201') +define(`BLKALIGNOFF', `0x0000127a') +define(`BLKBSZGET', `0x80081270') +define(`BLKBSZSET', `0x40081271') +define(`BLKDISCARD', `0x00001277') +define(`BLKDISCARDZEROES', `0x0000127c') +define(`BLKFLSBUF', `0x00001261') +define(`BLKFRAGET', `0x00001265') +define(`BLKFRASET', `0x00001264') +define(`BLKGETSIZE', `0x00001260') +define(`BLKGETSIZE64', `0x80081272') +define(`BLKI2OGRSTRAT', `0x80043201') +define(`BLKI2OGWSTRAT', `0x80043202') +define(`BLKI2OSRSTRAT', `0x40043203') +define(`BLKI2OSWSTRAT', `0x40043204') +define(`BLKIOMIN', `0x00001278') +define(`BLKIOOPT', `0x00001279') +define(`BLKPBSZGET', `0x0000127b') +define(`BLKPG', `0x00001269') +define(`BLKRAGET', `0x00001263') +define(`BLKRASET', `0x00001262') +define(`BLKROGET', `0x0000125e') +define(`BLKROSET', `0x0000125d') +define(`BLKROTATIONAL', `0x0000127e') +define(`BLKRRPART', `0x0000125f') +define(`BLKSECDISCARD', `0x0000127d') +define(`BLKSECTGET', `0x00001267') +define(`BLKSECTSET', `0x00001266') +define(`BLKSSZGET', `0x00001268') +define(`BLKTRACESETUP', `0xc0481273') +define(`BLKTRACESTART', `0x00001274') +define(`BLKTRACESTOP', `0x00001275') +define(`BLKTRACETEARDOWN', `0x00001276') +define(`BLKZEROOUT', `0x0000127f') +define(`BR2684_SETFILT', `0x401c6190') +define(`BR_ACQUIRE', `0x80107208') +define(`BR_ACQUIRE_RESULT', `0x80047204') +define(`BR_ATTEMPT_ACQUIRE', `0x8018720b') +define(`BR_CLEAR_DEATH_NOTIFICATION_DONE', `0x80087210') +define(`BR_DEAD_BINDER', `0x8008720f') +define(`BR_DEAD_REPLY', `0x00007205') +define(`BR_DECREFS', `0x8010720a') +define(`BR_ERROR', `0x80047200') +define(`BR_FAILED_REPLY', `0x00007211') +define(`BR_FINISHED', `0x0000720e') +define(`BR_INCREFS', `0x80107207') +define(`BR_NOOP', `0x0000720c') +define(`BR_OK', `0x00007201') +define(`BR_RELEASE', `0x80107209') +define(`BR_REPLY', `0x80407203') +define(`BR_SPAWN_LOOPER', `0x0000720d') +define(`BR_TRANSACTION', `0x80407202') +define(`BR_TRANSACTION_COMPLETE', `0x00007206') +define(`BT819_FIFO_RESET_HIGH', `0x00006201') +define(`BT819_FIFO_RESET_LOW', `0x00006200') +define(`BTRFS_IOC_ADD_DEV', `0x5000940a') +define(`BTRFS_IOC_BALANCE', `0x5000940c') +define(`BTRFS_IOC_BALANCE_CTL', `0x40049421') +define(`BTRFS_IOC_BALANCE_PROGRESS', `0x84009422') +define(`BTRFS_IOC_BALANCE_V2', `0xc4009420') +define(`BTRFS_IOC_CLONE', `0x40049409') +define(`BTRFS_IOC_CLONE_RANGE', `0x4020940d') +define(`BTRFS_IOC_DEFAULT_SUBVOL', `0x40089413') +define(`BTRFS_IOC_DEFRAG', `0x50009402') +define(`BTRFS_IOC_DEFRAG_RANGE', `0x40309410') +define(`BTRFS_IOC_DEVICES_READY', `0x90009427') +define(`BTRFS_IOC_DEV_INFO', `0xd000941e') +define(`BTRFS_IOC_DEV_REPLACE', `0xca289435') +define(`BTRFS_IOC_FILE_EXTENT_SAME', `0xc0189436') +define(`BTRFS_IOC_FS_INFO', `0x8400941f') +define(`BTRFS_IOC_GET_DEV_STATS', `0xc4089434') +define(`BTRFS_IOC_GET_FEATURES', `0x80189439') +define(`BTRFS_IOC_GET_FSLABEL', `0x81009431') +define(`BTRFS_IOC_GET_SUPPORTED_FEATURES', `0x80489439') +define(`BTRFS_IOC_INO_LOOKUP', `0xd0009412') +define(`BTRFS_IOC_INO_PATHS', `0xc0389423') +define(`BTRFS_IOC_LOGICAL_INO', `0xc0389424') +define(`BTRFS_IOC_QGROUP_ASSIGN', `0x40189429') +define(`BTRFS_IOC_QGROUP_CREATE', `0x4010942a') +define(`BTRFS_IOC_QGROUP_LIMIT', `0x8030942b') +define(`BTRFS_IOC_QUOTA_CTL', `0xc0109428') +define(`BTRFS_IOC_QUOTA_RESCAN', `0x4040942c') +define(`BTRFS_IOC_QUOTA_RESCAN_STATUS', `0x8040942d') +define(`BTRFS_IOC_QUOTA_RESCAN_WAIT', `0x0000942e') +define(`BTRFS_IOC_RESIZE', `0x50009403') +define(`BTRFS_IOC_RM_DEV', `0x5000940b') +define(`BTRFS_IOC_SCAN_DEV', `0x50009404') +define(`BTRFS_IOC_SCRUB', `0xc400941b') +define(`BTRFS_IOC_SCRUB_CANCEL', `0x0000941c') +define(`BTRFS_IOC_SCRUB_PROGRESS', `0xc400941d') +define(`BTRFS_IOC_SEND', `0x40489426') +define(`BTRFS_IOC_SET_FEATURES', `0x40309439') +define(`BTRFS_IOC_SET_FSLABEL', `0x41009432') +define(`BTRFS_IOC_SET_RECEIVED_SUBVOL', `0xc0c89425') +define(`BTRFS_IOC_SNAP_CREATE', `0x50009401') +define(`BTRFS_IOC_SNAP_CREATE_V2', `0x50009417') +define(`BTRFS_IOC_SNAP_DESTROY', `0x5000940f') +define(`BTRFS_IOC_SPACE_INFO', `0xc0109414') +define(`BTRFS_IOC_START_SYNC', `0x80089418') +define(`BTRFS_IOC_SUBVOL_CREATE', `0x5000940e') +define(`BTRFS_IOC_SUBVOL_CREATE_V2', `0x50009418') +define(`BTRFS_IOC_SUBVOL_GETFLAGS', `0x80089419') +define(`BTRFS_IOC_SUBVOL_SETFLAGS', `0x4008941a') +define(`BTRFS_IOC_SYNC', `0x00009408') +define(`BTRFS_IOC_TRANS_END', `0x00009407') +define(`BTRFS_IOC_TRANS_START', `0x00009406') +define(`BTRFS_IOC_TREE_SEARCH', `0xd0009411') +define(`BTRFS_IOC_TREE_SEARCH_V2', `0xc0709411') +define(`BTRFS_IOC_WAIT_SYNC', `0x40089416') +define(`CA_GET_CAP', `0x80106f81') +define(`CA_GET_DESCR_INFO', `0x80086f83') +define(`CA_GET_MSG', `0x810c6f84') +define(`CA_GET_SLOT_INFO', `0x800c6f82') +define(`CAPI_CLR_FLAGS', `0x80044325') +define(`CAPI_GET_ERRCODE', `0x80024321') +define(`CAPI_GET_FLAGS', `0x80044323') +define(`CAPI_GET_MANUFACTURER', `0xc0044306') +define(`CAPI_GET_PROFILE', `0xc0404309') +define(`CAPI_GET_SERIAL', `0xc0044308') +define(`CAPI_GET_VERSION', `0xc0104307') +define(`CAPI_INSTALLED', `0x80024322') +define(`CAPI_MANUFACTURER_CMD', `0xc0104320') +define(`CAPI_NCCI_GETUNIT', `0x80044327') +define(`CAPI_NCCI_OPENCOUNT', `0x80044326') +define(`CAPI_REGISTER', `0x400c4301') +define(`CAPI_SET_FLAGS', `0x80044324') +define(`CA_RESET', `0x00006f80') +define(`CA_SEND_MSG', `0x410c6f85') +define(`CA_SET_DESCR', `0x40106f86') +define(`CA_SET_PID', `0x40086f87') +define(`CCISS_BIG_PASSTHRU', `0xc0604212') +define(`CCISS_DEREGDISK', `0x0000420c') +define(`CCISS_GETBUSTYPES', `0x80044207') +define(`CCISS_GETDRIVVER', `0x80044209') +define(`CCISS_GETFIRMVER', `0x80044208') +define(`CCISS_GETHEARTBEAT', `0x80044206') +define(`CCISS_GETINTINFO', `0x80084202') +define(`CCISS_GETLUNINFO', `0x800c4211') +define(`CCISS_GETNODENAME', `0x80104204') +define(`CCISS_GETPCIINFO', `0x80084201') +define(`CCISS_PASSTHRU', `0xc058420b') +define(`CCISS_REGNEWD', `0x0000420e') +define(`CCISS_REGNEWDISK', `0x4004420d') +define(`CCISS_RESCANDISK', `0x00004210') +define(`CCISS_REVALIDVOLS', `0x0000420a') +define(`CCISS_SETINTINFO', `0x40084203') +define(`CCISS_SETNODENAME', `0x40104205') +define(`CDROMAUDIOBUFSIZ', `0x00005382') +define(`CDROM_CHANGER_NSLOTS', `0x00005328') +define(`CDROM_CLEAR_OPTIONS', `0x00005321') +define(`CDROMCLOSETRAY', `0x00005319') +define(`CDROM_DEBUG', `0x00005330') +define(`CDROM_DISC_STATUS', `0x00005327') +define(`CDROM_DRIVE_STATUS', `0x00005326') +define(`CDROMEJECT', `0x00005309') +define(`CDROMEJECT_SW', `0x0000530f') +define(`CDROM_GET_CAPABILITY', `0x00005331') +define(`CDROM_GET_MCN', `0x00005311') +define(`CDROMGETSPINDOWN', `0x0000531d') +define(`CDROM_LAST_WRITTEN', `0x00005395') +define(`CDROM_LOCKDOOR', `0x00005329') +define(`CDROM_MEDIA_CHANGED', `0x00005325') +define(`CDROMMULTISESSION', `0x00005310') +define(`CDROM_NEXT_WRITABLE', `0x00005394') +define(`CDROMPAUSE', `0x00005301') +define(`CDROMPLAYBLK', `0x00005317') +define(`CDROMPLAYMSF', `0x00005303') +define(`CDROMPLAYTRKIND', `0x00005304') +define(`CDROMREADALL', `0x00005318') +define(`CDROMREADAUDIO', `0x0000530e') +define(`CDROMREADCOOKED', `0x00005315') +define(`CDROMREADMODE1', `0x0000530d') +define(`CDROMREADMODE2', `0x0000530c') +define(`CDROMREADRAW', `0x00005314') +define(`CDROMREADTOCENTRY', `0x00005306') +define(`CDROMREADTOCHDR', `0x00005305') +define(`CDROMRESET', `0x00005312') +define(`CDROMRESUME', `0x00005302') +define(`CDROMSEEK', `0x00005316') +define(`CDROM_SELECT_DISC', `0x00005323') +define(`CDROM_SELECT_SPEED', `0x00005322') +define(`CDROM_SEND_PACKET', `0x00005393') +define(`CDROM_SET_OPTIONS', `0x00005320') +define(`CDROMSETSPINDOWN', `0x0000531e') +define(`CDROMSTART', `0x00005308') +define(`CDROMSTOP', `0x00005307') +define(`CDROMSUBCHNL', `0x0000530b') +define(`CDROMVOLCTRL', `0x0000530a') +define(`CDROMVOLREAD', `0x00005313') +define(`CHIOEXCHANGE', `0x401c6302') +define(`CHIOGELEM', `0x406c6310') +define(`CHIOGPARAMS', `0x80146306') +define(`CHIOGPICKER', `0x80046304') +define(`CHIOGSTATUS', `0x40106308') +define(`CHIOGVPARAMS', `0x80706313') +define(`CHIOINITELEM', `0x00006311') +define(`CHIOMOVE', `0x40146301') +define(`CHIOPOSITION', `0x400c6303') +define(`CHIOSPICKER', `0x40046305') +define(`CHIOSVOLTAG', `0x40306312') +define(`CIOC_KERNEL_VERSION', `0xc008630a') +define(`CLEAR_ARRAY', `0x00000920') +define(`CM_IOCARDOFF', `0x00006304') +define(`CM_IOCGATR', `0xc0086301') +define(`CM_IOCGSTATUS', `0x80086300') +define(`CM_IOCSPTS', `0x40086302') +define(`CM_IOCSRDR', `0x00006303') +define(`CM_IOSDBGLVL', `0x400863fa') +define(`CXL_IOCTL_GET_PROCESS_ELEMENT', `0x8004ca01') +define(`CXL_IOCTL_START_WORK', `0x4040ca00') +define(`DM_DEV_CREATE', `0xc138fd03') +define(`DM_DEV_REMOVE', `0xc138fd04') +define(`DM_DEV_RENAME', `0xc138fd05') +define(`DM_DEV_SET_GEOMETRY', `0xc138fd0f') +define(`DM_DEV_STATUS', `0xc138fd07') +define(`DM_DEV_SUSPEND', `0xc138fd06') +define(`DM_DEV_WAIT', `0xc138fd08') +define(`DM_LIST_DEVICES', `0xc138fd02') +define(`DM_LIST_VERSIONS', `0xc138fd0d') +define(`DM_REMOVE_ALL', `0xc138fd01') +define(`DM_TABLE_CLEAR', `0xc138fd0a') +define(`DM_TABLE_DEPS', `0xc138fd0b') +define(`DM_TABLE_LOAD', `0xc138fd09') +define(`DM_TABLE_STATUS', `0xc138fd0c') +define(`DM_TARGET_MSG', `0xc138fd0e') +define(`DM_VERSION', `0xc138fd00') +define(`DMX_ADD_PID', `0x40026f33') +define(`DMX_GET_CAPS', `0x80086f30') +define(`DMX_GET_PES_PIDS', `0x800a6f2f') +define(`DMX_GET_STC', `0xc0106f32') +define(`DMX_REMOVE_PID', `0x40026f34') +define(`DMX_SET_BUFFER_SIZE', `0x00006f2d') +define(`DMX_SET_FILTER', `0x403c6f2b') +define(`DMX_SET_PES_FILTER', `0x40146f2c') +define(`DMX_SET_SOURCE', `0x40046f31') +define(`DMX_START', `0x00006f29') +define(`DMX_STOP', `0x00006f2a') +define(`DRM_IOCTL_ADD_BUFS', `0xc0206416') +define(`DRM_IOCTL_ADD_CTX', `0xc0086420') +define(`DRM_IOCTL_ADD_DRAW', `0xc0046427') +define(`DRM_IOCTL_ADD_MAP', `0xc0286415') +define(`DRM_IOCTL_AGP_ACQUIRE', `0x00006430') +define(`DRM_IOCTL_AGP_ALLOC', `0xc0206434') +define(`DRM_IOCTL_AGP_BIND', `0x40106436') +define(`DRM_IOCTL_AGP_ENABLE', `0x40086432') +define(`DRM_IOCTL_AGP_FREE', `0x40206435') +define(`DRM_IOCTL_AGP_INFO', `0x80386433') +define(`DRM_IOCTL_AGP_RELEASE', `0x00006431') +define(`DRM_IOCTL_AGP_UNBIND', `0x40106437') +define(`DRM_IOCTL_AUTH_MAGIC', `0x40046411') +define(`DRM_IOCTL_BLOCK', `0xc0046412') +define(`DRM_IOCTL_CONTROL', `0x40086414') +define(`DRM_IOCTL_DMA', `0xc0406429') +define(`DRM_IOCTL_DROP_MASTER', `0x0000641f') +define(`DRM_IOCTL_EXYNOS_G2D_EXEC', `0xc0086462') +define(`DRM_IOCTL_EXYNOS_G2D_GET_VER', `0xc0086460') +define(`DRM_IOCTL_EXYNOS_G2D_SET_CMDLIST', `0xc0286461') +define(`DRM_IOCTL_EXYNOS_GEM_CREATE', `0xc0106440') +define(`DRM_IOCTL_EXYNOS_GEM_GET', `0xc0106444') +define(`DRM_IOCTL_EXYNOS_IPP_CMD_CTRL', `0xc0086473') +define(`DRM_IOCTL_EXYNOS_IPP_GET_PROPERTY', `0xc0506470') +define(`DRM_IOCTL_EXYNOS_IPP_QUEUE_BUF', `0xc0286472') +define(`DRM_IOCTL_EXYNOS_IPP_SET_PROPERTY', `0xc0606471') +define(`DRM_IOCTL_EXYNOS_VIDI_CONNECTION', `0xc0106447') +define(`DRM_IOCTL_FINISH', `0x4008642c') +define(`DRM_IOCTL_FREE_BUFS', `0x4010641a') +define(`DRM_IOCTL_GEM_CLOSE', `0x40086409') +define(`DRM_IOCTL_GEM_FLINK', `0xc008640a') +define(`DRM_IOCTL_GEM_OPEN', `0xc010640b') +define(`DRM_IOCTL_GET_CAP', `0xc010640c') +define(`DRM_IOCTL_GET_CLIENT', `0xc0286405') +define(`DRM_IOCTL_GET_CTX', `0xc0086423') +define(`DRM_IOCTL_GET_MAGIC', `0x80046402') +define(`DRM_IOCTL_GET_MAP', `0xc0286404') +define(`DRM_IOCTL_GET_SAREA_CTX', `0xc010641d') +define(`DRM_IOCTL_GET_STATS', `0x80f86406') +define(`DRM_IOCTL_GET_UNIQUE', `0xc0106401') +define(`DRM_IOCTL_I810_CLEAR', `0x400c6442') +define(`DRM_IOCTL_I810_COPY', `0x40106447') +define(`DRM_IOCTL_I810_DOCOPY', `0x00006448') +define(`DRM_IOCTL_I810_FLIP', `0x0000644e') +define(`DRM_IOCTL_I810_FLUSH', `0x00006443') +define(`DRM_IOCTL_I810_FSTATUS', `0x0000644a') +define(`DRM_IOCTL_I810_GETAGE', `0x00006444') +define(`DRM_IOCTL_I810_GETBUF', `0xc0186445') +define(`DRM_IOCTL_I810_INIT', `0x40406440') +define(`DRM_IOCTL_I810_MC', `0x4020644c') +define(`DRM_IOCTL_I810_OV0FLIP', `0x0000644b') +define(`DRM_IOCTL_I810_OV0INFO', `0x80086449') +define(`DRM_IOCTL_I810_RSTATUS', `0x0000644d') +define(`DRM_IOCTL_I810_SWAP', `0x00006446') +define(`DRM_IOCTL_I810_VERTEX', `0x400c6441') +define(`DRM_IOCTL_I915_ALLOC', `0xc0186448') +define(`DRM_IOCTL_I915_BATCHBUFFER', `0x40206443') +define(`DRM_IOCTL_I915_CMDBUFFER', `0x4020644b') +define(`DRM_IOCTL_I915_DESTROY_HEAP', `0x4004644c') +define(`DRM_IOCTL_I915_FLIP', `0x00006442') +define(`DRM_IOCTL_I915_FLUSH', `0x00006441') +define(`DRM_IOCTL_I915_FREE', `0x40086449') +define(`DRM_IOCTL_I915_GEM_BUSY', `0xc0086457') +define(`DRM_IOCTL_I915_GEM_CONTEXT_CREATE', `0xc008646d') +define(`DRM_IOCTL_I915_GEM_CONTEXT_DESTROY', `0x4008646e') +define(`DRM_IOCTL_I915_GEM_CREATE', `0xc010645b') +define(`DRM_IOCTL_I915_GEM_ENTERVT', `0x00006459') +define(`DRM_IOCTL_I915_GEM_EXECBUFFER', `0x40286454') +define(`DRM_IOCTL_I915_GEM_EXECBUFFER2', `0x40406469') +define(`DRM_IOCTL_I915_GEM_GET_APERTURE', `0x80106463') +define(`DRM_IOCTL_I915_GEM_GET_CACHING', `0xc0086470') +define(`DRM_IOCTL_I915_GEM_GET_TILING', `0xc0106462') +define(`DRM_IOCTL_I915_GEM_INIT', `0x40106453') +define(`DRM_IOCTL_I915_GEM_LEAVEVT', `0x0000645a') +define(`DRM_IOCTL_I915_GEM_MADVISE', `0xc00c6466') +define(`DRM_IOCTL_I915_GEM_MMAP', `0xc020645e') +define(`DRM_IOCTL_I915_GEM_MMAP_GTT', `0xc0106464') +define(`DRM_IOCTL_I915_GEM_PIN', `0xc0186455') +define(`DRM_IOCTL_I915_GEM_PREAD', `0x4020645c') +define(`DRM_IOCTL_I915_GEM_PWRITE', `0x4020645d') +define(`DRM_IOCTL_I915_GEM_SET_CACHING', `0x4008646f') +define(`DRM_IOCTL_I915_GEM_SET_DOMAIN', `0x400c645f') +define(`DRM_IOCTL_I915_GEM_SET_TILING', `0xc0106461') +define(`DRM_IOCTL_I915_GEM_SW_FINISH', `0x40046460') +define(`DRM_IOCTL_I915_GEM_THROTTLE', `0x00006458') +define(`DRM_IOCTL_I915_GEM_UNPIN', `0x40086456') +define(`DRM_IOCTL_I915_GEM_USERPTR', `0xc0186473') +define(`DRM_IOCTL_I915_GEM_WAIT', `0xc010646c') +define(`DRM_IOCTL_I915_GETPARAM', `0xc0106446') +define(`DRM_IOCTL_I915_GET_PIPE_FROM_CRTC_ID', `0xc0086465') +define(`DRM_IOCTL_I915_GET_RESET_STATS', `0xc0186472') +define(`DRM_IOCTL_I915_GET_SPRITE_COLORKEY', `0xc014646b') +define(`DRM_IOCTL_I915_GET_VBLANK_PIPE', `0x8004644e') +define(`DRM_IOCTL_I915_HWS_ADDR', `0x40106451') +define(`DRM_IOCTL_I915_INIT', `0x40446440') +define(`DRM_IOCTL_I915_INIT_HEAP', `0x400c644a') +define(`DRM_IOCTL_I915_IRQ_EMIT', `0xc0086444') +define(`DRM_IOCTL_I915_IRQ_WAIT', `0x40046445') +define(`DRM_IOCTL_I915_OVERLAY_ATTRS', `0xc02c6468') +define(`DRM_IOCTL_I915_OVERLAY_PUT_IMAGE', `0x402c6467') +define(`DRM_IOCTL_I915_REG_READ', `0xc0106471') +define(`DRM_IOCTL_I915_SETPARAM', `0x40086447') +define(`DRM_IOCTL_I915_SET_SPRITE_COLORKEY', `0xc014646b') +define(`DRM_IOCTL_I915_SET_VBLANK_PIPE', `0x4004644d') +define(`DRM_IOCTL_I915_VBLANK_SWAP', `0xc00c644f') +define(`DRM_IOCTL_INFO_BUFS', `0xc0106418') +define(`DRM_IOCTL_IRQ_BUSID', `0xc0106403') +define(`DRM_IOCTL_LOCK', `0x4008642a') +define(`DRM_IOCTL_MAP_BUFS', `0xc0186419') +define(`DRM_IOCTL_MARK_BUFS', `0x40206417') +define(`DRM_IOCTL_MGA_BLIT', `0x40346448') +define(`DRM_IOCTL_MGA_CLEAR', `0x40146444') +define(`DRM_IOCTL_MGA_DMA_BOOTSTRAP', `0xc020644c') +define(`DRM_IOCTL_MGA_FLUSH', `0x40086441') +define(`DRM_IOCTL_MGA_GETPARAM', `0xc0106449') +define(`DRM_IOCTL_MGA_ILOAD', `0x400c6447') +define(`DRM_IOCTL_MGA_INDICES', `0x40106446') +define(`DRM_IOCTL_MGA_INIT', `0x40806440') +define(`DRM_IOCTL_MGA_RESET', `0x00006442') +define(`DRM_IOCTL_MGA_SET_FENCE', `0x4004644a') +define(`DRM_IOCTL_MGA_SWAP', `0x00006443') +define(`DRM_IOCTL_MGA_VERTEX', `0x400c6445') +define(`DRM_IOCTL_MGA_WAIT_FENCE', `0xc004644b') +define(`DRM_IOCTL_MOD_CTX', `0x40086422') +define(`DRM_IOCTL_MODE_ADDFB', `0xc01c64ae') +define(`DRM_IOCTL_MODE_ADDFB2', `0xc04464b8') +define(`DRM_IOCTL_MODE_ATTACHMODE', `0xc04864a8') +define(`DRM_IOCTL_MODE_CREATE_DUMB', `0xc02064b2') +define(`DRM_IOCTL_MODE_CURSOR', `0xc01c64a3') +define(`DRM_IOCTL_MODE_CURSOR2', `0xc02464bb') +define(`DRM_IOCTL_MODE_DESTROY_DUMB', `0xc00464b4') +define(`DRM_IOCTL_MODE_DETACHMODE', `0xc04864a9') +define(`DRM_IOCTL_MODE_DIRTYFB', `0xc01864b1') +define(`DRM_IOCTL_MODE_GETCONNECTOR', `0xc05064a7') +define(`DRM_IOCTL_MODE_GETCRTC', `0xc06864a1') +define(`DRM_IOCTL_MODE_GETENCODER', `0xc01464a6') +define(`DRM_IOCTL_MODE_GETFB', `0xc01c64ad') +define(`DRM_IOCTL_MODE_GETGAMMA', `0xc02064a4') +define(`DRM_IOCTL_MODE_GETPLANE', `0xc02064b6') +define(`DRM_IOCTL_MODE_GETPLANERESOURCES', `0xc01064b5') +define(`DRM_IOCTL_MODE_GETPROPBLOB', `0xc01064ac') +define(`DRM_IOCTL_MODE_GETPROPERTY', `0xc04064aa') +define(`DRM_IOCTL_MODE_GETRESOURCES', `0xc04064a0') +define(`DRM_IOCTL_MODE_MAP_DUMB', `0xc01064b3') +define(`DRM_IOCTL_MODE_OBJ_GETPROPERTIES', `0xc02064b9') +define(`DRM_IOCTL_MODE_OBJ_SETPROPERTY', `0xc01864ba') +define(`DRM_IOCTL_MODE_PAGE_FLIP', `0xc01864b0') +define(`DRM_IOCTL_MODE_RMFB', `0xc00464af') +define(`DRM_IOCTL_MODE_SETCRTC', `0xc06864a2') +define(`DRM_IOCTL_MODESET_CTL', `0x40086408') +define(`DRM_IOCTL_MODE_SETGAMMA', `0xc02064a5') +define(`DRM_IOCTL_MODE_SETPLANE', `0xc03064b7') +define(`DRM_IOCTL_MODE_SETPROPERTY', `0xc01064ab') +define(`DRM_IOCTL_MSM_GEM_CPU_FINI', `0x40046445') +define(`DRM_IOCTL_MSM_GEM_CPU_PREP', `0x40186444') +define(`DRM_IOCTL_MSM_GEM_INFO', `0xc0106443') +define(`DRM_IOCTL_MSM_GEM_NEW', `0xc0106442') +define(`DRM_IOCTL_MSM_GEM_SUBMIT', `0xc0206446') +define(`DRM_IOCTL_MSM_GET_PARAM', `0xc0106440') +define(`DRM_IOCTL_MSM_WAIT_FENCE', `0x40186447') +define(`DRM_IOCTL_NEW_CTX', `0x40086425') +define(`DRM_IOCTL_NOUVEAU_GEM_CPU_FINI', `0x40046483') +define(`DRM_IOCTL_NOUVEAU_GEM_CPU_PREP', `0x40086482') +define(`DRM_IOCTL_NOUVEAU_GEM_INFO', `0xc0286484') +define(`DRM_IOCTL_NOUVEAU_GEM_NEW', `0xc0306480') +define(`DRM_IOCTL_NOUVEAU_GEM_PUSHBUF', `0xc0406481') +define(`DRM_IOCTL_OMAP_GEM_CPU_FINI', `0x40106445') +define(`DRM_IOCTL_OMAP_GEM_CPU_PREP', `0x40086444') +define(`DRM_IOCTL_OMAP_GEM_INFO', `0xc0186446') +define(`DRM_IOCTL_OMAP_GEM_NEW', `0xc0106443') +define(`DRM_IOCTL_OMAP_GET_PARAM', `0xc0106440') +define(`DRM_IOCTL_OMAP_SET_PARAM', `0x40106441') +define(`DRM_IOCTL_PRIME_FD_TO_HANDLE', `0xc00c642e') +define(`DRM_IOCTL_PRIME_HANDLE_TO_FD', `0xc00c642d') +define(`DRM_IOCTL_QXL_ALLOC', `0xc0086440') +define(`DRM_IOCTL_QXL_ALLOC_SURF', `0xc0186446') +define(`DRM_IOCTL_QXL_CLIENTCAP', `0x40086445') +define(`DRM_IOCTL_QXL_EXECBUFFER', `0x40106442') +define(`DRM_IOCTL_QXL_GETPARAM', `0xc0106444') +define(`DRM_IOCTL_QXL_MAP', `0xc0106441') +define(`DRM_IOCTL_QXL_UPDATE_AREA', `0x40186443') +define(`DRM_IOCTL_R128_BLIT', `0x4018644b') +define(`DRM_IOCTL_R128_CCE_IDLE', `0x00006444') +define(`DRM_IOCTL_R128_CCE_RESET', `0x00006443') +define(`DRM_IOCTL_R128_CCE_START', `0x00006441') +define(`DRM_IOCTL_R128_CCE_STOP', `0x40086442') +define(`DRM_IOCTL_R128_CLEAR', `0x40146448') +define(`DRM_IOCTL_R128_DEPTH', `0x4028644c') +define(`DRM_IOCTL_R128_FLIP', `0x00006453') +define(`DRM_IOCTL_R128_FULLSCREEN', `0x40046450') +define(`DRM_IOCTL_R128_GETPARAM', `0xc0106452') +define(`DRM_IOCTL_R128_INDICES', `0x4014644a') +define(`DRM_IOCTL_R128_INDIRECT', `0xc010644f') +define(`DRM_IOCTL_R128_INIT', `0x40786440') +define(`DRM_IOCTL_R128_RESET', `0x00006446') +define(`DRM_IOCTL_R128_STIPPLE', `0x4008644d') +define(`DRM_IOCTL_R128_SWAP', `0x00006447') +define(`DRM_IOCTL_R128_VERTEX', `0x40106449') +define(`DRM_IOCTL_RADEON_ALLOC', `0xc0186453') +define(`DRM_IOCTL_RADEON_CLEAR', `0x40206448') +define(`DRM_IOCTL_RADEON_CMDBUF', `0x40206450') +define(`DRM_IOCTL_RADEON_CP_IDLE', `0x00006444') +define(`DRM_IOCTL_RADEON_CP_INIT', `0x40786440') +define(`DRM_IOCTL_RADEON_CP_RESET', `0x00006443') +define(`DRM_IOCTL_RADEON_CP_RESUME', `0x00006458') +define(`DRM_IOCTL_RADEON_CP_START', `0x00006441') +define(`DRM_IOCTL_RADEON_CP_STOP', `0x40086442') +define(`DRM_IOCTL_RADEON_CS', `0xc0206466') +define(`DRM_IOCTL_RADEON_FLIP', `0x00006452') +define(`DRM_IOCTL_RADEON_FREE', `0x40086454') +define(`DRM_IOCTL_RADEON_FULLSCREEN', `0x40046446') +define(`DRM_IOCTL_RADEON_GEM_BUSY', `0xc008646a') +define(`DRM_IOCTL_RADEON_GEM_CREATE', `0xc020645d') +define(`DRM_IOCTL_RADEON_GEM_GET_TILING', `0xc00c6469') +define(`DRM_IOCTL_RADEON_GEM_INFO', `0xc018645c') +define(`DRM_IOCTL_RADEON_GEM_MMAP', `0xc020645e') +define(`DRM_IOCTL_RADEON_GEM_OP', `0xc010646c') +define(`DRM_IOCTL_RADEON_GEM_PREAD', `0xc0206461') +define(`DRM_IOCTL_RADEON_GEM_PWRITE', `0xc0206462') +define(`DRM_IOCTL_RADEON_GEM_SET_DOMAIN', `0xc00c6463') +define(`DRM_IOCTL_RADEON_GEM_SET_TILING', `0xc00c6468') +define(`DRM_IOCTL_RADEON_GEM_USERPTR', `0xc018646d') +define(`DRM_IOCTL_RADEON_GEM_VA', `0xc018646b') +define(`DRM_IOCTL_RADEON_GEM_WAIT_IDLE', `0x40086464') +define(`DRM_IOCTL_RADEON_GETPARAM', `0xc0106451') +define(`DRM_IOCTL_RADEON_INDICES', `0x4014644a') +define(`DRM_IOCTL_RADEON_INDIRECT', `0xc010644d') +define(`DRM_IOCTL_RADEON_INFO', `0xc0106467') +define(`DRM_IOCTL_RADEON_INIT_HEAP', `0x400c6455') +define(`DRM_IOCTL_RADEON_IRQ_EMIT', `0xc0086456') +define(`DRM_IOCTL_RADEON_IRQ_WAIT', `0x40046457') +define(`DRM_IOCTL_RADEON_RESET', `0x00006445') +define(`DRM_IOCTL_RADEON_SETPARAM', `0x40106459') +define(`DRM_IOCTL_RADEON_STIPPLE', `0x4008644c') +define(`DRM_IOCTL_RADEON_SURF_ALLOC', `0x400c645a') +define(`DRM_IOCTL_RADEON_SURF_FREE', `0x4004645b') +define(`DRM_IOCTL_RADEON_SWAP', `0x00006447') +define(`DRM_IOCTL_RADEON_TEXTURE', `0xc020644e') +define(`DRM_IOCTL_RADEON_VERTEX', `0x40106449') +define(`DRM_IOCTL_RADEON_VERTEX2', `0x4028644f') +define(`DRM_IOCTL_RES_CTX', `0xc0106426') +define(`DRM_IOCTL_RM_CTX', `0xc0086421') +define(`DRM_IOCTL_RM_DRAW', `0xc0046428') +define(`DRM_IOCTL_RM_MAP', `0x4028641b') +define(`DRM_IOCTL_SAVAGE_BCI_CMDBUF', `0x40386441') +define(`DRM_IOCTL_SAVAGE_BCI_EVENT_EMIT', `0xc0086442') +define(`DRM_IOCTL_SAVAGE_BCI_EVENT_WAIT', `0x40086443') +define(`DRM_IOCTL_SAVAGE_BCI_INIT', `0x40606440') +define(`DRM_IOCTL_SET_CLIENT_CAP', `0x4010640d') +define(`DRM_IOCTL_SET_MASTER', `0x0000641e') +define(`DRM_IOCTL_SET_SAREA_CTX', `0x4010641c') +define(`DRM_IOCTL_SET_UNIQUE', `0x40106410') +define(`DRM_IOCTL_SET_VERSION', `0xc0106407') +define(`DRM_IOCTL_SG_ALLOC', `0xc0106438') +define(`DRM_IOCTL_SG_FREE', `0x40106439') +define(`DRM_IOCTL_SIS_AGP_ALLOC', `0xc0206454') +define(`DRM_IOCTL_SIS_AGP_FREE', `0x40206455') +define(`DRM_IOCTL_SIS_AGP_INIT', `0xc0106453') +define(`DRM_IOCTL_SIS_FB_ALLOC', `0xc0206444') +define(`DRM_IOCTL_SIS_FB_FREE', `0x40206445') +define(`DRM_IOCTL_SIS_FB_INIT', `0x40106456') +define(`DRM_IOCTL_SWITCH_CTX', `0x40086424') +define(`DRM_IOCTL_TEGRA_CLOSE_CHANNEL', `0xc0106446') +define(`DRM_IOCTL_TEGRA_GEM_CREATE', `0xc0106440') +define(`DRM_IOCTL_TEGRA_GEM_GET_FLAGS', `0xc008644d') +define(`DRM_IOCTL_TEGRA_GEM_GET_TILING', `0xc010644b') +define(`DRM_IOCTL_TEGRA_GEM_MMAP', `0xc0086441') +define(`DRM_IOCTL_TEGRA_GEM_SET_FLAGS', `0xc008644c') +define(`DRM_IOCTL_TEGRA_GEM_SET_TILING', `0xc010644a') +define(`DRM_IOCTL_TEGRA_GET_SYNCPT', `0xc0106447') +define(`DRM_IOCTL_TEGRA_GET_SYNCPT_BASE', `0xc0106449') +define(`DRM_IOCTL_TEGRA_OPEN_CHANNEL', `0xc0106445') +define(`DRM_IOCTL_TEGRA_SUBMIT', `0xc0586448') +define(`DRM_IOCTL_TEGRA_SYNCPT_INCR', `0xc0086443') +define(`DRM_IOCTL_TEGRA_SYNCPT_READ', `0xc0086442') +define(`DRM_IOCTL_TEGRA_SYNCPT_WAIT', `0xc0106444') +define(`DRM_IOCTL_UNBLOCK', `0xc0046413') +define(`DRM_IOCTL_UNLOCK', `0x4008642b') +define(`DRM_IOCTL_UPDATE_DRAW', `0x4018643f') +define(`DRM_IOCTL_VERSION', `0xc0406400') +define(`DRM_IOCTL_VIA_AGP_INIT', `0xc0086442') +define(`DRM_IOCTL_VIA_ALLOCMEM', `0xc0206440') +define(`DRM_IOCTL_VIA_BLIT_SYNC', `0x4008644f') +define(`DRM_IOCTL_VIA_CMDBUFFER', `0x40106448') +define(`DRM_IOCTL_VIA_CMDBUF_SIZE', `0xc00c644b') +define(`DRM_IOCTL_VIA_DEC_FUTEX', `0x40106445') +define(`DRM_IOCTL_VIA_DMA_BLIT', `0x4030644e') +define(`DRM_IOCTL_VIA_DMA_INIT', `0xc0206447') +define(`DRM_IOCTL_VIA_FB_INIT', `0xc0086443') +define(`DRM_IOCTL_VIA_FLUSH', `0x00006449') +define(`DRM_IOCTL_VIA_FREEMEM', `0x40206441') +define(`DRM_IOCTL_VIA_MAP_INIT', `0xc0286444') +define(`DRM_IOCTL_VIA_PCICMD', `0x4010644a') +define(`DRM_IOCTL_VIA_WAIT_IRQ', `0xc018644d') +define(`DRM_IOCTL_WAIT_VBLANK', `0xc018643a') +define(`DVD_AUTH', `0x00005392') +define(`DVD_READ_STRUCT', `0x00005390') +define(`DVD_WRITE_STRUCT', `0x00005391') +define(`ECCGETLAYOUT', `0x81484d11') +define(`ECCGETSTATS', `0x80104d12') +define(`ENI_MEMDUMP', `0x40106160') +define(`ENI_SETMULT', `0x40106167') +define(`EVIOCGEFFECTS', `0x80044584') +define(`EVIOCGID', `0x80084502') +define(`EVIOCGKEYCODE', `0x80084504') +define(`EVIOCGKEYCODE_V2', `0x80284504') +define(`EVIOCGRAB', `0x40044590') +define(`EVIOCGREP', `0x80084503') +define(`EVIOCGVERSION', `0x80044501') +define(`EVIOCREVOKE', `0x40044591') +define(`EVIOCRMFF', `0x40044581') +define(`EVIOCSCLOCKID', `0x400445a0') +define(`EVIOCSFF', `0x40304580') +define(`EVIOCSKEYCODE', `0x40084504') +define(`EVIOCSKEYCODE_V2', `0x40284504') +define(`EVIOCSREP', `0x40084503') +define(`F2FS_IOC_ABORT_VOLATILE_WRITE', `0xf505') +define(`F2FS_IOC_COMMIT_ATOMIC_WRITE', `0xf502') +define(`F2FS_IOC_DEFRAGMENT', `0xf508') +define(`F2FS_IOC_FLUSH_DEVICE', `0xf50a') +define(`F2FS_IOC_GARBAGE_COLLECT', `0xf506') +define(`F2FS_IOC_GARBAGE_COLLECT_RANGE', `0xf50b') +define(`F2FS_IOC_GET_FEATURES', `0xf50c') +define(`F2FS_IOC_GET_PIN_FILE', `0xf50e') +define(`F2FS_IOC_MOVE_RANGE', `0xf509') +define(`F2FS_IOC_PRECACHE_EXTENTS', `0xf50f') +define(`F2FS_IOC_RELEASE_VOLATILE_WRITE', `0xf504') +define(`F2FS_IOC_SET_PIN_FILE', `0xf50d') +define(`F2FS_IOC_START_ATOMIC_WRITE', `0xf501') +define(`F2FS_IOC_START_VOLATILE_WRITE', `0xf503') +define(`F2FS_IOC_WRITE_CHECKPOINT', `0xf507') +define(`FAT_IOCTL_GET_ATTRIBUTES', `0x80047210') +define(`FAT_IOCTL_GET_VOLUME_ID', `0x80047213') +define(`FAT_IOCTL_SET_ATTRIBUTES', `0x40047211') +define(`FBIGET_BRIGHTNESS', `0x80044603') +define(`FBIGET_COLOR', `0x80044605') +define(`FBIO_ALLOC', `0x00004613') +define(`FBIOBLANK', `0x00004611') +define(`FBIO_CURSOR', `0xc0684608') +define(`FBIO_FREE', `0x00004614') +define(`FBIOGETCMAP', `0x00004604') +define(`FBIOGET_CON2FBMAP', `0x0000460f') +define(`FBIOGET_CONTRAST', `0x80044601') +define(`FBIO_GETCONTROL2', `0x80084689') +define(`FBIOGET_DISPINFO', `0x00004618') +define(`FBIOGET_FSCREENINFO', `0x00004602') +define(`FBIOGET_GLYPH', `0x00004615') +define(`FBIOGET_HWCINFO', `0x00004616') +define(`FBIOGET_VBLANK', `0x80204612') +define(`FBIOGET_VSCREENINFO', `0x00004600') +define(`FBIOPAN_DISPLAY', `0x00004606') +define(`FBIOPUTCMAP', `0x00004605') +define(`FBIOPUT_CON2FBMAP', `0x00004610') +define(`FBIOPUT_CONTRAST', `0x40044602') +define(`FBIOPUT_MODEINFO', `0x00004617') +define(`FBIOPUT_VSCREENINFO', `0x00004601') +define(`FBIO_RADEON_GET_MIRROR', `0x80084003') +define(`FBIO_RADEON_SET_MIRROR', `0x40084004') +define(`FBIO_WAITEVENT', `0x00004688') +define(`FBIO_WAITFORVSYNC', `0x40044620') +define(`FBIPUT_BRIGHTNESS', `0x40044603') +define(`FBIPUT_COLOR', `0x40044606') +define(`FBIPUT_HSYNC', `0x40044609') +define(`FBIPUT_VSYNC', `0x4004460a') +define(`FDCLRPRM', `0x00000241') +define(`FDDEFPRM', `0x40200243') +define(`FDEJECT', `0x0000025a') +define(`FDFLUSH', `0x0000024b') +define(`FDFMTBEG', `0x00000247') +define(`FDFMTEND', `0x00000249') +define(`FDFMTTRK', `0x400c0248') +define(`FDGETDRVPRM', `0x80800211') +define(`FDGETDRVSTAT', `0x80500212') +define(`FDGETDRVTYP', `0x8010020f') +define(`FDGETFDCSTAT', `0x80280215') +define(`FDGETMAXERRS', `0x8014020e') +define(`FDGETPRM', `0x80200204') +define(`FDMSGOFF', `0x00000246') +define(`FDMSGON', `0x00000245') +define(`FDPOLLDRVSTAT', `0x80500213') +define(`FDRAWCMD', `0x00000258') +define(`FDRESET', `0x00000254') +define(`FDSETDRVPRM', `0x40800290') +define(`FDSETEMSGTRESH', `0x0000024a') +define(`FDSETMAXERRS', `0x4014024c') +define(`FDSETPRM', `0x40200242') +define(`FDTWADDLE', `0x00000259') +define(`FDWERRORCLR', `0x00000256') +define(`FDWERRORGET', `0x80280217') +define(`FE_DISEQC_RECV_SLAVE_REPLY', `0x800c6f40') +define(`FE_DISEQC_RESET_OVERLOAD', `0x00006f3e') +define(`FE_DISEQC_SEND_BURST', `0x00006f41') +define(`FE_DISEQC_SEND_MASTER_CMD', `0x40076f3f') +define(`FE_DISHNETWORK_SEND_LEGACY_CMD', `0x00006f50') +define(`FE_ENABLE_HIGH_LNB_VOLTAGE', `0x00006f44') +define(`FE_GET_EVENT', `0x80286f4e') +define(`FE_GET_FRONTEND', `0x80246f4d') +define(`FE_GET_INFO', `0x80a86f3d') +define(`FE_GET_PROPERTY', `0x80106f53') +define(`FE_READ_BER', `0x80046f46') +define(`FE_READ_SIGNAL_STRENGTH', `0x80026f47') +define(`FE_READ_SNR', `0x80026f48') +define(`FE_READ_STATUS', `0x80046f45') +define(`FE_READ_UNCORRECTED_BLOCKS', `0x80046f49') +define(`FE_SET_FRONTEND', `0x40246f4c') +define(`FE_SET_FRONTEND_TUNE_MODE', `0x00006f51') +define(`FE_SET_PROPERTY', `0x40106f52') +define(`FE_SET_TONE', `0x00006f42') +define(`FE_SET_VOLTAGE', `0x00006f43') +define(`FIBMAP', `0x00000001') +define(`FIFREEZE', `0xc0045877') +define(`FIGETBSZ', `0x00000002') +define(`FIOASYNC', `0x00005452') +define(`FIOCLEX', ifelse(target_arch, mips, 0x00006601, 0x00005451)) +define(`FIOGETOWN', `0x00008903') +define(`FIONBIO', `0x00005421') +define(`FIONCLEX', ifelse(target_arch, mips, 0x00006602, 0x00005450)) +define(`FIONREAD', ifelse(target_arch, mips, 0x0000467f, 0x0000541b)) +define(`FIOQSIZE', `0x00005460') +define(`FIOSETOWN', `0x00008901') +define(`FITHAW', `0xc0045878') +define(`FITRIM', `0xc0185879') +define(`FS_IOC32_GETFLAGS', `0x80046601') +define(`FS_IOC32_GETVERSION', `0x80047601') +define(`FS_IOC32_SETFLAGS', `0x40046602') +define(`FS_IOC32_SETVERSION', `0x40047602') +define(`FS_IOC_ADD_ENCRYPTION_KEY', `0xc0506617') +define(`FS_IOC_ENABLE_VERITY', `0x6685') +define(`FS_IOC_FIEMAP', `0xc020660b') +define(`FS_IOC_FSGETXATTR', `0x801c581f') +define(`FS_IOC_FSSETXATTR', `0x401c5820') +define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615') +define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616') +define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614') +define(`FS_IOC_GETFLAGS', `0x80086601') +define(`FS_IOC_GETVERSION', `0x80087601') +define(`FS_IOC_MEASURE_VERITY', `0x6686') +define(`FS_IOC_REMOVE_ENCRYPTION_KEY', `0xc0406618') +define(`FS_IOC_SET_ENCRYPTION_POLICY', `0x800c6613') +define(`FS_IOC_SETFLAGS', `0x40086602') +define(`FS_IOC_SETVERSION', `0x40087602') +define(`FSL_HV_IOCTL_DOORBELL', `0xc008af06') +define(`FSL_HV_IOCTL_GETPROP', `0xc028af07') +define(`FSL_HV_IOCTL_MEMCPY', `0xc028af05') +define(`FSL_HV_IOCTL_PARTITION_GET_STATUS', `0xc00caf02') +define(`FSL_HV_IOCTL_PARTITION_RESTART', `0xc008af01') +define(`FSL_HV_IOCTL_PARTITION_START', `0xc010af03') +define(`FSL_HV_IOCTL_PARTITION_STOP', `0xc008af04') +define(`FSL_HV_IOCTL_SETPROP', `0xc028af08') +define(`FUNCTIONFS_CLEAR_HALT', `0x00006703') +define(`FUNCTIONFS_ENDPOINT_DESC', `0x80096782') +define(`FUNCTIONFS_ENDPOINT_REVMAP', `0x00006781') +define(`FUNCTIONFS_FIFO_FLUSH', `0x00006702') +define(`FUNCTIONFS_FIFO_STATUS', `0x00006701') +define(`FUNCTIONFS_INTERFACE_REVMAP', `0x00006780') +define(`FW_CDEV_IOC_ADD_DESCRIPTOR', `0xc0182306') +define(`FW_CDEV_IOC_ALLOCATE', `0xc0202302') +define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE', `0xc018230d') +define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE_ONCE', `0x4018230f') +define(`FW_CDEV_IOC_CREATE_ISO_CONTEXT', `0xc0202308') +define(`FW_CDEV_IOC_DEALLOCATE', `0x40042303') +define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE', `0x4004230e') +define(`FW_CDEV_IOC_DEALLOCATE_ISO_RESOURCE_ONCE', `0x40182310') +define(`FW_CDEV_IOC_FLUSH_ISO', `0x40042318') +define(`FW_CDEV_IOC_GET_CYCLE_TIMER', `0x8010230c') +define(`FW_CDEV_IOC_GET_CYCLE_TIMER2', `0xc0182314') +define(`FW_CDEV_IOC_GET_INFO', `0xc0282300') +define(`FW_CDEV_IOC_GET_SPEED', `0x00002311') +define(`FW_CDEV_IOC_INITIATE_BUS_RESET', `0x40042305') +define(`FW_CDEV_IOC_QUEUE_ISO', `0xc0182309') +define(`FW_CDEV_IOC_RECEIVE_PHY_PACKETS', `0x40082316') +define(`FW_CDEV_IOC_REMOVE_DESCRIPTOR', `0x40042307') +define(`FW_CDEV_IOC_SEND_BROADCAST_REQUEST', `0x40282312') +define(`FW_CDEV_IOC_SEND_PHY_PACKET', `0xc0182315') +define(`FW_CDEV_IOC_SEND_REQUEST', `0x40282301') +define(`FW_CDEV_IOC_SEND_RESPONSE', `0x40182304') +define(`FW_CDEV_IOC_SEND_STREAM_PACKET', `0x40282313') +define(`FW_CDEV_IOC_SET_ISO_CHANNELS', `0x40102317') +define(`FW_CDEV_IOC_START_ISO', `0x4010230a') +define(`FW_CDEV_IOC_STOP_ISO', `0x4004230b') +define(`GADGETFS_CLEAR_HALT', `0x00006703') +define(`GADGETFS_FIFO_FLUSH', `0x00006702') +define(`GADGETFS_FIFO_STATUS', `0x00006701') +define(`GADGET_GET_PRINTER_STATUS', `0x80016721') +define(`GADGET_SET_PRINTER_STATUS', `0xc0016722') +define(`GENWQE_EXECUTE_DDCB', `0xc0e8a532') +define(`GENWQE_EXECUTE_RAW_DDCB', `0xc0e8a533') +define(`GENWQE_GET_CARD_STATE', `0x8004a524') +define(`GENWQE_PIN_MEM', `0xc020a528') +define(`GENWQE_READ_REG16', `0x8010a522') +define(`GENWQE_READ_REG32', `0x8010a520') +define(`GENWQE_READ_REG64', `0x8010a51e') +define(`GENWQE_SLU_READ', `0xc038a551') +define(`GENWQE_SLU_UPDATE', `0xc038a550') +define(`GENWQE_UNPIN_MEM', `0xc020a529') +define(`GENWQE_WRITE_REG16', `0x4010a523') +define(`GENWQE_WRITE_REG32', `0x4010a521') +define(`GENWQE_WRITE_REG64', `0x4010a51f') +define(`GET_ARRAY_INFO', `0x80480911') +define(`GET_BITMAP_FILE', `0x90000915') +define(`GET_DISK_INFO', `0x80140912') +define(`GIGASET_BRKCHARS', `0x40064702') +define(`GIGASET_CONFIG', `0xc0044701') +define(`GIGASET_REDIR', `0xc0044700') +define(`GIGASET_VERSION', `0xc0104703') +define(`GIO_CMAP', `0x00004b70') +define(`GIO_FONT', `0x00004b60') +define(`GIO_FONTX', `0x00004b6b') +define(`GIO_SCRNMAP', `0x00004b40') +define(`GIO_UNIMAP', `0x00004b66') +define(`GIO_UNISCRNMAP', `0x00004b69') +define(`GSMIOC_DISABLE_NET', `0x00004703') +define(`GSMIOC_ENABLE_NET', `0x40344702') +define(`GSMIOC_GETCONF', `0x804c4700') +define(`GSMIOC_SETCONF', `0x404c4701') +define(`HCIBLOCKADDR', `0x400448e6') +define(`HCIDEVDOWN', `0x400448ca') +define(`HCIDEVRESET', `0x400448cb') +define(`HCIDEVRESTAT', `0x400448cc') +define(`HCIDEVUP', `0x400448c9') +define(`HCIGETAUTHINFO', `0x800448d7') +define(`HCIGETCONNINFO', `0x800448d5') +define(`HCIGETCONNLIST', `0x800448d4') +define(`HCIGETDEVINFO', `0x800448d3') +define(`HCIGETDEVLIST', `0x800448d2') +define(`HCIINQUIRY', `0x800448f0') +define(`HCISETACLMTU', `0x400448e3') +define(`HCISETAUTH', `0x400448de') +define(`HCISETENCRYPT', `0x400448df') +define(`HCISETLINKMODE', `0x400448e2') +define(`HCISETLINKPOL', `0x400448e1') +define(`HCISETPTYPE', `0x400448e0') +define(`HCISETRAW', `0x400448dc') +define(`HCISETSCAN', `0x400448dd') +define(`HCISETSCOMTU', `0x400448e4') +define(`HCIUNBLOCKADDR', `0x400448e7') +define(`HDA_IOCTL_GET_WCAP', `0xc0084812') +define(`HDA_IOCTL_PVERSION', `0x80044810') +define(`HDA_IOCTL_VERB_WRITE', `0xc0084811') +define(`HDIO_DRIVE_CMD', `0x0000031f') +define(`HDIO_DRIVE_RESET', `0x0000031c') +define(`HDIO_DRIVE_TASK', `0x0000031e') +define(`HDIO_DRIVE_TASKFILE', `0x0000031d') +define(`HDIO_GET_32BIT', `0x00000309') +define(`HDIO_GET_ACOUSTIC', `0x0000030f') +define(`HDIO_GET_ADDRESS', `0x00000310') +define(`HDIO_GET_BUSSTATE', `0x0000031a') +define(`HDIO_GET_DMA', `0x0000030b') +define(`HDIO_GETGEO', `0x00000301') +define(`HDIO_GET_IDENTITY', `0x0000030d') +define(`HDIO_GET_KEEPSETTINGS', `0x00000308') +define(`HDIO_GET_MULTCOUNT', `0x00000304') +define(`HDIO_GET_NICE', `0x0000030c') +define(`HDIO_GET_NOWERR', `0x0000030a') +define(`HDIO_GET_QDMA', `0x00000305') +define(`HDIO_GET_UNMASKINTR', `0x00000302') +define(`HDIO_GET_WCACHE', `0x0000030e') +define(`HDIO_OBSOLETE_IDENTITY', `0x00000307') +define(`HDIO_SCAN_HWIF', `0x00000328') +define(`HDIO_SET_32BIT', `0x00000324') +define(`HDIO_SET_ACOUSTIC', `0x0000032c') +define(`HDIO_SET_ADDRESS', `0x0000032f') +define(`HDIO_SET_BUSSTATE', `0x0000032d') +define(`HDIO_SET_DMA', `0x00000326') +define(`HDIO_SET_KEEPSETTINGS', `0x00000323') +define(`HDIO_SET_MULTCOUNT', `0x00000321') +define(`HDIO_SET_NICE', `0x00000329') +define(`HDIO_SET_NOWERR', `0x00000325') +define(`HDIO_SET_PIO_MODE', `0x00000327') +define(`HDIO_SET_QDMA', `0x0000032e') +define(`HDIO_SET_UNMASKINTR', `0x00000322') +define(`HDIO_SET_WCACHE', `0x0000032b') +define(`HDIO_SET_XFER', `0x00000306') +define(`HDIO_TRISTATE_HWIF', `0x0000031b') +define(`HDIO_UNREGISTER_HWIF', `0x0000032a') +define(`HE_GET_REG', `0x40106160') +define(`HIDIOCAPPLICATION', `0x00004802') +define(`HIDIOCGCOLLECTIONINDEX', `0x40184810') +define(`HIDIOCGCOLLECTIONINFO', `0xc0104811') +define(`HIDIOCGDEVINFO', `0x801c4803') +define(`HIDIOCGFIELDINFO', `0xc038480a') +define(`HIDIOCGFLAG', `0x8004480e') +define(`HIDIOCGRAWINFO', `0x80084803') +define(`HIDIOCGRDESC', `0x90044802') +define(`HIDIOCGRDESCSIZE', `0x80044801') +define(`HIDIOCGREPORT', `0x400c4807') +define(`HIDIOCGREPORTINFO', `0xc00c4809') +define(`HIDIOCGSTRING', `0x81044804') +define(`HIDIOCGUCODE', `0xc018480d') +define(`HIDIOCGUSAGE', `0xc018480b') +define(`HIDIOCGUSAGES', `0xd01c4813') +define(`HIDIOCGVERSION', `0x80044801') +define(`HIDIOCINITREPORT', `0x00004805') +define(`HIDIOCSFLAG', `0x4004480f') +define(`HIDIOCSREPORT', `0x400c4808') +define(`HIDIOCSUSAGE', `0x4018480c') +define(`HIDIOCSUSAGES', `0x501c4814') +define(`HOT_ADD_DISK', `0x00000928') +define(`HOT_GENERATE_ERROR', `0x0000092a') +define(`HOT_REMOVE_DISK', `0x00000922') +define(`HPET_DPI', `0x00006805') +define(`HPET_EPI', `0x00006804') +define(`HPET_IE_OFF', `0x00006802') +define(`HPET_IE_ON', `0x00006801') +define(`HPET_INFO', `0x80186803') +define(`HPET_IRQFREQ', `0x40086806') +define(`HSC_GET_RX', `0x400c6b14') +define(`HSC_GET_TX', `0x40106b16') +define(`HSC_RESET', `0x00006b10') +define(`HSC_SEND_BREAK', `0x00006b12') +define(`HSC_SET_PM', `0x00006b11') +define(`HSC_SET_RX', `0x400c6b13') +define(`HSC_SET_TX', `0x40106b15') +define(`I2OEVTGET', `0x8068690b') +define(`I2OEVTREG', `0x400c690a') +define(`I2OGETIOPS', `0x80206900') +define(`I2OHRTGET', `0xc0186901') +define(`I2OHTML', `0xc0306909') +define(`I2OLCTGET', `0xc0186902') +define(`I2OPARMGET', `0xc0286904') +define(`I2OPARMSET', `0xc0286903') +define(`I2OPASSTHRU', `0x8010690c') +define(`I2OPASSTHRU32', `0x8008690c') +define(`I2OSWDEL', `0xc0306907') +define(`I2OSWDL', `0xc0306905') +define(`I2OSWUL', `0xc0306906') +define(`I2OVALIDATE', `0x80046908') +define(`I8K_BIOS_VERSION', `0x80046980') +define(`I8K_FN_STATUS', `0x80086983') +define(`I8K_GET_FAN', `0xc0086986') +define(`I8K_GET_SPEED', `0xc0086985') +define(`I8K_GET_TEMP', `0x80086984') +define(`I8K_MACHINE_ID', `0x80046981') +define(`I8K_POWER_STATUS', `0x80086982') +define(`I8K_SET_FAN', `0xc0086987') +define(`IB_USER_MAD_ENABLE_PKEY', `0x00001b03') +define(`IB_USER_MAD_REGISTER_AGENT', `0xc01c1b01') +define(`IB_USER_MAD_REGISTER_AGENT2', `0xc0281b04') +define(`IB_USER_MAD_UNREGISTER_AGENT', `0x40041b02') +define(`IDT77105_GETSTAT', `0x40106132') +define(`IDT77105_GETSTATZ', `0x40106133') +define(`IIOCDBGVAR', `0x0000497f') +define(`IIOCDRVCTL', `0x00004980') +define(`IIOCGETCPS', `0x00004915') +define(`IIOCGETDVR', `0x00004916') +define(`IIOCGETMAP', `0x00004911') +define(`IIOCGETPRF', `0x0000490f') +define(`IIOCGETSET', `0x00004908') +define(`IIOCNETAIF', `0x00004901') +define(`IIOCNETALN', `0x00004920') +define(`IIOCNETANM', `0x00004905') +define(`IIOCNETASL', `0x00004913') +define(`IIOCNETDIF', `0x00004902') +define(`IIOCNETDIL', `0x00004914') +define(`IIOCNETDLN', `0x00004921') +define(`IIOCNETDNM', `0x00004906') +define(`IIOCNETDWRSET', `0x00004918') +define(`IIOCNETGCF', `0x00004904') +define(`IIOCNETGNM', `0x00004907') +define(`IIOCNETGPN', `0x00004922') +define(`IIOCNETHUP', `0x0000490b') +define(`IIOCNETLCR', `0x00004917') +define(`IIOCNETSCF', `0x00004903') +define(`IIOCSETBRJ', `0x0000490d') +define(`IIOCSETGST', `0x0000490c') +define(`IIOCSETMAP', `0x00004912') +define(`IIOCSETPRF', `0x00004910') +define(`IIOCSETSET', `0x00004909') +define(`IIOCSETVER', `0x0000490a') +define(`IIOCSIGPRF', `0x0000490e') +define(`IIO_GET_EVENT_FD_IOCTL', `0x80046990') +define(`IMADDTIMER', `0x80044940') +define(`IMCLEAR_L2', `0x80044946') +define(`IMCTRLREQ', `0x80044945') +define(`IMDELTIMER', `0x80044941') +define(`IMGETCOUNT', `0x80044943') +define(`IMGETDEVINFO', `0x80044944') +define(`IMGETVERSION', `0x80044942') +define(`IMHOLD_L1', `0x80044948') +define(`IMSETDEVNAME', `0x80184947') +define(`INCFS_IOCTL_CREATE_FILE', `0x0000671e') +define(`INCFS_IOCTL_READ_SIGNATURE', `0x0000671f') +define(`INCFS_IOCTL_FILL_BLOCKS', `0x00006720') +define(`INCFS_IOCTL_PERMIT_FILL', `0x00006721') +define(`IOCTL_EVTCHN_BIND_INTERDOMAIN', `0x00084501') +define(`IOCTL_EVTCHN_BIND_UNBOUND_PORT', `0x00044502') +define(`IOCTL_EVTCHN_BIND_VIRQ', `0x00044500') +define(`IOCTL_EVTCHN_NOTIFY', `0x00044504') +define(`IOCTL_EVTCHN_RESET', `0x00004505') +define(`IOCTL_EVTCHN_UNBIND', `0x00044503') +define(`IOCTL_MEI_CONNECT_CLIENT', `0xc0104801') +define(`IOCTL_VMCI_CTX_ADD_NOTIFICATION', `0x000007af') +define(`IOCTL_VMCI_CTX_GET_CPT_STATE', `0x000007b1') +define(`IOCTL_VMCI_CTX_REMOVE_NOTIFICATION', `0x000007b0') +define(`IOCTL_VMCI_CTX_SET_CPT_STATE', `0x000007b2') +define(`IOCTL_VMCI_DATAGRAM_RECEIVE', `0x000007ac') +define(`IOCTL_VMCI_DATAGRAM_SEND', `0x000007ab') +define(`IOCTL_VMCI_GET_CONTEXT_ID', `0x000007b3') +define(`IOCTL_VMCI_INIT_CONTEXT', `0x000007a0') +define(`IOCTL_VMCI_NOTIFICATIONS_RECEIVE', `0x000007a6') +define(`IOCTL_VMCI_NOTIFY_RESOURCE', `0x000007a5') +define(`IOCTL_VMCI_QUEUEPAIR_ALLOC', `0x000007a8') +define(`IOCTL_VMCI_QUEUEPAIR_DETACH', `0x000007aa') +define(`IOCTL_VMCI_QUEUEPAIR_SETPAGEFILE', `0x000007a9') +define(`IOCTL_VMCI_QUEUEPAIR_SETVA', `0x000007a4') +define(`IOCTL_VMCI_SET_NOTIFY', `0x000007cb') +define(`IOCTL_VMCI_SOCKETS_GET_AF_VALUE', `0x000007b8') +define(`IOCTL_VMCI_SOCKETS_GET_LOCAL_CID', `0x000007b9') +define(`IOCTL_VMCI_SOCKETS_VERSION', `0x000007b4') +define(`IOCTL_VMCI_VERSION', `0x0000079f') +define(`IOCTL_VMCI_VERSION2', `0x000007a7') +define(`IOCTL_VM_SOCKETS_GET_LOCAL_CID', `0x000007b9') +define(`IOCTL_WDM_MAX_COMMAND', `0x800248a0') +define(`IOCTL_XENBUS_BACKEND_EVTCHN', `0x00004200') +define(`IOCTL_XENBUS_BACKEND_SETUP', `0x00004201') +define(`ION_IOC_ALLOC', `0xc0204900') +define(`ION_IOC_CUSTOM', `0xc0104906') +define(`ION_IOC_FREE', `0xc0044901') +define(`ION_IOC_IMPORT', `0xc0084905') +define(`ION_IOC_MAP', `0xc0084902') +define(`ION_IOC_SHARE', `0xc0084904') +define(`ION_IOC_SYNC', `0xc0084907') +define(`ION_IOC_TEST_DMA_MAPPING', `0x402049f1') +define(`ION_IOC_TEST_KERNEL_MAPPING', `0x402049f2') +define(`ION_IOC_TEST_SET_FD', `0x000049f0') +define(`IOW_GETINFO', `0x8028c003') +define(`IOW_READ', `0x4008c002') +define(`IOW_WRITE', `0x4008c001') +define(`IPMICTL_GET_MAINTENANCE_MODE_CMD', `0x8004691e') +define(`IPMICTL_GET_MY_ADDRESS_CMD', `0x80046912') +define(`IPMICTL_GET_MY_CHANNEL_ADDRESS_CMD', `0x80046919') +define(`IPMICTL_GET_MY_CHANNEL_LUN_CMD', `0x8004691b') +define(`IPMICTL_GET_MY_LUN_CMD', `0x80046914') +define(`IPMICTL_GET_TIMING_PARMS_CMD', `0x80086917') +define(`IPMICTL_RECEIVE_MSG', `0xc030690c') +define(`IPMICTL_RECEIVE_MSG_TRUNC', `0xc030690b') +define(`IPMICTL_REGISTER_FOR_CMD', `0x8002690e') +define(`IPMICTL_REGISTER_FOR_CMD_CHANS', `0x800c691c') +define(`IPMICTL_SEND_COMMAND', `0x8028690d') +define(`IPMICTL_SEND_COMMAND_SETTIME', `0x80306915') +define(`IPMICTL_SET_GETS_EVENTS_CMD', `0x80046910') +define(`IPMICTL_SET_MAINTENANCE_MODE_CMD', `0x4004691f') +define(`IPMICTL_SET_MY_ADDRESS_CMD', `0x80046911') +define(`IPMICTL_SET_MY_CHANNEL_ADDRESS_CMD', `0x80046918') +define(`IPMICTL_SET_MY_CHANNEL_LUN_CMD', `0x8004691a') +define(`IPMICTL_SET_MY_LUN_CMD', `0x80046913') +define(`IPMICTL_SET_TIMING_PARMS_CMD', `0x80086916') +define(`IPMICTL_UNREGISTER_FOR_CMD', `0x8002690f') +define(`IPMICTL_UNREGISTER_FOR_CMD_CHANS', `0x800c691d') +define(`IVTVFB_IOC_DMA_FRAME', `0x401856c0') +define(`IVTV_IOC_DMA_FRAME', `0x404056c0') +define(`IVTV_IOC_PASSTHROUGH_MODE', `0x400456c1') +define(`IXJCTL_AEC_GET_LEVEL', `0x000071cd') +define(`IXJCTL_AEC_START', `0x400471cb') +define(`IXJCTL_AEC_STOP', `0x000071cc') +define(`IXJCTL_CARDTYPE', `0x800471c1') +define(`IXJCTL_CID', `0x800871d4') +define(`IXJCTL_CIDCW', `0x400871d9') +define(`IXJCTL_DAA_AGAIN', `0x400471d2') +define(`IXJCTL_DAA_COEFF_SET', `0x400471d0') +define(`IXJCTL_DRYBUFFER_CLEAR', `0x000071e7') +define(`IXJCTL_DRYBUFFER_READ', `0x800871e6') +define(`IXJCTL_DSP_IDLE', `0x000071c5') +define(`IXJCTL_DSP_RESET', `0x000071c0') +define(`IXJCTL_DSP_TYPE', `0x800471c3') +define(`IXJCTL_DSP_VERSION', `0x800471c4') +define(`IXJCTL_DTMF_PRESCALE', `0x400471e8') +define(`IXJCTL_FILTER_CADENCE', `0x400871d6') +define(`IXJCTL_FRAMES_READ', `0x800871e2') +define(`IXJCTL_FRAMES_WRITTEN', `0x800871e3') +define(`IXJCTL_GET_FILTER_HIST', `0x400471c8') +define(`IXJCTL_HZ', `0x400471e0') +define(`IXJCTL_INIT_TONE', `0x400871c9') +define(`IXJCTL_INTERCOM_START', `0x400471fd') +define(`IXJCTL_INTERCOM_STOP', `0x400471fe') +define(`IXJCTL_MIXER', `0x400471cf') +define(`IXJCTL_PLAY_CID', `0x000071d7') +define(`IXJCTL_PORT', `0x400471d1') +define(`IXJCTL_POTS_PSTN', `0x400471d5') +define(`IXJCTL_PSTN_LINETEST', `0x000071d3') +define(`IXJCTL_RATE', `0x400471e1') +define(`IXJCTL_READ_WAIT', `0x800871e4') +define(`IXJCTL_SC_RXG', `0x400471ea') +define(`IXJCTL_SC_TXG', `0x400471eb') +define(`IXJCTL_SERIAL', `0x800471c2') +define(`IXJCTL_SET_FILTER', `0x400871c7') +define(`IXJCTL_SET_FILTER_RAW', `0x400871dd') +define(`IXJCTL_SET_LED', `0x400471ce') +define(`IXJCTL_SIGCTL', `0x400871e9') +define(`IXJCTL_TESTRAM', `0x000071c6') +define(`IXJCTL_TONE_CADENCE', `0x400871ca') +define(`IXJCTL_VERSION', `0x800871da') +define(`IXJCTL_VMWI', `0x800471d8') +define(`IXJCTL_WRITE_WAIT', `0x800871e5') +define(`JSIOCGAXES', `0x80016a11') +define(`JSIOCGAXMAP', `0x80406a32') +define(`JSIOCGBTNMAP', `0x84006a34') +define(`JSIOCGBUTTONS', `0x80016a12') +define(`JSIOCGCORR', `0x80246a22') +define(`JSIOCGVERSION', `0x80046a01') +define(`JSIOCSAXMAP', `0x40406a31') +define(`JSIOCSBTNMAP', `0x44006a33') +define(`JSIOCSCORR', `0x40246a21') +define(`KCOV_DISABLE', `0x00006365') +define(`KCOV_ENABLE', `0x00006364') +define(`KCOV_INIT_TRACE', `0x80086301') +define(`KDADDIO', `0x00004b34') +define(`KDDELIO', `0x00004b35') +define(`KDDISABIO', `0x00004b37') +define(`KDENABIO', `0x00004b36') +define(`KDFONTOP', `0x00004b72') +define(`KDGETKEYCODE', `0x00004b4c') +define(`KDGETLED', `0x00004b31') +define(`KDGETMODE', `0x00004b3b') +define(`KDGKBDIACR', `0x00004b4a') +define(`KDGKBDIACRUC', `0x00004bfa') +define(`KDGKBENT', `0x00004b46') +define(`KDGKBLED', `0x00004b64') +define(`KDGKBMETA', `0x00004b62') +define(`KDGKBMODE', `0x00004b44') +define(`KDGKBSENT', `0x00004b48') +define(`KDGKBTYPE', `0x00004b33') +define(`KDKBDREP', `0x00004b52') +define(`KDMAPDISP', `0x00004b3c') +define(`KDMKTONE', `0x00004b30') +define(`KDSETKEYCODE', `0x00004b4d') +define(`KDSETLED', `0x00004b32') +define(`KDSETMODE', `0x00004b3a') +define(`KDSIGACCEPT', `0x00004b4e') +define(`KDSKBDIACR', `0x00004b4b') +define(`KDSKBDIACRUC', `0x00004bfb') +define(`KDSKBENT', `0x00004b47') +define(`KDSKBLED', `0x00004b65') +define(`KDSKBMETA', `0x00004b63') +define(`KDSKBMODE', `0x00004b45') +define(`KDSKBSENT', `0x00004b49') +define(`KDUNMAPDISP', `0x00004b3d') +define(`KIOCSOUND', `0x00004b2f') +define(`KVM_ALLOCATE_RMA', `0x8008aea9') +define(`KVM_ARM_PREFERRED_TARGET', `0x8020aeaf') +define(`KVM_ARM_SET_DEVICE_ADDR', `0x4010aeab') +define(`KVM_ARM_VCPU_INIT', `0x4020aeae') +define(`KVM_ASSIGN_DEV_IRQ', `0x4040ae70') +define(`KVM_ASSIGN_PCI_DEVICE', `0x8040ae69') +define(`KVM_ASSIGN_SET_INTX_MASK', `0x4040aea4') +define(`KVM_ASSIGN_SET_MSIX_ENTRY', `0x4010ae74') +define(`KVM_ASSIGN_SET_MSIX_NR', `0x4008ae73') +define(`KVM_CHECK_EXTENSION', `0x0000ae03') +define(`KVM_CREATE_DEVICE', `0xc00caee0') +define(`KVM_CREATE_IRQCHIP', `0x0000ae60') +define(`KVM_CREATE_PIT', `0x0000ae64') +define(`KVM_CREATE_PIT2', `0x4040ae77') +define(`KVM_CREATE_SPAPR_TCE', `0x400caea8') +define(`KVM_CREATE_VCPU', `0x0000ae41') +define(`KVM_CREATE_VM', `0x0000ae01') +define(`KVM_DEASSIGN_DEV_IRQ', `0x4040ae75') +define(`KVM_DEASSIGN_PCI_DEVICE', `0x4040ae72') +define(`KVM_DIRTY_TLB', `0x4010aeaa') +define(`KVM_ENABLE_CAP', `0x4068aea3') +define(`KVM_GET_API_VERSION', `0x0000ae00') +define(`KVM_GET_CLOCK', `0x8030ae7c') +define(`KVM_GET_CPUID2', `0xc008ae91') +define(`KVM_GET_DEBUGREGS', `0x8080aea1') +define(`KVM_GET_DEVICE_ATTR', `0x4018aee2') +define(`KVM_GET_DIRTY_LOG', `0x4010ae42') +define(`KVM_GET_EMULATED_CPUID', `0xc008ae09') +define(`KVM_GET_FPU', `0x81a0ae8c') +define(`KVM_GET_IRQCHIP', `0xc208ae62') +define(`KVM_GET_LAPIC', `0x8400ae8e') +define(`KVM_GET_MP_STATE', `0x8004ae98') +define(`KVM_GET_MSR_INDEX_LIST', `0xc004ae02') +define(`KVM_GET_MSRS', `0xc008ae88') +define(`KVM_GET_NR_MMU_PAGES', `0x0000ae45') +define(`KVM_GET_ONE_REG', `0x4010aeab') +define(`KVM_GET_PIT', `0xc048ae65') +define(`KVM_GET_PIT2', `0x8070ae9f') +define(`KVM_GET_REG_LIST', `0xc008aeb0') +define(`KVM_GET_REGS', `0x8090ae81') +define(`KVM_GET_SREGS', `0x8138ae83') +define(`KVM_GET_SUPPORTED_CPUID', `0xc008ae05') +define(`KVM_GET_TSC_KHZ', `0x0000aea3') +define(`KVM_GET_VCPU_EVENTS', `0x8040ae9f') +define(`KVM_GET_VCPU_MMAP_SIZE', `0x0000ae04') +define(`KVM_GET_XCRS', `0x8188aea6') +define(`KVM_GET_XSAVE', `0x9000aea4') +define(`KVM_HAS_DEVICE_ATTR', `0x4018aee3') +define(`KVM_INTERRUPT', `0x4004ae86') +define(`KVM_IOEVENTFD', `0x4040ae79') +define(`KVM_IRQFD', `0x4020ae76') +define(`KVM_IRQ_LINE', `0x4008ae61') +define(`KVM_IRQ_LINE_STATUS', `0xc008ae67') +define(`KVM_KVMCLOCK_CTRL', `0x0000aead') +define(`KVM_NMI', `0x0000ae9a') +define(`KVM_PPC_ALLOCATE_HTAB', `0xc004aea7') +define(`KVM_PPC_GET_HTAB_FD', `0x4020aeaa') +define(`KVM_PPC_GET_PVINFO', `0x4080aea1') +define(`KVM_PPC_GET_SMMU_INFO', `0x8250aea6') +define(`KVM_PPC_RTAS_DEFINE_TOKEN', `0x4080aeac') +define(`KVM_REGISTER_COALESCED_MMIO', `0x4010ae67') +define(`KVM_REINJECT_CONTROL', `0x0000ae71') +define(`KVM_RUN', `0x0000ae80') +define(`KVM_S390_ENABLE_SIE', `0x0000ae06') +define(`KVM_S390_INITIAL_RESET', `0x0000ae97') +define(`KVM_S390_INTERRUPT', `0x4010ae94') +define(`KVM_S390_SET_INITIAL_PSW', `0x4010ae96') +define(`KVM_S390_STORE_STATUS', `0x4008ae95') +define(`KVM_S390_UCAS_MAP', `0x4018ae50') +define(`KVM_S390_UCAS_UNMAP', `0x4018ae51') +define(`KVM_S390_VCPU_FAULT', `0x4008ae52') +define(`KVM_SET_BOOT_CPU_ID', `0x0000ae78') +define(`KVM_SET_CLOCK', `0x4030ae7b') +define(`KVM_SET_CPUID', `0x4008ae8a') +define(`KVM_SET_CPUID2', `0x4008ae90') +define(`KVM_SET_DEBUGREGS', `0x4080aea2') +define(`KVM_SET_DEVICE_ATTR', `0x4018aee1') +define(`KVM_SET_FPU', `0x41a0ae8d') +define(`KVM_SET_GSI_ROUTING', `0x4008ae6a') +define(`KVM_SET_GUEST_DEBUG', `0x4048ae9b') +define(`KVM_SET_IDENTITY_MAP_ADDR', `0x4008ae48') +define(`KVM_SET_IRQCHIP', `0x8208ae63') +define(`KVM_SET_LAPIC', `0x4400ae8f') +define(`KVM_SET_MEMORY_ALIAS', `0x4020ae43') +define(`KVM_SET_MEMORY_REGION', `0x4018ae40') +define(`KVM_SET_MP_STATE', `0x4004ae99') +define(`KVM_SET_MSRS', `0x4008ae89') +define(`KVM_SET_NR_MMU_PAGES', `0x0000ae44') +define(`KVM_SET_ONE_REG', `0x4010aeac') +define(`KVM_SET_PIT', `0x8048ae66') +define(`KVM_SET_PIT2', `0x4070aea0') +define(`KVM_SET_REGS', `0x4090ae82') +define(`KVM_SET_SIGNAL_MASK', `0x4004ae8b') +define(`KVM_SET_SREGS', `0x4138ae84') +define(`KVM_SET_TSC_KHZ', `0x0000aea2') +define(`KVM_SET_TSS_ADDR', `0x0000ae47') +define(`KVM_SET_USER_MEMORY_REGION', `0x4020ae46') +define(`KVM_SET_VAPIC_ADDR', `0x4008ae93') +define(`KVM_SET_VCPU_EVENTS', `0x4040aea0') +define(`KVM_SET_XCRS', `0x4188aea7') +define(`KVM_SET_XSAVE', `0x5000aea5') +define(`KVM_SIGNAL_MSI', `0x4020aea5') +define(`KVM_TPR_ACCESS_REPORTING', `0xc028ae92') +define(`KVM_TRANSLATE', `0xc018ae85') +define(`KVM_UNREGISTER_COALESCED_MMIO', `0x4010ae68') +define(`KVM_X86_GET_MCE_CAP_SUPPORTED', `0x8008ae9d') +define(`KVM_X86_SET_MCE', `0x4040ae9e') +define(`KVM_X86_SETUP_MCE', `0x4008ae9c') +define(`KVM_XEN_HVM_CONFIG', `0x4038ae7a') +define(`KYRO_IOCTL_OVERLAY_CREATE', `0x00006b00') +define(`KYRO_IOCTL_OVERLAY_OFFSET', `0x00006b04') +define(`KYRO_IOCTL_OVERLAY_VIEWPORT_SET', `0x00006b01') +define(`KYRO_IOCTL_SET_VIDEO_MODE', `0x00006b02') +define(`KYRO_IOCTL_STRIDE', `0x00006b05') +define(`KYRO_IOCTL_UVSTRIDE', `0x00006b03') +define(`LIRC_GET_FEATURES', `0x80046900') +define(`LIRC_GET_LENGTH', `0x8004690f') +define(`LIRC_GET_MAX_FILTER_PULSE', `0x8004690b') +define(`LIRC_GET_MAX_FILTER_SPACE', `0x8004690d') +define(`LIRC_GET_MAX_TIMEOUT', `0x80046909') +define(`LIRC_GET_MIN_FILTER_PULSE', `0x8004690a') +define(`LIRC_GET_MIN_FILTER_SPACE', `0x8004690c') +define(`LIRC_GET_MIN_TIMEOUT', `0x80046908') +define(`LIRC_GET_REC_CARRIER', `0x80046904') +define(`LIRC_GET_REC_DUTY_CYCLE', `0x80046906') +define(`LIRC_GET_REC_MODE', `0x80046902') +define(`LIRC_GET_REC_RESOLUTION', `0x80046907') +define(`LIRC_GET_SEND_CARRIER', `0x80046903') +define(`LIRC_GET_SEND_DUTY_CYCLE', `0x80046905') +define(`LIRC_GET_SEND_MODE', `0x80046901') +define(`LIRC_NOTIFY_DECODE', `0x00006920') +define(`LIRC_SET_MEASURE_CARRIER_MODE', `0x4004691d') +define(`LIRC_SET_REC_CARRIER', `0x40046914') +define(`LIRC_SET_REC_CARRIER_RANGE', `0x4004691f') +define(`LIRC_SET_REC_DUTY_CYCLE', `0x40046916') +define(`LIRC_SET_REC_DUTY_CYCLE_RANGE', `0x4004691e') +define(`LIRC_SET_REC_FILTER', `0x4004691c') +define(`LIRC_SET_REC_FILTER_PULSE', `0x4004691a') +define(`LIRC_SET_REC_FILTER_SPACE', `0x4004691b') +define(`LIRC_SET_REC_MODE', `0x40046912') +define(`LIRC_SET_REC_TIMEOUT', `0x40046918') +define(`LIRC_SET_REC_TIMEOUT_REPORTS', `0x40046919') +define(`LIRC_SET_SEND_CARRIER', `0x40046913') +define(`LIRC_SET_SEND_DUTY_CYCLE', `0x40046915') +define(`LIRC_SET_SEND_MODE', `0x40046911') +define(`LIRC_SET_TRANSMITTER_MASK', `0x40046917') +define(`LIRC_SETUP_END', `0x00006922') +define(`LIRC_SETUP_START', `0x00006921') +define(`LIRC_SET_WIDEBAND_RECEIVER', `0x40046923') +define(`LOGGER_FLUSH_LOG', `0x0000ae04') +define(`LOGGER_GET_LOG_BUF_SIZE', `0x0000ae01') +define(`LOGGER_GET_LOG_LEN', `0x0000ae02') +define(`LOGGER_GET_NEXT_ENTRY_LEN', `0x0000ae03') +define(`LOGGER_GET_VERSION', `0x0000ae05') +define(`LOGGER_SET_VERSION', `0x0000ae06') +define(`LOOP_CHANGE_FD', `0x00004c06') +define(`LOOP_CLR_FD', `0x00004c01') +define(`LOOP_CTL_ADD', `0x00004c80') +define(`LOOP_CTL_GET_FREE', `0x00004c82') +define(`LOOP_CTL_REMOVE', `0x00004c81') +define(`LOOP_GET_STATUS', `0x00004c03') +define(`LOOP_GET_STATUS64', `0x00004c05') +define(`LOOP_SET_BLOCK_SIZE', `0x00004c09') +define(`LOOP_SET_CAPACITY', `0x00004c07') +define(`LOOP_SET_DIRECT_IO', `0x00004c08') +define(`LOOP_SET_FD', `0x00004c00') +define(`LOOP_SET_STATUS', `0x00004c02') +define(`LOOP_SET_STATUS64', `0x00004c04') +define(`MATROXFB_GET_ALL_OUTPUTS', `0x80086efb') +define(`MATROXFB_GET_AVAILABLE_OUTPUTS', `0x80086ef9') +define(`MATROXFB_GET_OUTPUT_CONNECTION', `0x80086ef8') +define(`MATROXFB_GET_OUTPUT_MODE', `0xc0086efa') +define(`MATROXFB_SET_OUTPUT_CONNECTION', `0x40086ef8') +define(`MATROXFB_SET_OUTPUT_MODE', `0x40086efa') +define(`MBXFB_IOCG_ALPHA', `0x8018f401') +define(`MBXFB_IOCS_ALPHA', `0x4018f402') +define(`MBXFB_IOCS_PLANEORDER', `0x8002f403') +define(`MBXFB_IOCS_REG', `0x400cf404') +define(`MBXFB_IOCX_OVERLAY', `0xc030f400') +define(`MBXFB_IOCX_REG', `0xc00cf405') +define(`MCE_GETCLEAR_FLAGS', `0x80044d03') +define(`MCE_GET_LOG_LEN', `0x80044d02') +define(`MCE_GET_RECORD_LEN', `0x80044d01') +define(`MEDIA_IOC_DEVICE_INFO', `0xc1007c00') +define(`MEDIA_IOC_ENUM_ENTITIES', `0xc1007c01') +define(`MEDIA_IOC_ENUM_LINKS', `0xc0287c02') +define(`MEDIA_IOC_SETUP_LINK', `0xc0347c03') +define(`MEMERASE', `0x40084d02') +define(`MEMERASE64', `0x40104d14') +define(`MEMGETBADBLOCK', `0x40084d0b') +define(`MEMGETINFO', `0x80204d01') +define(`MEMGETOOBSEL', `0x80c84d0a') +define(`MEMGETREGIONCOUNT', `0x80044d07') +define(`MEMGETREGIONINFO', `0xc0104d08') +define(`MEMISLOCKED', `0x80084d17') +define(`MEMLOCK', `0x40084d05') +define(`MEMREADOOB', `0xc0104d04') +define(`MEMREADOOB64', `0xc0184d16') +define(`MEMSETBADBLOCK', `0x40084d0c') +define(`MEMUNLOCK', `0x40084d06') +define(`MEMWRITE', `0xc0304d18') +define(`MEMWRITEOOB', `0xc0104d03') +define(`MEMWRITEOOB64', `0xc0184d15') +define(`MEYEIOC_G_PARAMS', `0x800676c0') +define(`MEYEIOC_QBUF_CAPT', `0x400476c2') +define(`MEYEIOC_S_PARAMS', `0x400676c1') +define(`MEYEIOC_STILLCAPT', `0x000076c4') +define(`MEYEIOC_STILLJCAPT', `0x800476c5') +define(`MEYEIOC_SYNC', `0xc00476c3') +define(`MFB_GET_ALPHA', `0x80014d00') +define(`MFB_GET_AOID', `0x80084d04') +define(`MFB_GET_GAMMA', `0x80014d01') +define(`MFB_GET_PIXFMT', `0x80044d08') +define(`MFB_SET_ALPHA', `0x40014d00') +define(`MFB_SET_AOID', `0x40084d04') +define(`MFB_SET_BRIGHTNESS', `0x40014d03') +define(`MFB_SET_CHROMA_KEY', `0x400c4d01') +define(`MFB_SET_GAMMA', `0x40014d01') +define(`MFB_SET_PIXFMT', `0x40044d08') +define(`MGSL_IOCCLRMODCOUNT', `0x00006d0f') +define(`MGSL_IOCGGPIO', `0x80106d11') +define(`MGSL_IOCGIF', `0x00006d0b') +define(`MGSL_IOCGPARAMS', `0x80306d01') +define(`MGSL_IOCGSTATS', `0x00006d07') +define(`MGSL_IOCGTXIDLE', `0x00006d03') +define(`MGSL_IOCGXCTRL', `0x00006d16') +define(`MGSL_IOCGXSYNC', `0x00006d14') +define(`MGSL_IOCLOOPTXDONE', `0x00006d09') +define(`MGSL_IOCRXENABLE', `0x00006d05') +define(`MGSL_IOCSGPIO', `0x40106d10') +define(`MGSL_IOCSIF', `0x00006d0a') +define(`MGSL_IOCSPARAMS', `0x40306d00') +define(`MGSL_IOCSTXIDLE', `0x00006d02') +define(`MGSL_IOCSXCTRL', `0x00006d15') +define(`MGSL_IOCSXSYNC', `0x00006d13') +define(`MGSL_IOCTXABORT', `0x00006d06') +define(`MGSL_IOCTXENABLE', `0x00006d04') +define(`MGSL_IOCWAITEVENT', `0xc0046d08') +define(`MGSL_IOCWAITGPIO', `0xc0106d12') +define(`MIC_VIRTIO_ADD_DEVICE', `0xc0087301') +define(`MIC_VIRTIO_CONFIG_CHANGE', `0xc0087305') +define(`MIC_VIRTIO_COPY_DESC', `0xc0087302') +define(`MMC_IOC_CMD', `0xc048b300') +define(`MMTIMER_GETBITS', `0x00006d04') +define(`MMTIMER_GETCOUNTER', `0x80086d09') +define(`MMTIMER_GETFREQ', `0x80086d02') +define(`MMTIMER_GETOFFSET', `0x00006d00') +define(`MMTIMER_GETRES', `0x80086d01') +define(`MMTIMER_MMAPAVAIL', `0x00006d06') +define(`MSMFB_BLIT', `0x40046d02') +define(`MSMFB_GRP_DISP', `0x40046d01') +define(`MTDFILEMODE', `0x00004d13') +define(`MTIOCGET', `0x80306d02') +define(`MTIOCPOS', `0x80086d03') +define(`MTIOCTOP', `0x40086d01') +define(`MTRRIOC_ADD_ENTRY', `0x40104d00') +define(`MTRRIOC_ADD_PAGE_ENTRY', `0x40104d05') +define(`MTRRIOC_DEL_ENTRY', `0x40104d02') +define(`MTRRIOC_DEL_PAGE_ENTRY', `0x40104d07') +define(`MTRRIOC_GET_ENTRY', `0xc0184d03') +define(`MTRRIOC_GET_PAGE_ENTRY', `0xc0184d08') +define(`MTRRIOC_KILL_ENTRY', `0x40104d04') +define(`MTRRIOC_KILL_PAGE_ENTRY', `0x40104d09') +define(`MTRRIOC_SET_ENTRY', `0x40104d01') +define(`MTRRIOC_SET_PAGE_ENTRY', `0x40104d06') +define(`NBD_CLEAR_QUE', `0x0000ab05') +define(`NBD_CLEAR_SOCK', `0x0000ab04') +define(`NBD_DISCONNECT', `0x0000ab08') +define(`NBD_DO_IT', `0x0000ab03') +define(`NBD_PRINT_DEBUG', `0x0000ab06') +define(`NBD_SET_BLKSIZE', `0x0000ab01') +define(`NBD_SET_FLAGS', `0x0000ab0a') +define(`NBD_SET_SIZE', `0x0000ab02') +define(`NBD_SET_SIZE_BLOCKS', `0x0000ab07') +define(`NBD_SET_SOCK', `0x0000ab00') +define(`NBD_SET_TIMEOUT', `0x0000ab09') +define(`NCP_IOC_CONN_LOGGED_IN', `0x00006e03') +define(`NCP_IOC_GETCHARSETS', `0xc02a6e0b') +define(`NCP_IOC_GETDENTRYTTL', `0x40046e0c') +define(`NCP_IOC_GET_FS_INFO', `0xc0286e04') +define(`NCP_IOC_GET_FS_INFO_V2', `0xc0306e04') +define(`NCP_IOC_GETMOUNTUID', `0x40026e02') +define(`NCP_IOC_GETMOUNTUID2', `0x40086e02') +define(`NCP_IOC_GETOBJECTNAME', `0xc0186e09') +define(`NCP_IOC_GETPRIVATEDATA', `0xc0106e0a') +define(`NCP_IOC_GETROOT', `0x400c6e08') +define(`NCP_IOC_LOCKUNLOCK', `0x80146e07') +define(`NCP_IOC_NCPREQUEST', `0x80106e01') +define(`NCP_IOC_SETCHARSETS', `0x802a6e0b') +define(`NCP_IOC_SETDENTRYTTL', `0x80046e0c') +define(`NCP_IOC_SETOBJECTNAME', `0x80186e09') +define(`NCP_IOC_SETPRIVATEDATA', `0x80106e0a') +define(`NCP_IOC_SETROOT', `0x800c6e08') +define(`NCP_IOC_SET_SIGN_WANTED', `0x40046e06') +define(`NCP_IOC_SIGN_INIT', `0x80186e05') +define(`NCP_IOC_SIGN_WANTED', `0x80046e06') +define(`NET_ADD_IF', `0xc0066f34') +define(`NET_GET_IF', `0xc0066f36') +define(`NET_REMOVE_IF', `0x00006f35') +define(`NILFS_IOCTL_CHANGE_CPMODE', `0x40106e80') +define(`NILFS_IOCTL_CLEAN_SEGMENTS', `0x40786e88') +define(`NILFS_IOCTL_DELETE_CHECKPOINT', `0x40086e81') +define(`NILFS_IOCTL_GET_BDESCS', `0xc0186e87') +define(`NILFS_IOCTL_GET_CPINFO', `0x80186e82') +define(`NILFS_IOCTL_GET_CPSTAT', `0x80186e83') +define(`NILFS_IOCTL_GET_SUINFO', `0x80186e84') +define(`NILFS_IOCTL_GET_SUSTAT', `0x80306e85') +define(`NILFS_IOCTL_GET_VINFO', `0xc0186e86') +define(`NILFS_IOCTL_RESIZE', `0x40086e8b') +define(`NILFS_IOCTL_SET_ALLOC_RANGE', `0x40106e8c') +define(`NILFS_IOCTL_SET_SUINFO', `0x40186e8d') +define(`NILFS_IOCTL_SYNC', `0x80086e8a') +define(`NS_ADJBUFLEV', `0x00006163') +define(`NS_GETPSTAT', `0xc0106161') +define(`NS_SETBUFLEV', `0x40106162') +define(`NVME_IOCTL_ADMIN_CMD', `0xc0484e41') +define(`NVME_IOCTL_ID', `0x00004e40') +define(`NVME_IOCTL_IO_CMD', `0xc0484e43') +define(`NVME_IOCTL_SUBMIT_IO', `0x40304e42') +define(`NVRAM_INIT', `0x00007040') +define(`NVRAM_SETCKS', `0x00007041') +define(`OLD_PHONE_RING_START', `0x00007187') +define(`OMAPFB_CTRL_TEST', `0x40044f2e') +define(`OMAPFB_GET_CAPS', `0x800c4f2a') +define(`OMAPFB_GET_COLOR_KEY', `0x40104f33') +define(`OMAPFB_GET_DISPLAY_INFO', `0x80204f3f') +define(`OMAPFB_GET_OVERLAY_COLORMODE', `0x803c4f3b') +define(`OMAPFB_GET_UPDATE_MODE', `0x40044f2b') +define(`OMAPFB_GET_VRAM_INFO', `0x80204f3d') +define(`OMAPFB_LCD_TEST', `0x40044f2d') +define(`OMAPFB_MEMORY_READ', `0x80184f3a') +define(`OMAPFB_MIRROR', `0x40044f1f') +define(`OMAPFB_QUERY_MEM', `0x40084f38') +define(`OMAPFB_QUERY_PLANE', `0x40444f35') +define(`OMAPFB_SET_COLOR_KEY', `0x40104f32') +define(`OMAPFB_SET_TEARSYNC', `0x40084f3e') +define(`OMAPFB_SET_UPDATE_MODE', `0x40044f28') +define(`OMAPFB_SETUP_MEM', `0x40084f37') +define(`OMAPFB_SETUP_PLANE', `0x40444f34') +define(`OMAPFB_SYNC_GFX', `0x00004f25') +define(`OMAPFB_UPDATE_WINDOW', `0x40444f36') +define(`OMAPFB_UPDATE_WINDOW_OLD', `0x40144f2f') +define(`OMAPFB_VSYNC', `0x00004f26') +define(`OMAPFB_WAITFORGO', `0x00004f3c') +define(`OMAPFB_WAITFORVSYNC', `0x00004f39') +define(`OSD_GET_CAPABILITY', `0x80106fa1') +define(`OSD_SEND_CMD', `0x40206fa0') +define(`OSIOCGNETADDR', `0x800489e1') +define(`OSIOCSNETADDR', `0x400489e0') +define(`OSS_GETVERSION', `0x80044d76') +define(`OTPGETREGIONCOUNT', `0x40044d0e') +define(`OTPGETREGIONINFO', `0x400c4d0f') +define(`OTPLOCK', `0x800c4d10') +define(`OTPSELECT', `0x80044d0d') +define(`PACKET_CTRL_CMD', `0xc0185801') +define(`PERF_EVENT_IOC_DISABLE', `0x00002401') +define(`PERF_EVENT_IOC_ENABLE', `0x00002400') +define(`PERF_EVENT_IOC_ID', `0x80082407') +define(`PERF_EVENT_IOC_PERIOD', `0x40082404') +define(`PERF_EVENT_IOC_REFRESH', `0x00002402') +define(`PERF_EVENT_IOC_RESET', `0x00002403') +define(`PERF_EVENT_IOC_SET_FILTER', `0x40082406') +define(`PERF_EVENT_IOC_SET_OUTPUT', `0x00002405') +define(`PHN_GET_REG', `0xc0087000') +define(`PHN_GETREG', `0xc0087005') +define(`PHN_GET_REGS', `0xc0087002') +define(`PHN_GETREGS', `0xc0287007') +define(`PHN_NOT_OH', `0x00007004') +define(`PHN_SET_REG', `0x40087001') +define(`PHN_SETREG', `0x40087006') +define(`PHN_SET_REGS', `0x40087003') +define(`PHN_SETREGS', `0x40287008') +define(`PHONE_BUSY', `0x000071a1') +define(`PHONE_CAPABILITIES', `0x00007180') +define(`PHONE_CAPABILITIES_CHECK', `0x40087182') +define(`PHONE_CAPABILITIES_LIST', `0x80087181') +define(`PHONE_CPT_STOP', `0x000071a4') +define(`PHONE_DIALTONE', `0x000071a3') +define(`PHONE_DTMF_OOB', `0x40047199') +define(`PHONE_DTMF_READY', `0x80047196') +define(`PHONE_EXCEPTION', `0x8004719a') +define(`PHONE_FRAME', `0x4004718d') +define(`PHONE_GET_DTMF', `0x80047197') +define(`PHONE_GET_DTMF_ASCII', `0x80047198') +define(`PHONE_GET_TONE_OFF_TIME', `0x0000719f') +define(`PHONE_GET_TONE_ON_TIME', `0x0000719e') +define(`PHONE_GET_TONE_STATE', `0x000071a0') +define(`PHONE_HOOKSTATE', `0x00007184') +define(`PHONE_MAXRINGS', `0x40017185') +define(`PHONE_PLAY_CODEC', `0x40047190') +define(`PHONE_PLAY_DEPTH', `0x40047193') +define(`PHONE_PLAY_LEVEL', `0x00007195') +define(`PHONE_PLAY_START', `0x00007191') +define(`PHONE_PLAY_STOP', `0x00007192') +define(`PHONE_PLAY_TONE', `0x4001719b') +define(`PHONE_PLAY_VOLUME', `0x40047194') +define(`PHONE_PLAY_VOLUME_LINEAR', `0x400471dc') +define(`PHONE_PSTN_GET_STATE', `0x000071a5') +define(`PHONE_PSTN_LINETEST', `0x000071a8') +define(`PHONE_PSTN_SET_STATE', `0x400471a4') +define(`PHONE_QUERY_CODEC', `0xc00871a7') +define(`PHONE_REC_CODEC', `0x40047189') +define(`PHONE_REC_DEPTH', `0x4004718c') +define(`PHONE_REC_LEVEL', `0x0000718f') +define(`PHONE_REC_START', `0x0000718a') +define(`PHONE_REC_STOP', `0x0000718b') +define(`PHONE_REC_VOLUME', `0x4004718e') +define(`PHONE_REC_VOLUME_LINEAR', `0x400471db') +define(`PHONE_RING', `0x00007183') +define(`PHONE_RINGBACK', `0x000071a2') +define(`PHONE_RING_CADENCE', `0x40027186') +define(`PHONE_RING_START', `0x40087187') +define(`PHONE_RING_STOP', `0x00007188') +define(`PHONE_SET_TONE_OFF_TIME', `0x4004719d') +define(`PHONE_SET_TONE_ON_TIME', `0x4004719c') +define(`PHONE_VAD', `0x400471a9') +define(`PHONE_WINK', `0x400471aa') +define(`PHONE_WINK_DURATION', `0x400471a6') +define(`PIO_CMAP', `0x00004b71') +define(`PIO_FONT', `0x00004b61') +define(`PIO_FONTRESET', `0x00004b6d') +define(`PIO_FONTX', `0x00004b6c') +define(`PIO_SCRNMAP', `0x00004b41') +define(`PIO_UNIMAP', `0x00004b67') +define(`PIO_UNIMAPCLR', `0x00004b68') +define(`PIO_UNISCRNMAP', `0x00004b6a') +define(`PMU_IOC_CAN_SLEEP', `0x80084205') +define(`PMU_IOC_GET_BACKLIGHT', `0x80084201') +define(`PMU_IOC_GET_MODEL', `0x80084203') +define(`PMU_IOC_GRAB_BACKLIGHT', `0x80084206') +define(`PMU_IOC_HAS_ADB', `0x80084204') +define(`PMU_IOC_SET_BACKLIGHT', `0x40084202') +define(`PMU_IOC_SLEEP', `0x00004200') +define(`PPCLAIM', `0x0000708b') +define(`PPCLRIRQ', `0x80047093') +define(`PPDATADIR', `0x40047090') +define(`PPEXCL', `0x0000708f') +define(`PPFCONTROL', `0x4002708e') +define(`PPGETFLAGS', `0x8004709a') +define(`PPGETMODE', `0x80047098') +define(`PPGETMODES', `0x80047097') +define(`PPGETPHASE', `0x80047099') +define(`PPGETTIME', `0x80107095') +define(`PPNEGOT', `0x40047091') +define(`PPPIOCATTACH', `0x743d') +define(`PPPIOCATTCHAN', `0x7438') +define(`PPPIOCBUNDLE', `0x7481') +define(`PPPIOCCONNECT', `0x743a') +define(`PPPIOCDETACH', `0x743c') +define(`PPPIOCDISCONN', `0x7439') +define(`PPPIOCGASYNCMAP', `0x7458') +define(`PPPIOCGCALLINFO', `0x7480') +define(`PPPIOCGCHAN', `0x7437') +define(`PPPIOCGCOMPRESSORS', `0x7486') +define(`PPPIOCGDEBUG', `0x7441') +define(`PPPIOCGFLAGS', `0x745a') +define(`PPPIOCGIDLE', `0x743f') +define(`PPPIOCGIFNAME', `0x7488') +define(`PPPIOCGL2TPSTATS', `0x7436') +define(`PPPIOCGMPFLAGS', `0x7482') +define(`PPPIOCGMRU', `0x7453') +define(`PPPIOCGNPMODE', `0x744c') +define(`PPPIOCGRASYNCMAP', `0x7455') +define(`PPPIOCGUNIT', `0x7456') +define(`PPPIOCGXASYNCMAP', `0x7450') +define(`PPPIOCNEWUNIT', `0x743e') +define(`PPPIOCSACTIVE', `0x7446') +define(`PPPIOCSASYNCMAP', `0x7457') +define(`PPPIOCSCOMPRESS', `0x744d') +define(`PPPIOCSCOMPRESSOR', `0x7487') +define(`PPPIOCSDEBUG', `0x7440') +define(`PPPIOCSFLAGS', `0x7459') +define(`PPPIOCSMAXCID', `0x7451') +define(`PPPIOCSMPFLAGS', `0x7483') +define(`PPPIOCSMPMRU', `0x7485') +define(`PPPIOCSMPMTU', `0x7484') +define(`PPPIOCSMRRU', `0x743b') +define(`PPPIOCSMRU', `0x7452') +define(`PPPIOCSNPMODE', `0x744b') +define(`PPPIOCSPASS', `0x7447') +define(`PPPIOCSRASYNCMAP', `0x7454') +define(`PPPIOCSXASYNCMAP', `0x744f') +define(`PPPIOCXFERUNIT', `0x744e') +define(`PPPOEIOCDFWD', `0x0000b101') +define(`PPPOEIOCSFWD', `0x4008b100') +define(`PPRCONTROL', `0x80017083') +define(`PPRDATA', `0x80017085') +define(`PPRELEASE', `0x0000708c') +define(`PPRSTATUS', `0x80017081') +define(`PPSETFLAGS', `0x4004709b') +define(`PPSETMODE', `0x40047080') +define(`PPSETPHASE', `0x40047094') +define(`PPSETTIME', `0x40107096') +define(`PPS_FETCH', `0xc00870a4') +define(`PPS_GETCAP', `0x800870a3') +define(`PPS_GETPARAMS', `0x800870a1') +define(`PPS_KC_BIND', `0x400870a5') +define(`PPS_SETPARAMS', `0x400870a2') +define(`PPWCONTROL', `0x40017084') +define(`PPWCTLONIRQ', `0x40017092') +define(`PPWDATA', `0x40017086') +define(`PPYIELD', `0x0000708d') +define(`PROTECT_ARRAY', `0x00000927') +define(`PTP_CLOCK_GETCAPS', `0x80503d01') +define(`PTP_ENABLE_PPS', `0x40043d04') +define(`PTP_EXTTS_REQUEST', `0x40103d02') +define(`PTP_PEROUT_REQUEST', `0x40383d03') +define(`PTP_PIN_GETFUNC', `0xc0603d06') +define(`PTP_PIN_SETFUNC', `0x40603d07') +define(`PTP_SYS_OFFSET', `0x43403d05') +define(`RAID_AUTORUN', `0x00000914') +define(`RAID_VERSION', `0x800c0910') +define(`RAW_GETBIND', `0x0000ac01') +define(`RAW_SETBIND', `0x0000ac00') +define(`REISERFS_IOC_UNPACK', `0x4008cd01') +define(`RESTART_ARRAY_RW', `0x00000934') +define(`RFCOMMCREATEDEV', `0x400452c8') +define(`RFCOMMGETDEVINFO', `0x800452d3') +define(`RFCOMMGETDEVLIST', `0x800452d2') +define(`RFCOMMRELEASEDEV', `0x400452c9') +define(`RFCOMMSTEALDLC', `0x400452dc') +define(`RFKILL_IOCTL_NOINPUT', `0x00005201') +define(`RNDADDENTROPY', `0x40085203') +define(`RNDADDTOENTCNT', `0x40045201') +define(`RNDCLEARPOOL', `0x00005206') +define(`RNDGETENTCNT', `0x80045200') +define(`RNDGETPOOL', `0x80085202') +define(`RNDZAPENTCNT', `0x00005204') +define(`ROCCATIOCGREPSIZE', `0x800448f1') +define(`RTC_AIE_OFF', `0x00007002') +define(`RTC_AIE_ON', `0x00007001') +define(`RTC_ALM_READ', `0x80247008') +define(`RTC_ALM_SET', `0x40247007') +define(`RTC_EPOCH_READ', `0x8008700d') +define(`RTC_EPOCH_SET', `0x4008700e') +define(`RTC_IRQP_READ', `0x8008700b') +define(`RTC_IRQP_SET', `0x4008700c') +define(`RTC_PIE_OFF', `0x00007006') +define(`RTC_PIE_ON', `0x00007005') +define(`RTC_PLL_GET', `0x80207011') +define(`RTC_PLL_SET', `0x40207012') +define(`RTC_RD_TIME', `0x80247009') +define(`RTC_SET_TIME', `0x4024700a') +define(`RTC_UIE_OFF', `0x00007004') +define(`RTC_UIE_ON', `0x00007003') +define(`RTC_VL_CLR', `0x00007014') +define(`RTC_VL_READ', `0x80047013') +define(`RTC_WIE_OFF', `0x00007010') +define(`RTC_WIE_ON', `0x0000700f') +define(`RTC_WKALM_RD', `0x80287010') +define(`RTC_WKALM_SET', `0x4028700f') +define(`RUN_ARRAY', `0x400c0930') +define(`S5P_FIMC_TX_END_NOTIFY', `0x00006500') +define(`SAA6588_CMD_CLOSE', `0x40045202') +define(`SAA6588_CMD_POLL', `0x80045204') +define(`SAA6588_CMD_READ', `0x80045203') +define(`SCSI_IOCTL_DOORLOCK', `0x00005380') +define(`SCSI_IOCTL_DOORUNLOCK', `0x00005381') +define(`SCSI_IOCTL_GET_BUS_NUMBER', `0x00005386') +define(`SCSI_IOCTL_GET_IDLUN', `0x00005382') +define(`SCSI_IOCTL_GET_PCI', `0x00005387') +define(`SCSI_IOCTL_PROBE_HOST', `0x00005385') +define(`SET_ARRAY_INFO', `0x40480923') +define(`SET_BITMAP_FILE', `0x4004092b') +define(`SET_DISK_FAULTY', `0x00000929') +define(`SET_DISK_INFO', `0x00000924') +define(`SG_EMULATED_HOST', `0x00002203') +define(`SG_GET_ACCESS_COUNT', `0x00002289') +define(`SG_GET_COMMAND_Q', `0x00002270') +define(`SG_GET_KEEP_ORPHAN', `0x00002288') +define(`SG_GET_LOW_DMA', `0x0000227a') +define(`SG_GET_NUM_WAITING', `0x0000227d') +define(`SG_GET_PACK_ID', `0x0000227c') +define(`SG_GET_REQUEST_TABLE', `0x00002286') +define(`SG_GET_RESERVED_SIZE', `0x00002272') +define(`SG_GET_SCSI_ID', `0x00002276') +define(`SG_GET_SG_TABLESIZE', `0x0000227f') +define(`SG_GET_TIMEOUT', `0x00002202') +define(`SG_GET_TRANSFORM', `0x00002205') +define(`SG_GET_VERSION_NUM', `0x00002282') +define(`SG_IO', `0x00002285') +define(`SG_NEXT_CMD_LEN', `0x00002283') +define(`SG_SCSI_RESET', `0x00002284') +define(`SG_SET_COMMAND_Q', `0x00002271') +define(`SG_SET_DEBUG', `0x0000227e') +define(`SG_SET_FORCE_LOW_DMA', `0x00002279') +define(`SG_SET_FORCE_PACK_ID', `0x0000227b') +define(`SG_SET_KEEP_ORPHAN', `0x00002287') +define(`SG_SET_RESERVED_SIZE', `0x00002275') +define(`SG_SET_TIMEOUT', `0x00002201') +define(`SG_SET_TRANSFORM', `0x00002204') +define(`SI4713_IOC_MEASURE_RNL', `0xc01c56c0') +define(`SIOCADDDLCI', `0x00008980') +define(`SIOCADDMULTI', `0x00008931') +define(`SIOCADDRT', `0x0000890b') +define(`SIOCATMARK', `0x00008905') +define(`SIOCBONDCHANGEACTIVE', `0x00008995') +define(`SIOCBONDENSLAVE', `0x00008990') +define(`SIOCBONDINFOQUERY', `0x00008994') +define(`SIOCBONDRELEASE', `0x00008991') +define(`SIOCBONDSETHWADDR', `0x00008992') +define(`SIOCBONDSLAVEINFOQUERY', `0x00008993') +define(`SIOCBRADDBR', `0x000089a0') +define(`SIOCBRADDIF', `0x000089a2') +define(`SIOCBRDELBR', `0x000089a1') +define(`SIOCBRDELIF', `0x000089a3') +define(`SIOCDARP', `0x00008953') +define(`SIOCDELDLCI', `0x00008981') +define(`SIOCDELMULTI', `0x00008932') +define(`SIOCDELRT', `0x0000890c') +define(`SIOCDEVPRIVATE', `0x000089f0') +define(`SIOCDEVPRIVATE_1', `0x000089f1') +define(`SIOCDEVPRIVATE_2', `0x000089f2') +define(`SIOCDEVPRIVATE_3', `0x000089f3') +define(`SIOCDEVPRIVATE_4', `0x000089f4') +define(`SIOCDEVPRIVATE_5', `0x000089f5') +define(`SIOCDEVPRIVATE_6', `0x000089f6') +define(`SIOCDEVPRIVATE_7', `0x000089f7') +define(`SIOCDEVPRIVATE_8', `0x000089f8') +define(`SIOCDEVPRIVATE_9', `0x000089f9') +define(`SIOCDEVPRIVATE_A', `0x000089fa') +define(`SIOCDEVPRIVATE_B', `0x000089fb') +define(`SIOCDEVPRIVATE_C', `0x000089fc') +define(`SIOCDEVPRIVATE_D', `0x000089fd') +define(`SIOCDEVPRIVATE_E', `0x000089fe') +define(`SIOCDEVPRIVLAST', `0x000089ff') +define(`SIOCDIFADDR', `0x00008936') +define(`SIOCDRARP', `0x00008960') +define(`SIOCETHTOOL', `0x00008946') +define(`SIOCGARP', `0x00008954') +define(`SIOCGHWTSTAMP', `0x000089b1') +define(`SIOCGIFADDR', `0x00008915') +define(`SIOCGIFBR', `0x00008940') +define(`SIOCGIFBRDADDR', `0x00008919') +define(`SIOCGIFCONF', `0x00008912') +define(`SIOCGIFCOUNT', `0x00008938') +define(`SIOCGIFDSTADDR', `0x00008917') +define(`SIOCGIFENCAP', `0x00008925') +define(`SIOCGIFFLAGS', `0x00008913') +define(`SIOCGIFHWADDR', `0x00008927') +define(`SIOCGIFINDEX', `0x00008933') +define(`SIOCGIFMAP', `0x00008970') +define(`SIOCGIFMEM', `0x0000891f') +define(`SIOCGIFMETRIC', `0x0000891d') +define(`SIOCGIFMTU', `0x00008921') +define(`SIOCGIFNAME', `0x00008910') +define(`SIOCGIFNETMASK', `0x0000891b') +define(`SIOCGIFPFLAGS', `0x00008935') +define(`SIOCGIFSLAVE', `0x00008929') +define(`SIOCGIFTXQLEN', `0x00008942') +define(`SIOCGIFVLAN', `0x00008982') +define(`SIOCGIWAP', `0x00008b15') +define(`SIOCGIWAPLIST', `0x00008b17') +define(`SIOCGIWAUTH', `0x00008b33') +define(`SIOCGIWENCODE', `0x00008b2b') +define(`SIOCGIWENCODEEXT', `0x00008b35') +define(`SIOCGIWESSID', `0x00008b1b') +define(`SIOCGIWFRAG', `0x00008b25') +define(`SIOCGIWFREQ', `0x00008b05') +define(`SIOCGIWGENIE', `0x00008b31') +define(`SIOCGIWMODE', `0x00008b07') +define(`SIOCGIWNAME', `0x00008b01') +define(`SIOCGIWNICKN', `0x00008b1d') +define(`SIOCGIWNWID', `0x00008b03') +define(`SIOCGIWPOWER', `0x00008b2d') +define(`SIOCGIWPRIV', `0x00008b0d') +define(`SIOCGIWRANGE', `0x00008b0b') +define(`SIOCGIWRATE', `0x00008b21') +define(`SIOCGIWRETRY', `0x00008b29') +define(`SIOCGIWRTS', `0x00008b23') +define(`SIOCGIWSCAN', `0x00008b19') +define(`SIOCGIWSENS', `0x00008b09') +define(`SIOCGIWSPY', `0x00008b11') +define(`SIOCGIWSTATS', `0x00008b0f') +define(`SIOCGIWTHRSPY', `0x00008b13') +define(`SIOCGIWTXPOW', `0x00008b27') +define(`SIOCGMIIPHY', `0x00008947') +define(`SIOCGMIIREG', `0x00008948') +define(`SIOCGNETADDR', `0x800489e1') +define(`SIOCGPGRP', `0x00008904') +define(`SIOCGRARP', `0x00008961') +define(`SIOCGSTAMP', `0x00008906') +define(`SIOCGSTAMPNS', `0x00008907') +define(`SIOCIWFIRST', `0x00008b00') +define(`SIOCIWFIRSTPRIV_01', `0x00008be1') +define(`SIOCIWFIRSTPRIV_02', `0x00008be2') +define(`SIOCIWFIRSTPRIV_03', `0x00008be3') +define(`SIOCIWFIRSTPRIV_04', `0x00008be4') +define(`SIOCIWFIRSTPRIV_05', `0x00008be5') +define(`SIOCIWFIRSTPRIV_06', `0x00008be6') +define(`SIOCIWFIRSTPRIV_07', `0x00008be7') +define(`SIOCIWFIRSTPRIV_08', `0x00008be8') +define(`SIOCIWFIRSTPRIV_09', `0x00008be9') +define(`SIOCIWFIRSTPRIV_0A', `0x00008bea') +define(`SIOCIWFIRSTPRIV_0B', `0x00008beb') +define(`SIOCIWFIRSTPRIV_0C', `0x00008bec') +define(`SIOCIWFIRSTPRIV_0D', `0x00008bed') +define(`SIOCIWFIRSTPRIV_0E', `0x00008bee') +define(`SIOCIWFIRSTPRIV_0F', `0x00008bef') +define(`SIOCIWFIRSTPRIV', `0x00008be0') +define(`SIOCIWFIRSTPRIV_10', `0x00008bf0') +define(`SIOCIWFIRSTPRIV_11', `0x00008bf1') +define(`SIOCIWFIRSTPRIV_12', `0x00008bf2') +define(`SIOCIWFIRSTPRIV_13', `0x00008bf3') +define(`SIOCIWFIRSTPRIV_14', `0x00008bf4') +define(`SIOCIWFIRSTPRIV_15', `0x00008bf5') +define(`SIOCIWFIRSTPRIV_16', `0x00008bf6') +define(`SIOCIWFIRSTPRIV_17', `0x00008bf7') +define(`SIOCIWFIRSTPRIV_18', `0x00008bf8') +define(`SIOCIWFIRSTPRIV_19', `0x00008bf9') +define(`SIOCIWFIRSTPRIV_1A', `0x00008bfa') +define(`SIOCIWFIRSTPRIV_1B', `0x00008bfb') +define(`SIOCIWFIRSTPRIV_1C', `0x00008bfc') +define(`SIOCIWFIRSTPRIV_1D', `0x00008bfd') +define(`SIOCIWFIRSTPRIV_1E', `0x00008bfe') +define(`SIOCIWLASTPRIV', `0x00008bff') +define(`SIOCKILLADDR', `0x00008939') +define(`SIOCMKCLIP', `0x000061e0') +define(`SIOCOUTQNSD', `0x0000894b') +define(`SIOCPROTOPRIVATE', `0x000089e0') +define(`SIOCPROTOPRIVATE_1', `0x000089e1') +define(`SIOCPROTOPRIVATE_2', `0x000089e2') +define(`SIOCPROTOPRIVATE_3', `0x000089e3') +define(`SIOCPROTOPRIVATE_4', `0x000089e4') +define(`SIOCPROTOPRIVATE_5', `0x000089e5') +define(`SIOCPROTOPRIVATE_6', `0x000089e6') +define(`SIOCPROTOPRIVATE_7', `0x000089e7') +define(`SIOCPROTOPRIVATE_8', `0x000089e8') +define(`SIOCPROTOPRIVATE_9', `0x000089e9') +define(`SIOCPROTOPRIVATE_A', `0x000089ea') +define(`SIOCPROTOPRIVATE_B', `0x000089eb') +define(`SIOCPROTOPRIVATE_C', `0x000089ec') +define(`SIOCPROTOPRIVATE_D', `0x000089ed') +define(`SIOCPROTOPRIVATE_E', `0x000089ee') +define(`SIOCPROTOPRIVLAST', `0x000089ef') +define(`SIOCRTMSG', `0x0000890d') +define(`SIOCSARP', `0x00008955') +define(`SIOCSHWTSTAMP', `0x000089b0') +define(`SIOCSIFADDR', `0x00008916') +define(`SIOCSIFATMTCP', `0x00006180') +define(`SIOCSIFBR', `0x00008941') +define(`SIOCSIFBRDADDR', `0x0000891a') +define(`SIOCSIFDSTADDR', `0x00008918') +define(`SIOCSIFENCAP', `0x00008926') +define(`SIOCSIFFLAGS', `0x00008914') +define(`SIOCSIFHWADDR', `0x00008924') +define(`SIOCSIFHWBROADCAST', `0x00008937') +define(`SIOCSIFLINK', `0x00008911') +define(`SIOCSIFMAP', `0x00008971') +define(`SIOCSIFMEM', `0x00008920') +define(`SIOCSIFMETRIC', `0x0000891e') +define(`SIOCSIFMTU', `0x00008922') +define(`SIOCSIFNAME', `0x00008923') +define(`SIOCSIFNETMASK', `0x0000891c') +define(`SIOCSIFPFLAGS', `0x00008934') +define(`SIOCSIFSLAVE', `0x00008930') +define(`SIOCSIFTXQLEN', `0x00008943') +define(`SIOCSIFVLAN', `0x00008983') +define(`SIOCSIWAP', `0x00008b14') +define(`SIOCSIWAUTH', `0x00008b32') +define(`SIOCSIWCOMMIT', `0x00008b00') +define(`SIOCSIWENCODE', `0x00008b2a') +define(`SIOCSIWENCODEEXT', `0x00008b34') +define(`SIOCSIWESSID', `0x00008b1a') +define(`SIOCSIWFRAG', `0x00008b24') +define(`SIOCSIWFREQ', `0x00008b04') +define(`SIOCSIWGENIE', `0x00008b30') +define(`SIOCSIWMLME', `0x00008b16') +define(`SIOCSIWMODE', `0x00008b06') +define(`SIOCSIWNICKN', `0x00008b1c') +define(`SIOCSIWNWID', `0x00008b02') +define(`SIOCSIWPMKSA', `0x00008b36') +define(`SIOCSIWPOWER', `0x00008b2c') +define(`SIOCSIWPRIV', `0x00008b0c') +define(`SIOCSIWRANGE', `0x00008b0a') +define(`SIOCSIWRATE', `0x00008b20') +define(`SIOCSIWRETRY', `0x00008b28') +define(`SIOCSIWRTS', `0x00008b22') +define(`SIOCSIWSCAN', `0x00008b18') +define(`SIOCSIWSENS', `0x00008b08') +define(`SIOCSIWSPY', `0x00008b10') +define(`SIOCSIWSTATS', `0x00008b0e') +define(`SIOCSIWTHRSPY', `0x00008b12') +define(`SIOCSIWTXPOW', `0x00008b26') +define(`SIOCSMIIREG', `0x00008949') +define(`SIOCSNETADDR', `0x400489e0') +define(`SIOCSPGRP', `0x00008902') +define(`SIOCSRARP', `0x00008962') +define(`SIOCWANDEV', `0x0000894a') +define(`SISFB_COMMAND', `0xc054f305') +define(`SISFB_GET_AUTOMAXIMIZE', `0x8004f303') +define(`SISFB_GET_AUTOMAXIMIZE_OLD', `0x80046efa') +define(`SISFB_GET_INFO', `0x811cf301') +define(`SISFB_GET_INFO_OLD', `0x80046ef8') +define(`SISFB_GET_INFO_SIZE', `0x8004f300') +define(`SISFB_GET_TVPOSOFFSET', `0x8004f304') +define(`SISFB_GET_VBRSTATUS', `0x8004f302') +define(`SISFB_GET_VBRSTATUS_OLD', `0x80046ef9') +define(`SISFB_SET_AUTOMAXIMIZE', `0x4004f303') +define(`SISFB_SET_AUTOMAXIMIZE_OLD', `0x40046efa') +define(`SISFB_SET_LOCK', `0x4004f306') +define(`SISFB_SET_TVPOSOFFSET', `0x4004f304') +define(`SNAPSHOT_ALLOC_SWAP_PAGE', `0x80083314') +define(`SNAPSHOT_ATOMIC_RESTORE', `0x00003304') +define(`SNAPSHOT_AVAIL_SWAP_SIZE', `0x80083313') +define(`SNAPSHOT_CREATE_IMAGE', `0x40043311') +define(`SNAPSHOT_FREE', `0x00003305') +define(`SNAPSHOT_FREE_SWAP_PAGES', `0x00003309') +define(`SNAPSHOT_FREEZE', `0x00003301') +define(`SNAPSHOT_GET_IMAGE_SIZE', `0x8008330e') +define(`SNAPSHOT_PLATFORM_SUPPORT', `0x0000330f') +define(`SNAPSHOT_POWER_OFF', `0x00003310') +define(`SNAPSHOT_PREF_IMAGE_SIZE', `0x00003312') +define(`SNAPSHOT_S2RAM', `0x0000330b') +define(`SNAPSHOT_SET_SWAP_AREA', `0x400c330d') +define(`SNAPSHOT_UNFREEZE', `0x00003302') +define(`SNDCTL_COPR_HALT', `0xc0144307') +define(`SNDCTL_COPR_LOAD', `0xcfb04301') +define(`SNDCTL_COPR_RCODE', `0xc0144303') +define(`SNDCTL_COPR_RCVMSG', `0x8fa44309') +define(`SNDCTL_COPR_RDATA', `0xc0144302') +define(`SNDCTL_COPR_RESET', `0x00004300') +define(`SNDCTL_COPR_RUN', `0xc0144306') +define(`SNDCTL_COPR_SENDMSG', `0xcfa44308') +define(`SNDCTL_COPR_WCODE', `0x40144305') +define(`SNDCTL_COPR_WDATA', `0x40144304') +define(`SNDCTL_DSP_BIND_CHANNEL', `0xc0045041') +define(`SNDCTL_DSP_CHANNELS', `0xc0045006') +define(`SNDCTL_DSP_GETBLKSIZE', `0xc0045004') +define(`SNDCTL_DSP_GETCAPS', `0x8004500f') +define(`SNDCTL_DSP_GETCHANNELMASK', `0xc0045040') +define(`SNDCTL_DSP_GETFMTS', `0x8004500b') +define(`SNDCTL_DSP_GETIPTR', `0x800c5011') +define(`SNDCTL_DSP_GETISPACE', `0x8010500d') +define(`SNDCTL_DSP_GETODELAY', `0x80045017') +define(`SNDCTL_DSP_GETOPTR', `0x800c5012') +define(`SNDCTL_DSP_GETOSPACE', `0x8010500c') +define(`SNDCTL_DSP_GETSPDIF', `0x80045043') +define(`SNDCTL_DSP_GETTRIGGER', `0x80045010') +define(`SNDCTL_DSP_MAPINBUF', `0x80105013') +define(`SNDCTL_DSP_MAPOUTBUF', `0x80105014') +define(`SNDCTL_DSP_NONBLOCK', `0x0000500e') +define(`SNDCTL_DSP_POST', `0x00005008') +define(`SNDCTL_DSP_PROFILE', `0x40045017') +define(`SNDCTL_DSP_RESET', `0x00005000') +define(`SNDCTL_DSP_SETDUPLEX', `0x00005016') +define(`SNDCTL_DSP_SETFMT', `0xc0045005') +define(`SNDCTL_DSP_SETFRAGMENT', `0xc004500a') +define(`SNDCTL_DSP_SETSPDIF', `0x40045042') +define(`SNDCTL_DSP_SETSYNCRO', `0x00005015') +define(`SNDCTL_DSP_SETTRIGGER', `0x40045010') +define(`SNDCTL_DSP_SPEED', `0xc0045002') +define(`SNDCTL_DSP_STEREO', `0xc0045003') +define(`SNDCTL_DSP_SUBDIVIDE', `0xc0045009') +define(`SNDCTL_DSP_SYNC', `0x00005001') +define(`SNDCTL_FM_4OP_ENABLE', `0x4004510f') +define(`SNDCTL_FM_LOAD_INSTR', `0x40285107') +define(`SNDCTL_MIDI_INFO', `0xc074510c') +define(`SNDCTL_MIDI_MPUCMD', `0xc0216d02') +define(`SNDCTL_MIDI_MPUMODE', `0xc0046d01') +define(`SNDCTL_MIDI_PRETIME', `0xc0046d00') +define(`SNDCTL_SEQ_CTRLRATE', `0xc0045103') +define(`SNDCTL_SEQ_GETINCOUNT', `0x80045105') +define(`SNDCTL_SEQ_GETOUTCOUNT', `0x80045104') +define(`SNDCTL_SEQ_GETTIME', `0x80045113') +define(`SNDCTL_SEQ_NRMIDIS', `0x8004510b') +define(`SNDCTL_SEQ_NRSYNTHS', `0x8004510a') +define(`SNDCTL_SEQ_OUTOFBAND', `0x40085112') +define(`SNDCTL_SEQ_PANIC', `0x00005111') +define(`SNDCTL_SEQ_PERCMODE', `0x40045106') +define(`SNDCTL_SEQ_RESET', `0x00005100') +define(`SNDCTL_SEQ_RESETSAMPLES', `0x40045109') +define(`SNDCTL_SEQ_SYNC', `0x00005101') +define(`SNDCTL_SEQ_TESTMIDI', `0x40045108') +define(`SNDCTL_SEQ_THRESHOLD', `0x4004510d') +define(`SNDCTL_SYNTH_CONTROL', `0xcfa45115') +define(`SNDCTL_SYNTH_ID', `0xc08c5114') +define(`SNDCTL_SYNTH_INFO', `0xc08c5102') +define(`SNDCTL_SYNTH_MEMAVL', `0xc004510e') +define(`SNDCTL_SYNTH_REMOVESAMPLE', `0xc00c5116') +define(`SNDCTL_TMR_CONTINUE', `0x00005404') +define(`SNDCTL_TMR_METRONOME', `0x40045407') +define(`SNDCTL_TMR_SELECT', `0x40045408') +define(`SNDCTL_TMR_SOURCE', `0xc0045406') +define(`SNDCTL_TMR_START', `0x00005402') +define(`SNDCTL_TMR_STOP', `0x00005403') +define(`SNDCTL_TMR_TEMPO', `0xc0045405') +define(`SNDCTL_TMR_TIMEBASE', `0xc0045401') +define(`SNDRV_COMPRESS_AVAIL', `0x801c4321') +define(`SNDRV_COMPRESS_DRAIN', `0x00004334') +define(`SNDRV_COMPRESS_GET_CAPS', `0xc0c44310') +define(`SNDRV_COMPRESS_GET_CODEC_CAPS', `0xeb884311') +define(`SNDRV_COMPRESS_GET_METADATA', `0xc0244315') +define(`SNDRV_COMPRESS_GET_PARAMS', `0x80784313') +define(`SNDRV_COMPRESS_IOCTL_VERSION', `0x80044300') +define(`SNDRV_COMPRESS_NEXT_TRACK', `0x00004335') +define(`SNDRV_COMPRESS_PARTIAL_DRAIN', `0x00004336') +define(`SNDRV_COMPRESS_PAUSE', `0x00004330') +define(`SNDRV_COMPRESS_RESUME', `0x00004331') +define(`SNDRV_COMPRESS_SET_METADATA', `0x40244314') +define(`SNDRV_COMPRESS_SET_PARAMS', `0x40844312') +define(`SNDRV_COMPRESS_START', `0x00004332') +define(`SNDRV_COMPRESS_STOP', `0x00004333') +define(`SNDRV_COMPRESS_TSTAMP', `0x80144320') +define(`SNDRV_CTL_IOCTL_CARD_INFO', `0x81785501') +define(`SNDRV_CTL_IOCTL_ELEM_ADD', `0xc1105517') +define(`SNDRV_CTL_IOCTL_ELEM_INFO', `0xc1105511') +define(`SNDRV_CTL_IOCTL_ELEM_LIST', `0xc0505510') +define(`SNDRV_CTL_IOCTL_ELEM_LOCK', `0x40405514') +define(`SNDRV_CTL_IOCTL_ELEM_READ', `0xc4c85512') +define(`SNDRV_CTL_IOCTL_ELEM_REMOVE', `0xc0405519') +define(`SNDRV_CTL_IOCTL_ELEM_REPLACE', `0xc1105518') +define(`SNDRV_CTL_IOCTL_ELEM_UNLOCK', `0x40405515') +define(`SNDRV_CTL_IOCTL_ELEM_WRITE', `0xc4c85513') +define(`SNDRV_CTL_IOCTL_HWDEP_INFO', `0x80dc5521') +define(`SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE', `0xc0045520') +define(`SNDRV_CTL_IOCTL_PCM_INFO', `0xc1205531') +define(`SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE', `0x80045530') +define(`SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE', `0x40045532') +define(`SNDRV_CTL_IOCTL_POWER', `0xc00455d0') +define(`SNDRV_CTL_IOCTL_POWER_STATE', `0x800455d1') +define(`SNDRV_CTL_IOCTL_PVERSION', `0x80045500') +define(`SNDRV_CTL_IOCTL_RAWMIDI_INFO', `0xc10c5541') +define(`SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE', `0xc0045540') +define(`SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE', `0x40045542') +define(`SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS', `0xc0045516') +define(`SNDRV_CTL_IOCTL_TLV_COMMAND', `0xc008551c') +define(`SNDRV_CTL_IOCTL_TLV_READ', `0xc008551a') +define(`SNDRV_CTL_IOCTL_TLV_WRITE', `0xc008551b') +define(`SNDRV_DM_FM_IOCTL_CLEAR_PATCHES', `0x00004840') +define(`SNDRV_DM_FM_IOCTL_INFO', `0x80024820') +define(`SNDRV_DM_FM_IOCTL_PLAY_NOTE', `0x400c4822') +define(`SNDRV_DM_FM_IOCTL_RESET', `0x00004821') +define(`SNDRV_DM_FM_IOCTL_SET_CONNECTION', `0x40044826') +define(`SNDRV_DM_FM_IOCTL_SET_MODE', `0x40044825') +define(`SNDRV_DM_FM_IOCTL_SET_PARAMS', `0x40094824') +define(`SNDRV_DM_FM_IOCTL_SET_VOICE', `0x40124823') +define(`SNDRV_EMU10K1_IOCTL_CODE_PEEK', `0xc1b04812') +define(`SNDRV_EMU10K1_IOCTL_CODE_POKE', `0x41b04811') +define(`SNDRV_EMU10K1_IOCTL_CONTINUE', `0x00004881') +define(`SNDRV_EMU10K1_IOCTL_DBG_READ', `0x80044884') +define(`SNDRV_EMU10K1_IOCTL_INFO', `0x880c4810') +define(`SNDRV_EMU10K1_IOCTL_PCM_PEEK', `0xc0484831') +define(`SNDRV_EMU10K1_IOCTL_PCM_POKE', `0x40484830') +define(`SNDRV_EMU10K1_IOCTL_PVERSION', `0x80044840') +define(`SNDRV_EMU10K1_IOCTL_SINGLE_STEP', `0x40044883') +define(`SNDRV_EMU10K1_IOCTL_STOP', `0x00004880') +define(`SNDRV_EMU10K1_IOCTL_TRAM_PEEK', `0xc0104822') +define(`SNDRV_EMU10K1_IOCTL_TRAM_POKE', `0x40104821') +define(`SNDRV_EMU10K1_IOCTL_TRAM_SETUP', `0x40044820') +define(`SNDRV_EMU10K1_IOCTL_ZERO_TRAM_COUNTER', `0x00004882') +define(`SNDRV_EMUX_IOCTL_LOAD_PATCH', `0xc0104881') +define(`SNDRV_EMUX_IOCTL_MEM_AVAIL', `0x40044884') +define(`SNDRV_EMUX_IOCTL_MISC_MODE', `0xc0104884') +define(`SNDRV_EMUX_IOCTL_REMOVE_LAST_SAMPLES', `0x00004883') +define(`SNDRV_EMUX_IOCTL_RESET_SAMPLES', `0x00004882') +define(`SNDRV_EMUX_IOCTL_VERSION', `0x80044880') +define(`SNDRV_FIREWIRE_IOCTL_GET_INFO', `0x802048f8') +define(`SNDRV_FIREWIRE_IOCTL_LOCK', `0x000048f9') +define(`SNDRV_FIREWIRE_IOCTL_UNLOCK', `0x000048fa') +define(`SNDRV_HDSP_IOCTL_GET_9632_AEB', `0x80084845') +define(`SNDRV_HDSP_IOCTL_GET_CONFIG_INFO', `0x80244841') +define(`SNDRV_HDSP_IOCTL_GET_MIXER', `0x90004844') +define(`SNDRV_HDSP_IOCTL_GET_PEAK_RMS', `0x83b04840') +define(`SNDRV_HDSP_IOCTL_GET_VERSION', `0x80084843') +define(`SNDRV_HDSP_IOCTL_UPLOAD_FIRMWARE', `0x40084842') +define(`SNDRV_HDSPM_IOCTL_GET_CONFIG', `0x80184841') +define(`SNDRV_HDSPM_IOCTL_GET_LTC', `0x80104846') +define(`SNDRV_HDSPM_IOCTL_GET_MIXER', `0x80084844') +define(`SNDRV_HDSPM_IOCTL_GET_PEAK_RMS', `0x89084842') +define(`SNDRV_HDSPM_IOCTL_GET_STATUS', `0x80204847') +define(`SNDRV_HDSPM_IOCTL_GET_VERSION', `0x80244848') +define(`SNDRV_HWDEP_IOCTL_DSP_LOAD', `0x40604803') +define(`SNDRV_HWDEP_IOCTL_DSP_STATUS', `0x80404802') +define(`SNDRV_HWDEP_IOCTL_INFO', `0x80dc4801') +define(`SNDRV_HWDEP_IOCTL_PVERSION', `0x80044800') +define(`SNDRV_PCM_IOCTL_CHANNEL_INFO', `0x80184132') +define(`SNDRV_PCM_IOCTL_DELAY', `0x80084121') +define(`SNDRV_PCM_IOCTL_DRAIN', `0x00004144') +define(`SNDRV_PCM_IOCTL_DROP', `0x00004143') +define(`SNDRV_PCM_IOCTL_FORWARD', `0x40084149') +define(`SNDRV_PCM_IOCTL_HW_FREE', `0x00004112') +define(`SNDRV_PCM_IOCTL_HW_PARAMS', `0xc2604111') +define(`SNDRV_PCM_IOCTL_HW_REFINE', `0xc2604110') +define(`SNDRV_PCM_IOCTL_HWSYNC', `0x00004122') +define(`SNDRV_PCM_IOCTL_INFO', `0x81204101') +define(`SNDRV_PCM_IOCTL_LINK', `0x40044160') +define(`SNDRV_PCM_IOCTL_PAUSE', `0x40044145') +define(`SNDRV_PCM_IOCTL_PREPARE', `0x00004140') +define(`SNDRV_PCM_IOCTL_PVERSION', `0x80044100') +define(`SNDRV_PCM_IOCTL_READI_FRAMES', `0x80184151') +define(`SNDRV_PCM_IOCTL_READN_FRAMES', `0x80184153') +define(`SNDRV_PCM_IOCTL_RESET', `0x00004141') +define(`SNDRV_PCM_IOCTL_RESUME', `0x00004147') +define(`SNDRV_PCM_IOCTL_REWIND', `0x40084146') +define(`SNDRV_PCM_IOCTL_START', `0x00004142') +define(`SNDRV_PCM_IOCTL_STATUS', `0x80984120') +define(`SNDRV_PCM_IOCTL_SW_PARAMS', `0xc0884113') +define(`SNDRV_PCM_IOCTL_SYNC_PTR', `0xc0884123') +define(`SNDRV_PCM_IOCTL_TSTAMP', `0x40044102') +define(`SNDRV_PCM_IOCTL_TTSTAMP', `0x40044103') +define(`SNDRV_PCM_IOCTL_UNLINK', `0x00004161') +define(`SNDRV_PCM_IOCTL_WRITEI_FRAMES', `0x40184150') +define(`SNDRV_PCM_IOCTL_WRITEN_FRAMES', `0x40184152') +define(`SNDRV_PCM_IOCTL_XRUN', `0x00004148') +define(`SNDRV_RAWMIDI_IOCTL_DRAIN', `0x40045731') +define(`SNDRV_RAWMIDI_IOCTL_DROP', `0x40045730') +define(`SNDRV_RAWMIDI_IOCTL_INFO', `0x810c5701') +define(`SNDRV_RAWMIDI_IOCTL_PARAMS', `0xc0305710') +define(`SNDRV_RAWMIDI_IOCTL_PVERSION', `0x80045700') +define(`SNDRV_RAWMIDI_IOCTL_STATUS', `0xc0385720') +define(`SNDRV_SB_CSP_IOCTL_INFO', `0x80284810') +define(`SNDRV_SB_CSP_IOCTL_LOAD_CODE', `0x70124811') +define(`SNDRV_SB_CSP_IOCTL_PAUSE', `0x00004815') +define(`SNDRV_SB_CSP_IOCTL_RESTART', `0x00004816') +define(`SNDRV_SB_CSP_IOCTL_START', `0x40084813') +define(`SNDRV_SB_CSP_IOCTL_STOP', `0x00004814') +define(`SNDRV_SB_CSP_IOCTL_UNLOAD_CODE', `0x00004812') +define(`SNDRV_SEQ_IOCTL_CLIENT_ID', `0x80045301') +define(`SNDRV_SEQ_IOCTL_CREATE_PORT', `0xc0a85320') +define(`SNDRV_SEQ_IOCTL_CREATE_QUEUE', `0xc08c5332') +define(`SNDRV_SEQ_IOCTL_DELETE_PORT', `0x40a85321') +define(`SNDRV_SEQ_IOCTL_DELETE_QUEUE', `0x408c5333') +define(`SNDRV_SEQ_IOCTL_GET_CLIENT_INFO', `0xc0bc5310') +define(`SNDRV_SEQ_IOCTL_GET_CLIENT_POOL', `0xc058534b') +define(`SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE', `0xc08c5336') +define(`SNDRV_SEQ_IOCTL_GET_PORT_INFO', `0xc0a85322') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT', `0xc04c5349') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_INFO', `0xc08c5334') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_OWNER', `0xc0005343') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS', `0xc05c5340') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO', `0xc02c5341') +define(`SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER', `0xc0605345') +define(`SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION', `0xc0505350') +define(`SNDRV_SEQ_IOCTL_PVERSION', `0x80045300') +define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT', `0xc0bc5351') +define(`SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT', `0xc0a85352') +define(`SNDRV_SEQ_IOCTL_QUERY_SUBS', `0xc058534f') +define(`SNDRV_SEQ_IOCTL_REMOVE_EVENTS', `0x4040534e') +define(`SNDRV_SEQ_IOCTL_RUNNING_MODE', `0xc0105303') +define(`SNDRV_SEQ_IOCTL_SET_CLIENT_INFO', `0x40bc5311') +define(`SNDRV_SEQ_IOCTL_SET_CLIENT_POOL', `0x4058534c') +define(`SNDRV_SEQ_IOCTL_SET_PORT_INFO', `0x40a85323') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT', `0x404c534a') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_INFO', `0xc08c5335') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_OWNER', `0x40005344') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO', `0x402c5342') +define(`SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER', `0x40605346') +define(`SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT', `0x40505330') +define(`SNDRV_SEQ_IOCTL_SYSTEM_INFO', `0xc0305302') +define(`SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT', `0x40505331') +define(`SNDRV_TIMER_IOCTL_CONTINUE', `0x000054a2') +define(`SNDRV_TIMER_IOCTL_GINFO', `0xc0f85403') +define(`SNDRV_TIMER_IOCTL_GPARAMS', `0x40485404') +define(`SNDRV_TIMER_IOCTL_GSTATUS', `0xc0505405') +define(`SNDRV_TIMER_IOCTL_INFO', `0x80e85411') +define(`SNDRV_TIMER_IOCTL_NEXT_DEVICE', `0xc0145401') +define(`SNDRV_TIMER_IOCTL_PARAMS', `0x40505412') +define(`SNDRV_TIMER_IOCTL_PAUSE', `0x000054a3') +define(`SNDRV_TIMER_IOCTL_PVERSION', `0x80045400') +define(`SNDRV_TIMER_IOCTL_SELECT', `0x40345410') +define(`SNDRV_TIMER_IOCTL_START', `0x000054a0') +define(`SNDRV_TIMER_IOCTL_STATUS', `0x80605414') +define(`SNDRV_TIMER_IOCTL_STOP', `0x000054a1') +define(`SNDRV_TIMER_IOCTL_TREAD', `0x40045402') +define(`SONET_CLRDIAG', `0xc0046113') +define(`SONET_GETDIAG', `0x80046114') +define(`SONET_GETFRAMING', `0x80046116') +define(`SONET_GETFRSENSE', `0x80066117') +define(`SONET_GETSTAT', `0x80246110') +define(`SONET_GETSTATZ', `0x80246111') +define(`SONET_SETDIAG', `0xc0046112') +define(`SONET_SETFRAMING', `0x40046115') +define(`SONYPI_IOCGBAT1CAP', `0x80027602') +define(`SONYPI_IOCGBAT1REM', `0x80027603') +define(`SONYPI_IOCGBAT2CAP', `0x80027604') +define(`SONYPI_IOCGBAT2REM', `0x80027605') +define(`SONYPI_IOCGBATFLAGS', `0x80017607') +define(`SONYPI_IOCGBLUE', `0x80017608') +define(`SONYPI_IOCGBRT', `0x80017600') +define(`SONYPI_IOCGFAN', `0x8001760a') +define(`SONYPI_IOCGTEMP', `0x8001760c') +define(`SONYPI_IOCSBLUE', `0x40017609') +define(`SONYPI_IOCSBRT', `0x40017600') +define(`SONYPI_IOCSFAN', `0x4001760b') +define(`SOUND_MIXER_3DSE', `0xc0044d68') +define(`SOUND_MIXER_ACCESS', `0xc0804d66') +define(`SOUND_MIXER_AGC', `0xc0044d67') +define(`SOUND_MIXER_GETLEVELS', `0xc0a44d74') +define(`SOUND_MIXER_INFO', `0x805c4d65') +define(`SOUND_MIXER_PRIVATE1', `0xc0044d6f') +define(`SOUND_MIXER_PRIVATE2', `0xc0044d70') +define(`SOUND_MIXER_PRIVATE3', `0xc0044d71') +define(`SOUND_MIXER_PRIVATE4', `0xc0044d72') +define(`SOUND_MIXER_PRIVATE5', `0xc0044d73') +define(`SOUND_MIXER_SETLEVELS', `0xc0a44d75') +define(`SOUND_OLD_MIXER_INFO', `0x80304d65') +define(`SOUND_PCM_READ_BITS', `0x80045005') +define(`SOUND_PCM_READ_CHANNELS', `0x80045006') +define(`SOUND_PCM_READ_FILTER', `0x80045007') +define(`SOUND_PCM_READ_RATE', `0x80045002') +define(`SOUND_PCM_WRITE_FILTER', `0xc0045007') +define(`SPI_IOC_RD_BITS_PER_WORD', `0x80016b03') +define(`SPI_IOC_RD_LSB_FIRST', `0x80016b02') +define(`SPI_IOC_RD_MAX_SPEED_HZ', `0x80046b04') +define(`SPI_IOC_RD_MODE', `0x80016b01') +define(`SPI_IOC_RD_MODE32', `0x80046b05') +define(`SPI_IOC_WR_BITS_PER_WORD', `0x40016b03') +define(`SPI_IOC_WR_LSB_FIRST', `0x40016b02') +define(`SPI_IOC_WR_MAX_SPEED_HZ', `0x40046b04') +define(`SPI_IOC_WR_MODE', `0x40016b01') +define(`SPI_IOC_WR_MODE32', `0x40046b05') +define(`SPIOCSTYPE', `0x40087101') +define(`SSTFB_GET_VGAPASS', `0x800446dd') +define(`SSTFB_SET_VGAPASS', `0x400446dd') +define(`STOP_ARRAY', `0x00000932') +define(`STOP_ARRAY_RO', `0x00000933') +define(`SW_SYNC_IOC_CREATE_FENCE', `0xc0285700') +define(`SW_SYNC_IOC_INC', `0x40045701') +define(`SYNC_IOC_FENCE_INFO', `0xc0283e02') +define(`SYNC_IOC_MERGE', `0xc0283e01') +define(`SYNC_IOC_WAIT', `0x40043e00') +define(`TCFLSH', `0x0000540b') +define(`TCGETA', `0x00005405') +define(`TCGETS2', `0x802c542a') +define(`TCGETS', ifelse(target_arch, mips, 0x0000540d, 0x00005401)) +define(`TCGETX', `0x00005432') +define(`TCSBRK', `0x00005409') +define(`TCSBRKP', `0x00005425') +define(`TCSETA', `0x00005406') +define(`TCSETAF', `0x00005408') +define(`TCSETAW', `0x00005407') +define(`TCSETS', `0x00005402') +define(`TCSETS2', `0x402c542b') +define(`TCSETSF', `0x00005404') +define(`TCSETSF2', `0x402c542d') +define(`TCSETSW', `0x00005403') +define(`TCSETSW2', `0x402c542c') +define(`TCSETX', `0x00005433') +define(`TCSETXF', `0x00005434') +define(`TCSETXW', `0x00005435') +define(`TCXONC', `0x0000540a') +define(`TFD_IOC_SET_TICKS', `0x40085400') +define(`TIOCCBRK', `0x00005428') +define(`TIOCCONS', `0x0000541d') +define(`TIOCEXCL', `0x0000540c') +define(`TIOCGDEV', `0x80045432') +define(`TIOCGETD', `0x00005424') +define(`TIOCGEXCL', `0x80045440') +define(`TIOCGICOUNT', `0x0000545d') +define(`TIOCGLCKTRMIOS', `0x00005456') +define(`TIOCGPGRP', `0x0000540f') +define(`TIOCGPKT', `0x80045438') +define(`TIOCGPTLCK', `0x80045439') +define(`TIOCGPTN', `0x80045430') +define(`TIOCGRS485', `0x0000542e') +define(`TIOCGSERIAL', `0x0000541e') +define(`TIOCGSID', `0x00005429') +define(`TIOCGSOFTCAR', `0x00005419') +define(`TIOCGWINSZ', ifelse(target_arch, mips, 0x80087468, 0x00005413)) +define(`TIOCLINUX', `0x0000541c') +define(`TIOCMBIC', `0x00005417') +define(`TIOCMBIS', `0x00005416') +define(`TIOCMGET', `0x00005415') +define(`TIOCMIWAIT', `0x0000545c') +define(`TIOCMSET', `0x00005418') +define(`TIOCNOTTY', `0x00005422') +define(`TIOCNXCL', `0x0000540d') +define(`TIOCOUTQ', ifelse(target_arch, mips, 0x00007472, 0x00005411)) +define(`TIOCPKT', `0x00005420') +define(`TIOCSBRK', `0x00005427') +define(`TIOCSCTTY', ifelse(target_arch, mips, 0x00005480, 0x0000540e)) +define(`TIOCSERCONFIG', `0x00005453') +define(`TIOCSERGETLSR', `0x00005459') +define(`TIOCSERGETMULTI', `0x0000545a') +define(`TIOCSERGSTRUCT', `0x00005458') +define(`TIOCSERGWILD', `0x00005454') +define(`TIOCSERSETMULTI', `0x0000545b') +define(`TIOCSERSWILD', `0x00005455') +define(`TIOCSETD', `0x00005423') +define(`TIOCSIG', `0x40045436') +define(`TIOCSLCKTRMIOS', `0x00005457') +define(`TIOCSPGRP', `0x00005410') +define(`TIOCSPTLCK', `0x40045431') +define(`TIOCSRS485', `0x0000542f') +define(`TIOCSSERIAL', `0x0000541f') +define(`TIOCSSOFTCAR', `0x0000541a') +define(`TIOCSTI', `0x00005412') +define(`TIOCSWINSZ', ifelse(target_arch, mips, 0x40087467, 0x00005414)) +define(`TIOCVHANGUP', `0x00005437') +define(`TOSH_SMM', `0xc0047490') +define(`TUNATTACHFILTER', `0x401054d5') +define(`TUNDETACHFILTER', `0x401054d6') +define(`TUNER_SET_CONFIG', `0x4010645c') +define(`TUNGETFEATURES', `0x800454cf') +define(`TUNGETFILTER', `0x801054db') +define(`TUNGETIFF', `0x800454d2') +define(`TUNGETSNDBUF', `0x800454d3') +define(`TUNGETVNETHDRSZ', `0x800454d7') +define(`TUNGETVNETLE', `0x800454dd') +define(`TUNSETDEBUG', `0x400454c9') +define(`TUNSETGROUP', `0x400454ce') +define(`TUNSETIFF', `0x400454ca') +define(`TUNSETIFINDEX', `0x400454da') +define(`TUNSETLINK', `0x400454cd') +define(`TUNSETNOCSUM', `0x400454c8') +define(`TUNSETOFFLOAD', `0x400454d0') +define(`TUNSETOWNER', `0x400454cc') +define(`TUNSETPERSIST', `0x400454cb') +define(`TUNSETQUEUE', `0x400454d9') +define(`TUNSETSNDBUF', `0x400454d4') +define(`TUNSETTXFILTER', `0x400454d1') +define(`TUNSETVNETHDRSZ', `0x400454d8') +define(`TUNSETVNETLE', `0x400454dc') +define(`UBI_IOCATT', `0x40186f40') +define(`UBI_IOCDET', `0x40046f41') +define(`UBI_IOCEBCH', `0x40044f02') +define(`UBI_IOCEBER', `0x40044f01') +define(`UBI_IOCEBISMAP', `0x80044f05') +define(`UBI_IOCEBMAP', `0x40084f03') +define(`UBI_IOCEBUNMAP', `0x40044f04') +define(`UBI_IOCMKVOL', `0x40986f00') +define(`UBI_IOCRMVOL', `0x40046f01') +define(`UBI_IOCRNVOL', `0x51106f03') +define(`UBI_IOCRSVOL', `0x400c6f02') +define(`UBI_IOCSETVOLPROP', `0x40104f06') +define(`UBI_IOCVOLCRBLK', `0x40804f07') +define(`UBI_IOCVOLRMBLK', `0x00004f08') +define(`UBI_IOCVOLUP', `0x40084f00') +define(`UDF_GETEABLOCK', `0x80086c41') +define(`UDF_GETEASIZE', `0x80046c40') +define(`UDF_GETVOLIDENT', `0x80086c42') +define(`UDF_RELOCATE_BLOCKS', `0xc0086c43') +define(`UI_BEGIN_FF_ERASE', `0xc00c55ca') +define(`UI_BEGIN_FF_UPLOAD', `0xc06855c8') +define(`UI_DEV_CREATE', `0x00005501') +define(`UI_DEV_DESTROY', `0x00005502') +define(`UI_END_FF_ERASE', `0x400c55cb') +define(`UI_END_FF_UPLOAD', `0x406855c9') +define(`UI_GET_VERSION', `0x8004552d') +define(`UI_SET_ABSBIT', `0x40045567') +define(`UI_SET_EVBIT', `0x40045564') +define(`UI_SET_FFBIT', `0x4004556b') +define(`UI_SET_KEYBIT', `0x40045565') +define(`UI_SET_LEDBIT', `0x40045569') +define(`UI_SET_MSCBIT', `0x40045568') +define(`UI_SET_PHYS', `0x4008556c') +define(`UI_SET_PROPBIT', `0x4004556e') +define(`UI_SET_RELBIT', `0x40045566') +define(`UI_SET_SNDBIT', `0x4004556a') +define(`UI_SET_SWBIT', `0x4004556d') +define(`UNPROTECT_ARRAY', `0x00000926') +define(`USBDEVFS_ALLOC_STREAMS', `0x8008551c') +define(`USBDEVFS_BULK', `0xc0185502') +define(`USBDEVFS_BULK32', `0xc0105502') +define(`USBDEVFS_CLAIMINTERFACE', `0x8004550f') +define(`USBDEVFS_CLAIM_PORT', `0x80045518') +define(`USBDEVFS_CLEAR_HALT', `0x80045515') +define(`USBDEVFS_CONNECT', `0x00005517') +define(`USBDEVFS_CONNECTINFO', `0x40085511') +define(`USBDEVFS_CONTROL', `0xc0185500') +define(`USBDEVFS_CONTROL32', `0xc0105500') +define(`USBDEVFS_DISCARDURB', `0x0000550b') +define(`USBDEVFS_DISCONNECT', `0x00005516') +define(`USBDEVFS_DISCONNECT_CLAIM', `0x8108551b') +define(`USBDEVFS_DISCSIGNAL', `0x8010550e') +define(`USBDEVFS_DISCSIGNAL32', `0x8008550e') +define(`USBDEVFS_FREE_STREAMS', `0x8008551d') +define(`USBDEVFS_GET_CAPABILITIES', `0x8004551a') +define(`USBDEVFS_GETDRIVER', `0x41045508') +define(`USBDEVFS_HUB_PORTINFO', `0x80805513') +define(`USBDEVFS_IOCTL', `0xc0105512') +define(`USBDEVFS_IOCTL32', `0xc00c5512') +define(`USBDEVFS_REAPURB', `0x4008550c') +define(`USBDEVFS_REAPURB32', `0x4004550c') +define(`USBDEVFS_REAPURBNDELAY', `0x4008550d') +define(`USBDEVFS_REAPURBNDELAY32', `0x4004550d') +define(`USBDEVFS_RELEASEINTERFACE', `0x80045510') +define(`USBDEVFS_RELEASE_PORT', `0x80045519') +define(`USBDEVFS_RESET', `0x00005514') +define(`USBDEVFS_RESETEP', `0x80045503') +define(`USBDEVFS_SETCONFIGURATION', `0x80045505') +define(`USBDEVFS_SETINTERFACE', `0x80085504') +define(`USBDEVFS_SUBMITURB', `0x8038550a') +define(`USBDEVFS_SUBMITURB32', `0x802a550a') +define(`USBTMC_IOCTL_ABORT_BULK_IN', `0x00005b04') +define(`USBTMC_IOCTL_ABORT_BULK_OUT', `0x00005b03') +define(`USBTMC_IOCTL_CLEAR', `0x00005b02') +define(`USBTMC_IOCTL_CLEAR_IN_HALT', `0x00005b07') +define(`USBTMC_IOCTL_CLEAR_OUT_HALT', `0x00005b06') +define(`USBTMC_IOCTL_INDICATOR_PULSE', `0x00005b01') +define(`UVCIOC_CTRL_MAP', `0xc0607520') +define(`UVCIOC_CTRL_QUERY', `0xc0107521') +define(`V4L2_SUBDEV_IR_RX_NOTIFY', `0x40047600') +define(`V4L2_SUBDEV_IR_TX_NOTIFY', `0x40047601') +define(`VFAT_IOCTL_READDIR_BOTH', `0x82307201') +define(`VFAT_IOCTL_READDIR_SHORT', `0x82307202') +define(`VFIO_CHECK_EXTENSION', `0x00003b65') +define(`VFIO_DEVICE_GET_INFO', `0x00003b6b') +define(`VFIO_DEVICE_GET_IRQ_INFO', `0x00003b6d') +define(`VFIO_DEVICE_GET_PCI_HOT_RESET_INFO', `0x00003b70') +define(`VFIO_DEVICE_GET_REGION_INFO', `0x00003b6c') +define(`VFIO_DEVICE_PCI_HOT_RESET', `0x00003b71') +define(`VFIO_DEVICE_RESET', `0x00003b6f') +define(`VFIO_DEVICE_SET_IRQS', `0x00003b6e') +define(`VFIO_EEH_PE_OP', `0x00003b79') +define(`VFIO_GET_API_VERSION', `0x00003b64') +define(`VFIO_GROUP_GET_DEVICE_FD', `0x00003b6a') +define(`VFIO_GROUP_GET_STATUS', `0x00003b67') +define(`VFIO_GROUP_SET_CONTAINER', `0x00003b68') +define(`VFIO_GROUP_UNSET_CONTAINER', `0x00003b69') +define(`VFIO_IOMMU_DISABLE', `0x00003b74') +define(`VFIO_IOMMU_ENABLE', `0x00003b73') +define(`VFIO_IOMMU_GET_INFO', `0x00003b70') +define(`VFIO_IOMMU_MAP_DMA', `0x00003b71') +define(`VFIO_IOMMU_SPAPR_TCE_GET_INFO', `0x00003b70') +define(`VFIO_IOMMU_UNMAP_DMA', `0x00003b72') +define(`VFIO_SET_IOMMU', `0x00003b66') +define(`VHOST_GET_FEATURES', `0x8008af00') +define(`VHOST_GET_VRING_BASE', `0xc008af12') +define(`VHOST_NET_SET_BACKEND', `0x4008af30') +define(`VHOST_RESET_OWNER', `0x0000af02') +define(`VHOST_SCSI_CLEAR_ENDPOINT', `0x40e8af41') +define(`VHOST_SCSI_GET_ABI_VERSION', `0x4004af42') +define(`VHOST_SCSI_GET_EVENTS_MISSED', `0x4004af44') +define(`VHOST_SCSI_SET_ENDPOINT', `0x40e8af40') +define(`VHOST_SCSI_SET_EVENTS_MISSED', `0x4004af43') +define(`VHOST_SET_FEATURES', `0x4008af00') +define(`VHOST_SET_LOG_BASE', `0x4008af04') +define(`VHOST_SET_LOG_FD', `0x4004af07') +define(`VHOST_SET_MEM_TABLE', `0x4008af03') +define(`VHOST_SET_OWNER', `0x0000af01') +define(`VHOST_SET_VRING_ADDR', `0x4028af11') +define(`VHOST_SET_VRING_BASE', `0x4008af12') +define(`VHOST_SET_VRING_CALL', `0x4008af21') +define(`VHOST_SET_VRING_ERR', `0x4008af22') +define(`VHOST_SET_VRING_KICK', `0x4008af20') +define(`VHOST_SET_VRING_NUM', `0x4008af10') +define(`VIDEO_CLEAR_BUFFER', `0x00006f22') +define(`VIDEO_COMMAND', `0xc0486f3b') +define(`VIDEO_CONTINUE', `0x00006f18') +define(`VIDEO_FAST_FORWARD', `0x00006f1f') +define(`VIDEO_FREEZE', `0x00006f17') +define(`VIDEO_GET_CAPABILITIES', `0x80046f21') +define(`VIDEO_GET_EVENT', `0x80206f1c') +define(`VIDEO_GET_FRAME_COUNT', `0x80086f3a') +define(`VIDEO_GET_FRAME_RATE', `0x80046f38') +define(`VIDEO_GET_NAVI', `0x84046f34') +define(`VIDEO_GET_PTS', `0x80086f39') +define(`VIDEO_GET_SIZE', `0x800c6f37') +define(`VIDEO_GET_STATUS', `0x80146f1b') +define(`VIDEO_PLAY', `0x00006f16') +define(`VIDEO_SELECT_SOURCE', `0x00006f19') +define(`VIDEO_SET_ATTRIBUTES', `0x00006f35') +define(`VIDEO_SET_BLANK', `0x00006f1a') +define(`VIDEO_SET_DISPLAY_FORMAT', `0x00006f1d') +define(`VIDEO_SET_FORMAT', `0x00006f25') +define(`VIDEO_SET_HIGHLIGHT', `0x40106f27') +define(`VIDEO_SET_ID', `0x00006f23') +define(`VIDEO_SET_SPU', `0x40086f32') +define(`VIDEO_SET_SPU_PALETTE', `0x40106f33') +define(`VIDEO_SET_STREAMTYPE', `0x00006f24') +define(`VIDEO_SET_SYSTEM', `0x00006f26') +define(`VIDEO_SLOWMOTION', `0x00006f20') +define(`VIDEO_STILLPICTURE', `0x40106f1e') +define(`VIDEO_STOP', `0x00006f15') +define(`VIDEO_TRY_COMMAND', `0xc0486f3c') +define(`VIDIOC_CREATE_BUFS', `0xc100565c') +define(`VIDIOC_CROPCAP', `0xc02c563a') +define(`VIDIOC_DBG_G_CHIP_INFO', `0xc0c85666') +define(`VIDIOC_DBG_G_REGISTER', `0xc0385650') +define(`VIDIOC_DBG_S_REGISTER', `0x4038564f') +define(`VIDIOC_DECODER_CMD', `0xc0485660') +define(`VIDIOC_DQBUF', `0xc0585611') +define(`VIDIOC_DQEVENT', `0x80885659') +define(`VIDIOC_DV_TIMINGS_CAP', `0xc0905664') +define(`VIDIOC_ENCODER_CMD', `0xc028564d') +define(`VIDIOC_ENUMAUDIO', `0xc0345641') +define(`VIDIOC_ENUMAUDOUT', `0xc0345642') +define(`VIDIOC_ENUM_DV_TIMINGS', `0xc0945662') +define(`VIDIOC_ENUM_FMT', `0xc0405602') +define(`VIDIOC_ENUM_FRAMEINTERVALS', `0xc034564b') +define(`VIDIOC_ENUM_FRAMESIZES', `0xc02c564a') +define(`VIDIOC_ENUM_FREQ_BANDS', `0xc0405665') +define(`VIDIOC_ENUMINPUT', `0xc050561a') +define(`VIDIOC_ENUMOUTPUT', `0xc0485630') +define(`VIDIOC_ENUMSTD', `0xc0485619') +define(`VIDIOC_EXPBUF', `0xc0405610') +define(`VIDIOC_G_AUDIO', `0x80345621') +define(`VIDIOC_G_AUDOUT', `0x80345631') +define(`VIDIOC_G_CROP', `0xc014563b') +define(`VIDIOC_G_CTRL', `0xc008561b') +define(`VIDIOC_G_DV_TIMINGS', `0xc0845658') +define(`VIDIOC_G_EDID', `0xc0285628') +define(`VIDIOC_G_ENC_INDEX', `0x8818564c') +define(`VIDIOC_G_EXT_CTRLS', `0xc0205647') +define(`VIDIOC_G_FBUF', `0x8030560a') +define(`VIDIOC_G_FMT', `0xc0d05604') +define(`VIDIOC_G_FREQUENCY', `0xc02c5638') +define(`VIDIOC_G_INPUT', `0x80045626') +define(`VIDIOC_G_JPEGCOMP', `0x808c563d') +define(`VIDIOC_G_MODULATOR', `0xc0445636') +define(`VIDIOC_G_OUTPUT', `0x8004562e') +define(`VIDIOC_G_PARM', `0xc0cc5615') +define(`VIDIOC_G_PRIORITY', `0x80045643') +define(`VIDIOC_G_SELECTION', `0xc040565e') +define(`VIDIOC_G_SLICED_VBI_CAP', `0xc0745645') +define(`VIDIOC_G_STD', `0x80085617') +define(`VIDIOC_G_TUNER', `0xc054561d') +define(`VIDIOC_INT_RESET', `0x40046466') +define(`VIDIOC_LOG_STATUS', `0x00005646') +define(`VIDIOC_OMAP3ISP_AEWB_CFG', `0xc02056c3') +define(`VIDIOC_OMAP3ISP_AF_CFG', `0xc04c56c5') +define(`VIDIOC_OMAP3ISP_CCDC_CFG', `0xc03856c1') +define(`VIDIOC_OMAP3ISP_HIST_CFG', `0xc03056c4') +define(`VIDIOC_OMAP3ISP_PRV_CFG', `0xc07056c2') +define(`VIDIOC_OMAP3ISP_STAT_EN', `0xc00856c7') +define(`VIDIOC_OMAP3ISP_STAT_REQ', `0xc02856c6') +define(`VIDIOC_OVERLAY', `0x4004560e') +define(`VIDIOC_PREPARE_BUF', `0xc058565d') +define(`VIDIOC_QBUF', `0xc058560f') +define(`VIDIOC_QUERYBUF', `0xc0585609') +define(`VIDIOC_QUERYCAP', `0x80685600') +define(`VIDIOC_QUERYCTRL', `0xc0445624') +define(`VIDIOC_QUERY_DV_TIMINGS', `0x80845663') +define(`VIDIOC_QUERY_EXT_CTRL', `0xc0e85667') +define(`VIDIOC_QUERYMENU', `0xc02c5625') +define(`VIDIOC_QUERYSTD', `0x8008563f') +define(`VIDIOC_REQBUFS', `0xc0145608') +define(`VIDIOC_RESERVED', `0x00005601') +define(`VIDIOC_S_AUDIO', `0x40345622') +define(`VIDIOC_S_AUDOUT', `0x40345632') +define(`VIDIOC_S_CROP', `0x4014563c') +define(`VIDIOC_S_CTRL', `0xc008561c') +define(`VIDIOC_S_DV_TIMINGS', `0xc0845657') +define(`VIDIOC_S_EDID', `0xc0285629') +define(`VIDIOC_S_EXT_CTRLS', `0xc0205648') +define(`VIDIOC_S_FBUF', `0x4030560b') +define(`VIDIOC_S_FMT', `0xc0d05605') +define(`VIDIOC_S_FREQUENCY', `0x402c5639') +define(`VIDIOC_S_HW_FREQ_SEEK', `0x40305652') +define(`VIDIOC_S_INPUT', `0xc0045627') +define(`VIDIOC_S_JPEGCOMP', `0x408c563e') +define(`VIDIOC_S_MODULATOR', `0x40445637') +define(`VIDIOC_S_OUTPUT', `0xc004562f') +define(`VIDIOC_S_PARM', `0xc0cc5616') +define(`VIDIOC_S_PRIORITY', `0x40045644') +define(`VIDIOC_S_SELECTION', `0xc040565f') +define(`VIDIOC_S_STD', `0x40085618') +define(`VIDIOC_STREAMOFF', `0x40045613') +define(`VIDIOC_STREAMON', `0x40045612') +define(`VIDIOC_S_TUNER', `0x4054561e') +define(`VIDIOC_SUBDEV_DV_TIMINGS_CAP', `0xc0905664') +define(`VIDIOC_SUBDEV_ENUM_DV_TIMINGS', `0xc0945662') +define(`VIDIOC_SUBDEV_ENUM_FRAME_INTERVAL', `0xc040564b') +define(`VIDIOC_SUBDEV_ENUM_FRAME_SIZE', `0xc040564a') +define(`VIDIOC_SUBDEV_ENUM_MBUS_CODE', `0xc0305602') +define(`VIDIOC_SUBDEV_G_CROP', `0xc038563b') +define(`VIDIOC_SUBDEV_G_DV_TIMINGS', `0xc0845658') +define(`VIDIOC_SUBDEV_G_EDID', `0xc0285628') +define(`VIDIOC_SUBDEV_G_FMT', `0xc0585604') +define(`VIDIOC_SUBDEV_G_FRAME_INTERVAL', `0xc0305615') +define(`VIDIOC_SUBDEV_G_SELECTION', `0xc040563d') +define(`VIDIOC_SUBDEV_QUERY_DV_TIMINGS', `0x80845663') +define(`VIDIOC_SUBDEV_S_CROP', `0xc038563c') +define(`VIDIOC_SUBDEV_S_DV_TIMINGS', `0xc0845657') +define(`VIDIOC_SUBDEV_S_EDID', `0xc0285629') +define(`VIDIOC_SUBDEV_S_FMT', `0xc0585605') +define(`VIDIOC_SUBDEV_S_FRAME_INTERVAL', `0xc0305616') +define(`VIDIOC_SUBDEV_S_SELECTION', `0xc040563e') +define(`VIDIOC_SUBSCRIBE_EVENT', `0x4020565a') +define(`VIDIOC_TRY_DECODER_CMD', `0xc0485661') +define(`VIDIOC_TRY_ENCODER_CMD', `0xc028564e') +define(`VIDIOC_TRY_EXT_CTRLS', `0xc0205649') +define(`VIDIOC_TRY_FMT', `0xc0d05640') +define(`VIDIOC_UNSUBSCRIBE_EVENT', `0x4020565b') +define(`VIDIOC_VSP1_LUT_CONFIG', `0xc40056c1') +define(`VPFE_CMD_S_CCDC_RAW_PARAMS', `0x400856c1') +define(`VT_ACTIVATE', `0x00005606') +define(`VT_DISALLOCATE', `0x00005608') +define(`VT_GETHIFONTMASK', `0x0000560d') +define(`VT_GETMODE', `0x00005601') +define(`VT_GETSTATE', `0x00005603') +define(`VT_LOCKSWITCH', `0x0000560b') +define(`VT_OPENQRY', `0x00005600') +define(`VT_RELDISP', `0x00005605') +define(`VT_RESIZE', `0x00005609') +define(`VT_RESIZEX', `0x0000560a') +define(`VT_SENDSIG', `0x00005604') +define(`VT_SETACTIVATE', `0x0000560f') +define(`VT_SETMODE', `0x00005602') +define(`VT_UNLOCKSWITCH', `0x0000560c') +define(`VT_WAITACTIVE', `0x00005607') +define(`VT_WAITEVENT', `0x0000560e') +define(`WAN_IOC_ADD_FLT_INDEX', `0x00006902') +define(`WAN_IOC_ADD_FLT_RULE', `0x00006900') +define(`WDIOC_GETBOOTSTATUS', `0x80045702') +define(`WDIOC_GETPRETIMEOUT', `0x80045709') +define(`WDIOC_GETSTATUS', `0x80045701') +define(`WDIOC_GETSUPPORT', `0x80285700') +define(`WDIOC_GETTEMP', `0x80045703') +define(`WDIOC_GETTIMELEFT', `0x8004570a') +define(`WDIOC_GETTIMEOUT', `0x80045707') +define(`WDIOC_KEEPALIVE', `0x80045705') +define(`WDIOC_SETOPTIONS', `0x80045704') +define(`WDIOC_SETPRETIMEOUT', `0xc0045708') +define(`WDIOC_SETTIMEOUT', `0xc0045706') +define(`WRITE_RAID_INFO', `0x00000925') +define(`X86_IOC_RDMSR_REGS', `0xc02063a0') +define(`X86_IOC_WRMSR_REGS', `0xc02063a1') +define(`ZATM_GETPOOL', `0x40106161') +define(`ZATM_GETPOOLZ', `0x40106162') +define(`ZATM_SETPOOL', `0x40106163') diff --git a/prebuilts/api/30.0/public/ioctl_macros b/prebuilts/api/30.0/public/ioctl_macros new file mode 100644 index 000000000..5cbfae53f --- /dev/null +++ b/prebuilts/api/30.0/public/ioctl_macros @@ -0,0 +1,68 @@ +# socket ioctls allowed to unprivileged apps +define(`unpriv_sock_ioctls', ` +{ +# Socket ioctls for gathering information about the interface +SIOCGSTAMP SIOCGSTAMPNS +SIOCGIFNAME SIOCGIFCONF SIOCGIFFLAGS SIOCGIFADDR SIOCGIFDSTADDR SIOCGIFBRDADDR +SIOCGIFNETMASK SIOCGIFMTU SIOCGIFINDEX SIOCGIFCOUNT SIOCGIFTXQLEN +# Wireless extension ioctls. Primarily get functions. +SIOCGIWNAME SIOCGIWFREQ SIOCGIWMODE SIOCGIWSENS SIOCGIWRANGE SIOCGIWPRIV +SIOCGIWSTATS SIOCGIWSPY SIOCSIWTHRSPY SIOCGIWTHRSPY SIOCGIWRATE SIOCGIWRTS +SIOCGIWFRAG SIOCGIWTXPOW SIOCGIWRETRY SIOCGIWPOWER +}') + +# socket ioctls never allowed to unprivileged apps +define(`priv_sock_ioctls', ` +{ +# qualcomm rmnet ioctls +WAN_IOC_ADD_FLT_RULE WAN_IOC_ADD_FLT_INDEX +# socket ioctls +SIOCADDRT SIOCDELRT SIOCRTMSG SIOCSIFLINK SIOCSIFFLAGS SIOCSIFADDR +SIOCSIFDSTADDR SIOCSIFBRDADDR SIOCSIFNETMASK SIOCGIFMETRIC SIOCSIFMETRIC SIOCGIFMEM +SIOCSIFMEM SIOCSIFMTU SIOCSIFNAME SIOCSIFHWADDR SIOCGIFENCAP SIOCSIFENCAP +SIOCGIFHWADDR SIOCGIFSLAVE SIOCSIFSLAVE SIOCADDMULTI SIOCDELMULTI +SIOCSIFPFLAGS SIOCGIFPFLAGS SIOCDIFADDR SIOCSIFHWBROADCAST SIOCKILLADDR SIOCGIFBR SIOCSIFBR +SIOCSIFTXQLEN SIOCETHTOOL SIOCGMIIPHY SIOCGMIIREG SIOCSMIIREG SIOCWANDEV +SIOCOUTQNSD SIOCDARP SIOCGARP SIOCSARP SIOCDRARP SIOCGRARP SIOCSRARP SIOCGIFMAP +SIOCSIFMAP SIOCADDDLCI SIOCDELDLCI SIOCGIFVLAN SIOCSIFVLAN SIOCBONDENSLAVE +SIOCBONDRELEASE SIOCBONDSETHWADDR SIOCBONDSLAVEINFOQUERY SIOCBONDINFOQUERY +SIOCBONDCHANGEACTIVE SIOCBRADDBR SIOCBRDELBR SIOCBRADDIF SIOCBRDELIF SIOCSHWTSTAMP +# device and protocol specific ioctls +SIOCDEVPRIVATE-SIOCDEVPRIVLAST +SIOCPROTOPRIVATE-SIOCPROTOPRIVLAST +# Wireless extension ioctls +SIOCSIWCOMMIT SIOCSIWNWID SIOCSIWFREQ SIOCSIWMODE SIOCSIWSENS SIOCSIWRANGE +SIOCSIWPRIV SIOCSIWSTATS SIOCSIWSPY SIOCSIWAP SIOCGIWAP SIOCSIWMLME SIOCGIWAPLIST +SIOCSIWSCAN SIOCGIWSCAN SIOCSIWESSID SIOCGIWESSID SIOCSIWNICKN SIOCGIWNICKN +SIOCSIWRATE SIOCSIWRTS SIOCSIWFRAG SIOCSIWTXPOW SIOCSIWRETRY SIOCSIWENCODE +SIOCGIWENCODE SIOCSIWPOWER SIOCSIWGENIE SIOCGIWGENIE SIOCSIWAUTH SIOCGIWAUTH +SIOCSIWENCODEEXT SIOCGIWENCODEEXT SIOCSIWPMKSA +# Dev private ioctl i.e. hardware specific ioctls +SIOCIWFIRSTPRIV-SIOCIWLASTPRIV +}') + +# commonly used ioctls on unix sockets +define(`unpriv_unix_sock_ioctls', `{ + TIOCOUTQ FIOCLEX FIONCLEX TCGETS TIOCGWINSZ TIOCSWINSZ FIONREAD +}') + +# commonly used TTY ioctls +# merge with unpriv_unix_sock_ioctls? +define(`unpriv_tty_ioctls', `{ + TIOCOUTQ FIOCLEX FIONCLEX TCGETS TCSETS TIOCGWINSZ TIOCSWINSZ TIOCSCTTY + TCSETSW TCFLSH TIOCSPGRP TIOCGPGRP +}') + +# point to point ioctls +define(`ppp_ioctls', `{ +PPPIOCGL2TPSTATS PPPIOCGCHAN PPPIOCATTCHAN PPPIOCDISCONN +PPPIOCCONNECT PPPIOCSMRRU PPPIOCDETACH PPPIOCATTACH +PPPIOCNEWUNIT PPPIOCGIDLE PPPIOCSDEBUG PPPIOCGDEBUG +PPPIOCSACTIVE PPPIOCSPASS PPPIOCSNPMODE PPPIOCGNPMODE +PPPIOCSCOMPRESS PPPIOCXFERUNIT PPPIOCSXASYNCMAP +PPPIOCGXASYNCMAP PPPIOCSMAXCID PPPIOCSMRU PPPIOCGMRU +PPPIOCSRASYNCMAP PPPIOCGRASYNCMAP PPPIOCGUNIT PPPIOCSASYNCMAP +PPPIOCGASYNCMAP PPPIOCSFLAGS PPPIOCGFLAGS PPPIOCGCALLINFO +PPPIOCBUNDLE PPPIOCGMPFLAGS PPPIOCSMPFLAGS PPPIOCSMPMTU +PPPIOCSMPMRU PPPIOCGCOMPRESSORS PPPIOCSCOMPRESSOR PPPIOCGIFNAME +}') diff --git a/prebuilts/api/30.0/public/iorap_inode2filename.te b/prebuilts/api/30.0/public/iorap_inode2filename.te new file mode 100644 index 000000000..4041ddd83 --- /dev/null +++ b/prebuilts/api/30.0/public/iorap_inode2filename.te @@ -0,0 +1,77 @@ +# iorap.inode2filename -> look up file paths from an inode +type iorap_inode2filename, domain; +type iorap_inode2filename_exec, exec_type, file_type, system_file_type; +type iorap_inode2filename_tmpfs, file_type; + +r_dir_file(iorap_inode2filename, rootfs) + +# Allow usage of pipes (child stdout -> parent pipe). +allow iorap_inode2filename iorapd:fd use; +allow iorap_inode2filename iorapd:fifo_file { read write getattr }; + +# Allow reading most files under / ignoring usual access controls. +allow iorap_inode2filename self:capability dac_read_search; + +typeattribute iorap_inode2filename mlstrustedsubject; + +# Grant access to open most of the files under / +allow iorap_inode2filename apex_data_file:dir { getattr open read search }; +allow iorap_inode2filename apex_data_file:file { getattr }; +allow iorap_inode2filename apex_mnt_dir:dir { getattr open read search }; +allow iorap_inode2filename apex_mnt_dir:file { getattr }; +allow iorap_inode2filename apk_data_file:dir { getattr open read search }; +allow iorap_inode2filename apk_data_file:file { getattr }; +allow iorap_inode2filename app_data_file:dir { getattr open read search }; +allow iorap_inode2filename app_data_file:file { getattr }; +allow iorap_inode2filename backup_data_file:dir { getattr open read search }; +allow iorap_inode2filename backup_data_file:file { getattr }; +allow iorap_inode2filename bluetooth_data_file:dir { getattr open read search }; +allow iorap_inode2filename bluetooth_data_file:file { getattr }; +allow iorap_inode2filename bootchart_data_file:dir { getattr open read search }; +allow iorap_inode2filename bootchart_data_file:file { getattr }; +allow iorap_inode2filename metadata_file:dir { getattr open read search search }; +allow iorap_inode2filename metadata_file:file { getattr }; +allow iorap_inode2filename packages_list_file:dir { getattr open read search }; +allow iorap_inode2filename packages_list_file:file { getattr }; +allow iorap_inode2filename privapp_data_file:dir { getattr open read search }; +allow iorap_inode2filename privapp_data_file:file { getattr }; +allow iorap_inode2filename property_data_file:dir { getattr open read search }; +allow iorap_inode2filename property_data_file:file { getattr }; +allow iorap_inode2filename radio_data_file:dir { getattr open read search }; +allow iorap_inode2filename radio_data_file:file { getattr }; +allow iorap_inode2filename resourcecache_data_file:dir { getattr open read search }; +allow iorap_inode2filename resourcecache_data_file:file { getattr }; +allow iorap_inode2filename recovery_data_file:dir { getattr open read search }; +allow iorap_inode2filename ringtone_file:dir { getattr open read search }; +allow iorap_inode2filename ringtone_file:file { getattr }; +allow iorap_inode2filename same_process_hal_file:dir { getattr open read search }; +allow iorap_inode2filename same_process_hal_file:file { getattr }; +allow iorap_inode2filename sepolicy_file:file { getattr }; +allow iorap_inode2filename staging_data_file:dir { getattr open read search }; +allow iorap_inode2filename staging_data_file:file { getattr }; +allow iorap_inode2filename system_bootstrap_lib_file:dir { getattr open read search }; +allow iorap_inode2filename system_bootstrap_lib_file:file { getattr }; +allow iorap_inode2filename system_app_data_file:dir { getattr open read search }; +allow iorap_inode2filename system_app_data_file:file { getattr }; +allow iorap_inode2filename system_data_file:dir { getattr open read search }; +allow iorap_inode2filename system_data_file:file { getattr }; +allow iorap_inode2filename system_data_file:lnk_file { getattr open read }; +allow iorap_inode2filename system_data_root_file:dir { getattr open read search }; +allow iorap_inode2filename textclassifier_data_file:dir { getattr open read search }; +allow iorap_inode2filename textclassifier_data_file:file { getattr }; +allow iorap_inode2filename toolbox_exec:file getattr; +allow iorap_inode2filename user_profile_data_file:dir { getattr open read search }; +allow iorap_inode2filename user_profile_data_file:file { getattr }; +allow iorap_inode2filename unencrypted_data_file:dir { getattr open read search }; +allow iorap_inode2filename unlabeled:file { getattr }; +allow iorap_inode2filename vendor_file:dir { getattr open read search }; +allow iorap_inode2filename vendor_file:file { getattr }; +allow iorap_inode2filename vendor_overlay_file:file { getattr }; +allow iorap_inode2filename zygote_exec:file { getattr }; + +### +### neverallow rules +### + +neverallow { domain -init -iorapd } iorap_inode2filename:process { transition dyntransition }; +neverallow iorap_inode2filename domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/iorap_prefetcherd.te b/prebuilts/api/30.0/public/iorap_prefetcherd.te new file mode 100644 index 000000000..ad9db142b --- /dev/null +++ b/prebuilts/api/30.0/public/iorap_prefetcherd.te @@ -0,0 +1,54 @@ +# volume manager +type iorap_prefetcherd, domain; +type iorap_prefetcherd_exec, exec_type, file_type, system_file_type; +type iorap_prefetcherd_tmpfs, file_type; + +r_dir_file(iorap_prefetcherd, rootfs) + +# Allow read/write /proc/sys/vm/drop/caches +allow iorap_prefetcherd proc_drop_caches:file rw_file_perms; + +# iorap_prefetcherd temporarily changes its priority when running benchmarks +allow iorap_prefetcherd self:global_capability_class_set sys_nice; + +# Allow usage of pipes (--input-fd=# and --output-fd=# command line parameters). +allow iorap_prefetcherd iorapd:fd use; +allow iorap_prefetcherd iorapd:fifo_file { read write }; + +# Allow reading most files under / ignoring usual access controls. +allow iorap_prefetcherd self:capability dac_read_search; + +typeattribute iorap_prefetcherd mlstrustedsubject; + +# Grant logcat access +allow iorap_prefetcherd logcat_exec:file { open read }; + +# Grant access to open most of the files under / +allow iorap_prefetcherd apk_data_file:dir { open read search }; +allow iorap_prefetcherd apk_data_file:file { open read }; +allow iorap_prefetcherd app_data_file:dir { open read search }; +allow iorap_prefetcherd app_data_file:file { open read }; +allow iorap_prefetcherd dalvikcache_data_file:dir { open read search }; +allow iorap_prefetcherd dalvikcache_data_file:file{ open read }; +allow iorap_prefetcherd packages_list_file:dir { open read search }; +allow iorap_prefetcherd packages_list_file:file { open read }; +allow iorap_prefetcherd privapp_data_file:dir { open read search }; +allow iorap_prefetcherd privapp_data_file:file { open read }; +allow iorap_prefetcherd same_process_hal_file:dir{ open read search }; +allow iorap_prefetcherd same_process_hal_file:file { open read }; +allow iorap_prefetcherd system_data_file:dir { open read search }; +allow iorap_prefetcherd system_data_file:file { open read }; +allow iorap_prefetcherd system_data_file:lnk_file { open read }; +allow iorap_prefetcherd user_profile_data_file:dir { open read search }; +allow iorap_prefetcherd user_profile_data_file:file { open read }; +allow iorap_prefetcherd vendor_overlay_file:dir { open read search }; +allow iorap_prefetcherd vendor_overlay_file:file { open read }; +# Note: Do not add any /vendor labels because they can be customized +# by the vendor and we won't know about them beforehand. + +### +### neverallow rules +### + +neverallow { domain -init -iorapd } iorap_prefetcherd:process { transition dyntransition }; +neverallow iorap_prefetcherd domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/iorapd.te b/prebuilts/api/30.0/public/iorapd.te new file mode 100644 index 000000000..426eccae6 --- /dev/null +++ b/prebuilts/api/30.0/public/iorapd.te @@ -0,0 +1,85 @@ +# volume manager +type iorapd, domain; +type iorapd_exec, exec_type, file_type, system_file_type; +type iorapd_tmpfs, file_type; + +r_dir_file(iorapd, rootfs) + +# Allow read/write /proc/sys/vm/drop/caches +allow iorapd proc_drop_caches:file rw_file_perms; + +# Give iorapd a place where only iorapd can store files; everyone else is off limits +allow iorapd iorapd_data_file:dir create_dir_perms; +allow iorapd iorapd_data_file:file create_file_perms; + +# Allow iorapd to publish a binder service and make binder calls. +binder_use(iorapd) +add_service(iorapd, iorapd_service) + +# Allow iorapd to call into the system server so it can check permissions. +binder_call(iorapd, system_server) +allow iorapd permission_service:service_manager find; +# IUserManager +allow iorapd user_service:service_manager find; +# IPackageManagerNative +allow iorapd package_native_service:service_manager find; +# Allow dumpstate (bugreport) to call into iorapd. +allow iorapd dumpstate:fd use; +allow iorapd dumpstate:fifo_file write; + +# talk to batteryservice +binder_call(iorapd, healthd) + +# TODO: does each of the service_manager allow finds above need the binder_call? + +# iorapd temporarily changes its priority when running benchmarks +allow iorapd self:global_capability_class_set sys_nice; + +# Allow to access Perfetto traced's privileged consumer socket to start/stop +# tracing sessions and read trace data. +unix_socket_connect(iorapd, traced_consumer, traced) + +# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time. +allow iorapd system_file:file rx_file_perms; + +### +### neverallow rules +### + +neverallow { + domain + -iorapd +} iorapd_data_file:dir ~{ open create read getattr setattr search relabelto ioctl }; + +neverallow { + domain + -init + -iorapd +} iorapd_data_file:dir *; + +neverallow { + domain + -kernel + -iorapd +} iorapd_data_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { + domain + -init + -kernel + -vendor_init + -iorapd +} { iorapd_data_file }:notdevfile_class_set *; + +# Only system_server and shell (for dumpsys) can interact with iorapd over binder +neverallow { domain -dumpstate -system_server -iorapd } iorapd_service:service_manager find; +neverallow iorapd { + domain + -healthd + -servicemanager + -system_server + userdebug_or_eng(`-su') +}:binder call; + +neverallow { domain -init } iorapd:process { transition dyntransition }; +neverallow iorapd domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/isolated_app.te b/prebuilts/api/30.0/public/isolated_app.te new file mode 100644 index 000000000..a907dacc2 --- /dev/null +++ b/prebuilts/api/30.0/public/isolated_app.te @@ -0,0 +1,9 @@ +### +### Services with isolatedProcess=true in their manifest. +### +### This file defines the rules for isolated apps. An "isolated +### app" is an APP with UID between AID_ISOLATED_START (99000) +### and AID_ISOLATED_END (99999). +### + +type isolated_app, domain; diff --git a/prebuilts/api/30.0/public/kernel.te b/prebuilts/api/30.0/public/kernel.te new file mode 100644 index 000000000..42fe2c476 --- /dev/null +++ b/prebuilts/api/30.0/public/kernel.te @@ -0,0 +1,136 @@ +# Life begins with the kernel. +type kernel, domain, mlstrustedsubject; + +allow kernel self:global_capability_class_set sys_nice; + +# Root fs. +r_dir_file(kernel, rootfs) +allow kernel proc_cmdline:file r_file_perms; + +# Get SELinux enforcing status. +allow kernel selinuxfs:dir r_dir_perms; +allow kernel selinuxfs:file r_file_perms; + +# Get file contexts during first stage +allow kernel file_contexts_file:file r_file_perms; + +# Allow init relabel itself. +allow kernel rootfs:file relabelfrom; +allow kernel init_exec:file relabelto; +# TODO: investigate why we need this. +allow kernel init:process share; + +# cgroup filesystem initialization prior to setting the cgroup root directory label. +allow kernel unlabeled:dir search; + +# Mount usbfs. +allow kernel usbfs:filesystem mount; +allow kernel usbfs:dir search; + +# Initial setenforce by init prior to switching to init domain. +# We use dontaudit instead of allow to prevent a kernel spawned userspace +# process from turning off SELinux once enabled. +dontaudit kernel self:security setenforce; + +# Write to /proc/1/oom_adj prior to switching to init domain. +allow kernel self:global_capability_class_set sys_resource; + +# Init reboot before switching selinux domains under certain error +# conditions. Allow it. +# As part of rebooting, init writes "u" to /proc/sysrq-trigger to +# remount filesystems read-only. /data is not mounted at this point, +# so we could ignore this. For now, we allow it. +allow kernel self:global_capability_class_set sys_boot; +allow kernel proc_sysrq:file w_file_perms; + +# Allow writing to /dev/kmsg which was created prior to loading policy. +allow kernel tmpfs:chr_file write; + +# Set checkreqprot by init.rc prior to switching to init domain. +allow kernel selinuxfs:file write; +allow kernel self:security setcheckreqprot; + +# kernel thread "loop0", used by the loop block device, for ASECs (b/17158723) +allow kernel sdcard_type:file { read write }; + +# f_mtp driver accesses files from kernel context. +allow kernel mediaprovider:fd use; + +# Allow the kernel to read OBB files from app directories. (b/17428116) +# Kernel thread "loop0" reads a vold supplied file descriptor. +# Fixes CTS tests: +# * android.os.storage.cts.StorageManagerTest#testMountAndUnmountObbNormal +# * android.os.storage.cts.StorageManagerTest#testMountAndUnmountTwoObbs +allow kernel vold:fd use; +allow kernel { app_data_file privapp_data_file }:file read; +allow kernel asec_image_file:file read; + +# Allow reading loop device in update_engine_unittests. (b/28319454) +# and for LTP kernel tests (b/73220071) +userdebug_or_eng(` + allow kernel update_engine_data_file:file read; + allow kernel nativetest_data_file:file { read write }; +') + +# Access to /data/media. +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow kernel media_rw_data_file:dir create_dir_perms; +allow kernel media_rw_data_file:file create_file_perms; + +# Access to /data/misc/vold/virtual_disk. +allow kernel vold_data_file:file { read write }; + +# Allow the kernel to read APEX file descriptors and (staged) data files; +# Needed because APEX uses the loopback driver, which issues requests from +# a kernel thread in earlier kernel version. +allow kernel apexd:fd use; +allow kernel { + apex_data_file + staging_data_file + vendor_apex_file +}:file read; + +# Allow the first-stage init (which is running in the kernel domain) to execute the +# dynamic linker when it re-executes /init to switch into the second stage. +# Until Linux 4.8, the program interpreter (dynamic linker in this case) is executed +# before the domain is switched to the target domain. So, we need to allow the kernel +# domain (the source domain) to execute the dynamic linker (system_file type). +# TODO(b/110147943) remove these allow rules when we no longer need to support Linux +# kernel older than 4.8. +allow kernel system_file:file execute; +# The label for the dynamic linker is rootfs in the recovery partition. This is because +# the recovery partition which is rootfs does not support xattr and thus labeling can't be +# done at build-time. All files are by default labeled as rootfs upon booting. +recovery_only(` + allow kernel rootfs:file execute; +') + +# required by VTS lidbm unit test +allow kernel appdomain_tmpfs:file { read write }; + +### +### neverallow rules +### + +# The initial task starts in the kernel domain (assigned via +# initial_sid_contexts), but nothing ever transitions to it. +neverallow * kernel:process { transition dyntransition }; + +# The kernel domain is never entered via an exec, nor should it +# ever execute a program outside the rootfs without changing to another domain. +# If you encounter an execute_no_trans denial on the kernel domain, then +# possible causes include: +# - The program is a kernel usermodehelper. In this case, define a domain +# for the program and domain_auto_trans() to it. +# - You are running an exploit which switched to the init task credentials +# and is then trying to exec a shell or other program. You lose! +neverallow kernel *:file { entrypoint execute_no_trans }; + +# the kernel should not be accessing files owned by other users. +# Instead of adding dac_{read_search,override}, fix the unix permissions +# on files being accessed. +neverallow kernel self:global_capability_class_set { dac_override dac_read_search }; + +# Nobody should be ptracing kernel threads +neverallow * kernel:process ptrace; diff --git a/prebuilts/api/30.0/public/keystore.te b/prebuilts/api/30.0/public/keystore.te new file mode 100644 index 000000000..27c462470 --- /dev/null +++ b/prebuilts/api/30.0/public/keystore.te @@ -0,0 +1,36 @@ +type keystore, domain; +type keystore_exec, system_file_type, exec_type, file_type; + +# keystore daemon +typeattribute keystore mlstrustedsubject; +binder_use(keystore) +binder_service(keystore) +binder_call(keystore, system_server) +binder_call(keystore, wificond) + +allow keystore keystore_data_file:dir create_dir_perms; +allow keystore keystore_data_file:notdevfile_class_set create_file_perms; +allow keystore keystore_exec:file { getattr }; + +add_service(keystore, keystore_service) +allow keystore sec_key_att_app_id_provider_service:service_manager find; +allow keystore dropbox_service:service_manager find; + +# Check SELinux permissions. +selinux_check_access(keystore) + +r_dir_file(keystore, cgroup) + +### +### Neverallow rules +### +### Protect ourself from others +### + +neverallow { domain -keystore } keystore_data_file:dir ~{ open create read getattr setattr search relabelto ioctl }; +neverallow { domain -keystore } keystore_data_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { domain -keystore -init } keystore_data_file:dir *; +neverallow { domain -keystore -init } keystore_data_file:notdevfile_class_set *; + +neverallow * keystore:process ptrace; diff --git a/prebuilts/api/30.0/public/llkd.te b/prebuilts/api/30.0/public/llkd.te new file mode 100644 index 000000000..1faa42995 --- /dev/null +++ b/prebuilts/api/30.0/public/llkd.te @@ -0,0 +1,3 @@ +# llkd Live LocK Daemon +type llkd, domain, mlstrustedsubject; +type llkd_exec, system_file_type, exec_type, file_type; diff --git a/prebuilts/api/30.0/public/lmkd.te b/prebuilts/api/30.0/public/lmkd.te new file mode 100644 index 000000000..b852f4418 --- /dev/null +++ b/prebuilts/api/30.0/public/lmkd.te @@ -0,0 +1,70 @@ +# lmkd low memory killer daemon +type lmkd, domain, mlstrustedsubject; +type lmkd_exec, system_file_type, exec_type, file_type; + +allow lmkd self:global_capability_class_set { dac_override dac_read_search sys_resource kill }; + +# lmkd locks itself in memory, to prevent it from being +# swapped out and unable to kill other memory hogs. +# system/core commit b28ff9131363f7b4a698990da5748b2a88c3ed35 +# b/16236289 +allow lmkd self:global_capability_class_set ipc_lock; + +## Open and write to /proc/PID/oom_score_adj and /proc/PID/timerslack_ns +## TODO: maybe scope this down? +r_dir_file(lmkd, domain) +allow lmkd domain:file write; + +## Writes to /sys/module/lowmemorykiller/parameters/minfree +r_dir_file(lmkd, sysfs_lowmemorykiller) +allow lmkd sysfs_lowmemorykiller:file w_file_perms; + +# setsched and send kill signals to any registered process +allow lmkd domain:process { setsched sigkill }; +# TODO: delete this line b/131761776 +allow lmkd kernel:process { setsched }; + +# Clean up old cgroups +allow lmkd cgroup:dir { remove_name rmdir }; + +# Allow to read memcg stats +allow lmkd cgroup:file r_file_perms; + +# Set self to SCHED_FIFO +allow lmkd self:global_capability_class_set sys_nice; + +allow lmkd proc_zoneinfo:file r_file_perms; +allow lmkd proc_vmstat:file r_file_perms; + +# Set sys.lmk.* properties. +set_prop(lmkd, system_lmk_prop) + +# live lock watchdog process allowed to look through /proc/ +allow lmkd domain:dir { search open read }; +allow lmkd domain:file { open read }; + +# live lock watchdog process allowed to dump process trace and +# reboot because orderly shutdown may not be possible. +allow lmkd proc_sysrq:file rw_file_perms; + +# Read /proc/lowmemorykiller +allow lmkd proc_lowmemorykiller:file r_file_perms; + +# Read /proc/meminfo +allow lmkd proc_meminfo:file r_file_perms; + +# Read /proc/pressure/cpu and /proc/pressure/io +allow lmkd proc_pressure_cpu:file r_file_perms; +allow lmkd proc_pressure_io:file r_file_perms; + +# Read/Write /proc/pressure/memory +allow lmkd proc_pressure_mem:file rw_file_perms; + +# Allow lmkd to write to statsd. +unix_socket_send(lmkd, statsdw, statsd) + +### neverallow rules + +# never honor LD_PRELOAD +neverallow * lmkd:process noatsecure; +neverallow lmkd self:global_capability_class_set sys_ptrace; diff --git a/prebuilts/api/30.0/public/logd.te b/prebuilts/api/30.0/public/logd.te new file mode 100644 index 000000000..57e29d940 --- /dev/null +++ b/prebuilts/api/30.0/public/logd.te @@ -0,0 +1,73 @@ +# android user-space log manager +type logd, domain, mlstrustedsubject; +type logd_exec, system_file_type, exec_type, file_type; + +# Read access to pseudo filesystems. +r_dir_file(logd, cgroup) +r_dir_file(logd, proc_kmsg) +r_dir_file(logd, proc_meminfo) + +allow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control }; +allow logd self:global_capability2_class_set syslog; +allow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write }; +allow logd kernel:system syslog_read; +allow logd kmsg_device:chr_file { getattr w_file_perms }; +allow logd system_data_file:{ file lnk_file } r_file_perms; +allow logd packages_list_file:file r_file_perms; +allow logd pstorefs:dir search; +allow logd pstorefs:file r_file_perms; +userdebug_or_eng(` + # Access to /data/misc/logd/event-log-tags + allow logd misc_logd_file:dir r_dir_perms; + allow logd misc_logd_file:file rw_file_perms; +') +allow logd runtime_event_log_tags_file:file rw_file_perms; + +# Access device logging gating property +get_prop(logd, device_logging_prop) + +r_dir_file(logd, domain) + +allow logd kernel:system syslog_mod; + +control_logd(logd) +read_runtime_log_tags(logd) + +allow runtime_event_log_tags_file tmpfs:filesystem associate; +# Typically harmlessly blindly trying to access via liblog +# event tag mapping while in the untrusted_app domain. +# Access for that domain is controlled and gated via the +# event log tag service (albeit at a performance penalty, +# expected to be locally cached). +dontaudit domain runtime_event_log_tags_file:file { map open read }; + +### +### Neverallow rules +### +### logd should NEVER do any of this + +# Block device access. +neverallow logd dev_type:blk_file { read write }; + +# ptrace any other app +neverallow logd domain:process ptrace; + +# ... and nobody may ptrace me (except on userdebug or eng builds) +neverallow { domain userdebug_or_eng(`-crash_dump -llkd') } logd:process ptrace; + +# Write to /system. +neverallow logd system_file:dir_file_class_set write; + +# Write to files in /data/data or system files on /data +neverallow logd { app_data_file privapp_data_file system_data_file packages_list_file }:dir_file_class_set write; + +# Only init is allowed to enter the logd domain via exec() +neverallow { domain -init } logd:process transition; +neverallow * logd:process dyntransition; + +# protect the event-log-tags file +neverallow { + domain + -init + -logd +} runtime_event_log_tags_file:file no_w_file_perms; diff --git a/prebuilts/api/30.0/public/logpersist.te b/prebuilts/api/30.0/public/logpersist.te new file mode 100644 index 000000000..c8e6af4e1 --- /dev/null +++ b/prebuilts/api/30.0/public/logpersist.te @@ -0,0 +1,30 @@ +# android debug logging, logpersist domains +type logpersist, domain; + +# logcatd is a shell script that execs logcat with various parameters. +allow logpersist shell_exec:file rx_file_perms; +allow logpersist logcat_exec:file rx_file_perms; + +### +### Neverallow rules +### +### logpersist should NEVER do any of this + +# Block device access. +neverallow logpersist dev_type:blk_file { read write }; + +# ptrace any other app +neverallow logpersist domain:process ptrace; + +# Write to files in /data/data or system files on /data except misc_logd_file +neverallow logpersist { privapp_data_file app_data_file system_data_file }:dir_file_class_set write; + +# Only init should be allowed to enter the logpersist domain via exec() +# Following is a list of debug domains we know that transition to logpersist +# neverallow_with_undefined_domains { +# domain +# -init # goldfish, logcatd, raft +# -mmi # bat, mtp8996, msmcobalt +# -system_app # Smith.apk +# } logpersist:process transition; +neverallow * logpersist:process dyntransition; diff --git a/prebuilts/api/30.0/public/mdnsd.te b/prebuilts/api/30.0/public/mdnsd.te new file mode 100644 index 000000000..ef7b065d8 --- /dev/null +++ b/prebuilts/api/30.0/public/mdnsd.te @@ -0,0 +1,2 @@ +# mdns daemon +type mdnsd, domain; diff --git a/prebuilts/api/30.0/public/mediadrmserver.te b/prebuilts/api/30.0/public/mediadrmserver.te new file mode 100644 index 000000000..a52295e2c --- /dev/null +++ b/prebuilts/api/30.0/public/mediadrmserver.te @@ -0,0 +1,33 @@ +# mediadrmserver - mediadrm daemon +type mediadrmserver, domain; +type mediadrmserver_exec, system_file_type, exec_type, file_type; + +typeattribute mediadrmserver mlstrustedsubject; + +net_domain(mediadrmserver) +binder_use(mediadrmserver) +binder_call(mediadrmserver, binderservicedomain) +binder_call(mediadrmserver, appdomain) +binder_service(mediadrmserver) +hal_client_domain(mediadrmserver, hal_drm) + +add_service(mediadrmserver, mediadrmserver_service) +allow mediadrmserver mediaserver_service:service_manager find; +allow mediadrmserver mediametrics_service:service_manager find; +allow mediadrmserver processinfo_service:service_manager find; +allow mediadrmserver surfaceflinger_service:service_manager find; +allow mediadrmserver system_file:dir r_dir_perms; + +# TODO(b/80317992): remove +binder_call(mediadrmserver, hal_omx_server) + +### +### neverallow rules +### + +# mediadrmserver should never execute any executable without a +# domain transition +neverallow mediadrmserver { file_type fs_type }:file execute_no_trans; + +# do not allow privileged socket ioctl commands +neverallowxperm mediadrmserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; diff --git a/prebuilts/api/30.0/public/mediaextractor.te b/prebuilts/api/30.0/public/mediaextractor.te new file mode 100644 index 000000000..4bedb0f06 --- /dev/null +++ b/prebuilts/api/30.0/public/mediaextractor.te @@ -0,0 +1,70 @@ +# mediaextractor - multimedia daemon +type mediaextractor, domain; +type mediaextractor_exec, system_file_type, exec_type, file_type; +type mediaextractor_tmpfs, file_type; + +typeattribute mediaextractor mlstrustedsubject; + +binder_use(mediaextractor) +binder_call(mediaextractor, binderservicedomain) +binder_call(mediaextractor, appdomain) +binder_service(mediaextractor) + +add_service(mediaextractor, mediaextractor_service) +allow mediaextractor mediametrics_service:service_manager find; +allow mediaextractor hidl_token_hwservice:hwservice_manager find; + +allow mediaextractor system_server:fd use; + +hal_client_domain(mediaextractor, hal_cas) +hal_client_domain(mediaextractor, hal_allocator) + +r_dir_file(mediaextractor, cgroup) +allow mediaextractor proc_meminfo:file r_file_perms; + +crash_dump_fallback(mediaextractor) + +# allow mediaextractor read permissions for file sources +allow mediaextractor sdcard_type:file { getattr read }; +allow mediaextractor media_rw_data_file:file { getattr read }; +allow mediaextractor { app_data_file privapp_data_file }:file { getattr read }; + +# Read resources from open apk files passed over Binder +allow mediaextractor apk_data_file:file { read getattr }; +allow mediaextractor asec_apk_file:file { read getattr }; +allow mediaextractor ringtone_file:file { read getattr }; + +# scan extractor library directory to dynamically load extractors +allow mediaextractor system_file:dir { read open }; + +get_prop(mediaextractor, device_config_media_native_prop) + +### +### neverallow rules +### + +# mediaextractor should never execute any executable without a +# domain transition +neverallow mediaextractor { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediaextractor domain:{ tcp_socket udp_socket rawip_socket } *; + +# mediaextractor should not be opening /data files directly. Any files +# it touches (with a few exceptions) need to be passed to it via a file +# descriptor opened outside the process. +neverallow mediaextractor { + data_file_type + -zoneinfo_data_file # time zone data from /data/misc/zoneinfo + userdebug_or_eng(`-apk_data_file') # for loading media extractor plugins + with_native_coverage(`-method_trace_data_file') +}:file open; diff --git a/prebuilts/api/30.0/public/mediametrics.te b/prebuilts/api/30.0/public/mediametrics.te new file mode 100644 index 000000000..0e56b07ec --- /dev/null +++ b/prebuilts/api/30.0/public/mediametrics.te @@ -0,0 +1,44 @@ +# mediametrics - daemon for collecting media.metrics data +type mediametrics, domain; +type mediametrics_exec, system_file_type, exec_type, file_type; + + +binder_use(mediametrics) +binder_call(mediametrics, binderservicedomain) +binder_service(mediametrics) + +add_service(mediametrics, mediametrics_service) + +allow mediametrics system_server:fd use; + +r_dir_file(mediametrics, cgroup) +allow mediametrics proc_meminfo:file r_file_perms; + +# allows interactions with dumpsys to GMScore +allow mediametrics { app_data_file privapp_data_file }:file write; + +# allow access to package manager for uid->apk mapping +allow mediametrics package_native_service:service_manager find; + +# Allow metrics service to send information to statsd socket. +unix_socket_send(mediametrics, statsdw, statsd) + +### +### neverallow rules +### + +# mediametrics should never execute any executable without a +# domain transition +neverallow mediametrics { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediametrics domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/mediaprovider.te b/prebuilts/api/30.0/public/mediaprovider.te new file mode 100644 index 000000000..24170a5cf --- /dev/null +++ b/prebuilts/api/30.0/public/mediaprovider.te @@ -0,0 +1,6 @@ +### +### A domain for android.process.media, which contains both +### MediaProvider and DownloadProvider and associated services. +### + +type mediaprovider, domain; diff --git a/prebuilts/api/30.0/public/mediaserver.te b/prebuilts/api/30.0/public/mediaserver.te new file mode 100644 index 000000000..02a0eb072 --- /dev/null +++ b/prebuilts/api/30.0/public/mediaserver.te @@ -0,0 +1,144 @@ +# mediaserver - multimedia daemon +type mediaserver, domain; +type mediaserver_exec, system_file_type, exec_type, file_type; +type mediaserver_tmpfs, file_type; + +typeattribute mediaserver mlstrustedsubject; + +net_domain(mediaserver) + +r_dir_file(mediaserver, sdcard_type) +r_dir_file(mediaserver, cgroup) + +# stat /proc/self +allow mediaserver proc:lnk_file getattr; + +# open /vendor/lib/mediadrm +allow mediaserver system_file:dir r_dir_perms; + +userdebug_or_eng(` + # ptrace to processes in the same domain for memory leak detection + allow mediaserver self:process ptrace; +') + +binder_use(mediaserver) +binder_call(mediaserver, binderservicedomain) +binder_call(mediaserver, appdomain) +binder_service(mediaserver) + +allow mediaserver media_data_file:dir create_dir_perms; +allow mediaserver media_data_file:file create_file_perms; +allow mediaserver { app_data_file privapp_data_file }:file { append getattr ioctl lock map read write }; +allow mediaserver sdcard_type:file write; +allow mediaserver gpu_device:chr_file rw_file_perms; +allow mediaserver video_device:dir r_dir_perms; +allow mediaserver video_device:chr_file rw_file_perms; + +set_prop(mediaserver, audio_prop) + +# Read resources from open apk files passed over Binder. +allow mediaserver apk_data_file:file { read getattr }; +allow mediaserver asec_apk_file:file { read getattr }; +allow mediaserver ringtone_file:file { read getattr }; + +# Read /data/data/com.android.providers.telephony files passed over Binder. +allow mediaserver radio_data_file:file { read getattr }; + +# Use pipes passed over Binder from app domains. +allow mediaserver appdomain:fifo_file { getattr read write }; + +allow mediaserver rpmsg_device:chr_file rw_file_perms; + +# Inter System processes communicate over named pipe (FIFO) +allow mediaserver system_server:fifo_file r_file_perms; + +r_dir_file(mediaserver, media_rw_data_file) + +# Grant access to read files on appfuse. +allow mediaserver app_fuse_file:file { read getattr }; + +# Needed on some devices for playing DRM protected content, +# but seems expected and appropriate for all devices. +unix_socket_connect(mediaserver, drmserver, drmserver) + +# Needed on some devices for playing audio on paired BT device, +# but seems appropriate for all devices. +unix_socket_connect(mediaserver, bluetooth, bluetooth) + +add_service(mediaserver, mediaserver_service) +allow mediaserver activity_service:service_manager find; +allow mediaserver appops_service:service_manager find; +allow mediaserver audio_service:service_manager find; +allow mediaserver audioserver_service:service_manager find; +allow mediaserver cameraserver_service:service_manager find; +allow mediaserver batterystats_service:service_manager find; +allow mediaserver drmserver_service:service_manager find; +allow mediaserver mediaextractor_service:service_manager find; +allow mediaserver mediametrics_service:service_manager find; +allow mediaserver media_session_service:service_manager find; +allow mediaserver permission_service:service_manager find; +allow mediaserver power_service:service_manager find; +allow mediaserver processinfo_service:service_manager find; +allow mediaserver scheduling_policy_service:service_manager find; +allow mediaserver surfaceflinger_service:service_manager find; + +# for ModDrm/MediaPlayer +allow mediaserver mediadrmserver_service:service_manager find; + +# For hybrid interfaces +allow mediaserver hidl_token_hwservice:hwservice_manager find; + +# /oem access +allow mediaserver oemfs:dir search; +allow mediaserver oemfs:file r_file_perms; + +# /vendor apk access +allow mediaserver vendor_app_file:file { read map getattr }; + +use_drmservice(mediaserver) +allow mediaserver drmserver:drmservice { + consumeRights + setPlaybackStatus + openDecryptSession + closeDecryptSession + initializeDecryptUnit + decrypt + finalizeDecryptUnit + pread +}; + +# only allow unprivileged socket ioctl commands +allowxperm mediaserver self:{ rawip_socket tcp_socket udp_socket } + ioctl { unpriv_sock_ioctls unpriv_tty_ioctls }; + +# Access to /data/media. +# This should be removed if sdcardfs is modified to alter the secontext for its +# accesses to the underlying FS. +allow mediaserver media_rw_data_file:dir create_dir_perms; +allow mediaserver media_rw_data_file:file create_file_perms; + +# Access to media in /data/preloads +allow mediaserver preloads_media_file:file { getattr read ioctl }; + +allow mediaserver ion_device:chr_file r_file_perms; +allow mediaserver hal_graphics_allocator:fd use; +allow mediaserver hal_graphics_composer:fd use; +allow mediaserver hal_camera:fd use; + +allow mediaserver system_server:fd use; + +# b/120491318 allow mediaserver to access void:fd +allow mediaserver vold:fd use; + +hal_client_domain(mediaserver, hal_allocator) + +### +### neverallow rules +### + +# mediaserver should never execute any executable without a +# domain transition +neverallow mediaserver { file_type fs_type }:file execute_no_trans; + +# do not allow privileged socket ioctl commands +neverallowxperm mediaserver domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; diff --git a/prebuilts/api/30.0/public/mediaswcodec.te b/prebuilts/api/30.0/public/mediaswcodec.te new file mode 100644 index 000000000..2acdeeadd --- /dev/null +++ b/prebuilts/api/30.0/public/mediaswcodec.te @@ -0,0 +1,27 @@ +type mediaswcodec, domain; +type mediaswcodec_exec, system_file_type, exec_type, file_type; + +hal_server_domain(mediaswcodec, hal_codec2) + +# mediaswcodec may use an input surface from a different Codec2 service or an +# OMX service +hal_client_domain(mediaswcodec, hal_codec2) +hal_client_domain(mediaswcodec, hal_omx) + +hal_client_domain(mediaswcodec, hal_allocator) +hal_client_domain(mediaswcodec, hal_graphics_allocator) + +get_prop(mediaswcodec, device_config_media_native_prop) + +crash_dump_fallback(mediaswcodec) + +# mediaswcodec_server should never execute any executable without a +# domain transition +neverallow mediaswcodec { file_type fs_type }:file execute_no_trans; + +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediaswcodec domain:{ tcp_socket udp_socket rawip_socket } *; + diff --git a/prebuilts/api/30.0/public/mediatranscoding.te b/prebuilts/api/30.0/public/mediatranscoding.te new file mode 100644 index 000000000..386535bb2 --- /dev/null +++ b/prebuilts/api/30.0/public/mediatranscoding.te @@ -0,0 +1,26 @@ +# mediatranscoding - daemon for transcoding video and image. +type mediatranscoding, domain; +type mediatranscoding_exec, system_file_type, exec_type, file_type; + +binder_use(mediatranscoding) +binder_service(mediatranscoding) + +add_service(mediatranscoding, mediatranscoding_service) + +allow mediatranscoding system_server:fd use; + +# mediatranscoding should never execute any executable without a +# domain transition +neverallow mediatranscoding { file_type fs_type }:file execute_no_trans; + +# The goal of the mediaserver split is to place media processing code into +# restrictive sandboxes with limited responsibilities and thus limited +# permissions. Example: Audioserver is only responsible for controlling audio +# hardware and processing audio content. Cameraserver does the same for camera +# hardware/content. Etc. +# +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediatranscoding domain:{ tcp_socket udp_socket rawip_socket } *; diff --git a/prebuilts/api/30.0/public/modprobe.te b/prebuilts/api/30.0/public/modprobe.te new file mode 100644 index 000000000..119040921 --- /dev/null +++ b/prebuilts/api/30.0/public/modprobe.te @@ -0,0 +1,9 @@ +type modprobe, domain; + +allow modprobe proc_modules:file r_file_perms; +allow modprobe self:global_capability_class_set sys_module; +allow modprobe kernel:key search; +recovery_only(` + allow modprobe rootfs:system module_load; + allow modprobe rootfs:file r_file_perms; +') diff --git a/prebuilts/api/30.0/public/mtp.te b/prebuilts/api/30.0/public/mtp.te new file mode 100644 index 000000000..add63c0f5 --- /dev/null +++ b/prebuilts/api/30.0/public/mtp.te @@ -0,0 +1,11 @@ +# vpn tunneling protocol manager +type mtp, domain; +type mtp_exec, system_file_type, exec_type, file_type; + +net_domain(mtp) + +# pptp policy +allow mtp self:{ socket pppox_socket } create_socket_perms_no_ioctl; +allow mtp self:global_capability_class_set net_raw; +allow mtp ppp:process signal; +allow mtp vpn_data_file:dir search; diff --git a/prebuilts/api/30.0/public/net.te b/prebuilts/api/30.0/public/net.te new file mode 100644 index 000000000..e90715e66 --- /dev/null +++ b/prebuilts/api/30.0/public/net.te @@ -0,0 +1,39 @@ +## Network types +type node, node_type; +type netif, netif_type; +type port, port_type; + +### +### Domain with network access +### + +# Use network sockets. +allow netdomain self:tcp_socket create_stream_socket_perms; +allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms; + +# Connect to ports. +allow netdomain port_type:tcp_socket name_connect; +# Bind to ports. +allow {netdomain -ephemeral_app} node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind; +allow {netdomain -ephemeral_app} port_type:udp_socket name_bind; +allow {netdomain -ephemeral_app} port_type:tcp_socket name_bind; +# See changes to the routing table. +allow netdomain self:netlink_route_socket { create read getattr write setattr lock append connect getopt setopt shutdown nlmsg_read }; +# b/141455849 gate RTM_GETLINK with a new permission nlmsg_readpriv and block access from +# untrusted_apps. Some untrusted apps (e.g. untrusted_app_25-29) are granted access elsewhere +# to avoid app-compat breakage. +allow { + netdomain + -ephemeral_app + -mediaprovider + -untrusted_app_all +} self:netlink_route_socket { bind nlmsg_readpriv }; + +# Talks to netd via dnsproxyd socket. +unix_socket_connect(netdomain, dnsproxyd, netd) + +# Talks to netd via fwmarkd socket. +unix_socket_connect(netdomain, fwmarkd, netd) + +# Connect to mdnsd via mdnsd socket. +unix_socket_connect(netdomain, mdnsd, mdnsd) diff --git a/prebuilts/api/30.0/public/netd.te b/prebuilts/api/30.0/public/netd.te new file mode 100644 index 000000000..8005406d6 --- /dev/null +++ b/prebuilts/api/30.0/public/netd.te @@ -0,0 +1,185 @@ +# network manager +type netd, domain, mlstrustedsubject; +type netd_exec, system_file_type, exec_type, file_type; + +net_domain(netd) +# in addition to ioctls whitelisted for all domains, grant netd priv_sock_ioctls. +allowxperm netd self:udp_socket ioctl priv_sock_ioctls; + +r_dir_file(netd, cgroup) + +allow netd system_server:fd use; + +allow netd self:global_capability_class_set { net_admin net_raw kill }; +# Note: fsetid is deliberately not included above. fsetid checks are +# triggered by chmod on a directory or file owned by a group other +# than one of the groups assigned to the current process to see if +# the setgid bit should be cleared, regardless of whether the setgid +# bit was even set. We do not appear to truly need this capability +# for netd to operate. +dontaudit netd self:global_capability_class_set fsetid; + +# Allow netd to open /dev/tun, set it up and pass it to clatd +allow netd tun_device:chr_file rw_file_perms; +allowxperm netd tun_device:chr_file ioctl { TUNGETIFF TUNSETIFF }; +allow netd self:tun_socket create; + +allow netd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow netd self:netlink_route_socket nlmsg_write; +allow netd self:netlink_nflog_socket create_socket_perms_no_ioctl; +allow netd self:netlink_socket create_socket_perms_no_ioctl; +allow netd self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write }; +allow netd self:netlink_generic_socket create_socket_perms_no_ioctl; +allow netd self:netlink_netfilter_socket create_socket_perms_no_ioctl; +allow netd shell_exec:file rx_file_perms; +allow netd system_file:file x_file_perms; +not_full_treble(`allow netd vendor_file:file x_file_perms;') +allow netd devpts:chr_file rw_file_perms; + +# Acquire advisory lock on /system/etc/xtables.lock +allow netd system_file:file lock; + +# Allow netd to write to qtaguid ctrl file. +# TODO: Add proper rules to prevent other process to access qtaguid_proc file +# after migration complete +allow netd proc_qtaguid_ctrl:file rw_file_perms; +# Allow netd to read /dev/qtaguid. This is the same privilege level that normal apps have. +allow netd qtaguid_device:chr_file r_file_perms; + +r_dir_file(netd, proc_net_type) +# For /proc/sys/net/ipv[46]/route/flush. +allow netd proc_net_type:file rw_file_perms; + +# Enables PppController and interface enumeration (among others) +allow netd sysfs:dir r_dir_perms; +r_dir_file(netd, sysfs_net) + +# Allows setting interface MTU +allow netd sysfs_net:file w_file_perms; + +# TODO: added to match above sysfs rule. Remove me? +allow netd sysfs_usb:file write; + +r_dir_file(netd, cgroup_bpf) + +allow netd fs_bpf:dir search; +allow netd fs_bpf:file { read write }; + +# TODO: netd previously thought it needed these permissions to do WiFi related +# work. However, after all the WiFi stuff is gone, we still need them. +# Why? +allow netd self:global_capability_class_set { dac_override dac_read_search chown }; + +# Needed to update /data/misc/net/rt_tables +allow netd net_data_file:file create_file_perms; +allow netd net_data_file:dir rw_dir_perms; +allow netd self:global_capability_class_set fowner; + +# Needed to lock the iptables lock. +allow netd system_file:file lock; + +# Allow netd to spawn dnsmasq in it's own domain +allow netd dnsmasq:process signal; + +set_prop(netd, ctl_mdnsd_prop) +set_prop(netd, netd_stable_secret_prop) + +# Allow netd to publish a binder service and make binder calls. +binder_use(netd) +add_service(netd, netd_service) +add_service(netd, dnsresolver_service) +allow netd dumpstate:fifo_file { getattr write }; + +# Allow netd to call into the system server so it can check permissions. +allow netd system_server:binder call; +allow netd permission_service:service_manager find; + +# Allow netd to talk to the framework service which collects netd events. +allow netd netd_listener_service:service_manager find; + +# Allow netd to operate on sockets that are passed to it. +allow netd netdomain:{ + icmp_socket + tcp_socket + udp_socket + rawip_socket + tun_socket +} { read write getattr setattr getopt setopt }; +allow netd netdomain:fd use; + +# give netd permission to read and write netlink xfrm +allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write nlmsg_read }; + +# Allow netd to register as hal server. +add_hwservice(netd, system_net_netd_hwservice) +hwbinder_use(netd) +get_prop(netd, hwservicemanager_prop) +get_prop(netd, device_config_netd_native_prop) + +### +### Neverallow rules +### +### netd should NEVER do any of this + +# Block device access. +neverallow netd dev_type:blk_file { read write }; + +# ptrace any other app +neverallow netd { domain }:process ptrace; + +# Write to /system. +neverallow netd system_file:dir_file_class_set write; + +# Write to files in /data/data or system files on /data +neverallow netd { app_data_file privapp_data_file system_data_file }:dir_file_class_set write; + +# only system_server, dumpstate and network stack app may find netd service +neverallow { + domain + -system_server + -dumpstate + -network_stack + -netd + -netutils_wrapper +} netd_service:service_manager find; + +# only system_server, dumpstate and network stack app may find dnsresolver service +neverallow { + domain + -system_server + -dumpstate + -network_stack + -netd + -netutils_wrapper +} dnsresolver_service:service_manager find; + +# apps may not interact with netd over binder. +neverallow { appdomain -network_stack } netd:binder call; +neverallow netd { appdomain -network_stack userdebug_or_eng(`-su') }:binder call; + +# persist.netd.stable_secret contains RFC 7217 secret key which should never be +# leaked to other processes. Make sure it never leaks. +neverallow { domain -netd -init -dumpstate } netd_stable_secret_prop:file r_file_perms; + +# We want to ensure that no other process ever tries tampering with persist.netd.stable_secret, +# the RFC 7217 secret key managed by netd. Doing so could compromise user privacy. +neverallow { domain -netd -init } netd_stable_secret_prop:property_service set; + +# If an already existing file is opened with O_CREATE, the kernel might generate +# a false report of a create denial. Silence these denials and make sure that +# inappropriate permissions are not granted. +neverallow netd proc_net:dir no_w_dir_perms; +dontaudit netd proc_net:dir write; + +neverallow netd sysfs_net:dir no_w_dir_perms; +dontaudit netd sysfs_net:dir write; + +# Netd should not have SYS_ADMIN privs. +neverallow netd self:capability sys_admin; +dontaudit netd self:capability sys_admin; + +# Netd should not have SYS_MODULE privs, nor should it be requesting module loads +# (things it requires should be built directly into the kernel) +dontaudit netd self:capability sys_module; + +dontaudit netd kernel:system module_request; diff --git a/prebuilts/api/30.0/public/netutils_wrapper.te b/prebuilts/api/30.0/public/netutils_wrapper.te new file mode 100644 index 000000000..27aa7496c --- /dev/null +++ b/prebuilts/api/30.0/public/netutils_wrapper.te @@ -0,0 +1,4 @@ +type netutils_wrapper, domain; +type netutils_wrapper_exec, system_file_type, exec_type, file_type; + +neverallow domain netutils_wrapper_exec:file execute_no_trans; diff --git a/prebuilts/api/30.0/public/network_stack.te b/prebuilts/api/30.0/public/network_stack.te new file mode 100644 index 000000000..feff66460 --- /dev/null +++ b/prebuilts/api/30.0/public/network_stack.te @@ -0,0 +1,2 @@ +# Network stack service app +type network_stack, domain; diff --git a/prebuilts/api/30.0/public/neverallow_macros b/prebuilts/api/30.0/public/neverallow_macros new file mode 100644 index 000000000..59fa441d2 --- /dev/null +++ b/prebuilts/api/30.0/public/neverallow_macros @@ -0,0 +1,15 @@ +# +# Common neverallow permissions +define(`no_w_file_perms', `{ append create link unlink relabelfrom rename setattr write }') +define(`no_rw_file_perms', `{ no_w_file_perms open read ioctl lock watch watch_mount watch_sb watch_with_perm watch_reads }') +define(`no_x_file_perms', `{ execute execute_no_trans }') +define(`no_w_dir_perms', `{ add_name create link relabelfrom remove_name rename reparent rmdir setattr write }') + +##################################### +# neverallow_establish_socket_comms(src, dst) +# neverallow src domain establishing socket connections to dst domain. +# +define(`neverallow_establish_socket_comms', ` + neverallow $1 $2:socket_class_set { connect sendto }; + neverallow $1 $2:unix_stream_socket connectto; +') diff --git a/prebuilts/api/30.0/public/nfc.te b/prebuilts/api/30.0/public/nfc.te new file mode 100644 index 000000000..e3a03e796 --- /dev/null +++ b/prebuilts/api/30.0/public/nfc.te @@ -0,0 +1,2 @@ +# nfc subsystem +type nfc, domain; diff --git a/prebuilts/api/30.0/public/perfetto.te b/prebuilts/api/30.0/public/perfetto.te new file mode 100644 index 000000000..cec0e6f09 --- /dev/null +++ b/prebuilts/api/30.0/public/perfetto.te @@ -0,0 +1 @@ +type perfetto, domain, coredomain; diff --git a/prebuilts/api/30.0/public/performanced.te b/prebuilts/api/30.0/public/performanced.te new file mode 100644 index 000000000..7dcb5ea1e --- /dev/null +++ b/prebuilts/api/30.0/public/performanced.te @@ -0,0 +1,30 @@ +# performanced +type performanced, domain, mlstrustedsubject; +type performanced_exec, system_file_type, exec_type, file_type; + +# Needed to check for app permissions. +binder_use(performanced) +binder_call(performanced, system_server) +allow performanced permission_service:service_manager find; + +pdx_server(performanced, performance_client) + +# TODO: use file caps to obtain sys_nice instead of setuid / setgid. +allow performanced self:global_capability_class_set { setuid setgid sys_nice }; + +# Access /proc to validate we're only affecting threads in the same thread group. +# Performanced also shields unbound kernel threads. It scans every task in the +# root cpu set, but only affects the kernel threads. +r_dir_file(performanced, { appdomain bufferhubd kernel surfaceflinger }) +dontaudit performanced domain:dir read; +allow performanced { appdomain bufferhubd kernel surfaceflinger }:process setsched; + +# These /proc accesses only show up in permissive mode but they +# generate a lot of noise in the log. +userdebug_or_eng(` + dontaudit performanced domain:dir open; + dontaudit performanced domain:file { open read getattr }; +') + +# Access /dev/cpuset/cpuset.cpus +r_dir_file(performanced, cgroup) diff --git a/prebuilts/api/30.0/public/platform_app.te b/prebuilts/api/30.0/public/platform_app.te new file mode 100644 index 000000000..9b1faf0f6 --- /dev/null +++ b/prebuilts/api/30.0/public/platform_app.te @@ -0,0 +1,5 @@ +### +### Apps signed with the platform key. +### + +type platform_app, domain; diff --git a/prebuilts/api/30.0/public/postinstall.te b/prebuilts/api/30.0/public/postinstall.te new file mode 100644 index 000000000..bcea2dcbf --- /dev/null +++ b/prebuilts/api/30.0/public/postinstall.te @@ -0,0 +1,45 @@ +# Domain where the postinstall program runs during the update. +# Extend the permissions in this domain to allow this program to access other +# files needed by the specific device on your device's sepolicy directory. +type postinstall, domain; + +# Allow postinstall to write to its stdout/stderr when redirected via pipes to +# update_engine. +allow postinstall update_engine_common:fd use; +allow postinstall update_engine_common:fifo_file rw_file_perms; + +# Allow postinstall to read and execute directories and files in the same +# mounted location. +allow postinstall postinstall_file:file rx_file_perms; +allow postinstall postinstall_file:lnk_file r_file_perms; +allow postinstall postinstall_file:dir r_dir_perms; + +# Allow postinstall to execute the shell or other system executables. +allow postinstall shell_exec:file rx_file_perms; +allow postinstall system_file:file rx_file_perms; +allow postinstall toolbox_exec:file rx_file_perms; + +# Allow postinstall to execute shell in recovery. +recovery_only(` + allow postinstall rootfs:file rx_file_perms; +') + +# +# For OTA dexopt. +# + +# Allow postinstall scripts to talk to the system server. +binder_use(postinstall) +binder_call(postinstall, system_server) + +# Need to talk to the otadexopt service. +allow postinstall otadexopt_service:service_manager find; + +# Allow postinstall scripts to trigger f2fs garbage collection +allow postinstall sysfs_fs_f2fs:file rw_file_perms; +allow postinstall sysfs_fs_f2fs:dir r_dir_perms; + +# No domain other than update_engine and recovery (via update_engine_sideload) +# should transition to postinstall, as it is only meant to run during the +# update. +neverallow { domain -update_engine -recovery } postinstall:process { transition dyntransition }; diff --git a/prebuilts/api/30.0/public/ppp.te b/prebuilts/api/30.0/public/ppp.te new file mode 100644 index 000000000..b736deff5 --- /dev/null +++ b/prebuilts/api/30.0/public/ppp.te @@ -0,0 +1,23 @@ +# Point to Point Protocol daemon +type ppp, domain; +type ppp_device, dev_type; +type ppp_exec, system_file_type, exec_type, file_type; + +net_domain(ppp) + +r_dir_file(ppp, proc_net_type) + +allow ppp mtp:{ socket pppox_socket } rw_socket_perms; + +# ioctls needed for VPN. +allowxperm ppp self:udp_socket ioctl priv_sock_ioctls; +allowxperm ppp mtp:{ socket pppox_socket } ioctl ppp_ioctls; + +allow ppp mtp:unix_dgram_socket rw_socket_perms; +allow ppp ppp_device:chr_file rw_file_perms; +allow ppp self:global_capability_class_set net_admin; +allow ppp system_file:file rx_file_perms; +not_full_treble(`allow ppp vendor_file:file rx_file_perms;') +allow ppp vpn_data_file:dir w_dir_perms; +allow ppp vpn_data_file:file create_file_perms; +allow ppp mtp:fd use; diff --git a/prebuilts/api/30.0/public/priv_app.te b/prebuilts/api/30.0/public/priv_app.te new file mode 100644 index 000000000..0761fc30f --- /dev/null +++ b/prebuilts/api/30.0/public/priv_app.te @@ -0,0 +1,5 @@ +### +### A domain for further sandboxing privileged apps. +### + +type priv_app, domain; diff --git a/prebuilts/api/30.0/public/profman.te b/prebuilts/api/30.0/public/profman.te new file mode 100644 index 000000000..8ff62710e --- /dev/null +++ b/prebuilts/api/30.0/public/profman.te @@ -0,0 +1,29 @@ +# profman +type profman, domain; +type profman_exec, system_file_type, exec_type, file_type; + +allow profman user_profile_data_file:file { getattr read write lock map }; + +# Dumping profile info opens the application APK file for pretty printing. +allow profman asec_apk_file:file { read map }; +allow profman apk_data_file:file { getattr read map }; +allow profman apk_data_file:dir { getattr read search }; + +allow profman oemfs:file { read map }; +# Reading an APK opens a ZipArchive, which unpack to tmpfs. +allow profman tmpfs:file { read map }; +allow profman profman_dump_data_file:file { write map }; + +allow profman installd:fd use; + +# Allow profman to analyze profiles for the secondary dex files. These +# are application dex files reported back to the framework when using +# BaseDexClassLoader. +allow profman { privapp_data_file app_data_file }:file { getattr read write lock map }; +allow profman { privapp_data_file app_data_file }:dir { getattr read search }; + +### +### neverallow rules +### + +neverallow profman { privapp_data_file app_data_file }:notdevfile_class_set open; diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te new file mode 100644 index 000000000..a435b4dc9 --- /dev/null +++ b/prebuilts/api/30.0/public/property.te @@ -0,0 +1,601 @@ +# Properties used only in /system +system_internal_prop(apexd_prop) +system_internal_prop(bootloader_boot_reason_prop) +system_internal_prop(device_config_activity_manager_native_boot_prop) +system_internal_prop(device_config_boot_count_prop) +system_internal_prop(device_config_input_native_boot_prop) +system_internal_prop(device_config_media_native_prop) +system_internal_prop(device_config_netd_native_prop) +system_internal_prop(device_config_reset_performed_prop) +system_internal_prop(device_config_runtime_native_boot_prop) +system_internal_prop(device_config_runtime_native_prop) +system_internal_prop(device_config_storage_native_boot_prop) +system_internal_prop(device_config_sys_traced_prop) +system_internal_prop(device_config_window_manager_native_boot_prop) +system_internal_prop(device_config_configuration_prop) +system_internal_prop(firstboot_prop) +system_internal_prop(gsid_prop) +system_internal_prop(init_perf_lsm_hooks_prop) +system_internal_prop(init_svc_debug_prop) +system_internal_prop(last_boot_reason_prop) +system_internal_prop(netd_stable_secret_prop) +system_internal_prop(pm_prop) +system_internal_prop(userspace_reboot_log_prop) +system_internal_prop(userspace_reboot_test_prop) +system_internal_prop(system_adbd_prop) +system_internal_prop(adbd_prop) +system_internal_prop(traced_perf_enabled_prop) + +compatible_property_only(` + # DO NOT ADD ANY PROPERTIES HERE + system_internal_prop(boottime_prop) + system_internal_prop(bpf_progs_loaded_prop) + system_internal_prop(charger_prop) + system_internal_prop(cold_boot_done_prop) + system_internal_prop(ctl_adbd_prop) + system_internal_prop(ctl_apexd_prop) + system_internal_prop(ctl_bootanim_prop) + system_internal_prop(ctl_bugreport_prop) + system_internal_prop(ctl_console_prop) + system_internal_prop(ctl_dumpstate_prop) + system_internal_prop(ctl_fuse_prop) + system_internal_prop(ctl_gsid_prop) + system_internal_prop(ctl_interface_restart_prop) + system_internal_prop(ctl_interface_stop_prop) + system_internal_prop(ctl_mdnsd_prop) + system_internal_prop(ctl_restart_prop) + system_internal_prop(ctl_rildaemon_prop) + system_internal_prop(ctl_sigstop_prop) + system_internal_prop(dynamic_system_prop) + system_internal_prop(heapprofd_enabled_prop) + system_internal_prop(llkd_prop) + system_internal_prop(lpdumpd_prop) + system_internal_prop(mmc_prop) + system_internal_prop(mock_ota_prop) + system_internal_prop(net_dns_prop) + system_internal_prop(overlay_prop) + system_internal_prop(persistent_properties_ready_prop) + system_internal_prop(safemode_prop) + system_internal_prop(system_lmk_prop) + system_internal_prop(system_trace_prop) + system_internal_prop(test_boot_reason_prop) + system_internal_prop(time_prop) + system_internal_prop(traced_enabled_prop) + system_internal_prop(traced_lazy_prop) +') + +# Properties which can't be written outside system + +# Properties used by binder caches +system_restricted_prop(binder_cache_bluetooth_server_prop) +system_restricted_prop(binder_cache_system_server_prop) +system_restricted_prop(binder_cache_telephony_server_prop) +system_restricted_prop(boottime_public_prop) +system_restricted_prop(bq_config_prop) +system_restricted_prop(module_sdkextensions_prop) +system_restricted_prop(nnapi_ext_deny_product_prop) +system_restricted_prop(restorecon_prop) +system_restricted_prop(socket_hook_prop) +system_restricted_prop(system_boot_reason_prop) +system_restricted_prop(system_jvmti_agent_prop) +system_restricted_prop(userspace_reboot_exported_prop) + +compatible_property_only(` + # DO NOT ADD ANY PROPERTIES HERE + system_restricted_prop(config_prop) + system_restricted_prop(cppreopt_prop) + system_restricted_prop(dalvik_prop) + system_restricted_prop(debuggerd_prop) + system_restricted_prop(default_prop) + system_restricted_prop(device_logging_prop) + system_restricted_prop(dhcp_prop) + system_restricted_prop(dumpstate_prop) + system_restricted_prop(exported2_default_prop) + system_restricted_prop(exported3_system_prop) + system_restricted_prop(exported_dumpstate_prop) + system_restricted_prop(exported_fingerprint_prop) + system_restricted_prop(exported_secure_prop) + system_restricted_prop(exported_vold_prop) + system_restricted_prop(ffs_prop) + system_restricted_prop(fingerprint_prop) + system_restricted_prop(heapprofd_prop) + system_restricted_prop(net_radio_prop) + system_restricted_prop(pan_result_prop) + system_restricted_prop(persist_debug_prop) + system_restricted_prop(shell_prop) + system_restricted_prop(system_radio_prop) + system_restricted_prop(test_harness_prop) + system_restricted_prop(theme_prop) + system_restricted_prop(use_memfd_prop) + system_restricted_prop(vold_prop) +') + +# Properties which can be written only by vendor_init +system_vendor_config_prop(apk_verity_prop) +system_vendor_config_prop(cpu_variant_prop) +system_vendor_config_prop(exported_audio_prop) +system_vendor_config_prop(exported_camera_prop) +system_vendor_config_prop(exported_config_prop) +system_vendor_config_prop(exported_default_prop) +system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(media_variant_prop) +system_vendor_config_prop(storage_config_prop) +system_vendor_config_prop(userspace_reboot_config_prop) +system_vendor_config_prop(vehicle_hal_prop) +system_vendor_config_prop(vendor_security_patch_level_prop) +system_vendor_config_prop(vendor_socket_hook_prop) +system_vendor_config_prop(vndk_prop) +system_vendor_config_prop(virtual_ab_prop) + +# Properties with no restrictions +system_public_prop(audio_prop) +system_public_prop(bluetooth_a2dp_offload_prop) +system_public_prop(bluetooth_audio_hal_prop) +system_public_prop(bluetooth_prop) +system_public_prop(ctl_default_prop) +system_public_prop(ctl_interface_start_prop) +system_public_prop(ctl_start_prop) +system_public_prop(ctl_stop_prop) +system_public_prop(debug_prop) +system_public_prop(dumpstate_options_prop) +system_public_prop(exported_system_prop) +system_public_prop(exported2_config_prop) +system_public_prop(exported2_radio_prop) +system_public_prop(exported2_system_prop) +system_public_prop(exported2_vold_prop) +system_public_prop(exported3_radio_prop) +system_public_prop(exported_bluetooth_prop) +system_public_prop(exported_dalvik_prop) +system_public_prop(exported_ffs_prop) +system_public_prop(exported_overlay_prop) +system_public_prop(exported_pm_prop) +system_public_prop(exported_radio_prop) +system_public_prop(exported_system_radio_prop) +system_public_prop(exported_wifi_prop) +system_public_prop(sota_prop) +system_public_prop(hwservicemanager_prop) +system_public_prop(logd_prop) +system_public_prop(logpersistd_logging_prop) +system_public_prop(log_prop) +system_public_prop(log_tag_prop) +system_public_prop(lowpan_prop) +system_public_prop(nfc_prop) +system_public_prop(ota_prop) +system_public_prop(powerctl_prop) +system_public_prop(radio_prop) +system_public_prop(serialno_prop) +system_public_prop(system_prop) +system_public_prop(wifi_log_prop) +system_public_prop(wifi_prop) + +# Properties used in default HAL implementations +vendor_internal_prop(rebootescrow_hal_prop) + +# Properties which are public for devices launching with Android O or earlier +# This should not be used for any new properties. +not_compatible_property(` + # DO NOT ADD ANY PROPERTIES HERE + system_public_prop(boottime_prop) + system_public_prop(bpf_progs_loaded_prop) + system_public_prop(charger_prop) + system_public_prop(cold_boot_done_prop) + system_public_prop(ctl_adbd_prop) + system_public_prop(ctl_apexd_prop) + system_public_prop(ctl_bootanim_prop) + system_public_prop(ctl_bugreport_prop) + system_public_prop(ctl_console_prop) + system_public_prop(ctl_dumpstate_prop) + system_public_prop(ctl_fuse_prop) + system_public_prop(ctl_gsid_prop) + system_public_prop(ctl_interface_restart_prop) + system_public_prop(ctl_interface_stop_prop) + system_public_prop(ctl_mdnsd_prop) + system_public_prop(ctl_restart_prop) + system_public_prop(ctl_rildaemon_prop) + system_public_prop(ctl_sigstop_prop) + system_public_prop(dynamic_system_prop) + system_public_prop(heapprofd_enabled_prop) + system_public_prop(llkd_prop) + system_public_prop(lpdumpd_prop) + system_public_prop(mmc_prop) + system_public_prop(mock_ota_prop) + system_public_prop(net_dns_prop) + system_public_prop(overlay_prop) + system_public_prop(persistent_properties_ready_prop) + system_public_prop(safemode_prop) + system_public_prop(system_lmk_prop) + system_public_prop(system_trace_prop) + system_public_prop(test_boot_reason_prop) + system_public_prop(time_prop) + system_public_prop(traced_enabled_prop) + system_public_prop(traced_lazy_prop) + + system_public_prop(config_prop) + system_public_prop(cppreopt_prop) + system_public_prop(dalvik_prop) + system_public_prop(debuggerd_prop) + system_public_prop(default_prop) + system_public_prop(device_logging_prop) + system_public_prop(dhcp_prop) + system_public_prop(dumpstate_prop) + system_public_prop(exported2_default_prop) + system_public_prop(exported3_system_prop) + system_public_prop(exported_dumpstate_prop) + system_public_prop(exported_fingerprint_prop) + system_public_prop(exported_secure_prop) + system_public_prop(exported_vold_prop) + system_public_prop(ffs_prop) + system_public_prop(fingerprint_prop) + system_public_prop(heapprofd_prop) + system_public_prop(net_radio_prop) + system_public_prop(pan_result_prop) + system_public_prop(persist_debug_prop) + system_public_prop(shell_prop) + system_public_prop(system_radio_prop) + system_public_prop(test_harness_prop) + system_public_prop(theme_prop) + system_public_prop(use_memfd_prop) + system_public_prop(vold_prop) +') + +type vendor_default_prop, property_type; + +typeattribute log_prop log_property_type; +typeattribute log_tag_prop log_property_type; +typeattribute wifi_log_prop log_property_type; + +allow property_type tmpfs:filesystem associate; + +### +### Neverallow rules +### + +treble_sysprop_neverallow(` + +# TODO(b/131162102): uncomment these after assigning ownership attributes to all properties +# neverallow domain { +# property_type +# -system_property_type +# -product_property_type +# -vendor_property_type +# }:file no_rw_file_perms; + +neverallow { domain -coredomain } { + system_property_type + system_internal_property_type + -system_restricted_property_type + -system_public_property_type +}:file no_rw_file_perms; + +neverallow { domain -coredomain } { + system_property_type + -system_public_property_type +}:property_service set; + +# init is in coredomain, but should be able to read/write all props. +# dumpstate is also in coredomain, but should be able to read all props. +neverallow { coredomain -init -dumpstate } { + vendor_property_type + vendor_internal_property_type + -vendor_restricted_property_type + -vendor_public_property_type +}:file no_rw_file_perms; + +neverallow { coredomain -init } { + vendor_property_type + -vendor_public_property_type +}:property_service set; + +') + +# There is no need to perform ioctl or advisory locking operations on +# property files. If this neverallow is being triggered, it is +# likely that the policy is using r_file_perms directly instead of +# the get_prop() macro. +neverallow domain property_type:file { ioctl lock }; + +# core_property_type should not be used for new properties or +# device specific properties. Properties with this attribute +# are readable to everyone, which is overly broad and should +# be avoided. +# New properties should have appropriate read / write access +# control rules written. + +typeattribute audio_prop core_property_type; +typeattribute config_prop core_property_type; +typeattribute cppreopt_prop core_property_type; +typeattribute dalvik_prop core_property_type; +typeattribute debuggerd_prop core_property_type; +typeattribute debug_prop core_property_type; +typeattribute default_prop core_property_type; +typeattribute dhcp_prop core_property_type; +typeattribute dumpstate_prop core_property_type; +typeattribute ffs_prop core_property_type; +typeattribute fingerprint_prop core_property_type; +typeattribute logd_prop core_property_type; +typeattribute net_radio_prop core_property_type; +typeattribute nfc_prop core_property_type; +typeattribute ota_prop core_property_type; +typeattribute pan_result_prop core_property_type; +typeattribute persist_debug_prop core_property_type; +typeattribute powerctl_prop core_property_type; +typeattribute radio_prop core_property_type; +typeattribute restorecon_prop core_property_type; +typeattribute shell_prop core_property_type; +typeattribute system_prop core_property_type; +typeattribute system_radio_prop core_property_type; +typeattribute vold_prop core_property_type; + +neverallow * { + core_property_type + -audio_prop + -config_prop + -cppreopt_prop + -dalvik_prop + -debuggerd_prop + -debug_prop + -default_prop + -dhcp_prop + -dumpstate_prop + -ffs_prop + -fingerprint_prop + -logd_prop + -net_radio_prop + -nfc_prop + -ota_prop + -pan_result_prop + -persist_debug_prop + -powerctl_prop + -radio_prop + -restorecon_prop + -shell_prop + -system_prop + -system_radio_prop + -vold_prop +}:file no_rw_file_perms; + +# sigstop property is only used for debugging; should only be set by su which is permissive +# for userdebug/eng +neverallow { + domain + -init + -vendor_init +} ctl_sigstop_prop:property_service set; + +# Don't audit legacy ctl. property handling. We only want the newer permission check to appear +# in the audit log +dontaudit domain { + ctl_bootanim_prop + ctl_bugreport_prop + ctl_console_prop + ctl_default_prop + ctl_dumpstate_prop + ctl_fuse_prop + ctl_mdnsd_prop + ctl_rildaemon_prop +}:property_service set; + +neverallow { + domain + -init +} init_svc_debug_prop:property_service set; + +neverallow { + domain + -init + -dumpstate + userdebug_or_eng(`-su') +} init_svc_debug_prop:file no_rw_file_perms; + +compatible_property_only(` +# Prevent properties from being set + neverallow { + domain + -coredomain + -appdomain + -vendor_init + } { + core_property_type + extended_core_property_type + exported_config_prop + exported_dalvik_prop + exported_default_prop + exported_dumpstate_prop + exported_ffs_prop + exported_fingerprint_prop + exported_system_prop + exported_system_radio_prop + exported_vold_prop + exported2_config_prop + exported2_default_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_system_prop + -nfc_prop + -powerctl_prop + -radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_nfc_server + } { + nfc_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + -vendor_init + } { + exported_radio_prop + exported3_radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + } { + exported2_radio_prop + radio_prop + }:property_service set; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + } { + bluetooth_prop + }:property_service set; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + -vendor_init + } { + exported_bluetooth_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_camera_server + -cameraserver + -vendor_init + } { + exported_camera_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + } { + wifi_prop + }:property_service set; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + -vendor_init + } { + exported_wifi_prop + }:property_service set; + +# Prevent properties from being read + neverallow { + domain + -coredomain + -appdomain + -vendor_init + } { + core_property_type + extended_core_property_type + exported_dalvik_prop + exported_ffs_prop + exported_system_radio_prop + exported2_config_prop + exported2_system_prop + exported2_vold_prop + exported3_default_prop + exported3_system_prop + -debug_prop + -logd_prop + -nfc_prop + -powerctl_prop + -radio_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -appdomain + -hal_nfc_server + } { + nfc_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -appdomain + -hal_telephony_server + } { + radio_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -bluetooth + -hal_bluetooth_server + } { + bluetooth_prop + }:file no_rw_file_perms; + + neverallow { + domain + -coredomain + -hal_wifi_server + -wificond + } { + wifi_prop + }:file no_rw_file_perms; +') + +compatible_property_only(` + # Neverallow coredomain to set vendor properties + neverallow { + coredomain + -init + -system_writes_vendor_properties_violators + } { + property_type + -system_property_type + -extended_core_property_type + }:property_service set; +') + +neverallow { + -init + -system_server +} { + userspace_reboot_log_prop +}:property_service set; + +neverallow { + # Only allow init and system_server to set system_adbd_prop + -init + -system_server +} { + system_adbd_prop +}:property_service set; + +neverallow { + # Only allow init and adbd to set adbd_prop + -init + -adbd +} { + adbd_prop +}:property_service set; + +neverallow { + # Only allow init and shell to set userspace_reboot_test_prop + -init + -shell +} { + userspace_reboot_test_prop +}:property_service set; diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts new file mode 100644 index 000000000..5abe85b82 --- /dev/null +++ b/prebuilts/api/30.0/public/property_contexts @@ -0,0 +1,468 @@ +# vendor-init-readable +persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool + +# vendor-init-settable +af.fast_track_multiplier u:object_r:exported3_default_prop:s0 exact int +audio.camerasound.force u:object_r:exported_audio_prop:s0 exact bool +audio.deep_buffer.media u:object_r:exported3_default_prop:s0 exact bool +audio.offload.video u:object_r:exported3_default_prop:s0 exact bool +audio.offload.min.duration.secs u:object_r:exported3_default_prop:s0 exact int +camera.disable_zsl_mode u:object_r:exported3_default_prop:s0 exact bool +camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int +dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.dex2oat64.enabled u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.dexopt.secondary u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.execution-mode u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.extra-opts u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.foreground-heap-growth-multiplier u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.gctype u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapgrowthlimit u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapmaxfree u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapminfree u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heapstartsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.heaptargetutilization u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.isa.arm.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.arm64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.mips64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.unknown.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.unknown.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86_64.features u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.isa.x86_64.variant u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitinitialsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitmaxsize u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.jitprithreadweight u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jitthreshold u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jittransitionweight u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.jniopts u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.lockprof.threshold u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.method-trace u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.method-trace-file u:object_r:exported_dalvik_prop:s0 exact string +dalvik.vm.method-trace-file-siz u:object_r:exported_dalvik_prop:s0 exact int +dalvik.vm.method-trace-stream u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.profilesystemserver u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.profilebootclasspath u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.usejit u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool +dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int +drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool +external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool +external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool +keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool +media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool +media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string +media.stagefright.thumbnail.prefer_hw_codecs u:object_r:exported3_default_prop:s0 exact bool +persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string +persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool +persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool +persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool +persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string +persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int +persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int +persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int +persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string +persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string +persist.sys.media.avsync u:object_r:exported2_system_prop:s0 exact bool +persist.sys.hdmi.keep_awake u:object_r:exported2_system_prop:s0 exact bool +persist.sys.sf.color_mode u:object_r:exported2_system_prop:s0 exact int +persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string +persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact int +pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool +pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int +pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string +pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string +ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int +ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int +ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool +ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool +ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string +ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string +ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string +ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int +ro.camera.enableLazyHal u:object_r:exported3_default_prop:s0 exact bool +ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool +ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool +ro.config.alarm_alert u:object_r:exported2_config_prop:s0 exact string +ro.config.media_vol_steps u:object_r:exported2_config_prop:s0 exact int +ro.config.notification_sound u:object_r:exported2_config_prop:s0 exact string +ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool +ro.config.ringtone u:object_r:exported2_config_prop:s0 exact string +ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string +ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int +ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool +ro.crypto.dm_default_key.options_format.version u:object_r:exported2_vold_prop:s0 exact int +ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int +ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool +ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string +ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string +ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool +ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string +ro.gfx.angle.supported u:object_r:exported3_default_prop:s0 exact bool +ro.hdmi.device_type u:object_r:exported3_default_prop:s0 exact string +ro.hdmi.wake_on_hotplug u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.critical u:object_r:exported3_default_prop:s0 exact int +ro.lmk.critical_upgrade u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.debug u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.downgrade_pressure u:object_r:exported3_default_prop:s0 exact int +ro.lmk.kill_heaviest_task u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.kill_timeout_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.low u:object_r:exported3_default_prop:s0 exact int +ro.lmk.medium u:object_r:exported3_default_prop:s0 exact int +ro.lmk.psi_partial_stall_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.psi_complete_stall_ms u:object_r:exported3_default_prop:s0 exact int +ro.lmk.swap_free_low_percentage u:object_r:exported3_default_prop:s0 exact int +ro.lmk.thrashing_limit u:object_r:exported3_default_prop:s0 exact int +ro.lmk.thrashing_limit_decay u:object_r:exported3_default_prop:s0 exact int +ro.lmk.use_minfree_levels u:object_r:exported3_default_prop:s0 exact bool +ro.lmk.upgrade_pressure u:object_r:exported3_default_prop:s0 exact int +ro.minui.default_rotation u:object_r:exported3_default_prop:s0 exact string +ro.minui.overscan_percent u:object_r:exported3_default_prop:s0 exact int +ro.minui.pixel_format u:object_r:exported3_default_prop:s0 exact string +ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int +ro.opengles.version u:object_r:exported3_default_prop:s0 exact int +ro.radio.noril u:object_r:exported3_default_prop:s0 exact string +ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string +ro.retaildemo.video_path u:object_r:exported3_default_prop:s0 exact string +ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool +ro.sf.disable_triple_buffer u:object_r:exported3_default_prop:s0 exact bool +ro.sf.lcd_density u:object_r:exported3_default_prop:s0 exact int +ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool +ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool +ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int +ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string +ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string +ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string +ro.media.xml_variant.codecs u:object_r:media_variant_prop:s0 exact string +ro.media.xml_variant.codecs_performance u:object_r:media_variant_prop:s0 exact string +ro.media.xml_variant.profiles u:object_r:media_variant_prop:s0 exact string +ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int +ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int +ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int +ro.zygote u:object_r:exported3_default_prop:s0 exact string +sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string +sys.usb.controller u:object_r:exported2_system_prop:s0 exact string +sys.usb.ffs.max_read u:object_r:exported_ffs_prop:s0 exact int +sys.usb.ffs.max_write u:object_r:exported_ffs_prop:s0 exact int +sys.usb.ffs.ready u:object_r:exported_ffs_prop:s0 exact bool +sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int +sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool +sys.usb.state u:object_r:exported2_system_prop:s0 exact string +telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int +tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int +vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int +vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool +wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded +zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool + +# vendor-init-readable +apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready +dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool +persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string +persist.sys.theme u:object_r:theme_prop:s0 exact string +persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string +sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool +sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int +sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool +sys.vdso u:object_r:exported3_system_prop:s0 exact string + +# vendor-init-settable +persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool +sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string +sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int + +# public-readable +aac_drc_boost u:object_r:exported2_default_prop:s0 exact int +aac_drc_cut u:object_r:exported2_default_prop:s0 exact int +aac_drc_enc_target_level u:object_r:exported2_default_prop:s0 exact int +aac_drc_heavy u:object_r:exported2_default_prop:s0 exact int +aac_drc_reference_level u:object_r:exported2_default_prop:s0 exact int +build.version.extensions. u:object_r:module_sdkextensions_prop:s0 prefix int +ro.aac_drc_effect_type u:object_r:exported2_default_prop:s0 exact int +drm.64bit.enabled u:object_r:exported2_default_prop:s0 exact bool +dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool +dumpstate.unroot u:object_r:exported_dumpstate_prop:s0 exact bool +hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool +init.svc.bugreport u:object_r:exported2_default_prop:s0 exact string +init.svc.console u:object_r:exported2_default_prop:s0 exact string +init.svc.dumpstatez u:object_r:exported2_default_prop:s0 exact string +init.svc.mediadrm u:object_r:exported2_default_prop:s0 exact string +init.svc.surfaceflinger u:object_r:exported2_default_prop:s0 exact string +init.svc.tombstoned u:object_r:exported2_default_prop:s0 exact string +init.svc.zygote u:object_r:exported2_default_prop:s0 exact string +libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string +libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string +libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string +net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool +persist.sys.locale u:object_r:exported_system_prop:s0 exact string +persist.sys.timezone u:object_r:exported_system_prop:s0 exact string +persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool +ro.adb.secure u:object_r:exported_secure_prop:s0 exact bool +ro.arch u:object_r:exported2_default_prop:s0 exact string +ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool +ro.baseband u:object_r:exported2_default_prop:s0 exact string +ro.boot.avb_version u:object_r:exported2_default_prop:s0 exact string +ro.boot.baseband u:object_r:exported2_default_prop:s0 exact string +ro.boot.bootdevice u:object_r:exported2_default_prop:s0 exact string +ro.boot.bootloader u:object_r:exported2_default_prop:s0 exact string +ro.boot.boottime u:object_r:exported2_default_prop:s0 exact string +ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string +ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string +ro.boot.console u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware.color u:object_r:exported2_default_prop:s0 exact string +ro.boot.hardware.sku u:object_r:exported2_default_prop:s0 exact string +ro.boot.keymaster u:object_r:exported2_default_prop:s0 exact string +ro.boot.mode u:object_r:exported2_default_prop:s0 exact string +ro.boot.vbmeta.avb_version u:object_r:exported2_default_prop:s0 exact string +ro.boot.verifiedbootstate u:object_r:exported2_default_prop:s0 exact string +ro.boot.veritymode u:object_r:exported2_default_prop:s0 exact string +ro.boot.dynamic_partitions u:object_r:exported_default_prop:s0 exact string +ro.boot.dynamic_partitions_retrofit u:object_r:exported_default_prop:s0 exact string +ro.bootloader u:object_r:exported2_default_prop:s0 exact string +ro.build.date u:object_r:exported2_default_prop:s0 exact string +ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int +ro.build.description u:object_r:exported2_default_prop:s0 exact string +ro.build.display.id u:object_r:exported2_default_prop:s0 exact string +ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string +ro.build.host u:object_r:exported2_default_prop:s0 exact string +ro.build.id u:object_r:exported2_default_prop:s0 exact string +ro.build.product u:object_r:exported2_default_prop:s0 exact string +ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool +ro.build.tags u:object_r:exported2_default_prop:s0 exact string +ro.build.user u:object_r:exported2_default_prop:s0 exact string +ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string +ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string +ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string +ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int +ro.build.version.release u:object_r:exported2_default_prop:s0 exact string +ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string +ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int +ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string +ro.crypto.state u:object_r:exported_vold_prop:s0 exact enum encrypted unencrypted unsupported +ro.crypto.type u:object_r:exported_vold_prop:s0 exact enum block file none +ro.debuggable u:object_r:exported2_default_prop:s0 exact int +ro.hardware u:object_r:exported2_default_prop:s0 exact string +ro.product.brand u:object_r:exported2_default_prop:s0 exact string +ro.product.cpu.abi u:object_r:exported2_default_prop:s0 exact string +ro.product.cpu.abilist u:object_r:exported2_default_prop:s0 exact string +ro.product.device u:object_r:exported2_default_prop:s0 exact string +ro.product.manufacturer u:object_r:exported2_default_prop:s0 exact string +ro.product.model u:object_r:exported2_default_prop:s0 exact string +ro.product.name u:object_r:exported2_default_prop:s0 exact string +ro.property_service.version u:object_r:exported2_default_prop:s0 exact int +ro.revision u:object_r:exported2_default_prop:s0 exact string +ro.secure u:object_r:exported_secure_prop:s0 exact int +ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool +service.bootanim.exit u:object_r:exported_system_prop:s0 exact int +sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int +sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool +sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool +vold.decrypt u:object_r:exported_vold_prop:s0 exact string + +# vendor-init-settable|public-readable +aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int +aaudio.minimum_sleep_usec u:object_r:exported_default_prop:s0 exact int +aaudio.mixer_bursts u:object_r:exported_default_prop:s0 exact int +aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int +aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int +aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int +config.disable_cameraservice u:object_r:exported_camera_prop:s0 exact bool +gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string +media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool +persist.rcs.supported u:object_r:exported_default_prop:s0 exact int +rcs.publish.status u:object_r:exported_radio_prop:s0 exact string +ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string +ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string +ro.board.platform u:object_r:exported_default_prop:s0 exact string +ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int +ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string +ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string +ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string +ro.boot.slot_suffix u:object_r:exported_default_prop:s0 exact string +ro.bootimage.build.date u:object_r:exported_default_prop:s0 exact string +ro.bootimage.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.bootimage.build.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool +ro.build.ab_update u:object_r:exported_default_prop:s0 exact string +ro.build.expect.baseband u:object_r:exported_default_prop:s0 exact string +ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string +ro.carrier u:object_r:exported_default_prop:s0 exact string +ro.config.low_ram u:object_r:exported_config_prop:s0 exact bool +ro.config.vc_call_vol_steps u:object_r:exported_config_prop:s0 exact int +ro.frp.pst u:object_r:exported_default_prop:s0 exact string +ro.hardware.activity_recognition u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.a2dp u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.hearing_aid u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.primary u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio.usb u:object_r:exported_default_prop:s0 exact string +ro.hardware.audio_policy u:object_r:exported_default_prop:s0 exact string +ro.hardware.bootctrl u:object_r:exported_default_prop:s0 exact string +ro.hardware.camera u:object_r:exported_default_prop:s0 exact string +ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string +ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string +ro.hardware.egl u:object_r:exported_default_prop:s0 exact string +ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.hardware.flp u:object_r:exported_default_prop:s0 exact string +ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string +ro.hardware.gps u:object_r:exported_default_prop:s0 exact string +ro.hardware.gralloc u:object_r:exported_default_prop:s0 exact string +ro.hardware.hdmi_cec u:object_r:exported_default_prop:s0 exact string +ro.hardware.hwcomposer u:object_r:exported_default_prop:s0 exact string +ro.hardware.input u:object_r:exported_default_prop:s0 exact string +ro.hardware.keystore u:object_r:exported_default_prop:s0 exact string +ro.hardware.keystore_desede u:object_r:exported_default_prop:s0 exact string +ro.hardware.lights u:object_r:exported_default_prop:s0 exact string +ro.hardware.local_time u:object_r:exported_default_prop:s0 exact string +ro.hardware.memtrack u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc_nci u:object_r:exported_default_prop:s0 exact string +ro.hardware.nfc_tag u:object_r:exported_default_prop:s0 exact string +ro.hardware.nvram u:object_r:exported_default_prop:s0 exact string +ro.hardware.power u:object_r:exported_default_prop:s0 exact string +ro.hardware.radio u:object_r:exported_default_prop:s0 exact string +ro.hardware.sensors u:object_r:exported_default_prop:s0 exact string +ro.hardware.sound_trigger u:object_r:exported_default_prop:s0 exact string +ro.hardware.thermal u:object_r:exported_default_prop:s0 exact string +ro.hardware.tv_input u:object_r:exported_default_prop:s0 exact string +ro.hardware.type u:object_r:exported_default_prop:s0 exact string +ro.hardware.vehicle u:object_r:exported_default_prop:s0 exact string +ro.hardware.vibrator u:object_r:exported_default_prop:s0 exact string +ro.hardware.virtual_device u:object_r:exported_default_prop:s0 exact string +ro.hardware.vulkan u:object_r:exported_default_prop:s0 exact string +ro.hwui.use_vulkan u:object_r:exported_default_prop:s0 exact bool +ro.kernel.qemu u:object_r:exported_default_prop:s0 exact bool +ro.kernel.qemu. u:object_r:exported_default_prop:s0 +ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int +ro.kernel.ebpf.supported u:object_r:exported_default_prop:s0 exact bool +ro.odm.build.date u:object_r:exported_default_prop:s0 exact string +ro.odm.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.odm.build.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.odm.build.version.incremental u:object_r:exported_default_prop:s0 exact string +ro.oem.key1 u:object_r:exported_default_prop:s0 exact string +ro.product.board u:object_r:exported_default_prop:s0 exact string +ro.product.cpu.abilist32 u:object_r:exported_default_prop:s0 exact string +ro.product.cpu.abilist64 u:object_r:exported_default_prop:s0 exact string +ro.product.first_api_level u:object_r:exported_default_prop:s0 exact int +ro.product.odm.brand u:object_r:exported_default_prop:s0 exact string +ro.product.odm.device u:object_r:exported_default_prop:s0 exact string +ro.product.odm.manufacturer u:object_r:exported_default_prop:s0 exact string +ro.product.odm.model u:object_r:exported_default_prop:s0 exact string +ro.product.odm.name u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.brand u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.device u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.manufacturer u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.model u:object_r:exported_default_prop:s0 exact string +ro.product.vendor.name u:object_r:exported_default_prop:s0 exact string +ro.product.vndk.version u:object_r:vndk_prop:s0 exact string +ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted +ro.vendor.build.date u:object_r:exported_default_prop:s0 exact string +ro.vendor.build.date.utc u:object_r:exported_default_prop:s0 exact int +ro.vendor.build.fingerprint u:object_r:exported_default_prop:s0 exact string +ro.vendor.build.version.incremental u:object_r:exported_default_prop:s0 exact string +ro.vndk.lite u:object_r:vndk_prop:s0 exact bool +ro.vndk.version u:object_r:vndk_prop:s0 exact string +ro.vts.coverage u:object_r:exported_default_prop:s0 exact int +wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string +wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string +wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string +wifi.direct.interface u:object_r:exported_default_prop:s0 exact string +wifi.interface u:object_r:exported_default_prop:s0 exact string +ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool +ro.init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool + +# public-readable +ro.boot.revision u:object_r:exported2_default_prop:s0 exact string +ro.bootmode u:object_r:exported2_default_prop:s0 exact string +ro.build.type u:object_r:exported2_default_prop:s0 exact string +sys.shutdown.requested u:object_r:exported_system_prop:s0 exact string + +# Using Sysprop as API. So the ro.surface_flinger.* are guaranteed to be API-stable +ro.surface_flinger.default_composition_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.default_composition_pixel_format u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.force_hwc_copy_for_virtual_displays u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.has_HDR_display u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.has_wide_color_display u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.max_frame_buffer_acquired_buffers u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.max_graphics_height u:object_r:exported3_default_prop:s0 exact int +ro.surface_flinger.max_graphics_width u:object_r:exported3_default_prop:s0 exact int +ro.surface_flinger.max_virtual_display_dimension u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.primary_display_orientation u:object_r:exported_default_prop:s0 exact enum ORIENTATION_0 ORIENTATION_180 ORIENTATION_270 ORIENTATION_90 +ro.surface_flinger.present_time_offset_from_vsync_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.running_without_sync_framework u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.start_graphics_allocator_service u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_color_management u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_context_priority u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_vr_flinger u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.vsync_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.vsync_sf_event_phase_offset_ns u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.wcg_composition_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.wcg_composition_pixel_format u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.display_primary_red u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_green u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_blue u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.display_primary_white u:object_r:exported_default_prop:s0 exact string +ro.surface_flinger.protected_contents u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.set_idle_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.set_touch_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.set_display_power_timer_ms u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.use_content_detection_for_refresh_rate u:object_r:exported_default_prop:s0 exact bool +ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int +ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool + +# Binder cache properties. These are world-readable +cache_key.app_inactive u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_compat_change_enabled u:object_r:binder_cache_system_server_prop:s0 +cache_key.get_packages_for_uid u:object_r:binder_cache_system_server_prop:s0 +cache_key.has_system_feature u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_interactive u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_power_save_mode u:object_r:binder_cache_system_server_prop:s0 +cache_key.is_user_unlocked u:object_r:binder_cache_system_server_prop:s0 +cache_key.volume_list u:object_r:binder_cache_system_server_prop:s0 +cache_key.display_info u:object_r:binder_cache_system_server_prop:s0 +cache_key.location_enabled u:object_r:binder_cache_system_server_prop:s0 +cache_key.package_info u:object_r:binder_cache_system_server_prop:s0 + +cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string +cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string +cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string diff --git a/prebuilts/api/30.0/public/racoon.te b/prebuilts/api/30.0/public/racoon.te new file mode 100644 index 000000000..688874024 --- /dev/null +++ b/prebuilts/api/30.0/public/racoon.te @@ -0,0 +1,34 @@ +# IKE key management daemon +type racoon, domain; +type racoon_exec, system_file_type, exec_type, file_type; + +typeattribute racoon mlstrustedsubject; + +net_domain(racoon) +allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCSIFNETMASK }; + +binder_use(racoon) + +allow racoon tun_device:chr_file r_file_perms; +allowxperm racoon tun_device:chr_file ioctl TUNSETIFF; +allow racoon cgroup:dir { add_name create }; +allow racoon kernel:system module_request; + +allow racoon self:key_socket create_socket_perms_no_ioctl; +allow racoon self:tun_socket create_socket_perms_no_ioctl; +allow racoon self:global_capability_class_set { net_admin net_bind_service net_raw }; + +# XXX: should we give ip-up-vpn its own label (currently racoon domain) +allow racoon system_file:file rx_file_perms; +not_full_treble(`allow racoon vendor_file:file rx_file_perms;') +allow racoon vpn_data_file:file create_file_perms; +allow racoon vpn_data_file:dir w_dir_perms; + +use_keystore(racoon) + +# Racoon (VPN) has a restricted set of permissions from the default. +allow racoon keystore:keystore_key { + get + sign + verify +}; diff --git a/prebuilts/api/30.0/public/radio.te b/prebuilts/api/30.0/public/radio.te new file mode 100644 index 000000000..34eaf83d0 --- /dev/null +++ b/prebuilts/api/30.0/public/radio.te @@ -0,0 +1,45 @@ +# phone subsystem +type radio, domain, mlstrustedsubject; + +net_domain(radio) +bluetooth_domain(radio) +binder_service(radio) + +# Talks to hal_telephony_server via the rild socket only for devices without full treble +not_full_treble(`unix_socket_connect(radio, rild, hal_telephony_server)') + +# Data file accesses. +allow radio radio_data_file:dir create_dir_perms; +allow radio radio_data_file:notdevfile_class_set create_file_perms; + + +allow radio net_data_file:dir search; +allow radio net_data_file:file r_file_perms; + +# Property service +set_prop(radio, radio_prop) +set_prop(radio, exported_radio_prop) +set_prop(radio, exported2_radio_prop) +set_prop(radio, exported3_radio_prop) +set_prop(radio, net_radio_prop) + +# ctl interface +set_prop(radio, ctl_rildaemon_prop) + +add_service(radio, radio_service) +allow radio audioserver_service:service_manager find; +allow radio cameraserver_service:service_manager find; +allow radio drmserver_service:service_manager find; +allow radio mediaserver_service:service_manager find; +allow radio nfc_service:service_manager find; +allow radio app_api_service:service_manager find; +allow radio system_api_service:service_manager find; +allow radio timedetector_service:service_manager find; +allow radio timezonedetector_service:service_manager find; + +# Perform HwBinder IPC. +hwbinder_use(radio) +hal_client_domain(radio, hal_telephony) + +# Used by TelephonyManager +allow radio proc_cmdline:file r_file_perms; diff --git a/prebuilts/api/30.0/public/recovery.te b/prebuilts/api/30.0/public/recovery.te new file mode 100644 index 000000000..16b670f96 --- /dev/null +++ b/prebuilts/api/30.0/public/recovery.te @@ -0,0 +1,184 @@ +# recovery console (used in recovery init.rc for /sbin/recovery) + +# Declare the domain unconditionally so we can always reference it +# in neverallow rules. +type recovery, domain; + +# But the allow rules are only included in the recovery policy. +# Otherwise recovery is only allowed the domain rules. +recovery_only(` + # Allow recovery to perform an update as update_engine would do. + typeattribute recovery update_engine_common; + # Recovery can only use HALs in passthrough mode + passthrough_hal_client_domain(recovery, hal_bootctl) + + allow recovery self:global_capability_class_set { + chown + dac_override + dac_read_search + fowner + setuid + setgid + sys_admin + sys_tty_config + }; + + # Run helpers from / or /system without changing domain. + r_dir_file(recovery, rootfs) + allow recovery rootfs:file execute_no_trans; + allow recovery system_file:file execute_no_trans; + allow recovery toolbox_exec:file rx_file_perms; + + # Mount filesystems. + allow recovery rootfs:dir mounton; + allow recovery tmpfs:dir mounton; + allow recovery fs_type:filesystem ~relabelto; + allow recovery unlabeled:filesystem ~relabelto; + allow recovery contextmount_type:filesystem relabelto; + + # We may be asked to set an SELinux label for a type not known to the + # currently loaded policy. Allow it. + allow recovery unlabeled:{ file lnk_file } { create_file_perms relabelfrom relabelto }; + allow recovery unlabeled:dir { create_dir_perms relabelfrom relabelto }; + + # Get file contexts + allow recovery file_contexts_file:file r_file_perms; + + # Write to /proc/sys/vm/drop_caches + allow recovery proc_drop_caches:file w_file_perms; + + # Read /proc/swaps + allow recovery proc_swaps:file r_file_perms; + + # Read kernel config through libvintf for OTA matching + allow recovery config_gz:file { open read getattr }; + + # Write to /sys/class/android_usb/android0/enable. + r_dir_file(recovery, sysfs_android_usb) + allow recovery sysfs_android_usb:file w_file_perms; + + # Write to /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq. + allow recovery sysfs_devices_system_cpu:file w_file_perms; + + allow recovery sysfs_batteryinfo:file r_file_perms; + + # Read /sysfs/fs/ext4/features + r_dir_file(recovery, sysfs_fs_ext4_features) + + # Read from /sys/class/leds/lcd-backlight/max_brightness and write to /s/c/l/l/brightness to + # control backlight brightness. + allow recovery sysfs_leds:dir r_dir_perms; + allow recovery sysfs_leds:file rw_file_perms; + allow recovery sysfs_leds:lnk_file read; + + allow recovery kernel:system syslog_read; + + # Access /dev/usb-ffs/adb/ep0 + allow recovery functionfs:dir search; + allow recovery functionfs:file rw_file_perms; + allowxperm recovery functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC; + + # Access to /sys/fs/selinux/policyvers for compatibility check + allow recovery selinuxfs:file r_file_perms; + + # Required to e.g. wipe userdata/cache. + allow recovery device:dir r_dir_perms; + allow recovery block_device:dir r_dir_perms; + allow recovery dev_type:blk_file rw_file_perms; + allowxperm recovery { userdata_block_device metadata_block_device cache_block_device }:blk_file ioctl BLKPBSZGET; + + # GUI + allow recovery graphics_device:chr_file rw_file_perms; + allow recovery graphics_device:dir r_dir_perms; + allow recovery input_device:dir r_dir_perms; + allow recovery input_device:chr_file r_file_perms; + allow recovery tty_device:chr_file rw_file_perms; + + # Create /tmp/recovery.log and execute /tmp/update_binary. + allow recovery tmpfs:file { create_file_perms x_file_perms }; + allow recovery tmpfs:dir create_dir_perms; + + # Manage files on /cache and /cache/recovery + allow recovery { cache_file cache_recovery_file }:dir create_dir_perms; + allow recovery { cache_file cache_recovery_file }:file create_file_perms; + + # Read /sys/class/thermal/*/temp for thermal info. + r_dir_file(recovery, sysfs_thermal) + + # Read files on /oem. + r_dir_file(recovery, oemfs); + + # Reboot the device + set_prop(recovery, powerctl_prop) + + # Read serial number of the device from system properties + get_prop(recovery, serialno_prop) + + # Set sys.usb.ffs.ready when starting minadbd for sideload. + set_prop(recovery, ffs_prop) + set_prop(recovery, exported_ffs_prop) + + # Set sys.usb.config when switching into fastboot. + set_prop(recovery, system_radio_prop) + set_prop(recovery, exported_system_radio_prop) + + # Read ro.boot.bootreason + get_prop(recovery, bootloader_boot_reason_prop) + + # Read storage properties (for correctly formatting filesystems) + get_prop(recovery, storage_config_prop) + + # Use setfscreatecon() to label files for OTA updates. + allow recovery self:process setfscreate; + + # Allow recovery to create a fuse filesystem, and read files from it. + allow recovery fuse_device:chr_file rw_file_perms; + allow recovery fuse:dir r_dir_perms; + allow recovery fuse:file r_file_perms; + + wakelock_use(recovery) + + # This line seems suspect, as it should not really need to + # set scheduling parameters for a kernel domain task. + allow recovery kernel:process setsched; + + # These are needed to update dynamic partitions in recovery. + r_dir_file(recovery, sysfs_dm) + allowxperm recovery super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; + + # Allow using libfiemap/gsid directly (no binder in recovery). + set_prop(recovery, gsid_prop) + allow recovery gsi_metadata_file:dir search; + allow recovery ota_metadata_file:dir rw_dir_perms; + allow recovery ota_metadata_file:file create_file_perms; + + # Allow mounting /metadata for writing update states + allow recovery metadata_file:dir { getattr mounton }; +') + +### +### neverallow rules +### + +# Recovery should never touch /data. +# +# In particular, if /data is encrypted, it is not accessible +# to recovery anyway. +# +# For now, we only enforce write/execute restrictions, as domain.te +# contains a number of read-only rules that apply to all +# domains, including recovery. +# +# TODO: tighten this up further. +neverallow recovery { + data_file_type + -cache_file + -cache_recovery_file + with_native_coverage(`-method_trace_data_file') +}:file { no_w_file_perms no_x_file_perms }; +neverallow recovery { + data_file_type + -cache_file + -cache_recovery_file + with_native_coverage(`-method_trace_data_file') +}:dir no_w_dir_perms; diff --git a/prebuilts/api/30.0/public/recovery_persist.te b/prebuilts/api/30.0/public/recovery_persist.te new file mode 100644 index 000000000..d4b456201 --- /dev/null +++ b/prebuilts/api/30.0/public/recovery_persist.te @@ -0,0 +1,32 @@ +# android recovery persistent log manager +type recovery_persist, domain; +type recovery_persist_exec, system_file_type, exec_type, file_type; + +allow recovery_persist pstorefs:dir search; +allow recovery_persist pstorefs:file r_file_perms; + +allow recovery_persist recovery_data_file:file create_file_perms; +allow recovery_persist recovery_data_file:dir create_dir_perms; + +allow recovery_persist cache_file:dir search; +allow recovery_persist cache_file:lnk_file read; +allow recovery_persist cache_recovery_file:dir rw_dir_perms; +allow recovery_persist cache_recovery_file:file { r_file_perms unlink }; + +### +### Neverallow rules +### +### recovery_persist should NEVER do any of this + +# Block device access. +neverallow recovery_persist dev_type:blk_file { read write }; + +# ptrace any other app +neverallow recovery_persist domain:process ptrace; + +# Write to /system. +neverallow recovery_persist system_file:dir_file_class_set write; + +# Write to files in /data/data +neverallow recovery_persist { privapp_data_file app_data_file system_data_file }:dir_file_class_set write; + diff --git a/prebuilts/api/30.0/public/recovery_refresh.te b/prebuilts/api/30.0/public/recovery_refresh.te new file mode 100644 index 000000000..d6870dcb2 --- /dev/null +++ b/prebuilts/api/30.0/public/recovery_refresh.te @@ -0,0 +1,24 @@ +# android recovery refresh log manager +type recovery_refresh, domain; +type recovery_refresh_exec, system_file_type, exec_type, file_type; + +allow recovery_refresh pstorefs:dir search; +allow recovery_refresh pstorefs:file r_file_perms; +# NB: domain inherits write_logd which hands us write to pmsg_device + +### +### Neverallow rules +### +### recovery_refresh should NEVER do any of this + +# Block device access. +neverallow recovery_refresh dev_type:blk_file { read write }; + +# ptrace any other app +neverallow recovery_refresh domain:process ptrace; + +# Write to /system. +neverallow recovery_refresh system_file:dir_file_class_set write; + +# Write to files in /data/data or system files on /data +neverallow recovery_refresh { app_data_file privapp_data_file system_data_file }:dir_file_class_set write; diff --git a/prebuilts/api/30.0/public/roles b/prebuilts/api/30.0/public/roles new file mode 100644 index 000000000..ca9293439 --- /dev/null +++ b/prebuilts/api/30.0/public/roles @@ -0,0 +1 @@ +role r types domain; diff --git a/prebuilts/api/30.0/public/rs.te b/prebuilts/api/30.0/public/rs.te new file mode 100644 index 000000000..16b6e9630 --- /dev/null +++ b/prebuilts/api/30.0/public/rs.te @@ -0,0 +1,2 @@ +type rs, domain, coredomain; +type rs_exec, system_file_type, exec_type, file_type; diff --git a/prebuilts/api/30.0/public/rss_hwm_reset.te b/prebuilts/api/30.0/public/rss_hwm_reset.te new file mode 100644 index 000000000..163e1acde --- /dev/null +++ b/prebuilts/api/30.0/public/rss_hwm_reset.te @@ -0,0 +1,2 @@ +# rss_hwm_reset resets RSS high-water mark counters for all procesess. +type rss_hwm_reset, domain, coredomain, mlstrustedsubject; diff --git a/prebuilts/api/30.0/public/runas.te b/prebuilts/api/30.0/public/runas.te new file mode 100644 index 000000000..356a0190c --- /dev/null +++ b/prebuilts/api/30.0/public/runas.te @@ -0,0 +1,43 @@ +type runas, domain, mlstrustedsubject; +type runas_exec, system_file_type, exec_type, file_type; + +allow runas adbd:fd use; +allow runas adbd:process sigchld; +allow runas adbd:unix_stream_socket { read write }; +allow runas shell:fd use; +allow runas shell:fifo_file { read write }; +allow runas shell:unix_stream_socket { read write }; +allow runas devpts:chr_file { read write ioctl }; +allow runas shell_data_file:file { read write }; + +# run-as reads package information. +allow runas system_data_file:file r_file_perms; +allow runas system_data_file:lnk_file getattr; +allow runas packages_list_file:file r_file_perms; + +# The app's data dir may be accessed through a symlink. +allow runas system_data_file:lnk_file read; + +# run-as checks and changes to the app data dir. +dontaudit runas self:global_capability_class_set { dac_override dac_read_search }; +allow runas app_data_file:dir { getattr search }; + +# run-as switches to the app UID/GID. +allow runas self:global_capability_class_set { setuid setgid }; + +# run-as switches to the app security context. +selinux_check_context(runas) # validate context +allow runas self:process setcurrent; +allow runas non_system_app_set:process dyntransition; # setcon + +# runas/libselinux needs access to seapp_contexts_file to +# determine which domain to transition to. +allow runas seapp_contexts_file:file r_file_perms; + +### +### neverallow rules +### + +# run-as cannot have capabilities other than CAP_SETUID and CAP_SETGID +neverallow runas self:global_capability_class_set ~{ setuid setgid }; +neverallow runas self:global_capability2_class_set *; diff --git a/prebuilts/api/30.0/public/runas_app.te b/prebuilts/api/30.0/public/runas_app.te new file mode 100644 index 000000000..cdaa799c9 --- /dev/null +++ b/prebuilts/api/30.0/public/runas_app.te @@ -0,0 +1 @@ +type runas_app, domain; diff --git a/prebuilts/api/30.0/public/scheduler_service_server.te b/prebuilts/api/30.0/public/scheduler_service_server.te new file mode 100644 index 000000000..b3cede168 --- /dev/null +++ b/prebuilts/api/30.0/public/scheduler_service_server.te @@ -0,0 +1 @@ +add_hwservice(scheduler_service_server, fwk_scheduler_hwservice) diff --git a/prebuilts/api/30.0/public/sdcardd.te b/prebuilts/api/30.0/public/sdcardd.te new file mode 100644 index 000000000..1ae377082 --- /dev/null +++ b/prebuilts/api/30.0/public/sdcardd.te @@ -0,0 +1,45 @@ +type sdcardd, domain; +type sdcardd_exec, system_file_type, exec_type, file_type; + +allow sdcardd cgroup:dir create_dir_perms; +allow sdcardd fuse_device:chr_file rw_file_perms; +allow sdcardd rootfs:dir mounton; # TODO: deprecated in M +allow sdcardd sdcardfs:filesystem remount; +allow sdcardd tmpfs:dir r_dir_perms; +allow sdcardd mnt_media_rw_file:dir r_dir_perms; +allow sdcardd storage_file:dir search; +allow sdcardd storage_stub_file:dir { search mounton }; +allow sdcardd sdcard_type:filesystem { mount unmount }; +allow sdcardd self:global_capability_class_set { setuid setgid dac_override dac_read_search sys_admin sys_resource }; + +allow sdcardd sdcard_type:dir create_dir_perms; +allow sdcardd sdcard_type:file create_file_perms; + +allow sdcardd media_rw_data_file:dir create_dir_perms; +allow sdcardd media_rw_data_file:file create_file_perms; + +# Read /data/system/packages.list. +allow sdcardd system_data_file:file r_file_perms; +allow sdcardd packages_list_file:file r_file_perms; + +# Read /data/misc/installd/layout_version +allow sdcardd install_data_file:file r_file_perms; +allow sdcardd install_data_file:dir search; + +# Allow stdin/out back to vold +allow sdcardd vold:fd use; +allow sdcardd vold:fifo_file { read write getattr }; + +# Allow running on top of expanded storage +allow sdcardd mnt_expand_file:dir search; + +# access /proc/filesystems +allow sdcardd proc_filesystems:file r_file_perms; + +### +### neverallow rules +### + +# The sdcard daemon should no longer be started from init +neverallow init sdcardd_exec:file execute; +neverallow init sdcardd:process { transition dyntransition }; diff --git a/prebuilts/api/30.0/public/secure_element.te b/prebuilts/api/30.0/public/secure_element.te new file mode 100644 index 000000000..4ce6714f6 --- /dev/null +++ b/prebuilts/api/30.0/public/secure_element.te @@ -0,0 +1,2 @@ +# secure_element subsystem +type secure_element, domain; diff --git a/prebuilts/api/30.0/public/sensor_service_server.te b/prebuilts/api/30.0/public/sensor_service_server.te new file mode 100644 index 000000000..7c526a5f3 --- /dev/null +++ b/prebuilts/api/30.0/public/sensor_service_server.te @@ -0,0 +1 @@ +add_hwservice(sensor_service_server, fwk_sensor_hwservice) diff --git a/prebuilts/api/30.0/public/service.te b/prebuilts/api/30.0/public/service.te new file mode 100644 index 000000000..968e523cf --- /dev/null +++ b/prebuilts/api/30.0/public/service.te @@ -0,0 +1,225 @@ +type aidl_lazy_test_service, service_manager_type; +type apex_service, service_manager_type; +type audioserver_service, service_manager_type; +type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type; +type bluetooth_service, service_manager_type; +type cameraserver_service, service_manager_type; +type default_android_service, service_manager_type; +type dnsresolver_service, service_manager_type; +type drmserver_service, service_manager_type; +type dumpstate_service, service_manager_type; +type fingerprintd_service, service_manager_type; +type hal_fingerprint_service, service_manager_type; +type gatekeeper_service, app_api_service, service_manager_type; +type gpu_service, app_api_service, service_manager_type; +type idmap_service, service_manager_type; +type iorapd_service, service_manager_type; +type incident_service, service_manager_type; +type installd_service, service_manager_type; +type credstore_service, app_api_service, service_manager_type; +type keystore_service, service_manager_type; +type lpdump_service, service_manager_type; +type mediaserver_service, service_manager_type; +type mediametrics_service, service_manager_type; +type mediaextractor_service, service_manager_type; +type mediadrmserver_service, service_manager_type; +type mediatranscoding_service, app_api_service, service_manager_type; +type netd_service, service_manager_type; +type nfc_service, service_manager_type; +type radio_service, service_manager_type; +type secure_element_service, service_manager_type; +type service_manager_service, service_manager_type; +type storaged_service, service_manager_type; +type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type; +type system_app_service, service_manager_type; +type system_suspend_control_service, service_manager_type; +type update_engine_service, service_manager_type; +type virtual_touchpad_service, service_manager_type; +type vold_service, service_manager_type; +type vr_hwc_service, service_manager_type; +type vrflinger_vsync_service, service_manager_type; + +# system_server_services broken down +type accessibility_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type account_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type activity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type activity_task_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type adb_service, system_api_service, system_server_service, service_manager_type; +type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type app_binding_service, system_server_service, service_manager_type; +type app_integrity_service, system_api_service, system_server_service, service_manager_type; +type app_prediction_service, app_api_service, system_server_service, service_manager_type; +type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type auth_service, app_api_service, system_server_service, service_manager_type; +type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type battery_service, system_server_service, service_manager_type; +type binder_calls_stats_service, system_server_service, service_manager_type; +type blob_store_service, app_api_service, system_server_service, service_manager_type; +type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type broadcastradio_service, system_server_service, service_manager_type; +type cameraproxy_service, system_server_service, service_manager_type; +type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type contexthub_service, app_api_service, system_server_service, service_manager_type; +type crossprofileapps_service, app_api_service, system_server_service, service_manager_type; +type IProxyService_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type companion_device_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type connectivity_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type connmetrics_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type consumer_ir_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type content_capture_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type content_suggestions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type content_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type country_detector_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +# Note: The coverage_service should only be enabled for userdebug / eng builds that were compiled +# with EMMA_INSTRUMENT=true. We should consider locking this down in the future. +type coverage_service, system_server_service, service_manager_type; +type cpuinfo_service, system_api_service, system_server_service, service_manager_type; +type dataloader_manager_service, system_server_service, service_manager_type; +type dbinfo_service, system_api_service, system_server_service, service_manager_type; +type device_config_service, system_server_service, service_manager_type; +type device_policy_service, app_api_service, system_server_service, service_manager_type; +type deviceidle_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type device_identifiers_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type devicestoragemonitor_service, system_server_service, service_manager_type; +type diskstats_service, system_api_service, system_server_service, service_manager_type; +type display_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type color_display_service, system_api_service, system_server_service, service_manager_type; +type external_vibrator_service, system_server_service, service_manager_type; +type file_integrity_service, app_api_service, system_server_service, service_manager_type; +type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type netd_listener_service, system_server_service, service_manager_type; +type network_watchlist_service, system_server_service, service_manager_type; +type DockObserver_service, system_server_service, service_manager_type; +type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type lowpan_service, system_api_service, system_server_service, service_manager_type; +type ethernet_service, app_api_service, system_server_service, service_manager_type; +type biometric_service, app_api_service, system_server_service, service_manager_type; +type bugreport_service, system_api_service, system_server_service, service_manager_type; +type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type face_service, app_api_service, system_server_service, service_manager_type; +type fingerprint_service, app_api_service, system_server_service, service_manager_type; +type gfxinfo_service, system_api_service, system_server_service, service_manager_type; +type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type hardware_service, system_server_service, service_manager_type; +type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type hdmi_control_service, system_api_service, system_server_service, service_manager_type; +type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type incremental_service, system_server_service, service_manager_type; +type input_method_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type ipsec_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type iris_service, app_api_service, system_server_service, service_manager_type; +type jobscheduler_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type launcherapps_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type light_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type location_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type lock_settings_service, system_api_service, system_server_service, service_manager_type; +type looper_stats_service, system_server_service, service_manager_type; +type media_projection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type media_router_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type media_session_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type meminfo_service, system_api_service, system_server_service, service_manager_type; +type midi_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type mount_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type netpolicy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type netstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type network_management_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type network_score_service, system_api_service, system_server_service, service_manager_type; +type network_stack_service, system_server_service, service_manager_type; +type network_time_update_service, system_server_service, service_manager_type; +type notification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type oem_lock_service, system_api_service, system_server_service, service_manager_type; +type otadexopt_service, system_server_service, service_manager_type; +type overlay_service, system_api_service, system_server_service, service_manager_type; +type package_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type package_native_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type permission_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type permissionmgr_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type persistent_data_block_service, system_api_service, system_server_service, service_manager_type; +type pinner_service, system_server_service, service_manager_type; +type power_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type print_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type processinfo_service, system_server_service, service_manager_type; +type procstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type recovery_service, system_server_service, service_manager_type; +type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type role_service, app_api_service, system_server_service, service_manager_type; +type rollback_service, app_api_service, system_server_service, service_manager_type; +type runtime_service, system_server_service, service_manager_type; +type rttmanager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type samplingprofiler_service, system_server_service, service_manager_type; +type scheduling_policy_service, system_server_service, service_manager_type; +type search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type sec_key_att_app_id_provider_service, app_api_service, system_server_service, service_manager_type; +type sensorservice_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type sensor_privacy_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type serial_service, system_api_service, system_server_service, service_manager_type; +type servicediscovery_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type settings_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type shortcut_service, app_api_service, system_server_service, service_manager_type; +type slice_service, app_api_service, system_server_service, service_manager_type; +type statusbar_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type system_config_service, system_api_service, system_server_service, service_manager_type; +type system_update_service, system_server_service, service_manager_type; +type soundtrigger_middleware_service, system_server_service, service_manager_type; +type task_service, system_server_service, service_manager_type; +type testharness_service, system_server_service, service_manager_type; +type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type timedetector_service, system_server_service, service_manager_type; +type timezone_service, system_server_service, service_manager_type; +type timezonedetector_service, system_server_service, service_manager_type; +type trust_service, app_api_service, system_server_service, service_manager_type; +type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type tv_tuner_resource_mgr_service, system_server_service, service_manager_type; +type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type updatelock_service, system_api_service, system_server_service, service_manager_type; +type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type usagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type usb_service, app_api_service, system_server_service, service_manager_type; +type user_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type vibrator_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type voiceinteraction_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type vr_manager_service, system_server_service, service_manager_type; +type wallpaper_service, app_api_service, system_server_service, service_manager_type; +type webviewupdate_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type wifip2p_service, app_api_service, system_server_service, service_manager_type; +type wifiscanner_service, system_api_service, system_server_service, service_manager_type; +type wifi_service, app_api_service, system_server_service, service_manager_type; +type wifinl80211_service, service_manager_type; +type wifiaware_service, app_api_service, system_server_service, service_manager_type; +type window_service, system_api_service, system_server_service, service_manager_type; +type inputflinger_service, system_api_service, system_server_service, service_manager_type; +type wpantund_service, system_api_service, service_manager_type; +type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; +type emergency_affordance_service, system_server_service, service_manager_type; + +### +### HAL Services +### + +type hal_identity_service, vendor_service, service_manager_type; +type hal_light_service, vendor_service, service_manager_type; +type hal_power_service, vendor_service, service_manager_type; +type hal_rebootescrow_service, vendor_service, service_manager_type; +type hal_vibrator_service, vendor_service, service_manager_type; + +### +### Neverallow rules +### + +# servicemanager handles registering or looking up named services. +# It does not make sense to register or lookup something which is not a service. +# Trigger a compile error if this occurs. +neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find }; diff --git a/prebuilts/api/30.0/public/servicemanager.te b/prebuilts/api/30.0/public/servicemanager.te new file mode 100644 index 000000000..10347d913 --- /dev/null +++ b/prebuilts/api/30.0/public/servicemanager.te @@ -0,0 +1,27 @@ +# servicemanager - the Binder context manager +type servicemanager, domain, mlstrustedsubject; +type servicemanager_exec, system_file_type, exec_type, file_type; + +# Note that we do not use the binder_* macros here. +# servicemanager is unique in that it only provides +# name service (aka context manager) for Binder. +# As such, it only ever receives and transfers other references +# created by other domains. It never passes its own references +# or initiates a Binder IPC. +allow servicemanager self:binder set_context_mgr; +allow servicemanager { + domain + -init + -vendor_init + -hwservicemanager + -vndservicemanager +}:binder transfer; + +allow servicemanager service_contexts_file:file r_file_perms; +# nonplat_service_contexts only accessible on non full-treble devices +not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;') + +add_service(servicemanager, service_manager_service) + +# Check SELinux permissions. +selinux_check_access(servicemanager) diff --git a/prebuilts/api/30.0/public/sgdisk.te b/prebuilts/api/30.0/public/sgdisk.te new file mode 100644 index 000000000..9d7124983 --- /dev/null +++ b/prebuilts/api/30.0/public/sgdisk.te @@ -0,0 +1,34 @@ +# sgdisk called from vold +type sgdisk, domain; +type sgdisk_exec, system_file_type, exec_type, file_type; + +# Allowed to read/write low-level partition tables +allow sgdisk block_device:dir search; +allow sgdisk vold_device:blk_file rw_file_perms; +# HDIO_GETGEO needed to get the number of disk heads +# on vold_device. How quaint. +allowxperm sgdisk vold_device:blk_file ioctl { HDIO_GETGEO }; +# sgdisk also uses BLKGETSIZE and BLKGETSIZE64. BLKGETSIZE64 +# is granted to all block device users in domain.te, so +# no need to mention it here. sgdisk should not be +# using the BLKGETSIZE ioctl as it is useless for devices over +# 2T in size, but we allow it for now and hope that sgdisk +# will fix their bug. +allowxperm sgdisk vold_device:blk_file ioctl { BLKGETSIZE }; +# Force a re-read of the partition table. +allowxperm sgdisk vold_device:blk_file ioctl { BLKRRPART }; + +# Inherit and use pty created by android_fork_execvp() +allow sgdisk devpts:chr_file { read write ioctl getattr }; + +# Allow stdin/out back to vold +allow sgdisk vold:fd use; +allow sgdisk vold:fifo_file { read write getattr }; + +# Used to probe kernel to reload partition tables +allow sgdisk self:global_capability_class_set sys_admin; + +# Only allow entry from vold +neverallow { domain -vold } sgdisk:process transition; +neverallow * sgdisk:process dyntransition; +neverallow sgdisk { file_type fs_type -sgdisk_exec }:file entrypoint; diff --git a/prebuilts/api/30.0/public/shared_relro.te b/prebuilts/api/30.0/public/shared_relro.te new file mode 100644 index 000000000..8e58e421a --- /dev/null +++ b/prebuilts/api/30.0/public/shared_relro.te @@ -0,0 +1,11 @@ +# Process which creates/updates shared RELRO files to be used by other apps. +type shared_relro, domain; + +# Grant write access to the shared relro files/directory. +allow shared_relro shared_relro_file:dir rw_dir_perms; +allow shared_relro shared_relro_file:file create_file_perms; + +# Needs to contact the "webviewupdate" and "activity" services +allow shared_relro activity_service:service_manager find; +allow shared_relro webviewupdate_service:service_manager find; +allow shared_relro package_service:service_manager find; diff --git a/prebuilts/api/30.0/public/shell.te b/prebuilts/api/30.0/public/shell.te new file mode 100644 index 000000000..c0412ebfd --- /dev/null +++ b/prebuilts/api/30.0/public/shell.te @@ -0,0 +1,265 @@ +# Domain for shell processes spawned by ADB or console service. +type shell, domain, mlstrustedsubject; +type shell_exec, system_file_type, exec_type, file_type; + +# Create and use network sockets. +net_domain(shell) + +# logcat +read_logd(shell) +control_logd(shell) +# logcat -L (directly, or via dumpstate) +allow shell pstorefs:dir search; +allow shell pstorefs:file r_file_perms; + +# Root fs. +allow shell rootfs:dir r_dir_perms; + +# read files in /data/anr +allow shell anr_data_file:dir r_dir_perms; +allow shell anr_data_file:file r_file_perms; + +# Access /data/local/tmp. +allow shell shell_data_file:dir create_dir_perms; +allow shell shell_data_file:file create_file_perms; +allow shell shell_data_file:file rx_file_perms; +allow shell shell_data_file:lnk_file create_file_perms; + +# Read and delete from /data/local/traces. +allow shell trace_data_file:file { r_file_perms unlink }; +allow shell trace_data_file:dir { r_dir_perms remove_name write }; + +# Access /data/misc/profman. +allow shell profman_dump_data_file:dir { write remove_name r_dir_perms }; +allow shell profman_dump_data_file:file { unlink r_file_perms }; + +# Read/execute files in /data/nativetest +userdebug_or_eng(` + allow shell nativetest_data_file:dir r_dir_perms; + allow shell nativetest_data_file:file rx_file_perms; +') + +# adb bugreport +unix_socket_connect(shell, dumpstate, dumpstate) + +allow shell devpts:chr_file rw_file_perms; +allow shell tty_device:chr_file rw_file_perms; +allow shell console_device:chr_file rw_file_perms; + +allow shell input_device:dir r_dir_perms; +allow shell input_device:chr_file r_file_perms; + +r_dir_file(shell, system_file) +allow shell system_file:file x_file_perms; +allow shell toolbox_exec:file rx_file_perms; +allow shell tzdatacheck_exec:file rx_file_perms; +allow shell shell_exec:file rx_file_perms; +allow shell zygote_exec:file rx_file_perms; + +r_dir_file(shell, apk_data_file) + +# Set properties. +set_prop(shell, shell_prop) +set_prop(shell, ctl_bugreport_prop) +set_prop(shell, ctl_dumpstate_prop) +set_prop(shell, dumpstate_prop) +set_prop(shell, exported_dumpstate_prop) +set_prop(shell, debug_prop) +set_prop(shell, powerctl_prop) +set_prop(shell, log_tag_prop) +set_prop(shell, wifi_log_prop) +# Allow shell to start/stop traced via the persist.traced.enable +# property (which also takes care of /data/misc initialization). +set_prop(shell, traced_enabled_prop) +# adjust is_loggable properties +userdebug_or_eng(`set_prop(shell, log_prop)') +# logpersist script +userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)') +# Allow shell to start/stop heapprofd via the persist.heapprofd.enable +# property. +set_prop(shell, heapprofd_enabled_prop) +# Allow shell to start/stop traced_perf via the persist.traced_perf.enable +# property. +set_prop(shell, traced_perf_enabled_prop) +# Allow shell to start/stop gsid via ctl.start|stop|restart gsid. +set_prop(shell, ctl_gsid_prop) +# Allow shell to enable Dynamic System Update +set_prop(shell, dynamic_system_prop) +# Allow shell to mock an OTA using persist.pm.mock-upgrade +set_prop(shell, mock_ota_prop) + +userdebug_or_eng(` + # "systrace --boot" support - allow boottrace service to run + allow shell boottrace_data_file:dir rw_dir_perms; + allow shell boottrace_data_file:file create_file_perms; + set_prop(shell, persist_debug_prop) +') + +# Read device's serial number from system properties +get_prop(shell, serialno_prop) + +# Allow shell to read the vendor security patch level for CTS +get_prop(shell, vendor_security_patch_level_prop) + +# Read state of logging-related properties +get_prop(shell, device_logging_prop) + +# Read state of boot reason properties +get_prop(shell, bootloader_boot_reason_prop) +get_prop(shell, last_boot_reason_prop) +get_prop(shell, system_boot_reason_prop) + +# Allow reading the outcome of perf_event_open LSM support test for CTS. +get_prop(shell, init_perf_lsm_hooks_prop) + +# allow shell access to services +allow shell servicemanager:service_manager list; +# don't allow shell to access GateKeeper service +# TODO: why is this so broad? Tightening candidate? It needs at list: +# - dumpstate_service (so it can receive dumpstate progress updates) +allow shell { + service_manager_type + -apex_service + -dnsresolver_service + -gatekeeper_service + -incident_service + -installd_service + -iorapd_service + -netd_service + -system_suspend_control_service + -virtual_touchpad_service + -vold_service + -vr_hwc_service + -default_android_service +}:service_manager find; +allow shell dumpstate:binder call; + +# allow shell to get information from hwservicemanager +# for instance, listing hardware services with lshal +hwbinder_use(shell) +allow shell hwservicemanager:hwservice_manager list; + +# allow shell to look through /proc/ for lsmod, ps, top, netstat, vmstat. +r_dir_file(shell, proc_net_type) + +allow shell { + proc_asound + proc_filesystems + proc_interrupts + proc_loadavg # b/124024827 + proc_meminfo + proc_modules + proc_pid_max + proc_slabinfo + proc_stat + proc_timer + proc_uptime + proc_version + proc_vmstat + proc_zoneinfo +}:file r_file_perms; + +# allow listing network interfaces under /sys/class/net. +allow shell sysfs_net:dir r_dir_perms; + +r_dir_file(shell, cgroup) +allow shell domain:dir { search open read getattr }; +allow shell domain:{ file lnk_file } { open read getattr }; + +# statvfs() of /proc and other labeled filesystems +# (yaffs2, jffs2, ext2, ext3, ext4, xfs, btrfs, f2fs, squashfs, overlay) +allow shell { proc labeledfs }:filesystem getattr; + +# stat() of /dev +allow shell device:dir getattr; + +# allow shell to read /proc/pid/attr/current for ps -Z +allow shell domain:process getattr; + +# Allow pulling the SELinux policy for CTS purposes +allow shell selinuxfs:dir r_dir_perms; +allow shell selinuxfs:file r_file_perms; + +# enable shell domain to read/write files/dirs for bootchart data +# User will creates the start and stop file via adb shell +# and read other files created by init process under /data/bootchart +allow shell bootchart_data_file:dir rw_dir_perms; +allow shell bootchart_data_file:file create_file_perms; + +# Make sure strace works for the non-privileged shell user +allow shell self:process ptrace; + +# allow shell to get battery info +allow shell sysfs:dir r_dir_perms; +allow shell sysfs_batteryinfo:dir r_dir_perms; +allow shell sysfs_batteryinfo:file r_file_perms; + +# Allow access to ion memory allocation device. +allow shell ion_device:chr_file rw_file_perms; + +# +# filesystem test for insecure chr_file's is done +# via a host side test +# +allow shell dev_type:dir r_dir_perms; +allow shell dev_type:chr_file getattr; + +# /dev/fd is a symlink +allow shell proc:lnk_file getattr; + +# +# filesystem test for insucre blk_file's is done +# via hostside test +# +allow shell dev_type:blk_file getattr; + +# read selinux policy files +allow shell file_contexts_file:file r_file_perms; +allow shell property_contexts_file:file r_file_perms; +allow shell seapp_contexts_file:file r_file_perms; +allow shell service_contexts_file:file r_file_perms; +allow shell sepolicy_file:file r_file_perms; + +# Allow shell to start up vendor shell +allow shell vendor_shell_exec:file rx_file_perms; + +# Everything is labeled as rootfs in recovery mode. Allow shell to +# execute them. +recovery_only(` + allow shell rootfs:file rx_file_perms; +') + +### +### Neverallow rules +### + +# Do not allow shell to hard link to any files. +# In particular, if shell hard links to app data +# files, installd will not be able to guarantee the deletion +# of the linked to file. Hard links also contribute to security +# bugs, so we want to ensure the shell user never has this +# capability. +neverallow shell file_type:file link; + +# Do not allow privileged socket ioctl commands +neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; + +# limit shell access to sensitive char drivers to +# only getattr required for host side test. +neverallow shell { + fuse_device + hw_random_device + port_device +}:chr_file ~getattr; + +# Limit shell to only getattr on blk devices for host side tests. +neverallow shell dev_type:blk_file ~getattr; + +# b/30861057: Shell access to existing input devices is an abuse +# vector. The shell user can inject events that look like they +# originate from the touchscreen etc. +# Everyone should have already moved to UiAutomation#injectInputEvent +# if they are running instrumentation tests (i.e. CTS), Monkey for +# their stress tests, and the input command (adb shell input ...) for +# injecting swipes and things. +neverallow shell input_device:chr_file no_w_file_perms; diff --git a/prebuilts/api/30.0/public/simpleperf.te b/prebuilts/api/30.0/public/simpleperf.te new file mode 100644 index 000000000..218fee77a --- /dev/null +++ b/prebuilts/api/30.0/public/simpleperf.te @@ -0,0 +1 @@ +type simpleperf, domain; diff --git a/prebuilts/api/30.0/public/simpleperf_app_runner.te b/prebuilts/api/30.0/public/simpleperf_app_runner.te new file mode 100644 index 000000000..b7ff7a032 --- /dev/null +++ b/prebuilts/api/30.0/public/simpleperf_app_runner.te @@ -0,0 +1,43 @@ +type simpleperf_app_runner, domain, mlstrustedsubject; +type simpleperf_app_runner_exec, system_file_type, exec_type, file_type; + +# run simpleperf_app_runner in adb shell. +allow simpleperf_app_runner adbd:fd use; +allow simpleperf_app_runner shell:fd use; +allow simpleperf_app_runner devpts:chr_file { read write ioctl }; + +# simpleperf_app_runner reads package information. +allow simpleperf_app_runner system_data_file:file r_file_perms; +allow simpleperf_app_runner system_data_file:lnk_file getattr; +allow simpleperf_app_runner packages_list_file:file r_file_perms; + +# The app's data dir may be accessed through a symlink. +allow simpleperf_app_runner system_data_file:lnk_file read; + +# simpleperf_app_runner switches to the app UID/GID. +allow simpleperf_app_runner self:global_capability_class_set { setuid setgid }; + +# simpleperf_app_runner switches to the app security context. +selinux_check_context(simpleperf_app_runner) # validate context +allow simpleperf_app_runner self:process setcurrent; +allow simpleperf_app_runner untrusted_app_all:process dyntransition; # setcon + +# simpleperf_app_runner/libselinux needs access to seapp_contexts_file to +# determine which domain to transition to. +allow simpleperf_app_runner seapp_contexts_file:file r_file_perms; + +# simpleperf_app_runner passes pipe fds. +allow simpleperf_app_runner shell:fifo_file read; + +# simpleperf_app_runner checks shell data paths. +# simpleperf_app_runner passes shell data fds. +allow simpleperf_app_runner shell_data_file:dir { getattr search }; +allow simpleperf_app_runner shell_data_file:file { getattr write }; + +### +### neverallow rules +### + +# simpleperf_app_runner cannot have capabilities other than CAP_SETUID and CAP_SETGID +neverallow simpleperf_app_runner self:global_capability_class_set ~{ setuid setgid }; +neverallow simpleperf_app_runner self:global_capability2_class_set *; diff --git a/prebuilts/api/30.0/public/slideshow.te b/prebuilts/api/30.0/public/slideshow.te new file mode 100644 index 000000000..10fbbb852 --- /dev/null +++ b/prebuilts/api/30.0/public/slideshow.te @@ -0,0 +1,14 @@ +# slideshow seclabel is specified in init.rc since +# it lives in the rootfs and has no unique file type. +type slideshow, domain; + +allow slideshow kmsg_device:chr_file rw_file_perms; +wakelock_use(slideshow) +allow slideshow device:dir r_dir_perms; +allow slideshow self:global_capability_class_set sys_tty_config; +allow slideshow graphics_device:dir r_dir_perms; +allow slideshow graphics_device:chr_file rw_file_perms; +allow slideshow input_device:dir r_dir_perms; +allow slideshow input_device:chr_file r_file_perms; +allow slideshow tty_device:chr_file rw_file_perms; + diff --git a/prebuilts/api/30.0/public/stats_service_server.te b/prebuilts/api/30.0/public/stats_service_server.te new file mode 100644 index 000000000..564ae234e --- /dev/null +++ b/prebuilts/api/30.0/public/stats_service_server.te @@ -0,0 +1 @@ +add_hwservice(stats_service_server, fwk_stats_hwservice) diff --git a/prebuilts/api/30.0/public/statsd.te b/prebuilts/api/30.0/public/statsd.te new file mode 100644 index 000000000..435bbdfb1 --- /dev/null +++ b/prebuilts/api/30.0/public/statsd.te @@ -0,0 +1,78 @@ +type statsd, domain, mlstrustedsubject; + +type statsd_exec, system_file_type, exec_type, file_type; +binder_use(statsd) + +# Allow statsd to scan through /proc/pid for all processes. +r_dir_file(statsd, domain) + +# Allow executing files on system, such as running a shell or running: +# /system/bin/toolbox +# /system/bin/logcat +# /system/bin/dumpsys +allow statsd devpts:chr_file { getattr ioctl read write }; +allow statsd shell_exec:file rx_file_perms; +allow statsd system_file:file execute_no_trans; +allow statsd toolbox_exec:file rx_file_perms; + +userdebug_or_eng(` + allow statsd su:fifo_file read; +') + +# Create, read, and write into /data/misc/stats-data, /data/misc/stats-system. +allow statsd stats_data_file:dir create_dir_perms; +allow statsd stats_data_file:file create_file_perms; + +# Allow statsd to make binder calls to any binder service. +binder_call(statsd, appdomain) +binder_call(statsd, healthd) +binder_call(statsd, incidentd) +binder_call(statsd, system_server) + +# Allow statsd to interact with gpuservice +allow statsd gpu_service:service_manager find; +binder_call(statsd, gpuservice) + +# Allow logd access. +read_logd(statsd) +control_logd(statsd) + +# Grant statsd with permissions to register the services. +allow statsd { + app_api_service + incident_service + system_api_service +}:service_manager find; + +# Grant statsd to access health hal to access battery metrics. +allow statsd hal_health_hwservice:hwservice_manager find; + +# Allow statsd to send dump info to dumpstate +allow statsd dumpstate:fd use; +allow statsd dumpstate:fifo_file { getattr write }; + +# Allow access to with hardware layer and process stats. +allow statsd proc_uid_cputime_showstat:file { getattr open read }; +hal_client_domain(statsd, hal_health) +hal_client_domain(statsd, hal_power) +hal_client_domain(statsd, hal_power_stats) +hal_client_domain(statsd, hal_thermal) + +# Allow 'adb shell cmd' to upload configs and download output. +allow statsd adbd:fd use; +allow statsd adbd:unix_stream_socket { getattr read write }; +allow statsd shell:fifo_file { getattr read write }; + +unix_socket_send(statsd, statsdw, statsd) + +### +### neverallow rules +### + +# Only statsd and the other root services in limited circumstances. +# can get to the files in /data/misc/stats-data, /data/misc/stats-service. +# Other services are prohibitted from accessing the file. +neverallow { domain -statsd -system_server -init -vold } stats_data_file:file *; + +# Limited access to the directory itself. +neverallow { domain -statsd -system_server -init -vold } stats_data_file:dir *; diff --git a/prebuilts/api/30.0/public/su.te b/prebuilts/api/30.0/public/su.te new file mode 100644 index 000000000..99d460303 --- /dev/null +++ b/prebuilts/api/30.0/public/su.te @@ -0,0 +1,106 @@ +# All types must be defined regardless of build variant to ensure +# policy compilation succeeds with userdebug/user combination at boot +type su, domain; + +# File types must be defined for file_contexts. +type su_exec, system_file_type, exec_type, file_type; + +userdebug_or_eng(` + # Domain used for su processes, as well as for adbd and adb shell + # after performing an adb root command. The domain definition is + # wrapped to ensure that it does not exist at all on -user builds. + typeattribute su mlstrustedsubject; + + # Add su to various domains + net_domain(su) + + # grant su access to vndbinder + vndbinder_use(su) + + dontaudit su self:capability_class_set *; + dontaudit su kernel:security *; + dontaudit su { kernel file_type }:system *; + dontaudit su self:memprotect *; + dontaudit su domain:{ process process2 } *; + dontaudit su domain:fd *; + dontaudit su domain:dir *; + dontaudit su domain:lnk_file *; + dontaudit su domain:{ fifo_file file } *; + dontaudit su domain:socket_class_set *; + dontaudit su domain:ipc_class_set *; + dontaudit su domain:key *; + dontaudit su fs_type:filesystem *; + dontaudit su {fs_type dev_type file_type}:dir_file_class_set *; + dontaudit su node_type:node *; + dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *; + dontaudit su netif_type:netif *; + dontaudit su port_type:socket_class_set *; + dontaudit su port_type:{ tcp_socket dccp_socket } *; + dontaudit su domain:peer *; + dontaudit su domain:binder *; + dontaudit su property_type:property_service *; + dontaudit su property_type:file *; + dontaudit su service_manager_type:service_manager *; + dontaudit su hwservice_manager_type:hwservice_manager *; + dontaudit su vndservice_manager_type:service_manager *; + dontaudit su servicemanager:service_manager list; + dontaudit su hwservicemanager:hwservice_manager list; + dontaudit su vndservicemanager:service_manager list; + dontaudit su keystore:keystore_key *; + dontaudit su domain:drmservice *; + dontaudit su unlabeled:filesystem *; + dontaudit su postinstall_file:filesystem *; + dontaudit su domain:bpf *; + dontaudit su unlabeled:vsock_socket *; + dontaudit su self:perf_event *; + + # VTS tests run in the permissive su domain on debug builds, but the HALs + # being tested run in enforcing mode. Because hal_foo_server is enforcing + # su needs to be declared as hal_foo_client to grant hal_foo_server + # permission to interact with it. + typeattribute su halclientdomain; + typeattribute su hal_allocator_client; + typeattribute su hal_atrace_client; + typeattribute su hal_audio_client; + typeattribute su hal_authsecret_client; + typeattribute su hal_bluetooth_client; + typeattribute su hal_bootctl_client; + typeattribute su hal_camera_client; + typeattribute su hal_configstore_client; + typeattribute su hal_confirmationui_client; + typeattribute su hal_contexthub_client; + typeattribute su hal_drm_client; + typeattribute su hal_cas_client; + typeattribute su hal_dumpstate_client; + typeattribute su hal_fingerprint_client; + typeattribute su hal_gatekeeper_client; + typeattribute su hal_gnss_client; + typeattribute su hal_graphics_allocator_client; + typeattribute su hal_graphics_composer_client; + typeattribute su hal_health_client; + typeattribute su hal_input_classifier_client; + typeattribute su hal_ir_client; + typeattribute su hal_keymaster_client; + typeattribute su hal_light_client; + typeattribute su hal_memtrack_client; + typeattribute su hal_neuralnetworks_client; + typeattribute su hal_nfc_client; + typeattribute su hal_oemlock_client; + typeattribute su hal_power_client; + typeattribute su hal_rebootescrow_client; + typeattribute su hal_secure_element_client; + typeattribute su hal_sensors_client; + typeattribute su hal_telephony_client; + typeattribute su hal_tetheroffload_client; + typeattribute su hal_thermal_client; + typeattribute su hal_tv_cec_client; + typeattribute su hal_tv_input_client; + typeattribute su hal_tv_tuner_client; + typeattribute su hal_usb_client; + typeattribute su hal_vibrator_client; + typeattribute su hal_vr_client; + typeattribute su hal_weaver_client; + typeattribute su hal_wifi_client; + typeattribute su hal_wifi_hostapd_client; + typeattribute su hal_wifi_supplicant_client; +') diff --git a/prebuilts/api/30.0/public/surfaceflinger.te b/prebuilts/api/30.0/public/surfaceflinger.te new file mode 100644 index 000000000..c1e4844a0 --- /dev/null +++ b/prebuilts/api/30.0/public/surfaceflinger.te @@ -0,0 +1,3 @@ +# surfaceflinger - display compositor service +type surfaceflinger, domain; +type surfaceflinger_tmpfs, file_type; diff --git a/prebuilts/api/30.0/public/system_app.te b/prebuilts/api/30.0/public/system_app.te new file mode 100644 index 000000000..023058ee0 --- /dev/null +++ b/prebuilts/api/30.0/public/system_app.te @@ -0,0 +1,7 @@ +### +### Apps that run with the system UID, e.g. com.android.system.ui, +### com.android.settings. These are not as privileged as the system +### server. +### + +type system_app, domain; diff --git a/prebuilts/api/30.0/public/system_server.te b/prebuilts/api/30.0/public/system_server.te new file mode 100644 index 000000000..ff18bdf84 --- /dev/null +++ b/prebuilts/api/30.0/public/system_server.te @@ -0,0 +1,6 @@ +# +# System Server aka system_server spawned by zygote. +# Most of the framework services run in this process. +# +type system_server, domain; +type system_server_tmpfs, file_type, mlstrustedobject; diff --git a/prebuilts/api/30.0/public/system_suspend_server.te b/prebuilts/api/30.0/public/system_suspend_server.te new file mode 100644 index 000000000..8e8310d5e --- /dev/null +++ b/prebuilts/api/30.0/public/system_suspend_server.te @@ -0,0 +1,6 @@ +# Required to export a HIDL interface. +hwbinder_use(system_suspend_server) +get_prop(system_suspend_server, hwservicemanager_prop) + +# To serve ISystemSuspend.hal. +add_hwservice(system_suspend_server, system_suspend_hwservice) diff --git a/prebuilts/api/30.0/public/te_macros b/prebuilts/api/30.0/public/te_macros new file mode 100644 index 000000000..56f977522 --- /dev/null +++ b/prebuilts/api/30.0/public/te_macros @@ -0,0 +1,923 @@ +##################################### +# domain_trans(olddomain, type, newdomain) +# Allow a transition from olddomain to newdomain +# upon executing a file labeled with type. +# This only allows the transition; it does not +# cause it to occur automatically - use domain_auto_trans +# if that is what you want. +# +define(`domain_trans', ` +# Old domain may exec the file and transition to the new domain. +allow $1 $2:file { getattr open read execute map }; +allow $1 $3:process transition; +# New domain is entered by executing the file. +allow $3 $2:file { entrypoint open read execute getattr map }; +# New domain can send SIGCHLD to its caller. +ifelse($1, `init', `', `allow $3 $1:process sigchld;') +# Enable AT_SECURE, i.e. libc secure mode. +dontaudit $1 $3:process noatsecure; +# XXX dontaudit candidate but requires further study. +allow $1 $3:process { siginh rlimitinh }; +') + +##################################### +# domain_auto_trans(olddomain, type, newdomain) +# Automatically transition from olddomain to newdomain +# upon executing a file labeled with type. +# +define(`domain_auto_trans', ` +# Allow the necessary permissions. +domain_trans($1,$2,$3) +# Make the transition occur by default. +type_transition $1 $2:process $3; +') + +##################################### +# file_type_trans(domain, dir_type, file_type) +# Allow domain to create a file labeled file_type in a +# directory labeled dir_type. +# This only allows the transition; it does not +# cause it to occur automatically - use file_type_auto_trans +# if that is what you want. +# +define(`file_type_trans', ` +# Allow the domain to add entries to the directory. +allow $1 $2:dir ra_dir_perms; +# Allow the domain to create the file. +allow $1 $3:notdevfile_class_set create_file_perms; +allow $1 $3:dir create_dir_perms; +') + +##################################### +# file_type_auto_trans(domain, dir_type, file_type) +# Automatically label new files with file_type when +# they are created by domain in directories labeled dir_type. +# +define(`file_type_auto_trans', ` +# Allow the necessary permissions. +file_type_trans($1, $2, $3) +# Make the transition occur by default. +type_transition $1 $2:dir $3; +type_transition $1 $2:notdevfile_class_set $3; +') + +##################################### +# r_dir_file(domain, type) +# Allow the specified domain to read directories, files +# and symbolic links of the specified type. +define(`r_dir_file', ` +allow $1 $2:dir r_dir_perms; +allow $1 $2:{ file lnk_file } r_file_perms; +') + +##################################### +# tmpfs_domain(domain) +# Allow access to a unique type for this domain when creating tmpfs / ashmem files. +define(`tmpfs_domain', ` +type_transition $1 tmpfs:file $1_tmpfs; +allow $1 $1_tmpfs:file { read write getattr map }; +') + +# pdx macros for IPC. pdx is a high-level name which contains transport-specific +# rules from underlying transport (e.g. UDS-based implementation). + +##################################### +# pdx_service_attributes(service) +# Defines type attribute used to identify various service-related types. +define(`pdx_service_attributes', ` +attribute pdx_$1_endpoint_dir_type; +attribute pdx_$1_endpoint_socket_type; +attribute pdx_$1_channel_socket_type; +attribute pdx_$1_server_type; +') + +##################################### +# pdx_service_socket_types(service, endpoint_dir_t) +# Define types for endpoint and channel sockets. +define(`pdx_service_socket_types', ` +typeattribute $2 pdx_$1_endpoint_dir_type; +type pdx_$1_endpoint_socket, pdx_$1_endpoint_socket_type, pdx_endpoint_socket_type, file_type, coredomain_socket, mlstrustedobject, mlstrustedsubject; +type pdx_$1_channel_socket, pdx_$1_channel_socket_type, pdx_channel_socket_type, coredomain_socket; +userdebug_or_eng(` +dontaudit su pdx_$1_endpoint_socket:unix_stream_socket *; +dontaudit su pdx_$1_channel_socket:unix_stream_socket *; +') +') + +##################################### +# pdx_server(server_domain, service) +define(`pdx_server', ` +# Mark the server domain as a PDX server. +typeattribute $1 pdx_$2_server_type; +# Allow the init process to create the initial endpoint socket. +allow init pdx_$2_endpoint_socket_type:unix_stream_socket { create bind }; +# Allow the server domain to use the endpoint socket and accept connections on it. +# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights +# than we need (e.g. we don"t need "bind" or "connect"). +allow $1 pdx_$2_endpoint_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown listen accept }; +# Allow the server domain to apply security context label to the channel socket pair (allow process to use setsockcreatecon_raw()). +allow $1 self:process setsockcreate; +# Allow the server domain to create a client channel socket. +allow $1 pdx_$2_channel_socket_type:unix_stream_socket create_stream_socket_perms; +# Prevent other processes from claiming to be a server for the same service. +neverallow {domain -$1} pdx_$2_endpoint_socket_type:unix_stream_socket { listen accept }; +') + +##################################### +# pdx_connect(client, service) +define(`pdx_connect', ` +# Allow client to open the service endpoint file. +allow $1 pdx_$2_endpoint_dir_type:dir r_dir_perms; +allow $1 pdx_$2_endpoint_socket_type:sock_file rw_file_perms; +# Allow the client to connect to endpoint socket. +allow $1 pdx_$2_endpoint_socket_type:unix_stream_socket { connectto read write shutdown }; +') + +##################################### +# pdx_use(client, service) +define(`pdx_use', ` +# Allow the client to use the PDX channel socket. +# Not using macro like "rw_socket_perms_no_ioctl" because it provides more rights +# than we need (e.g. we don"t need "bind" or "connect"). +allow $1 pdx_$2_channel_socket_type:unix_stream_socket { read getattr write setattr lock append getopt setopt shutdown }; +# Client needs to use an channel event fd from the server. +allow $1 pdx_$2_server_type:fd use; +# Servers may receive sync fences, gralloc buffers, etc, from clients. +# This could be tightened on a per-server basis, but keeping track of service +# clients is error prone. +allow pdx_$2_server_type $1:fd use; +') + +##################################### +# pdx_client(client, service) +define(`pdx_client', ` +pdx_connect($1, $2) +pdx_use($1, $2) +') + +##################################### +# init_daemon_domain(domain) +# Set up a transition from init to the daemon domain +# upon executing its binary. +define(`init_daemon_domain', ` +domain_auto_trans(init, $1_exec, $1) +') + +##################################### +# app_domain(domain) +# Allow a base set of permissions required for all apps. +define(`app_domain', ` +typeattribute $1 appdomain; +# Label tmpfs objects for all apps. +type_transition $1 tmpfs:file appdomain_tmpfs; +allow $1 appdomain_tmpfs:file { execute getattr map read write }; +neverallow { $1 -runas_app -shell -simpleperf } { domain -$1 }:file no_rw_file_perms; +neverallow { appdomain -runas_app -shell -simpleperf -$1 } $1:file no_rw_file_perms; +# The Android security model guarantees the confidentiality and integrity +# of application data and execution state. Ptrace bypasses those +# confidentiality guarantees. Disallow ptrace access from system components to +# apps. crash_dump is excluded, as it needs ptrace access to produce stack +# traces. runas_app is excluded, as it operates only on debuggable apps. +# simpleperf is excluded, as it operates only on debuggable or profileable +# apps. llkd is excluded, as it needs ptrace access to inspect stack traces for +# live lock conditions. +neverallow { domain -$1 -crash_dump userdebug_or_eng(`-llkd') -runas_app -simpleperf } $1:process ptrace; +') + +##################################### +# untrusted_app_domain(domain) +# Allow a base set of permissions required for all untrusted apps. +define(`untrusted_app_domain', ` +typeattribute $1 untrusted_app_all; +') + +##################################### +# net_domain(domain) +# Allow a base set of permissions required for network access. +define(`net_domain', ` +typeattribute $1 netdomain; +') + +##################################### +# bluetooth_domain(domain) +# Allow a base set of permissions required for bluetooth access. +define(`bluetooth_domain', ` +typeattribute $1 bluetoothdomain; +') + +##################################### +# hal_attribute(hal_name) +# Add an attribute for hal implementations along with necessary +# restrictions. +define(`hal_attribute', ` +attribute hal_$1; +expandattribute hal_$1 true; +attribute hal_$1_client; +expandattribute hal_$1_client true; +attribute hal_$1_server; +expandattribute hal_$1_server false; + +neverallow { hal_$1_server -halserverdomain } domain:process fork; +# hal_*_client and halclientdomain attributes are always expanded for +# performance reasons. Neverallow rules targeting expanded attributes can not be +# verified by CTS since these attributes are already expanded by that time. +build_test_only(` +neverallow { hal_$1_server -hal_$1 } domain:process fork; +neverallow { hal_$1_client -halclientdomain } domain:process fork; +') +') + +##################################### +# hal_server_domain(domain, hal_type) +# Allow a base set of permissions required for a domain to offer a +# HAL implementation of the specified type over HwBinder. +# +# For example, default implementation of Foo HAL: +# type hal_foo_default, domain; +# hal_server_domain(hal_foo_default, hal_foo) +# +define(`hal_server_domain', ` +typeattribute $1 halserverdomain; +typeattribute $1 $2_server; +typeattribute $1 $2; +') + +##################################### +# hal_client_domain(domain, hal_type) +# Allow a base set of permissions required for a domain to be a +# client of a HAL of the specified type. +# +# For example, make some_domain a client of Foo HAL: +# hal_client_domain(some_domain, hal_foo) +# +define(`hal_client_domain', ` +typeattribute $1 halclientdomain; +typeattribute $1 $2_client; + +# TODO(b/34170079): Make the inclusion of the rules below conditional also on +# non-Treble devices. For now, on non-Treble device, always grant clients of a +# HAL sufficient access to run the HAL in passthrough mode (i.e., in-process). +not_full_treble(` +typeattribute $1 $2; +# Find passthrough HAL implementations +allow $2 system_file:dir r_dir_perms; +allow $2 vendor_file:dir r_dir_perms; +allow $2 vendor_file:file { read open getattr execute map }; +') +') + +##################################### +# passthrough_hal_client_domain(domain, hal_type) +# Allow a base set of permissions required for a domain to be a +# client of a passthrough HAL of the specified type. +# +# For example, make some_domain a client of passthrough Foo HAL: +# passthrough_hal_client_domain(some_domain, hal_foo) +# +define(`passthrough_hal_client_domain', ` +typeattribute $1 halclientdomain; +typeattribute $1 $2_client; +typeattribute $1 $2; +# Find passthrough HAL implementations +allow $2 system_file:dir r_dir_perms; +allow $2 vendor_file:dir r_dir_perms; +allow $2 vendor_file:file { read open getattr execute map }; +') + +##################################### +# unix_socket_connect(clientdomain, socket, serverdomain) +# Allow a local socket connection from clientdomain via +# socket to serverdomain. +# +# Note: If you see denial records that distill to the +# following allow rules: +# allow clientdomain property_socket:sock_file write; +# allow clientdomain init:unix_stream_socket connectto; +# allow clientdomain something_prop:property_service set; +# +# This sequence is indicative of attempting to set a property. +# use set_prop(sourcedomain, targetproperty) +# +define(`unix_socket_connect', ` +allow $1 $2_socket:sock_file write; +allow $1 $3:unix_stream_socket connectto; +') + +##################################### +# set_prop(sourcedomain, targetproperty) +# Allows source domain to set the +# targetproperty. +# +define(`set_prop', ` +unix_socket_connect($1, property, init) +allow $1 $2:property_service set; +get_prop($1, $2) +') + +##################################### +# get_prop(sourcedomain, targetproperty) +# Allows source domain to read the +# targetproperty. +# +define(`get_prop', ` +allow $1 $2:file { getattr open read map }; +') + +##################################### +# unix_socket_send(clientdomain, socket, serverdomain) +# Allow a local socket send from clientdomain via +# socket to serverdomain. +define(`unix_socket_send', ` +allow $1 $2_socket:sock_file write; +allow $1 $3:unix_dgram_socket sendto; +') + +##################################### +# binder_use(domain) +# Allow domain to use Binder IPC. +define(`binder_use', ` +# Call the servicemanager and transfer references to it. +allow $1 servicemanager:binder { call transfer }; +# Allow servicemanager to send out callbacks +allow servicemanager $1:binder { call transfer }; +# servicemanager performs getpidcon on clients. +allow servicemanager $1:dir search; +allow servicemanager $1:file { read open }; +allow servicemanager $1:process getattr; +# rw access to /dev/binder and /dev/ashmem is presently granted to +# all domains in domain.te. +') + +##################################### +# hwbinder_use(domain) +# Allow domain to use HwBinder IPC. +define(`hwbinder_use', ` +# Call the hwservicemanager and transfer references to it. +allow $1 hwservicemanager:binder { call transfer }; +# Allow hwservicemanager to send out callbacks +allow hwservicemanager $1:binder { call transfer }; +# hwservicemanager performs getpidcon on clients. +allow hwservicemanager $1:dir search; +allow hwservicemanager $1:file { read open map }; +allow hwservicemanager $1:process getattr; +# rw access to /dev/hwbinder and /dev/ashmem is presently granted to +# all domains in domain.te. +') + +##################################### +# vndbinder_use(domain) +# Allow domain to use Binder IPC. +define(`vndbinder_use', ` +# Talk to the vndbinder device node +allow $1 vndbinder_device:chr_file rw_file_perms; +# Call the vndservicemanager and transfer references to it. +allow $1 vndservicemanager:binder { call transfer }; +# vndservicemanager performs getpidcon on clients. +allow vndservicemanager $1:dir search; +allow vndservicemanager $1:file { read open map }; +allow vndservicemanager $1:process getattr; +') + +##################################### +# binder_call(clientdomain, serverdomain) +# Allow clientdomain to perform binder IPC to serverdomain. +define(`binder_call', ` +# Call the server domain and optionally transfer references to it. +allow $1 $2:binder { call transfer }; +# Allow the serverdomain to transfer references to the client on the reply. +allow $2 $1:binder transfer; +# Receive and use open files from the server. +allow $1 $2:fd use; +') + +##################################### +# binder_service(domain) +# Mark a domain as being a Binder service domain. +# Used to allow binder IPC to the various system services. +define(`binder_service', ` +typeattribute $1 binderservicedomain; +') + +##################################### +# wakelock_use(domain) +# Allow domain to manage wake locks +define(`wakelock_use', ` +# TODO(b/115946999): Remove /sys/power/* permissions once CONFIG_PM_WAKELOCKS is +# deprecated. +# Access /sys/power/wake_lock and /sys/power/wake_unlock +allow $1 sysfs_wake_lock:file rw_file_perms; +# Accessing these files requires CAP_BLOCK_SUSPEND +allow $1 self:global_capability2_class_set block_suspend; +# system_suspend permissions +binder_call($1, system_suspend_server) +allow $1 system_suspend_hwservice:hwservice_manager find; +# halclientdomain permissions +hwbinder_use($1) +get_prop($1, hwservicemanager_prop) +allow $1 hidl_manager_hwservice:hwservice_manager find; +') + +##################################### +# selinux_check_access(domain) +# Allow domain to check SELinux permissions via selinuxfs. +define(`selinux_check_access', ` +r_dir_file($1, selinuxfs) +allow $1 selinuxfs:file w_file_perms; +allow $1 kernel:security compute_av; +allow $1 self:netlink_selinux_socket { read write create getattr setattr lock relabelfrom relabelto append bind connect listen accept getopt setopt shutdown recvfrom sendto name_bind }; +') + +##################################### +# selinux_check_context(domain) +# Allow domain to check SELinux contexts via selinuxfs. +define(`selinux_check_context', ` +r_dir_file($1, selinuxfs) +allow $1 selinuxfs:file w_file_perms; +allow $1 kernel:security check_context; +') + +##################################### +# create_pty(domain) +# Allow domain to create and use a pty, isolated from any other domain ptys. +define(`create_pty', ` +# Each domain gets a unique devpts type. +type $1_devpts, fs_type; +# Label the pty with the unique type when created. +type_transition $1 devpts:chr_file $1_devpts; +# Allow use of the pty after creation. +allow $1 $1_devpts:chr_file { open getattr read write ioctl }; +allowxperm $1 $1_devpts:chr_file ioctl unpriv_tty_ioctls; +# TIOCSTI is only ever used for exploits. Block it. +# b/33073072, b/7530569 +# http://www.openwall.com/lists/oss-security/2016/09/26/14 +neverallowxperm * $1_devpts:chr_file ioctl TIOCSTI; +# Note: devpts:dir search and ptmx_device:chr_file rw_file_perms +# allowed to everyone via domain.te. +') + +##################################### +# Non system_app application set +# +define(`non_system_app_set', `{ appdomain -system_app }') + +##################################### +# Recovery only +# SELinux rules which apply only to recovery mode +# +define(`recovery_only', ifelse(target_recovery, `true', $1, )) + +##################################### +# Full TREBLE only +# SELinux rules which apply only to full TREBLE devices +# +define(`full_treble_only', ifelse(target_full_treble, `true', $1, +ifelse(target_full_treble, `cts', +# BEGIN_TREBLE_ONLY -- this marker is used by CTS -- do not modify +$1 +# END_TREBLE_ONLY -- this marker is used by CTS -- do not modify +, ))) + +##################################### +# Not full TREBLE +# SELinux rules which apply only to devices which are not full TREBLE devices +# +define(`not_full_treble', ifelse(target_full_treble, `true', , $1)) + +##################################### +# Compatible property only +# SELinux rules which apply only to devices with compatible property +# +define(`compatible_property_only', ifelse(target_compatible_property, `true', $1, +ifelse(target_compatible_property, `cts', +# BEGIN_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify +$1 +# END_COMPATIBLE_PROPERTY_ONLY -- this marker is used by CTS -- do not modify +, ))) + +##################################### +# Not compatible property +# SELinux rules which apply only to devices without compatible property +# +define(`not_compatible_property', ifelse(target_compatible_property, `true', , $1)) + +##################################### +# Userdebug or eng builds +# SELinux rules which apply only to userdebug or eng builds +# +define(`userdebug_or_eng', ifelse(target_build_variant, `eng', $1, ifelse(target_build_variant, `userdebug', $1))) + +##################################### +# asan builds +# SELinux rules which apply only to asan builds +# +define(`with_asan', ifelse(target_with_asan, `true', userdebug_or_eng(`$1'), )) + +##################################### +# native coverage builds +# SELinux rules which apply only to builds with native coverage +# +define(`with_native_coverage', ifelse(target_with_native_coverage, `true', userdebug_or_eng(`$1'), )) + +##################################### +# Build-time-only test +# SELinux rules which are verified during build, but not as part of *TS testing. +# +define(`build_test_only', ifelse(target_exclude_build_test, `true', , $1)) + +#################################### +# Fallback crash handling for processes that can't exec crash_dump (e.g. because of seccomp). +# +define(`crash_dump_fallback', ` +userdebug_or_eng(` + allow $1 su:fifo_file append; +') +allow $1 anr_data_file:file append; +allow $1 dumpstate:fd use; +allow $1 incidentd:fd use; +# TODO: Figure out why write is needed. +allow $1 dumpstate:fifo_file { append write }; +allow $1 incidentd:fifo_file { append write }; +allow $1 system_server:fifo_file { append write }; +allow $1 tombstoned:unix_stream_socket connectto; +allow $1 tombstoned:fd use; +allow $1 tombstoned_crash_socket:sock_file write; +allow $1 tombstone_data_file:file append; +') + +##################################### +# WITH_DEXPREOPT builds +# SELinux rules which apply only when pre-opting. +# +define(`with_dexpreopt', ifelse(target_with_dexpreopt, `true', $1)) + +##################################### +# write_logd(domain) +# Ability to write to android log +# daemon via sockets +define(`write_logd', ` +unix_socket_send($1, logdw, logd) +allow $1 pmsg_device:chr_file w_file_perms; +') + +##################################### +# read_logd(domain) +# Ability to run logcat and read from android +# log daemon via sockets +define(`read_logd', ` +allow $1 logcat_exec:file rx_file_perms; +unix_socket_connect($1, logdr, logd) +') + +##################################### +# read_runtime_log_tags(domain) +# ability to directly map the runtime event log tags +define(`read_runtime_log_tags', ` +allow $1 runtime_event_log_tags_file:file r_file_perms; +') + +##################################### +# control_logd(domain) +# Ability to control +# android log daemon via sockets +define(`control_logd', ` +# Group AID_LOG checked by filesystem & logd +# to permit control commands +unix_socket_connect($1, logd, logd) +') + +##################################### +# use_keystore(domain) +# Ability to use keystore. +# Keystore is requires the following permissions +# to call getpidcon. +define(`use_keystore', ` + allow keystore $1:dir search; + allow keystore $1:file { read open }; + allow keystore $1:process getattr; + allow $1 keystore_service:service_manager find; + binder_call($1, keystore) + binder_call(keystore, $1) +') + +##################################### +# use_credstore(domain) +# Ability to use credstore. +define(`use_credstore', ` + allow credstore $1:dir search; + allow credstore $1:file { read open }; + allow credstore $1:process getattr; + allow $1 credstore_service:service_manager find; + binder_call($1, credstore) + binder_call(credstore, $1) +') + +########################################### +# use_drmservice(domain) +# Ability to use DrmService which requires +# DrmService to call getpidcon. +define(`use_drmservice', ` + allow drmserver $1:dir search; + allow drmserver $1:file { read open }; + allow drmserver $1:process getattr; +') + +########################################### +# add_service(domain, service) +# Ability for domain to add a service to service_manager +# and find it. It also creates a neverallow preventing +# others from adding it. +define(`add_service', ` + allow $1 $2:service_manager { add find }; + neverallow { domain -$1 } $2:service_manager add; +') + +########################################### +# add_hwservice(domain, service) +# Ability for domain to add a service to hwservice_manager +# and find it. It also creates a neverallow preventing +# others from adding it. +define(`add_hwservice', ` + allow $1 $2:hwservice_manager { add find }; + allow $1 hidl_base_hwservice:hwservice_manager add; + neverallow { domain -$1 } $2:hwservice_manager add; +') + +########################################### +# hal_attribute_hwservice(attribute, service) +# Ability for domain to get a service to hwservice_manager +# and find it. It also creates a neverallow preventing +# others from adding it. +# +# Used to pair hal_foo_client with hal_foo_hwservice +define(`hal_attribute_hwservice', ` + allow $1_client $2:hwservice_manager find; + add_hwservice($1_server, $2) + + build_test_only(` + neverallow { domain -$1_client -$1_server } $2:hwservice_manager find; + ') +') + +################################### +# can_profile_heap(domain) +# Allow processes within the domain to have their heap profiled by heapprofd. +# +# Note that profiling is performed differently between debug and user builds. +# There are two modes for profiling: +# * forked +# * central. +# On user builds, the default is to allow only forked mode. If it is desired +# to allow central mode as well for a domain, use can_profile_heap_central. +# On userdebug, this macro allows both forked and central. +define(`can_profile_heap', ` + # Allow central daemon to send signal for client initialization. + allow heapprofd $1:process signal; + + # Allow executing a private heapprofd process to handle profiling on + # user builds (also debug builds for testing & development purposes). + allow $1 heapprofd_exec:file rx_file_perms; + + # Allow directory & file read to the central heapprofd daemon, as it scans + # /proc/[pid]/cmdline for by-process-name profiling configs. + # Note that this excludes /proc/[pid]/mem, as it requires ptrace capabilities. + allow heapprofd $1:file r_file_perms; + allow heapprofd $1:dir r_dir_perms; + + # Profilability on user implies profilability on userdebug and eng. + userdebug_or_eng(` + can_profile_heap_central($1) + ') +') + +################################### +# can_profile_heap_central(domain) +# Allow processes within the domain to have their heap profiled by central +# heapprofd. +define(`can_profile_heap_central', ` + # Allow central daemon to send signal for client initialization. + allow heapprofd $1:process signal; + # Allow connecting to the daemon. + unix_socket_connect($1, heapprofd, heapprofd) + # Allow daemon to use the passed fds. + allow heapprofd $1:fd use; + # Allow to read and write to heapprofd shmem. + # The client needs to read the read and write pointers in order to write. + allow $1 heapprofd_tmpfs:file { read write getattr map }; + # Use shared memory received over the unix socket. + allow $1 heapprofd:fd use; + + # To read and write from the received file descriptors. + # /proc/[pid]/maps and /proc/[pid]/mem have the same SELinux label as the + # process they relate to. + # We need to write to /proc/$PID/page_idle to find idle allocations. + # The client only opens /proc/self/page_idle with RDWR, everything else + # with RDONLY. + # heapprofd cannot open /proc/$PID/mem itself, as it does not have + # sys_ptrace. + allow heapprofd $1:file rw_file_perms; + # Allow searching the /proc/[pid] directory for cmdline. + allow heapprofd $1:dir r_dir_perms; +') + +################################### +# never_profile_heap(domain) +# Opt out of heap profiling by heapprofd. +define(`never_profile_heap', ` + neverallow heapprofd $1:file read; + neverallow heapprofd $1:process signal; +') + +################################### +# can_profile_perf(domain) +# Allow processes within the domain to be profiled, and have their stacks +# sampled, by traced_perf. +define(`can_profile_perf', ` + # Allow directory & file read to traced_perf, as it stat(2)s /proc/[pid], and + # reads /proc/[pid]/cmdline. + allow traced_perf $1:file r_file_perms; + allow traced_perf $1:dir r_dir_perms; + + # Allow central daemon to send signal to request /proc/[pid]/maps and + # /proc/[pid]/mem fds from this process. + allow traced_perf $1:process signal; + + # Allow connecting to the daemon. + unix_socket_connect($1, traced_perf, traced_perf) + # Allow daemon to use the passed fds. + allow traced_perf $1:fd use; +') + +################################### +# never_profile_perf(domain) +# Opt out of profiling by traced_perf. +define(`never_profile_perf', ` + neverallow traced_perf $1:file read; + neverallow traced_perf $1:process signal; +') + +################################### +# perfetto_producer(domain) +# Allow processes within the domain to write data to Perfetto. +# When applying this macro, you might need to also allow traced to use the +# producer tmpfs domain, if the producer will be the one creating the shared +# memory. +define(`perfetto_producer', ` + allow $1 traced:fd use; + allow $1 traced_tmpfs:file { read write getattr map }; + unix_socket_connect($1, traced_producer, traced) + + # Also allow the service to use the producer file descriptors. This is + # necessary when the producer is creating the shared memory, as it will be + # passed to the service as a file descriptor (obtained from memfd_create). + allow traced $1:fd use; +') + +########################################### +# dump_hal(hal_type) +# Ability to dump the hal debug info +# +define(`dump_hal', ` + hal_client_domain(dumpstate, $1); + allow $1_server dumpstate:fifo_file write; + allow $1_server dumpstate:fd use; +') + +##################################### +# treble_sysprop_neverallow(rules) +# SELinux neverallow rules which enforces the owner of each property and accessibility +# outside the owner. +# +# For devices launching with R or later, all properties must be explicitly marked as one of: +# system_property_type, vendor_property_type, or product_property_type. +# Also, exported properties must be explicitly marked as "restricted" or "public", +# depending on the accessibility outside the owner. +# For devices launching with Q or eariler, this neverallow rules can be relaxed with defining +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true on BoardConfig.mk. +# See {partition}_{accessibility}_prop macros below. +# +# CTS uses these rules only for devices launching with R or later. +# +define(`treble_sysprop_neverallow', ifelse(target_treble_sysprop_neverallow, `true', $1, +ifelse(target_treble_sysprop_neverallow, `cts', +# BEGIN_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify +$1 +# END_LAUNCHING_WITH_R_ONLY -- this marker is used by CTS -- do not modify +, ))) + +########################################### +# define_prop(name, owner, scope) +# Define a property with given owner and scope +# +define(`define_prop', ` + type $1, property_type, $2_property_type, $2_$3_property_type; +') + +########################################### +# system_internal_prop(name) +# Define a /system-owned property used only in /system +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`system_internal_prop', ` + define_prop($1, system, internal) + treble_sysprop_neverallow(` + neverallow { domain -coredomain } $1:file no_rw_file_perms; + ') +') + +########################################### +# system_restricted_prop(name) +# Define a /system-owned property which can't be written outside /system +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`system_restricted_prop', ` + define_prop($1, system, restricted) + treble_sysprop_neverallow(` + neverallow { domain -coredomain } $1:property_service set; + ') +') + +########################################### +# system_public_prop(name) +# Define a /system-owned property with no restrictions +# +define(`system_public_prop', `define_prop($1, system, public)') + +########################################### +# system_vendor_config_prop(name) +# Define a /system-owned property which can only be written by vendor_init +# This is a macro for vendor-specific configuration properties which is meant +# to be set once from vendor_init. +# +define(`system_vendor_config_prop', ` + system_public_prop($1) + set_prop(vendor_init, $1) + neverallow { domain -init -vendor_init } $1:property_service set; +') + +########################################### +# product_internal_prop(name) +# Define a /product-owned property used only in /product +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`product_internal_prop', ` + define_prop($1, product, internal) + treble_sysprop_neverallow(` + neverallow { domain -coredomain } $1:file no_rw_file_perms; + ') +') + +########################################### +# product_restricted_prop(name) +# Define a /product-owned property which can't be written outside /product +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`product_restricted_prop', ` + define_prop($1, product, restricted) + treble_sysprop_neverallow(` + neverallow { domain -coredomain } $1:property_service set; + ') +') + +########################################### +# product_public_prop(name) +# Define a /product-owned property with no restrictions +# +define(`product_public_prop', `define_prop($1, product, public)') + +########################################### +# vendor_internal_prop(name) +# Define a /vendor-owned property used only in /vendor +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`vendor_internal_prop', ` + define_prop($1, vendor, internal) + treble_sysprop_neverallow(` +# init and dumpstate are in coredomain, but should be able to read all props. + neverallow { coredomain -init -dumpstate } $1:file no_rw_file_perms; + ') +') + +########################################### +# vendor_restricted_prop(name) +# Define a /vendor-owned property which can't be written outside /vendor +# For devices launching with Q or eariler, this restriction can be relaxed with +# BUILD_BROKEN_TREBLE_SYSPROP_NEVERALLOW := true +# +define(`vendor_restricted_prop', ` + define_prop($1, vendor, restricted) + treble_sysprop_neverallow(` +# init is in coredomain, but should be able to write all props. + neverallow { coredomain -init } $1:property_service set; + ') +') + +########################################### +# vendor_public_prop(name) +# Define a /vendor-owned property with no restrictions +# +define(`vendor_public_prop', `define_prop($1, vendor, public)') diff --git a/prebuilts/api/30.0/public/tee.te b/prebuilts/api/30.0/public/tee.te new file mode 100644 index 000000000..0f9b32dc9 --- /dev/null +++ b/prebuilts/api/30.0/public/tee.te @@ -0,0 +1,11 @@ +## +# trusted execution environment (tee) daemon +# +type tee, domain; + +# Device(s) for communicating with the TEE +type tee_device, dev_type; + +allow tee fingerprint_vendor_data_file:dir rw_dir_perms; +allow tee fingerprint_vendor_data_file:file create_file_perms; + diff --git a/prebuilts/api/30.0/public/tombstoned.te b/prebuilts/api/30.0/public/tombstoned.te new file mode 100644 index 000000000..ea2abbb75 --- /dev/null +++ b/prebuilts/api/30.0/public/tombstoned.te @@ -0,0 +1,17 @@ +# debugger interface +type tombstoned, domain, mlstrustedsubject; +type tombstoned_exec, system_file_type, exec_type, file_type; + +# Write to arbitrary pipes given to us. +allow tombstoned domain:fd use; +allow tombstoned domain:fifo_file write; + +allow tombstoned domain:dir r_dir_perms; +allow tombstoned domain:file r_file_perms; +allow tombstoned tombstone_data_file:dir rw_dir_perms; +allow tombstoned tombstone_data_file:file { create_file_perms link }; + +# Changes for the new stack dumping mechanism. Each trace goes into a +# separate file, and these files are managed by tombstoned. +allow tombstoned anr_data_file:dir rw_dir_perms; +allow tombstoned anr_data_file:file { append create getattr open link unlink }; diff --git a/prebuilts/api/30.0/public/toolbox.te b/prebuilts/api/30.0/public/toolbox.te new file mode 100644 index 000000000..4c2cc3eab --- /dev/null +++ b/prebuilts/api/30.0/public/toolbox.te @@ -0,0 +1,38 @@ +# Any toolbox command run by init. +# At present, the only known usage is for running mkswap via fs_mgr. +# Do NOT use this domain for toolbox when run by any other domain. +type toolbox, domain; +type toolbox_exec, system_file_type, exec_type, file_type; + +# /dev/__null__ created by init prior to policy load, +# open fd inherited by fsck. +allow toolbox tmpfs:chr_file { read write ioctl }; + +# Inherit and use pty created by android_fork_execvp_ext(). +allow toolbox devpts:chr_file { read write getattr ioctl }; + +# mkswap-specific. +# Read/write block devices used for swap partitions. +# Assign swap_block_device type any such partition in your +# device///sepolicy/file_contexts file. +allow toolbox block_device:dir search; +allow toolbox swap_block_device:blk_file rw_file_perms; + +# Only allow entry from init via the toolbox binary. +neverallow { domain -init } toolbox:process transition; +neverallow * toolbox:process dyntransition; +neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint; + +# rm -rf directories in /data +allow toolbox system_data_root_file:dir { remove_name write }; +allow toolbox system_data_file:dir { rmdir rw_dir_perms }; +allow toolbox system_data_file:file { getattr unlink }; + +# chattr +F and chattr +P /data/media in init +allow toolbox media_rw_data_file:dir { r_dir_perms setattr }; +allowxperm toolbox media_rw_data_file:dir ioctl { + FS_IOC_FSGETXATTR + FS_IOC_FSSETXATTR + FS_IOC_GETFLAGS + FS_IOC_SETFLAGS +}; diff --git a/prebuilts/api/30.0/public/traced.te b/prebuilts/api/30.0/public/traced.te new file mode 100644 index 000000000..ec5b85039 --- /dev/null +++ b/prebuilts/api/30.0/public/traced.te @@ -0,0 +1,2 @@ +type traced, domain, coredomain, mlstrustedsubject; + diff --git a/prebuilts/api/30.0/public/traced_perf.te b/prebuilts/api/30.0/public/traced_perf.te new file mode 100644 index 000000000..f9a0324b1 --- /dev/null +++ b/prebuilts/api/30.0/public/traced_perf.te @@ -0,0 +1 @@ +type traced_perf, domain; diff --git a/prebuilts/api/30.0/public/traced_probes.te b/prebuilts/api/30.0/public/traced_probes.te new file mode 100644 index 000000000..3e587c8ef --- /dev/null +++ b/prebuilts/api/30.0/public/traced_probes.te @@ -0,0 +1 @@ +type traced_probes, domain, coredomain, mlstrustedsubject; diff --git a/prebuilts/api/30.0/public/traceur_app.te b/prebuilts/api/30.0/public/traceur_app.te new file mode 100644 index 000000000..7e2cc84a0 --- /dev/null +++ b/prebuilts/api/30.0/public/traceur_app.te @@ -0,0 +1,32 @@ +type traceur_app, domain; + +allow traceur_app servicemanager:service_manager list; +allow traceur_app hwservicemanager:hwservice_manager list; + +# Allow Traceur to enable traced if necessary. +set_prop(traceur_app, traced_enabled_prop) + +set_prop(traceur_app, debug_prop) + +allow traceur_app { + service_manager_type + -apex_service + -dnsresolver_service + -gatekeeper_service + -incident_service + -installd_service + -iorapd_service + -lpdump_service + -netd_service + -virtual_touchpad_service + -vold_service + -vr_hwc_service + -default_android_service +}:service_manager find; + +# Allow traceur_app to use atrace HAL +hal_client_domain(traceur_app, hal_atrace) + +dontaudit traceur_app service_manager_type:service_manager find; +dontaudit traceur_app hwservice_manager_type:hwservice_manager find; +dontaudit traceur_app domain:binder call; diff --git a/prebuilts/api/30.0/public/tzdatacheck.te b/prebuilts/api/30.0/public/tzdatacheck.te new file mode 100644 index 000000000..cf9b95de9 --- /dev/null +++ b/prebuilts/api/30.0/public/tzdatacheck.te @@ -0,0 +1,18 @@ +# The tzdatacheck command run by init. +type tzdatacheck, domain; +type tzdatacheck_exec, system_file_type, exec_type, file_type; + +allow tzdatacheck zoneinfo_data_file:dir create_dir_perms; +allow tzdatacheck zoneinfo_data_file:file unlink; + +# Below are strong assertion that only init, system_server and tzdatacheck +# can modify the /data time zone rules directories. This is to make it very +# clear that only these domains should modify the actual time zone rules data. +# The tzdatacheck binary itself may be executed by shell for tests but it must +# not be able to modify the real rules. +# If other users / binaries could modify time zone rules on device this might +# have negative implications for users (who may get incorrect local times) +# or break assumptions made / invalidate data held by the components actually +# responsible for updating time zone rules. +neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:file no_w_file_perms; +neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:dir no_w_dir_perms; diff --git a/prebuilts/api/30.0/public/ueventd.te b/prebuilts/api/30.0/public/ueventd.te new file mode 100644 index 000000000..fc503b890 --- /dev/null +++ b/prebuilts/api/30.0/public/ueventd.te @@ -0,0 +1,83 @@ +# ueventd seclabel is specified in init.rc since +# it lives in the rootfs and has no unique file type. +type ueventd, domain; +type ueventd_tmpfs, file_type; + +# Write to /dev/kmsg. +allow ueventd kmsg_device:chr_file rw_file_perms; + +allow ueventd self:global_capability_class_set { chown mknod net_admin setgid fsetid sys_rawio dac_override dac_read_search fowner setuid }; +allow ueventd device:file create_file_perms; + +r_dir_file(ueventd, rootfs) + +# ueventd needs write access to files in /sys to regenerate uevents +allow ueventd sysfs_type:file w_file_perms; +r_dir_file(ueventd, sysfs_type) +allow ueventd sysfs_type:{ file lnk_file } { relabelfrom relabelto setattr }; +allow ueventd sysfs_type:dir { relabelfrom relabelto setattr }; +allow ueventd tmpfs:chr_file rw_file_perms; +allow ueventd dev_type:dir create_dir_perms; +allow ueventd dev_type:lnk_file { create unlink }; +allow ueventd dev_type:chr_file { getattr create setattr unlink }; +allow ueventd dev_type:blk_file { getattr relabelfrom relabelto create setattr unlink }; +allow ueventd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow ueventd efs_file:dir search; +allow ueventd efs_file:file r_file_perms; + +# Get SELinux enforcing status. +r_dir_file(ueventd, selinuxfs) + +# Access for /vendor/ueventd.rc and /vendor/firmware +r_dir_file(ueventd, { vendor_file_type -vendor_app_file -vendor_overlay_file }) + +# Get file contexts for new device nodes +allow ueventd file_contexts_file:file r_file_perms; + +# Use setfscreatecon() to label /dev directories and files. +allow ueventd self:process setfscreate; + +# Allow ueventd to read androidboot.android_dt_dir from kernel cmdline. +allow ueventd proc_cmdline:file r_file_perms; + +# Everything is labeled as rootfs in recovery mode. ueventd has to execute +# the dynamic linker and shared libraries. +recovery_only(` + allow ueventd rootfs:file { r_file_perms execute }; +') + +# Suppress denials for ueventd to getattr /postinstall. This occurs when the +# linker tries to resolve paths in ld.config.txt. +dontaudit ueventd postinstall_mnt_dir:dir getattr; + +# ueventd loads modules in response to modalias events. +allow ueventd self:global_capability_class_set sys_module; +allow ueventd vendor_file:system module_load; +allow ueventd kernel:key search; + +# ueventd is using bootstrap bionic +allow ueventd system_bootstrap_lib_file:dir r_dir_perms; +allow ueventd system_bootstrap_lib_file:file { execute read open getattr map }; + +# ueventd can set properties, particularly it sets ro.cold_boot_done to signal +# to init that cold boot has completed. +set_prop(ueventd, cold_boot_done_prop) + +# Allow ueventd to run shell scripts from vendor +allow ueventd vendor_shell_exec:file execute; + +##### +##### neverallow rules +##### + +# Restrict ueventd access on block devices to maintenence operations. +neverallow ueventd dev_type:blk_file ~{ getattr relabelfrom relabelto create setattr unlink }; + +# Only relabelto as we would never want to relabelfrom port_device +neverallow ueventd port_device:chr_file ~{ getattr create setattr unlink relabelto }; + +# Nobody should be able to ptrace ueventd +neverallow * ueventd:process ptrace; + +# ueventd should never execute a program without changing to another domain. +neverallow ueventd { file_type fs_type }:file execute_no_trans; diff --git a/prebuilts/api/30.0/public/uncrypt.te b/prebuilts/api/30.0/public/uncrypt.te new file mode 100644 index 000000000..28dc3f209 --- /dev/null +++ b/prebuilts/api/30.0/public/uncrypt.te @@ -0,0 +1,42 @@ +# uncrypt +type uncrypt, domain, mlstrustedsubject; +type uncrypt_exec, system_file_type, exec_type, file_type; + +allow uncrypt self:global_capability_class_set { dac_override dac_read_search }; + +userdebug_or_eng(` + # For debugging, allow /data/local/tmp access + r_dir_file(uncrypt, shell_data_file) +') + +# Read /cache/recovery/command +# Read /cache/recovery/uncrypt_file +allow uncrypt cache_file:dir search; +allow uncrypt cache_recovery_file:dir rw_dir_perms; +allow uncrypt cache_recovery_file:file create_file_perms; + +# Read OTA zip file at /data/ota_package/. +allow uncrypt ota_package_file:dir r_dir_perms; +allow uncrypt ota_package_file:file r_file_perms; + +# Write to /dev/socket/uncrypt +unix_socket_connect(uncrypt, uncrypt, uncrypt) + +# Set a property to reboot the device. +set_prop(uncrypt, powerctl_prop) + +# Raw writes to block device +allow uncrypt self:global_capability_class_set sys_rawio; +allow uncrypt misc_block_device:blk_file w_file_perms; +allow uncrypt block_device:dir r_dir_perms; + +# Access userdata block device. +allow uncrypt userdata_block_device:blk_file w_file_perms; + +r_dir_file(uncrypt, rootfs) + +# uncrypt reads /proc/cmdline +allow uncrypt proc_cmdline:file r_file_perms; + +# Read files in /sys +r_dir_file(uncrypt, sysfs_dt_firmware_android) diff --git a/prebuilts/api/30.0/public/untrusted_app.te b/prebuilts/api/30.0/public/untrusted_app.te new file mode 100644 index 000000000..43fe19a03 --- /dev/null +++ b/prebuilts/api/30.0/public/untrusted_app.te @@ -0,0 +1,30 @@ +### +### Untrusted apps. +### +### Apps are labeled based on mac_permissions.xml (maps signer and +### optionally package name to seinfo value) and seapp_contexts (maps UID +### and optionally seinfo value to domain for process and type for data +### directory). The untrusted_app domain is the default assignment in +### seapp_contexts for any app with UID between APP_AID (10000) +### and AID_ISOLATED_START (99000) if the app has no specific seinfo +### value as determined from mac_permissions.xml. In current AOSP, this +### domain is assigned to all non-system apps as well as to any system apps +### that are not signed by the platform key. To move +### a system app into a specific domain, add a signer entry for it to +### mac_permissions.xml and assign it one of the pre-existing seinfo values +### or define and use a new seinfo value in both mac_permissions.xml and +### seapp_contexts. +### + +# This file defines the rules for untrusted apps running with +# targetSdkVersion >= 30. +type untrusted_app, domain; +# This file defines the rules for untrusted apps running with +# targetSdkVersion = 29. +type untrusted_app_29, domain; +# This file defines the rules for untrusted apps running with +# 25 < targetSdkVersion <= 28. +type untrusted_app_27, domain; +# This file defines the rules for untrusted apps running with +# targetSdkVersion <= 25. +type untrusted_app_25, domain; diff --git a/prebuilts/api/30.0/public/update_engine.te b/prebuilts/api/30.0/public/update_engine.te new file mode 100644 index 000000000..078e494d9 --- /dev/null +++ b/prebuilts/api/30.0/public/update_engine.te @@ -0,0 +1,84 @@ +# Domain for update_engine daemon. +type update_engine, domain, update_engine_common; +type update_engine_exec, system_file_type, exec_type, file_type; + +net_domain(update_engine); + +# Following permissions are needed for update_engine. +allow update_engine self:process { setsched }; +allow update_engine self:global_capability_class_set { fowner sys_admin }; +# Note: fsetid checks are triggered when creating a file in a directory with +# the setgid bit set to determine if the file should inherit setgid. In this +# case, setgid on the file is undesirable so we should just suppress the +# denial. +dontaudit update_engine self:global_capability_class_set fsetid; + +allow update_engine kmsg_device:chr_file { getattr w_file_perms }; +allow update_engine update_engine_exec:file rx_file_perms; +wakelock_use(update_engine); + +# Ignore these denials. +dontaudit update_engine kernel:process setsched; +dontaudit update_engine self:global_capability_class_set sys_rawio; + +# Allow using persistent storage in /data/misc/update_engine. +allow update_engine update_engine_data_file:dir create_dir_perms; +allow update_engine update_engine_data_file:file create_file_perms; + +# Allow using persistent storage in /data/misc/update_engine_log. +allow update_engine update_engine_log_data_file:dir create_dir_perms; +allow update_engine update_engine_log_data_file:file create_file_perms; + +# Don't allow kernel module loading, just silence the logs. +dontaudit update_engine kernel:system module_request; + +# Register the service to perform Binder IPC. +binder_use(update_engine) +add_service(update_engine, update_engine_service) + +# Allow update_engine to call the callback function provided by priv_app/GMS core. +binder_call(update_engine, priv_app) +# b/142672293: No other priv-app should need this rule now that GMS core runs in its own domain. +userdebug_or_eng(` + auditallow update_engine priv_app:binder { call transfer }; + auditallow priv_app update_engine:binder transfer; + auditallow update_engine priv_app:fd use; +') + +binder_call(update_engine, gmscore_app) + +# Allow update_engine to call the callback function provided by system_server. +binder_call(update_engine, system_server) + +# Read OTA zip file at /data/ota_package/. +allow update_engine ota_package_file:file r_file_perms; +allow update_engine ota_package_file:dir r_dir_perms; + +# Use Boot Control HAL +hal_client_domain(update_engine, hal_bootctl) + +# access /proc/misc +allow update_engine proc_misc:file r_file_perms; + +# read directories on /system and /vendor +allow update_engine system_file:dir r_dir_perms; + +# Allow to start gsid service. +set_prop(update_engine, ctl_gsid_prop) + +# Allow to set the OTA related properties, e.g. ota.warm_reset. +set_prop(update_engine, ota_prop) + +# update_engine tries to determine the parent path for all devices (e.g. +# /dev/block/by-name) by reading the default fstab and looking for the misc +# device. ReadDefaultFstab() checks whether a GSI is running by checking +# gsi_metadata_file. We never apply OTAs when GSI is running, so just deny +# the access. +dontaudit update_engine gsi_metadata_file:dir search; + +# Allow to write to snapshotctl_log logs. +# TODO(b/148818798) revert when parent bug is fixed. +userdebug_or_eng(` +allow update_engine snapshotctl_log_data_file:dir rw_dir_perms; +allow update_engine snapshotctl_log_data_file:file create_file_perms; +') diff --git a/prebuilts/api/30.0/public/update_engine_common.te b/prebuilts/api/30.0/public/update_engine_common.te new file mode 100644 index 000000000..57d8e7e3a --- /dev/null +++ b/prebuilts/api/30.0/public/update_engine_common.te @@ -0,0 +1,86 @@ +# update_engine payload application permissions. These are shared between the +# background daemon and the recovery tool to sideload an update. + +# Allow update_engine to reach block devices in /dev/block. +allow update_engine_common block_device:dir search; + +# Allow read/write on system and boot partitions. +allow update_engine_common boot_block_device:blk_file rw_file_perms; +allow update_engine_common system_block_device:blk_file rw_file_perms; + +# Where ioctls are granted via standard allow rules to block devices, +# automatically allow common ioctls that are generally needed by +# update_engine. +allowxperm update_engine_common dev_type:blk_file ioctl { + BLKDISCARD + BLKDISCARDZEROES + BLKROGET + BLKROSET + BLKSECDISCARD + BLKZEROOUT +}; + +# Allow to set recovery options in the BCB. Used to trigger factory reset when +# the update to an older version (channel change) or incompatible version +# requires it. +allow update_engine_common misc_block_device:blk_file rw_file_perms; + +# read fstab +allow update_engine_common rootfs:dir getattr; +allow update_engine_common rootfs:file r_file_perms; + +# Allow update_engine_common to mount on the /postinstall directory and reset the +# labels on the mounted filesystem to postinstall_file. +allow update_engine_common postinstall_mnt_dir:dir { mounton getattr search }; +allow update_engine_common postinstall_file:filesystem { mount unmount relabelfrom relabelto }; +allow update_engine_common labeledfs:filesystem relabelfrom; + +# Allow update_engine_common to read and execute postinstall_file. +allow update_engine_common postinstall_file:file rx_file_perms; +allow update_engine_common postinstall_file:lnk_file r_file_perms; +allow update_engine_common postinstall_file:dir r_dir_perms; + +# install update.zip from cache +r_dir_file(update_engine_common, cache_file) + +# A postinstall program is typically a shell script (with a #!), so we allow +# to execute those. +allow update_engine_common shell_exec:file rx_file_perms; + +# Allow update_engine_common to suspend, resume and kill the postinstall program. +allow update_engine_common postinstall:process { signal sigstop sigkill }; + +# access /proc/cmdline +allow update_engine_common proc_cmdline:file r_file_perms; + +# Read files in /sys/firmware/devicetree/base/firmware/android/ +r_dir_file(update_engine_common, sysfs_dt_firmware_android) + +# Needed because libdm reads sysfs to validate when a dm path is ready. +r_dir_file(update_engine_common, sysfs_dm) + +# read / write on /dev/device-mapper to map / unmap devices +allow update_engine_common dm_device:chr_file rw_file_perms; + +# apply / verify updates on devices mapped via device mapper +allow update_engine_common dm_device:blk_file rw_file_perms; + +# read / write metadata on super device to resize partitions +allow update_engine_common super_block_device_type:blk_file rw_file_perms; + +# ioctl on super device to get block device alignment and alignment offset +allowxperm update_engine_common super_block_device_type:blk_file ioctl { BLKIOMIN BLKALIGNOFF }; + +# get physical block device to map logical partitions on device mapper +allow update_engine_common block_device:dir r_dir_perms; + +# Allow update_engine_common to write to statsd socket. +unix_socket_send(update_engine_common, statsdw, statsd) + +# Allow to read Virtual A/B feature flags. +get_prop(update_engine_common, virtual_ab_prop) + +# Allow to read/write/create OTA metadata files for snapshot status and COW file status. +allow update_engine_common metadata_file:dir search; +allow update_engine_common ota_metadata_file:dir rw_dir_perms; +allow update_engine_common ota_metadata_file:file create_file_perms; diff --git a/prebuilts/api/30.0/public/update_verifier.te b/prebuilts/api/30.0/public/update_verifier.te new file mode 100644 index 000000000..f881aeb6b --- /dev/null +++ b/prebuilts/api/30.0/public/update_verifier.te @@ -0,0 +1,39 @@ +# update_verifier +type update_verifier, domain; +type update_verifier_exec, system_file_type, exec_type, file_type; + +# Allow update_verifier to reach block devices in /dev/block. +allow update_verifier block_device:dir search; + +# Read care map in /data/ota_package/. +allow update_verifier ota_package_file:dir r_dir_perms; +allow update_verifier ota_package_file:file r_file_perms; + +# Read /sys/block to find all the DM directories like (/sys/block/dm-X). +allow update_verifier sysfs:dir r_dir_perms; + +# Read /sys/block/dm-X/dm/name (which is a symlink to +# /sys/devices/virtual/block/dm-X/dm/name) to identify the mapping between +# dm-X and system/vendor partitions. +allow update_verifier sysfs_dm:dir r_dir_perms; +allow update_verifier sysfs_dm:file r_file_perms; + +# Read all blocks in DM wrapped system partition. +allow update_verifier dm_device:blk_file r_file_perms; + +# Write to kernel message. +allow update_verifier kmsg_device:chr_file { getattr w_file_perms }; + +# Allow update_verifier to reboot the device. +set_prop(update_verifier, powerctl_prop) + +# Allow to set the OTA related properties e.g. ota.warm_reset. +set_prop(update_verifier, ota_prop) + +# Use Boot Control HAL +hal_client_domain(update_verifier, hal_bootctl) + +# Access Checkpoint commands over binder +allow update_verifier vold_service:service_manager find; +binder_call(update_verifier, servicemanager) +binder_call(update_verifier, vold) diff --git a/prebuilts/api/30.0/public/usbd.te b/prebuilts/api/30.0/public/usbd.te new file mode 100644 index 000000000..991e7be5f --- /dev/null +++ b/prebuilts/api/30.0/public/usbd.te @@ -0,0 +1,5 @@ +type usbd, domain; +type usbd_exec, system_file_type, exec_type, file_type; + +# Start/stop adbd via ctl.start adbd +set_prop(usbd, ctl_adbd_prop) diff --git a/prebuilts/api/30.0/public/vdc.te b/prebuilts/api/30.0/public/vdc.te new file mode 100644 index 000000000..e638e50a6 --- /dev/null +++ b/prebuilts/api/30.0/public/vdc.te @@ -0,0 +1,20 @@ +# vdc spawned from init for the following services: +# defaultcrypto +# encrypt +# +# We also transition into this domain from dumpstate, when +# collecting bug reports. + +type vdc, domain; +type vdc_exec, system_file_type, exec_type, file_type; + +# vdc can be invoked with logwrapper, so let it write to pty +allow vdc devpts:chr_file rw_file_perms; + +# vdc writes directly to kmsg during the boot process +allow vdc kmsg_device:chr_file { getattr w_file_perms }; + +# vdc talks to vold over Binder +binder_use(vdc) +binder_call(vdc, vold) +allow vdc vold_service:service_manager find; diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te new file mode 100644 index 000000000..c070dff6a --- /dev/null +++ b/prebuilts/api/30.0/public/vendor_init.te @@ -0,0 +1,278 @@ +# vendor_init is its own domain. +type vendor_init, domain, mlstrustedsubject; + +# Communication to the main init process +allow vendor_init init:unix_stream_socket { read write }; + +# Logging to kmsg +allow vendor_init kmsg_device:chr_file { open getattr write }; + +# Mount on /dev/usb-ffs/adb. +allow vendor_init device:dir mounton; + +# Create and remove symlinks in /. +allow vendor_init rootfs:lnk_file { create unlink }; + +# Create cgroups mount points in tmpfs and mount cgroups on them. +allow vendor_init cgroup:dir create_dir_perms; +allow vendor_init cgroup:file w_file_perms; + +# /config +allow vendor_init configfs:dir mounton; +allow vendor_init configfs:dir create_dir_perms; +allow vendor_init configfs:{ file lnk_file } create_file_perms; + +# Create directories under /dev/cpuctl after chowning it to system. +allow vendor_init self:global_capability_class_set { dac_override dac_read_search }; + +# mkdir, symlink, write, rm/rmdir, chown/chmod, restorecon/restorecon_recursive from init.rc files. +# chown/chmod require open+read+setattr required for open()+fchown/fchmod(). +# system/core/init.rc requires at least cache_file and data_file_type. +# init..rc files often include device-specific types, so +# we just allow all file types except /system files here. +allow vendor_init self:global_capability_class_set { chown fowner fsetid }; + +# mkdir with FBE requires reading /data/unencrypted/{ref,mode}. +allow vendor_init unencrypted_data_file:dir search; +allow vendor_init unencrypted_data_file:file r_file_perms; + +# Set encryption policy on dirs in /data +allowxperm vendor_init data_file_type:dir ioctl { + FS_IOC_GET_ENCRYPTION_POLICY + FS_IOC_SET_ENCRYPTION_POLICY +}; + +allow vendor_init system_data_file:dir getattr; + +allow vendor_init { + file_type + -core_data_file_type + -exec_type + -system_file_type + -mnt_product_file + -password_slot_metadata_file + -ota_metadata_file + -unlabeled + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom }; + +allow vendor_init unlabeled:{ dir notdevfile_class_set } { getattr relabelfrom }; + +allow vendor_init { + file_type + -core_data_file_type + -exec_type + -password_slot_metadata_file + -ota_metadata_file + -runtime_event_log_tags_file + -system_file_type + -unlabeled + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:file { create getattr open read write setattr relabelfrom unlink map }; + +allow vendor_init { + file_type + -core_data_file_type + -exec_type + -password_slot_metadata_file + -ota_metadata_file + -system_file_type + -unlabeled + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:{ sock_file fifo_file } { create getattr open read setattr relabelfrom unlink }; + +allow vendor_init { + file_type + -apex_mnt_dir + -core_data_file_type + -exec_type + -password_slot_metadata_file + -ota_metadata_file + -system_file_type + -unlabeled + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:lnk_file { create getattr setattr relabelfrom unlink }; + +allow vendor_init { + file_type + -core_data_file_type + -exec_type + -mnt_product_file + -password_slot_metadata_file + -ota_metadata_file + -system_file_type + -vendor_file_type + -vold_metadata_file + -gsi_metadata_file + -apex_metadata_file +}:dir_file_class_set relabelto; + +allow vendor_init dev_type:dir create_dir_perms; +allow vendor_init dev_type:lnk_file create; + +# Disable tracing by writing to /sys/kernel/debug/tracing/tracing_on +allow vendor_init debugfs_tracing:file w_file_perms; + +# chown/chmod on pseudo files. +allow vendor_init { + fs_type + -contextmount_type + -keychord_device + -sdcard_type + -rootfs + -proc_uid_time_in_state + -proc_uid_concurrent_active_time + -proc_uid_concurrent_policy_time +}:file { open read setattr map }; + +allow vendor_init { + fs_type + -contextmount_type + -sdcard_type + -rootfs + -proc_uid_time_in_state + -proc_uid_concurrent_active_time + -proc_uid_concurrent_policy_time +}:dir { open read setattr search }; + +# chown/chmod on devices, e.g. /dev/ttyHS0 +allow vendor_init { + dev_type + -keychord_device + -port_device + -lowpan_device + -hw_random_device +}:chr_file setattr; + +allow vendor_init dev_type:blk_file getattr; + +# Write to /proc/sys/net/ping_group_range and other /proc/sys/net files. +r_dir_file(vendor_init, proc_net_type) +allow vendor_init proc_net_type:file w_file_perms; +allow vendor_init self:global_capability_class_set net_admin; + +# Write to /proc/sys/vm/page-cluster +allow vendor_init proc_page_cluster:file w_file_perms; + +# Write to sysfs nodes. +allow vendor_init sysfs_type:dir r_dir_perms; +allow vendor_init sysfs_type:lnk_file read; +allow vendor_init { sysfs_type -sysfs_usermodehelper }:file rw_file_perms; + +# setfscreatecon() for labeling directories and socket files. +allow vendor_init self:process { setfscreate }; + +r_dir_file(vendor_init, vendor_file_type) + +# Vendor init can read properties +allow vendor_init serialno_prop:file { getattr open read map }; + +# Vendor init can perform operations on trusted and security Extended Attributes +allow vendor_init self:global_capability_class_set sys_admin; + +# Raw writes to misc block device +allow vendor_init misc_block_device:blk_file w_file_perms; + +# vendor_init is using bootstrap bionic +allow vendor_init system_bootstrap_lib_file:dir r_dir_perms; +allow vendor_init system_bootstrap_lib_file:file { execute read open getattr map }; + +# Everything is labeled as rootfs in recovery mode. Vendor init has to execute +# the dynamic linker and shared libraries. +recovery_only(` + allow vendor_init rootfs:file { r_file_perms execute }; +') + +not_compatible_property(` + set_prop(vendor_init, { + property_type + -system_internal_property_type + -system_restricted_property_type + }) +') + +# Get file context +allow vendor_init file_contexts_file:file r_file_perms; + +set_prop(vendor_init, apk_verity_prop) +set_prop(vendor_init, bluetooth_a2dp_offload_prop) +set_prop(vendor_init, bluetooth_audio_hal_prop) +set_prop(vendor_init, cpu_variant_prop) +set_prop(vendor_init, debug_prop) +set_prop(vendor_init, exported_audio_prop) +set_prop(vendor_init, exported_bluetooth_prop) +set_prop(vendor_init, exported_camera_prop) +set_prop(vendor_init, exported_config_prop) +set_prop(vendor_init, exported_dalvik_prop) +set_prop(vendor_init, exported_default_prop) +set_prop(vendor_init, exported_ffs_prop) +set_prop(vendor_init, exported_overlay_prop) +set_prop(vendor_init, exported_pm_prop) +set_prop(vendor_init, exported_radio_prop) +set_prop(vendor_init, exported_system_radio_prop) +set_prop(vendor_init, exported_wifi_prop) +set_prop(vendor_init, exported2_config_prop) +set_prop(vendor_init, exported2_system_prop) +set_prop(vendor_init, exported2_vold_prop) +set_prop(vendor_init, exported3_default_prop) +set_prop(vendor_init, exported3_radio_prop) +set_prop(vendor_init, logd_prop) +set_prop(vendor_init, log_tag_prop) +set_prop(vendor_init, log_prop) +set_prop(vendor_init, rebootescrow_hal_prop) +set_prop(vendor_init, serialno_prop) +set_prop(vendor_init, storage_config_prop) +set_prop(vendor_init, userspace_reboot_config_prop) +set_prop(vendor_init, vehicle_hal_prop) +set_prop(vendor_init, vendor_default_prop) +set_prop(vendor_init, vendor_security_patch_level_prop) +set_prop(vendor_init, vndk_prop) +set_prop(vendor_init, virtual_ab_prop) +set_prop(vendor_init, wifi_log_prop) + +get_prop(vendor_init, exported2_radio_prop) +get_prop(vendor_init, exported3_system_prop) +get_prop(vendor_init, theme_prop) + +get_prop(vendor_init, ota_prop) + +### +### neverallow rules +### + +# Vendor init shouldn't communicate with any vendor process, nor most system processes. +neverallow_establish_socket_comms(vendor_init, { domain -init -logd -su -vendor_init }); + +# The vendor_init domain is only entered via an exec based transition from the +# init domain, never via setcon(). +neverallow domain vendor_init:process dyntransition; +neverallow { domain -init } vendor_init:process transition; +neverallow vendor_init { file_type fs_type -init_exec }:file entrypoint; + +# Never read/follow symlinks created by shell or untrusted apps. +neverallow vendor_init { app_data_file privapp_data_file }:lnk_file read; +neverallow vendor_init shell_data_file:lnk_file read; +# Init should not be creating subdirectories in /data/local/tmp +neverallow vendor_init shell_data_file:dir { write add_name remove_name }; + +# init should never execute a program without changing to another domain. +neverallow vendor_init { file_type fs_type }:file execute_no_trans; + +# Init never adds or uses services via service_manager. +neverallow vendor_init service_manager_type:service_manager { add find }; +neverallow vendor_init servicemanager:service_manager list; + +# vendor_init should never be ptraced +neverallow * vendor_init:process ptrace; diff --git a/prebuilts/api/30.0/public/vendor_misc_writer.te b/prebuilts/api/30.0/public/vendor_misc_writer.te new file mode 100644 index 000000000..dee994134 --- /dev/null +++ b/prebuilts/api/30.0/public/vendor_misc_writer.te @@ -0,0 +1,13 @@ +# vendor_misc_writer +type vendor_misc_writer, domain; +type vendor_misc_writer_exec, vendor_file_type, exec_type, file_type; + +# Raw writes to misc_block_device +allow vendor_misc_writer misc_block_device:blk_file w_file_perms; +allow vendor_misc_writer block_device:dir r_dir_perms; + +# Silence the denial when calling libfstab's ReadDefaultFstab, which tries to +# load DT fstab. +dontaudit vendor_misc_writer proc_cmdline:file read; +dontaudit vendor_misc_writer metadata_file:dir search; +dontaudit vendor_misc_writer sysfs_dt_firmware_android:dir search; diff --git a/prebuilts/api/30.0/public/vendor_shell.te b/prebuilts/api/30.0/public/vendor_shell.te new file mode 100644 index 000000000..7d30acba4 --- /dev/null +++ b/prebuilts/api/30.0/public/vendor_shell.te @@ -0,0 +1,19 @@ +type vendor_shell, domain; +type vendor_shell_exec, exec_type, vendor_file_type, file_type; + +allow vendor_shell vendor_shell_exec:file rx_file_perms; +allow vendor_shell vendor_toolbox_exec:file rx_file_perms; + +# Use fd from shell when vendor_shell is started from shell +allow vendor_shell shell:fd use; + +# adbd: allow `adb shell /vendor/bin/sh` and `adb shell` then `/vendor/bin/sh` +allow vendor_shell adbd:fd use; +allow vendor_shell adbd:process sigchld; +allow vendor_shell adbd:unix_stream_socket { getattr ioctl read write }; + +allow vendor_shell devpts:chr_file rw_file_perms; +allow vendor_shell tty_device:chr_file rw_file_perms; +allow vendor_shell console_device:chr_file rw_file_perms; +allow vendor_shell input_device:dir r_dir_perms; +allow vendor_shell input_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/public/vendor_toolbox.te b/prebuilts/api/30.0/public/vendor_toolbox.te new file mode 100644 index 000000000..eb292cafb --- /dev/null +++ b/prebuilts/api/30.0/public/vendor_toolbox.te @@ -0,0 +1,16 @@ +# Toolbox installation for vendor binaries / scripts +# Non-vendor processes are not allowed to execute the binary +# and is always executed without transition. +type vendor_toolbox_exec, exec_type, vendor_file_type, file_type; + +# Do not allow domains to transition to vendor toolbox +# or read, execute the vendor_toolbox file. +full_treble_only(` + # Do not allow non-vendor domains to transition + # to vendor toolbox except for the whitelisted domains. + neverallow { + coredomain + -init + -modprobe + } vendor_toolbox_exec:file { entrypoint execute execute_no_trans }; +') diff --git a/prebuilts/api/30.0/public/virtual_touchpad.te b/prebuilts/api/30.0/public/virtual_touchpad.te new file mode 100644 index 000000000..49c87044c --- /dev/null +++ b/prebuilts/api/30.0/public/virtual_touchpad.te @@ -0,0 +1,16 @@ +type virtual_touchpad, domain; +type virtual_touchpad_exec, system_file_type, exec_type, file_type; + +binder_use(virtual_touchpad) +binder_service(virtual_touchpad) +add_service(virtual_touchpad, virtual_touchpad_service) + +# Needed to check app permissions. +binder_call(virtual_touchpad, system_server) + +# Requires access to /dev/uinput to create and feed the virtual device. +allow virtual_touchpad uhid_device:chr_file { w_file_perms ioctl }; + +# Requires access to the permission service to validate that clients have the +# appropriate VR permissions. +allow virtual_touchpad permission_service:service_manager find; diff --git a/prebuilts/api/30.0/public/vndservice.te b/prebuilts/api/30.0/public/vndservice.te new file mode 100644 index 000000000..efd9adf92 --- /dev/null +++ b/prebuilts/api/30.0/public/vndservice.te @@ -0,0 +1,2 @@ +type service_manager_vndservice, vndservice_manager_type; +type default_android_vndservice, vndservice_manager_type; diff --git a/prebuilts/api/30.0/public/vndservicemanager.te b/prebuilts/api/30.0/public/vndservicemanager.te new file mode 100644 index 000000000..6b9f73dc0 --- /dev/null +++ b/prebuilts/api/30.0/public/vndservicemanager.te @@ -0,0 +1,2 @@ +# vndservicemanager - the Binder context manager for vendor processes +type vndservicemanager, domain; diff --git a/prebuilts/api/30.0/public/vold.te b/prebuilts/api/30.0/public/vold.te new file mode 100644 index 000000000..e2985677b --- /dev/null +++ b/prebuilts/api/30.0/public/vold.te @@ -0,0 +1,368 @@ +# volume manager +type vold, domain; +type vold_exec, exec_type, file_type, system_file_type; + +# Read already opened /cache files. +allow vold cache_file:dir r_dir_perms; +allow vold cache_file:file { getattr read }; +allow vold cache_file:lnk_file r_file_perms; + +r_dir_file(vold, { sysfs_type -sysfs_batteryinfo }) +# XXX Label sysfs files with a specific type? +allow vold { + sysfs # writing to /sys/*/uevent during coldboot. + sysfs_devices_block + sysfs_dm + sysfs_loop # writing to /sys/block/loop*/uevent during coldboot. + sysfs_usb + sysfs_zram_uevent + sysfs_fs_f2fs +}:file w_file_perms; + +r_dir_file(vold, rootfs) +r_dir_file(vold, metadata_file) +allow vold { + proc # b/67049235 processes /proc//* files are mislabeled. + proc_cmdline + proc_drop_caches + proc_filesystems + proc_meminfo + proc_mounts +}:file r_file_perms; + +#Get file contexts +allow vold file_contexts_file:file r_file_perms; + +# Allow us to jump into execution domains of above tools +allow vold self:process setexec; + +# For formatting adoptable storage devices +allow vold e2fs_exec:file rx_file_perms; + +# Run fstrim on mounted partitions +# allowxperm still requires the ioctl permission for the individual type +allowxperm vold { fs_type file_type }:dir ioctl FITRIM; + +# Get/set file-based encryption policies on dirs in /data and adoptable storage, +# and add/remove file-based encryption keys. +allowxperm vold data_file_type:dir ioctl { + FS_IOC_GET_ENCRYPTION_POLICY + FS_IOC_SET_ENCRYPTION_POLICY + FS_IOC_ADD_ENCRYPTION_KEY + FS_IOC_REMOVE_ENCRYPTION_KEY +}; + +# Only vold and init should ever set file-based encryption policies. +neverallowxperm { + domain + -vold + -init + -vendor_init +} data_file_type:dir ioctl { FS_IOC_SET_ENCRYPTION_POLICY }; + +# Only vold should ever add/remove file-based encryption keys. +neverallowxperm { + domain + -vold +} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY }; + +# Find the location on the raw block device where the +# crypto key is stored so it can be destroyed +allowxperm vold vold_data_file:file ioctl { + FS_IOC_FIEMAP +}; + +typeattribute vold mlstrustedsubject; +allow vold self:process setfscreate; +allow vold system_file:file x_file_perms; +not_full_treble(`allow vold vendor_file:file x_file_perms;') +allow vold block_device:dir create_dir_perms; +allow vold device:dir write; +allow vold devpts:chr_file rw_file_perms; +allow vold rootfs:dir mounton; +allow vold sdcard_type:dir mounton; # TODO: deprecated in M +allow vold sdcard_type:filesystem { mount remount unmount }; # TODO: deprecated in M +allow vold sdcard_type:dir create_dir_perms; # TODO: deprecated in M +allow vold sdcard_type:file create_file_perms; # TODO: deprecated in M + +# Manage locations where storage is mounted +allow vold { mnt_media_rw_file storage_file sdcard_type }:dir create_dir_perms; +allow vold { mnt_media_rw_file storage_file sdcard_type }:file create_file_perms; + +# Access to storage that backs emulated FUSE daemons for migration optimization +allow vold media_rw_data_file:dir create_dir_perms; +allow vold media_rw_data_file:file create_file_perms; +# Allow mounting (lower filesystem) on parts of media for performance +allow vold media_rw_data_file:dir mounton; + +# Allow setting extended attributes (for project quota IDs) on files and dirs +# and to enable project ID inheritance through FS_IOC_SETFLAGS +allowxperm vold media_rw_data_file:{ dir file } ioctl { + FS_IOC_FSGETXATTR + FS_IOC_FSSETXATTR + FS_IOC_GETFLAGS + FS_IOC_SETFLAGS +}; + +# Allow mounting of storage devices +allow vold { mnt_media_rw_stub_file storage_stub_file }:dir { mounton create rmdir getattr setattr }; + +# Manage per-user primary symlinks +allow vold mnt_user_file:dir { create_dir_perms mounton }; +allow vold mnt_user_file:lnk_file create_file_perms; +allow vold mnt_user_file:file create_file_perms; + +# Manage per-user pass_through primary symlinks +allow vold mnt_pass_through_file:dir { create_dir_perms mounton }; +allow vold mnt_pass_through_file:lnk_file create_file_perms; + +# Allow to create and mount expanded storage +allow vold mnt_expand_file:dir { create_dir_perms mounton }; +allow vold apk_data_file:dir { create getattr setattr }; +allow vold shell_data_file:dir { create getattr setattr }; + +# Allow to mount incremental file system on /data/incremental and create files +allow vold apk_data_file:dir { mounton rw_dir_perms }; +# Allow to create and write files in /data/incremental +allow vold apk_data_file:file rw_file_perms; +# Allow to bind-mount incremental file system on /data/app/vmdl*.tmp and read files +allow vold apk_tmp_file:dir { mounton r_dir_perms }; +# Allow to read incremental control file and call selinux restorecon on it +allow vold incremental_control_file:file { r_file_perms relabelto }; + +allow vold tmpfs:filesystem { mount unmount }; +allow vold tmpfs:dir create_dir_perms; +allow vold tmpfs:dir mounton; +allow vold self:global_capability_class_set { net_admin dac_override dac_read_search mknod sys_admin chown fowner fsetid }; +allow vold self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow vold loop_control_device:chr_file rw_file_perms; +allow vold loop_device:blk_file { create setattr unlink rw_file_perms }; +allowxperm vold loop_device:blk_file ioctl { + LOOP_CLR_FD + LOOP_CTL_GET_FREE + LOOP_GET_STATUS64 + LOOP_SET_FD + LOOP_SET_STATUS64 +}; +allow vold vold_device:blk_file { create setattr unlink rw_file_perms }; +allowxperm vold vold_device:blk_file ioctl { BLKDISCARD BLKGETSIZE }; +allow vold dm_device:chr_file rw_file_perms; +allow vold dm_device:blk_file rw_file_perms; +allowxperm vold dm_device:blk_file ioctl BLKSECDISCARD; +# For vold Process::killProcessesWithOpenFiles function. +allow vold domain:dir r_dir_perms; +allow vold domain:{ file lnk_file } r_file_perms; +allow vold domain:process { signal sigkill }; +allow vold self:global_capability_class_set { sys_ptrace kill }; + +allow vold kmsg_device:chr_file rw_file_perms; + +# Run fsck in the fsck domain. +allow vold fsck_exec:file { r_file_perms execute }; + +# Log fsck results +allow vold fscklogs:dir rw_dir_perms; +allow vold fscklogs:file create_file_perms; + +# +# Rules to support encrypted fs support. +# + +# Unmount and mount the fs. +allow vold labeledfs:filesystem { mount unmount remount }; + +# Access /efs/userdata_footer. +# XXX Split into a separate type? +allow vold efs_file:file rw_file_perms; + +# Create and mount on /data/tmp_mnt and management of expansion mounts +allow vold { + system_data_file + system_data_root_file +}:dir { create rw_dir_perms mounton setattr rmdir }; +allow vold system_data_file:lnk_file getattr; + +# Vold create users in /data/vendor_{ce,de}/[0-9]+ +allow vold vendor_data_file:dir create_dir_perms; + +# for secdiscard +allow vold system_data_file:file read; + +# Set scheduling policy of kernel processes +allow vold kernel:process setsched; + +# Property Service +set_prop(vold, vold_prop) +set_prop(vold, exported_vold_prop) +set_prop(vold, exported2_vold_prop) +set_prop(vold, powerctl_prop) +set_prop(vold, ctl_fuse_prop) +set_prop(vold, restorecon_prop) +set_prop(vold, ota_prop) +set_prop(vold, boottime_prop) +set_prop(vold, boottime_public_prop) +get_prop(vold, storage_config_prop) + +# ASEC +allow vold asec_image_file:file create_file_perms; +allow vold asec_image_file:dir rw_dir_perms; +allow vold asec_apk_file:dir { create_dir_perms mounton relabelfrom relabelto }; +allow vold asec_public_file:dir { relabelto setattr }; +allow vold asec_apk_file:file { r_file_perms setattr relabelfrom relabelto }; +allow vold asec_public_file:file { relabelto setattr }; +# restorecon files in asec containers created on 4.2 or earlier. +allow vold unlabeled:dir { r_dir_perms setattr relabelfrom }; +allow vold unlabeled:file { r_file_perms setattr relabelfrom }; + +# Handle wake locks (used for device encryption) +wakelock_use(vold) + +# Allow vold to publish a binder service and make binder calls. +binder_use(vold) +add_service(vold, vold_service) + +# Allow vold to call into the system server so it can check permissions. +binder_call(vold, system_server) +allow vold permission_service:service_manager find; + +# talk to batteryservice +binder_call(vold, healthd) + +# talk to keymaster +hal_client_domain(vold, hal_keymaster) + +# talk to health storage HAL +hal_client_domain(vold, hal_health_storage) + +# talk to bootloader HAL +full_treble_only(`hal_client_domain(vold, hal_bootctl)') + +# Access userdata block device. +allow vold userdata_block_device:blk_file rw_file_perms; +allowxperm vold userdata_block_device:blk_file ioctl BLKSECDISCARD; + +# Access metadata block device used for encryption meta-data. +allow vold metadata_block_device:blk_file rw_file_perms; + +# Allow vold to manipulate /data/unencrypted +allow vold unencrypted_data_file:{ file } create_file_perms; +allow vold unencrypted_data_file:dir create_dir_perms; + +# Write to /proc/sys/vm/drop_caches +allow vold proc_drop_caches:file w_file_perms; + +# Give vold a place where only vold can store files; everyone else is off limits +allow vold vold_data_file:dir create_dir_perms; +allow vold vold_data_file:file create_file_perms; + +# And a similar place in the metadata partition +allow vold vold_metadata_file:dir create_dir_perms; +allow vold vold_metadata_file:file create_file_perms; + +# linux keyring configuration +allow vold init:key { write search setattr }; +allow vold vold:key { write search setattr }; + +# vold temporarily changes its priority when running benchmarks +allow vold self:global_capability_class_set sys_nice; + +# vold needs to chroot into app namespaces to remount when runtime permissions change +allow vold self:global_capability_class_set sys_chroot; +allow vold storage_file:dir mounton; + +# For AppFuse. +allow vold fuse_device:chr_file rw_file_perms; +allow vold fuse:filesystem { relabelfrom }; +allow vold app_fusefs:filesystem { relabelfrom relabelto }; +allow vold app_fusefs:filesystem { mount unmount }; +allow vold app_fuse_file:dir rw_dir_perms; +allow vold app_fuse_file:file { read write open getattr append }; + +# MoveTask.cpp executes cp and rm +allow vold toolbox_exec:file rx_file_perms; + +# Prepare profile dir for users. +allow vold user_profile_data_file:dir create_dir_perms; + +# Raw writes to misc block device +allow vold misc_block_device:blk_file w_file_perms; + +# vold might need to search or mount /mnt/vendor/* +allow vold mnt_vendor_file:dir search; + +dontaudit vold self:global_capability_class_set sys_resource; + +# vold needs to know whether we're running a GSI. +allow vold gsi_metadata_file:dir r_dir_perms; +allow vold gsi_metadata_file:file r_file_perms; + +neverallow { + domain + -vold + -vold_prepare_subdirs +} vold_data_file:dir ~{ open create read getattr setattr search relabelfrom relabelto ioctl }; + +neverallow { + domain + -init + -vold + -vold_prepare_subdirs +} vold_data_file:dir *; + +neverallow { + domain + -init + -vold +} vold_metadata_file:dir *; + +neverallow { + domain + -kernel + -vold + -vold_prepare_subdirs +} vold_data_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { + domain + -init + -vold + -vold_prepare_subdirs +} vold_metadata_file:notdevfile_class_set ~{ relabelto getattr }; + +neverallow { + domain + -init + -kernel + -vold + -vold_prepare_subdirs +} { vold_data_file vold_metadata_file }:notdevfile_class_set *; + +neverallow { domain -vold -init } restorecon_prop:property_service set; + +neverallow { + domain + -system_server + -vdc + -vold + -update_verifier + -apexd +} vold_service:service_manager find; + +neverallow vold { + domain + -hal_health_storage_server + -hal_keymaster_server + -system_suspend_server + -hal_bootctl_server + -healthd + -hwservicemanager + -iorapd_service + -servicemanager + -system_server + userdebug_or_eng(`-su') +}:binder call; + +neverallow vold fsck_exec:file execute_no_trans; +neverallow { domain -init } vold:process { transition dyntransition }; +neverallow vold *:process ptrace; +neverallow vold *:rawip_socket *; diff --git a/prebuilts/api/30.0/public/vold_prepare_subdirs.te b/prebuilts/api/30.0/public/vold_prepare_subdirs.te new file mode 100644 index 000000000..3087fa861 --- /dev/null +++ b/prebuilts/api/30.0/public/vold_prepare_subdirs.te @@ -0,0 +1,6 @@ +# SELinux directory creation and labelling for vold-managed directories + +type vold_prepare_subdirs, domain; +type vold_prepare_subdirs_exec, system_file_type, exec_type, file_type; + +typeattribute vold_prepare_subdirs coredomain; diff --git a/prebuilts/api/30.0/public/vr_hwc.te b/prebuilts/api/30.0/public/vr_hwc.te new file mode 100644 index 000000000..c14688703 --- /dev/null +++ b/prebuilts/api/30.0/public/vr_hwc.te @@ -0,0 +1,33 @@ +type vr_hwc, domain; +type vr_hwc_exec, system_file_type, exec_type, file_type; + +# Get buffer metadata. +hal_client_domain(vr_hwc, hal_graphics_allocator) + +binder_use(vr_hwc) +binder_service(vr_hwc) + +binder_call(vr_hwc, surfaceflinger) +# Needed to check for app permissions. +binder_call(vr_hwc, system_server) + +add_service(vr_hwc, vr_hwc_service) + +# Hosts the VR HWC implementation and provides a simple Binder interface for VR +# Window Manager to receive the layers/buffers. +hwbinder_use(vr_hwc) + +# Load vendor libraries. +allow vr_hwc system_file:dir r_dir_perms; + +allow vr_hwc ion_device:chr_file r_file_perms; + +# Allow connection to VR DisplayClient to get the primary display metadata +# (ie: size). +pdx_client(vr_hwc, display_client) + +# Requires access to the permission service to validate that clients have the +# appropriate VR permissions. +allow vr_hwc permission_service:service_manager find; + +allow vr_hwc vrflinger_vsync_service:service_manager find; diff --git a/prebuilts/api/30.0/public/watchdogd.te b/prebuilts/api/30.0/public/watchdogd.te new file mode 100644 index 000000000..72e368564 --- /dev/null +++ b/prebuilts/api/30.0/public/watchdogd.te @@ -0,0 +1,6 @@ +# watchdogd seclabel is specified in init..rc +type watchdogd, domain; +type watchdogd_exec, system_file_type, exec_type, file_type; + +allow watchdogd watchdog_device:chr_file rw_file_perms; +allow watchdogd kmsg_device:chr_file rw_file_perms; diff --git a/prebuilts/api/30.0/public/webview_zygote.te b/prebuilts/api/30.0/public/webview_zygote.te new file mode 100644 index 000000000..ace3a013e --- /dev/null +++ b/prebuilts/api/30.0/public/webview_zygote.te @@ -0,0 +1,6 @@ +# webview_zygote is an auxiliary zygote process that is used to spawn +# isolated_app processes for rendering untrusted web content. + +type webview_zygote, domain; +type webview_zygote_exec, exec_type, file_type; +type webview_zygote_tmpfs, file_type; diff --git a/prebuilts/api/30.0/public/wificond.te b/prebuilts/api/30.0/public/wificond.te new file mode 100644 index 000000000..b429884c5 --- /dev/null +++ b/prebuilts/api/30.0/public/wificond.te @@ -0,0 +1,42 @@ +# wificond +type wificond, domain; +type wificond_exec, system_file_type, exec_type, file_type; + +binder_use(wificond) +binder_call(wificond, system_server) +binder_call(wificond, keystore) + +add_service(wificond, wifinl80211_service) + +set_prop(wificond, exported_wifi_prop) +set_prop(wificond, wifi_prop) +set_prop(wificond, ctl_default_prop) + +# create sockets to set interfaces up and down +allow wificond self:udp_socket create_socket_perms; +# setting interface state up/down is a privileged ioctl +allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR }; +allow wificond self:global_capability_class_set { net_admin net_raw }; +# allow wificond to speak to nl80211 in the kernel +allow wificond self:netlink_socket create_socket_perms_no_ioctl; +# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets +allow wificond self:netlink_generic_socket create_socket_perms_no_ioctl; + +r_dir_file(wificond, proc_net_type) + +# allow wificond to check permission for dumping logs +allow wificond permission_service:service_manager find; + +# dumpstate support +allow wificond dumpstate:fd use; +allow wificond dumpstate:fifo_file write; + +#### Offer the Wifi Keystore HwBinder service ### +hwbinder_use(wificond) +get_prop(wificond, hwservicemanager_prop) +typeattribute wificond wifi_keystore_service_server; +add_hwservice(wificond, system_wifi_keystore_hwservice) + +# Allow keystore binder access to serve the HwBinder service. +allow wificond keystore_service:service_manager find; +allow wificond keystore:keystore_key get; diff --git a/prebuilts/api/30.0/public/wpantund.te b/prebuilts/api/30.0/public/wpantund.te new file mode 100644 index 000000000..8ddd6935d --- /dev/null +++ b/prebuilts/api/30.0/public/wpantund.te @@ -0,0 +1,29 @@ +type wpantund, domain; +type wpantund_exec, system_file_type, exec_type, file_type; + +hal_client_domain(wpantund, hal_lowpan) +net_domain(wpantund) + +binder_use(wpantund) +binder_call(wpantund, system_server) + +# wpantund needs to be able to check in with the lowpan_service +allow wpantund lowpan_service:service_manager find; + +# Allow wpantund to call any callbacks that have been registered with it. +# Generally, only privileged apps are able to register callbacks with +# wpantund, so we are limiting the scope for callbacks to only privileged +# apps. We also add shell to allow the command-line utility `lowpanctl` +# to work properly from `adb shell`. +allow wpantund {priv_app shell}:binder call; + +# create sockets to set interfaces up and down, add multicast groups, etc. +allow wpantund self:udp_socket create_socket_perms; + +# setting interface state up/down and changing MTU are privileged ioctls +allowxperm wpantund self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFMTU }; + +# Allow us to bring up a TUN network interface. +allow wpantund tun_device:chr_file rw_file_perms; +allow wpantund self:global_capability_class_set { net_admin net_raw }; +allow wpantund self:tun_socket create; diff --git a/prebuilts/api/30.0/public/zygote.te b/prebuilts/api/30.0/public/zygote.te new file mode 100644 index 000000000..071354e82 --- /dev/null +++ b/prebuilts/api/30.0/public/zygote.te @@ -0,0 +1,4 @@ +# zygote +type zygote, domain; +type zygote_tmpfs, file_type; +type zygote_exec, system_file_type, exec_type, file_type; From 79ec7da4e0689c2b70d03a08be50e8749adcba90 Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Mon, 4 May 2020 18:01:24 +0000 Subject: [PATCH 102/163] Revert "Define vendor-specific property ro.incremental.enable" This reverts commit 916163cf1ba1419eee6be4d21b4285ff0ffe1f6f. Reason for revert: breaks build BUG: 155655234 Change-Id: Idd4b682876786f80d892cf6b4e1cc8d748e34274 --- private/compat/29.0/29.0.ignore.cil | 1 - private/property_contexts | 3 --- private/system_server.te | 3 --- public/property.te | 1 - public/vendor_init.te | 1 - public/vold.te | 1 - 6 files changed, 10 deletions(-) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index a1780f07b..dce7880af 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -54,7 +54,6 @@ hal_tv_tuner_hwservice hal_vibrator_service incremental_control_file - incremental_prop incremental_service init_perf_lsm_hooks_prop init_svc_debug_prop diff --git a/private/property_contexts b/private/property_contexts index b29ef3c4f..10f029f81 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -249,9 +249,6 @@ persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 # history size. ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 -# Property to enable incremental feature -ro.incremental.enable u:object_r:incremental_prop:s0 - # Properties to configure userspace reboot. init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int diff --git a/private/system_server.te b/private/system_server.te index 84f881077..bfac1a6ec 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -678,9 +678,6 @@ get_prop(system_server, apk_verity_prop) # Read wifi.interface get_prop(system_server, wifi_prop) -# Read the vendor property that indicates if Incremental features is enabled -get_prop(system_server, incremental_prop) - # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/public/property.te b/public/property.te index e63bd0179..f69f2e768 100644 --- a/public/property.te +++ b/public/property.te @@ -117,7 +117,6 @@ system_vendor_config_prop(exported_camera_prop) system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) -system_vendor_config_prop(incremental_prop) system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index 9db846b21..c070dff6a 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -228,7 +228,6 @@ set_prop(vendor_init, exported2_system_prop) set_prop(vendor_init, exported2_vold_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) -set_prop(vendor_init, incremental_prop) set_prop(vendor_init, logd_prop) set_prop(vendor_init, log_tag_prop) set_prop(vendor_init, log_prop) diff --git a/public/vold.te b/public/vold.te index 5d3eccf76..e2985677b 100644 --- a/public/vold.te +++ b/public/vold.te @@ -202,7 +202,6 @@ set_prop(vold, ota_prop) set_prop(vold, boottime_prop) set_prop(vold, boottime_public_prop) get_prop(vold, storage_config_prop) -get_prop(vold, incremental_prop) # ASEC allow vold asec_image_file:file create_file_perms; From 5974c8b5383b28cd656a34d29cfde45b1f34c4a0 Mon Sep 17 00:00:00 2001 From: Songchun Fan Date: Tue, 28 Apr 2020 13:24:54 -0700 Subject: [PATCH 103/163] [rvc] Define vendor-specific property ro.incremental.enable [already merged in master and AOSP] Make ro.incremental.enable a vendor-specific property. Allow system_server and vold to read this property. Test: manual BUG: 155212902 Merged-In: I8ff8837af635fa8e7b5bb02e5f6de5ac15b5023b Change-Id: Id432390023de232deb4cc4d0ff3fb73904093b60 --- prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/property_contexts | 3 +++ prebuilts/api/30.0/private/system_server.te | 3 +++ prebuilts/api/30.0/public/property.te | 1 + prebuilts/api/30.0/public/vendor_init.te | 1 + prebuilts/api/30.0/public/vold.te | 1 + private/compat/29.0/29.0.ignore.cil | 1 + private/property_contexts | 3 +++ private/system_server.te | 3 +++ public/property.te | 1 + public/vendor_init.te | 1 + public/vold.te | 1 + 12 files changed, 20 insertions(+) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index e54aa776c..7c7727bdb 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -55,6 +55,7 @@ hal_tv_tuner_hwservice hal_vibrator_service incremental_control_file + incremental_prop incremental_service init_perf_lsm_hooks_prop init_svc_debug_prop diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts index 10f029f81..b29ef3c4f 100644 --- a/prebuilts/api/30.0/private/property_contexts +++ b/prebuilts/api/30.0/private/property_contexts @@ -249,6 +249,9 @@ persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 # history size. ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 +# Property to enable incremental feature +ro.incremental.enable u:object_r:incremental_prop:s0 + # Properties to configure userspace reboot. init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te index bfac1a6ec..84f881077 100644 --- a/prebuilts/api/30.0/private/system_server.te +++ b/prebuilts/api/30.0/private/system_server.te @@ -678,6 +678,9 @@ get_prop(system_server, apk_verity_prop) # Read wifi.interface get_prop(system_server, wifi_prop) +# Read the vendor property that indicates if Incremental features is enabled +get_prop(system_server, incremental_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index a435b4dc9..b96efa9b3 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -118,6 +118,7 @@ system_vendor_config_prop(exported_camera_prop) system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(incremental_prop) system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te index c070dff6a..9db846b21 100644 --- a/prebuilts/api/30.0/public/vendor_init.te +++ b/prebuilts/api/30.0/public/vendor_init.te @@ -228,6 +228,7 @@ set_prop(vendor_init, exported2_system_prop) set_prop(vendor_init, exported2_vold_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) +set_prop(vendor_init, incremental_prop) set_prop(vendor_init, logd_prop) set_prop(vendor_init, log_tag_prop) set_prop(vendor_init, log_prop) diff --git a/prebuilts/api/30.0/public/vold.te b/prebuilts/api/30.0/public/vold.te index e2985677b..5d3eccf76 100644 --- a/prebuilts/api/30.0/public/vold.te +++ b/prebuilts/api/30.0/public/vold.te @@ -202,6 +202,7 @@ set_prop(vold, ota_prop) set_prop(vold, boottime_prop) set_prop(vold, boottime_public_prop) get_prop(vold, storage_config_prop) +get_prop(vold, incremental_prop) # ASEC allow vold asec_image_file:file create_file_perms; diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index e54aa776c..7c7727bdb 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -55,6 +55,7 @@ hal_tv_tuner_hwservice hal_vibrator_service incremental_control_file + incremental_prop incremental_service init_perf_lsm_hooks_prop init_svc_debug_prop diff --git a/private/property_contexts b/private/property_contexts index 10f029f81..b29ef3c4f 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -249,6 +249,9 @@ persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 # history size. ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 +# Property to enable incremental feature +ro.incremental.enable u:object_r:incremental_prop:s0 + # Properties to configure userspace reboot. init.userspace_reboot.is_supported u:object_r:userspace_reboot_config_prop:s0 exact bool init.userspace_reboot.sigkill.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int diff --git a/private/system_server.te b/private/system_server.te index bfac1a6ec..84f881077 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -678,6 +678,9 @@ get_prop(system_server, apk_verity_prop) # Read wifi.interface get_prop(system_server, wifi_prop) +# Read the vendor property that indicates if Incremental features is enabled +get_prop(system_server, incremental_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/public/property.te b/public/property.te index a435b4dc9..b96efa9b3 100644 --- a/public/property.te +++ b/public/property.te @@ -118,6 +118,7 @@ system_vendor_config_prop(exported_camera_prop) system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(incremental_prop) system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index c070dff6a..9db846b21 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -228,6 +228,7 @@ set_prop(vendor_init, exported2_system_prop) set_prop(vendor_init, exported2_vold_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) +set_prop(vendor_init, incremental_prop) set_prop(vendor_init, logd_prop) set_prop(vendor_init, log_tag_prop) set_prop(vendor_init, log_prop) diff --git a/public/vold.te b/public/vold.te index e2985677b..5d3eccf76 100644 --- a/public/vold.te +++ b/public/vold.te @@ -202,6 +202,7 @@ set_prop(vold, ota_prop) set_prop(vold, boottime_prop) set_prop(vold, boottime_public_prop) get_prop(vold, storage_config_prop) +get_prop(vold, incremental_prop) # ASEC allow vold asec_image_file:file create_file_perms; From eeb9830aabb4217bc8c4708962e026f048b544f2 Mon Sep 17 00:00:00 2001 From: Jeongik Cha Date: Thu, 23 Apr 2020 23:38:43 +0900 Subject: [PATCH 104/163] mediaserver, mediaextractor, drmserver: allow vendor_overlay_file MediaPlayer cannot load a video from RRO packages. So, add allow rules which is necessary to play the video. Bug: b/154795779 Test: check if MediaPlayer can load a video in RRO Change-Id: I06eed146b6e70a548b6b4f4faf56ba2bccd68140 Merged-In: I06eed146b6e70a548b6b4f4faf56ba2bccd68140 (cherry picked from commit 832a8a9389e63dfbd7de6c4ced72a8ecce23ef92) --- private/coredomain.te | 2 +- public/drmserver.te | 3 +++ public/mediaextractor.te | 3 +++ public/mediaserver.te | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/private/coredomain.te b/private/coredomain.te index 32a1e3f5b..ab731f122 100644 --- a/private/coredomain.te +++ b/private/coredomain.te @@ -88,7 +88,7 @@ full_treble_only(` -webview_zygote -zygote userdebug_or_eng(`-heapprofd') - } vendor_overlay_file:file r_file_perms; + } vendor_overlay_file:file open; ') # Core domains are not permitted to use kernel interfaces which are not diff --git a/public/drmserver.te b/public/drmserver.te index 12c080aeb..e2c66383d 100644 --- a/public/drmserver.te +++ b/public/drmserver.te @@ -49,6 +49,9 @@ allow drmserver radio_data_file:file { read getattr map }; allow drmserver oemfs:dir search; allow drmserver oemfs:file r_file_perms; +# overlay package access +allow drmserver vendor_overlay_file:file { read map }; + add_service(drmserver, drmserver_service) allow drmserver permission_service:service_manager find; allow drmserver mediametrics_service:service_manager find; diff --git a/public/mediaextractor.te b/public/mediaextractor.te index 4bedb0f06..859ec9c3b 100644 --- a/public/mediaextractor.te +++ b/public/mediaextractor.te @@ -34,6 +34,9 @@ allow mediaextractor apk_data_file:file { read getattr }; allow mediaextractor asec_apk_file:file { read getattr }; allow mediaextractor ringtone_file:file { read getattr }; +# overlay package access +allow mediaextractor vendor_overlay_file:file { read map }; + # scan extractor library directory to dynamically load extractors allow mediaextractor system_file:dir { read open }; diff --git a/public/mediaserver.te b/public/mediaserver.te index 02a0eb072..52d358142 100644 --- a/public/mediaserver.te +++ b/public/mediaserver.te @@ -130,6 +130,9 @@ allow mediaserver system_server:fd use; # b/120491318 allow mediaserver to access void:fd allow mediaserver vold:fd use; +# overlay package access +allow mediaserver vendor_overlay_file:file { read getattr map }; + hal_client_domain(mediaserver, hal_allocator) ### From 1fa5d6a7c5313adf9ea3c31774c943fbec63e191 Mon Sep 17 00:00:00 2001 From: Jeongik Cha Date: Wed, 6 May 2020 14:08:35 +0900 Subject: [PATCH 105/163] Update prebuilt sepolicy Updating sepolicy in ag/11322695, accrodingly, update prebuilt dir as well > cp -r public/ prebuilts/api/${SDK_INT}.0/ > cp -r private/ prebuilts/api/${SDK_INT}.0/ Bug: 154795779 Test: m Change-Id: I55c2917e9c26cc44dd462c5434b78d36943bd195 --- prebuilts/api/30.0/private/coredomain.te | 2 +- prebuilts/api/30.0/public/drmserver.te | 3 +++ prebuilts/api/30.0/public/mediaextractor.te | 3 +++ prebuilts/api/30.0/public/mediaserver.te | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/prebuilts/api/30.0/private/coredomain.te b/prebuilts/api/30.0/private/coredomain.te index 32a1e3f5b..ab731f122 100644 --- a/prebuilts/api/30.0/private/coredomain.te +++ b/prebuilts/api/30.0/private/coredomain.te @@ -88,7 +88,7 @@ full_treble_only(` -webview_zygote -zygote userdebug_or_eng(`-heapprofd') - } vendor_overlay_file:file r_file_perms; + } vendor_overlay_file:file open; ') # Core domains are not permitted to use kernel interfaces which are not diff --git a/prebuilts/api/30.0/public/drmserver.te b/prebuilts/api/30.0/public/drmserver.te index 12c080aeb..e2c66383d 100644 --- a/prebuilts/api/30.0/public/drmserver.te +++ b/prebuilts/api/30.0/public/drmserver.te @@ -49,6 +49,9 @@ allow drmserver radio_data_file:file { read getattr map }; allow drmserver oemfs:dir search; allow drmserver oemfs:file r_file_perms; +# overlay package access +allow drmserver vendor_overlay_file:file { read map }; + add_service(drmserver, drmserver_service) allow drmserver permission_service:service_manager find; allow drmserver mediametrics_service:service_manager find; diff --git a/prebuilts/api/30.0/public/mediaextractor.te b/prebuilts/api/30.0/public/mediaextractor.te index 4bedb0f06..859ec9c3b 100644 --- a/prebuilts/api/30.0/public/mediaextractor.te +++ b/prebuilts/api/30.0/public/mediaextractor.te @@ -34,6 +34,9 @@ allow mediaextractor apk_data_file:file { read getattr }; allow mediaextractor asec_apk_file:file { read getattr }; allow mediaextractor ringtone_file:file { read getattr }; +# overlay package access +allow mediaextractor vendor_overlay_file:file { read map }; + # scan extractor library directory to dynamically load extractors allow mediaextractor system_file:dir { read open }; diff --git a/prebuilts/api/30.0/public/mediaserver.te b/prebuilts/api/30.0/public/mediaserver.te index 02a0eb072..52d358142 100644 --- a/prebuilts/api/30.0/public/mediaserver.te +++ b/prebuilts/api/30.0/public/mediaserver.te @@ -130,6 +130,9 @@ allow mediaserver system_server:fd use; # b/120491318 allow mediaserver to access void:fd allow mediaserver vold:fd use; +# overlay package access +allow mediaserver vendor_overlay_file:file { read getattr map }; + hal_client_domain(mediaserver, hal_allocator) ### From c63c15d207fe04facd93fdad6a0bf6a63d054568 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Mon, 4 May 2020 10:21:40 +0200 Subject: [PATCH 106/163] Gboard: Whitelist test failure This is intended to be temporary workaround until the Gboard developers fix their app. Addresses avc: denied { bind } for comm="ThreadPoolForeg" scontext=u:r:untrusted_app:s0:c166,c256,c512,c768 tcontext=u:r:untrusted_app:s0:c166,c256,c512,c768 tclass=netlink_route_socket permissive= app=com.google.android.inputmethod.latin Bug: 155595000 Bug: 155440523 Test: build Change-Id: I432ac1462329efb4bc118c3967a099833e6eb813 (cherry picked from commit aeebb9a42e6962fabd756389612bde42a5ca2035) --- private/bug_map | 1 + 1 file changed, 1 insertion(+) diff --git a/private/bug_map b/private/bug_map index 60c2f15b4..b2898bcbd 100644 --- a/private/bug_map +++ b/private/bug_map @@ -29,5 +29,6 @@ system_server overlayfs_file file b/142390309 system_server sdcardfs file b/77856826 system_server storage_stub_file dir b/145267097 system_server zygote process b/77856826 +untrusted_app untrusted_app netlink_route_socket b/155595000 vold system_data_file file b/124108085 zygote untrusted_app_25 process b/77925912 From 2f30c1877830b02e25d0c4a60e756b16c9761c57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Przemys=C5=82aw=20Szczepaniak?= Date: Thu, 23 Apr 2020 17:04:05 +0100 Subject: [PATCH 107/163] Allow neuralnetworks hal service to read files from /sdcard Bug: 138457453 Test: tflite nnapi benchmark app against /sdcard file Change-Id: I368629f9177141d59eb5862cd29dd65da68d3ad7 Merged-In: I368629f9177141d59eb5862cd29dd65da68d3ad7 (cherry picked from commit 94be98073d52a4e2eb417f3f7aeaec756034d447) --- prebuilts/api/30.0/public/hal_neuralnetworks.te | 3 +++ public/hal_neuralnetworks.te | 3 +++ 2 files changed, 6 insertions(+) diff --git a/prebuilts/api/30.0/public/hal_neuralnetworks.te b/prebuilts/api/30.0/public/hal_neuralnetworks.te index f8d6ff5a7..228d990cb 100644 --- a/prebuilts/api/30.0/public/hal_neuralnetworks.te +++ b/prebuilts/api/30.0/public/hal_neuralnetworks.te @@ -18,6 +18,9 @@ allow hal_neuralnetworks_server shell_data_file:file { read write getattr map }; # Allow NN HAL service to read a client-provided ION memory fd. allow hal_neuralnetworks_server ion_device:chr_file r_file_perms; +# Allow NN HAL service to use a client-provided fd residing in /storage +allow hal_neuralnetworks_server storage_file:file { getattr map read }; + # Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product # property to determine whether to deny NNAPI extensions use for apps # on product partition (apps in GSI are not allowed to use NNAPI extensions). diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te index f8d6ff5a7..228d990cb 100644 --- a/public/hal_neuralnetworks.te +++ b/public/hal_neuralnetworks.te @@ -18,6 +18,9 @@ allow hal_neuralnetworks_server shell_data_file:file { read write getattr map }; # Allow NN HAL service to read a client-provided ION memory fd. allow hal_neuralnetworks_server ion_device:chr_file r_file_perms; +# Allow NN HAL service to use a client-provided fd residing in /storage +allow hal_neuralnetworks_server storage_file:file { getattr map read }; + # Allow NN HAL client to check the ro.nnapi.extensions.deny_on_product # property to determine whether to deny NNAPI extensions use for apps # on product partition (apps in GSI are not allowed to use NNAPI extensions). From 9316da8e12fc587a0f89a1b2fb407a001863a3f7 Mon Sep 17 00:00:00 2001 From: Steve Muckle Date: Mon, 4 May 2020 08:58:46 -0700 Subject: [PATCH 108/163] allow modprobe to read /proc/cmdline This is needed for libmodprobe to pass module options on the kernel commandline to kernel modules when they are loaded. Bug: 155422904 Change-Id: I9df7e211765268815bfb9269365264f5ca468712 Merged-In: I9df7e211765268815bfb9269365264f5ca468712 --- prebuilts/api/30.0/public/modprobe.te | 1 + public/modprobe.te | 1 + vendor/vendor_modprobe.te | 1 + 3 files changed, 3 insertions(+) diff --git a/prebuilts/api/30.0/public/modprobe.te b/prebuilts/api/30.0/public/modprobe.te index 119040921..2c7d64b0b 100644 --- a/prebuilts/api/30.0/public/modprobe.te +++ b/prebuilts/api/30.0/public/modprobe.te @@ -1,6 +1,7 @@ type modprobe, domain; allow modprobe proc_modules:file r_file_perms; +allow modprobe proc_cmdline:file r_file_perms; allow modprobe self:global_capability_class_set sys_module; allow modprobe kernel:key search; recovery_only(` diff --git a/public/modprobe.te b/public/modprobe.te index 119040921..2c7d64b0b 100644 --- a/public/modprobe.te +++ b/public/modprobe.te @@ -1,6 +1,7 @@ type modprobe, domain; allow modprobe proc_modules:file r_file_perms; +allow modprobe proc_cmdline:file r_file_perms; allow modprobe self:global_capability_class_set sys_module; allow modprobe kernel:key search; recovery_only(` diff --git a/vendor/vendor_modprobe.te b/vendor/vendor_modprobe.te index 7689ca5d4..61df9e071 100644 --- a/vendor/vendor_modprobe.te +++ b/vendor/vendor_modprobe.te @@ -4,6 +4,7 @@ type vendor_modprobe, domain; domain_trans(init, vendor_toolbox_exec, vendor_modprobe) allow vendor_modprobe proc_modules:file r_file_perms; +allow vendor_modprobe proc_cmdline:file r_file_perms; allow vendor_modprobe self:global_capability_class_set sys_module; allow vendor_modprobe kernel:key search; From f010f9dbe3f4e091a400a350325bcf1810e58266 Mon Sep 17 00:00:00 2001 From: Howard Chen Date: Thu, 30 Apr 2020 17:45:45 +0800 Subject: [PATCH 109/163] Allow update_engine to get gsid property Allow the update_engine to use the gsid property and to avoid the VAB merge when running a DSU. Bug:147071959 Test: ota_e2etest.py Merged-In: I40220877625453198b217e788e6b3bfab8437f24 Change-Id: I40220877625453198b217e788e6b3bfab8437f24 --- public/update_engine.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/public/update_engine.te b/public/update_engine.te index 078e494d9..8b767bea0 100644 --- a/public/update_engine.te +++ b/public/update_engine.te @@ -69,6 +69,9 @@ set_prop(update_engine, ctl_gsid_prop) # Allow to set the OTA related properties, e.g. ota.warm_reset. set_prop(update_engine, ota_prop) +# Allow to get the DSU status +get_prop(update_engine, gsid_prop) + # update_engine tries to determine the parent path for all devices (e.g. # /dev/block/by-name) by reading the default fstab and looking for the misc # device. ReadDefaultFstab() checks whether a GSI is running by checking From f6b2db0be7ebcf639717a39ff5f02f3cdb010ac2 Mon Sep 17 00:00:00 2001 From: Howard Chen Date: Fri, 8 May 2020 10:10:01 +0800 Subject: [PATCH 110/163] Allow update_engine to get gsid property Allow the update_engine to use the gsid property and to avoid the VAB merge when running a DSU. Bug:147071959 Test: ota_e2etest.py Change-Id: I4a8d179e7e71f74d0c7ad34767de1f619f134d20 --- prebuilts/api/30.0/public/update_engine.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/prebuilts/api/30.0/public/update_engine.te b/prebuilts/api/30.0/public/update_engine.te index 078e494d9..8b767bea0 100644 --- a/prebuilts/api/30.0/public/update_engine.te +++ b/prebuilts/api/30.0/public/update_engine.te @@ -69,6 +69,9 @@ set_prop(update_engine, ctl_gsid_prop) # Allow to set the OTA related properties, e.g. ota.warm_reset. set_prop(update_engine, ota_prop) +# Allow to get the DSU status +get_prop(update_engine, gsid_prop) + # update_engine tries to determine the parent path for all devices (e.g. # /dev/block/by-name) by reading the default fstab and looking for the misc # device. ReadDefaultFstab() checks whether a GSI is running by checking From ff4789185a73110d68cd010a2960a391ce626d15 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Tue, 5 May 2020 11:25:58 -0700 Subject: [PATCH 111/163] sepolicy: Allow lmkd to communicate with its other instance for reinit Lmkd should implement reinit functionality and to do so it needs to communicate with its running instance using socket. Bug: 155149944 Test: lmkd --reinit Signed-off-by: Suren Baghdasaryan Merged-In: I81455fe187830081d88f001b4588f7607b1bd1d0 Change-Id: I81455fe187830081d88f001b4588f7607b1bd1d0 --- prebuilts/api/30.0/public/lmkd.te | 3 +++ public/lmkd.te | 3 +++ 2 files changed, 6 insertions(+) diff --git a/prebuilts/api/30.0/public/lmkd.te b/prebuilts/api/30.0/public/lmkd.te index b852f4418..67e93e13b 100644 --- a/prebuilts/api/30.0/public/lmkd.te +++ b/prebuilts/api/30.0/public/lmkd.te @@ -60,6 +60,9 @@ allow lmkd proc_pressure_io:file r_file_perms; # Read/Write /proc/pressure/memory allow lmkd proc_pressure_mem:file rw_file_perms; +# Allow lmkd to connect during reinit. +allow lmkd lmkd_socket:sock_file write; + # Allow lmkd to write to statsd. unix_socket_send(lmkd, statsdw, statsd) diff --git a/public/lmkd.te b/public/lmkd.te index b852f4418..67e93e13b 100644 --- a/public/lmkd.te +++ b/public/lmkd.te @@ -60,6 +60,9 @@ allow lmkd proc_pressure_io:file r_file_perms; # Read/Write /proc/pressure/memory allow lmkd proc_pressure_mem:file rw_file_perms; +# Allow lmkd to connect during reinit. +allow lmkd lmkd_socket:sock_file write; + # Allow lmkd to write to statsd. unix_socket_send(lmkd, statsdw, statsd) From 9436677538e42706c47c58f7f15db7921c448833 Mon Sep 17 00:00:00 2001 From: Suren Baghdasaryan Date: Tue, 5 May 2020 12:41:02 -0700 Subject: [PATCH 112/163] Add lmkd. property policies lmkd.reinit property allows vendors to trigger lmkd reinitialization. Add lmkd_prop to support lmkd.* properties inlcuding lmkd.reinit. Bug: 155149944 Test: setprop lmkd.reinit 1 Signed-off-by: Suren Baghdasaryan Merged-In: I6ba598bad7ebb40fd6f23de473f25f32e53c996d Change-Id: I6ba598bad7ebb40fd6f23de473f25f32e53c996d --- prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/lmkd.te | 5 +++++ prebuilts/api/30.0/private/property_contexts | 1 + prebuilts/api/30.0/public/property.te | 1 + prebuilts/api/30.0/public/vendor_init.te | 1 + private/compat/29.0/29.0.ignore.cil | 1 + private/lmkd.te | 5 +++++ private/property_contexts | 1 + public/property.te | 1 + public/vendor_init.te | 1 + 10 files changed, 18 insertions(+) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index 7c7727bdb..e614c9719 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -74,6 +74,7 @@ mirror_data_file light_service linkerconfig_file + lmkd_prop media_variant_prop metadata_bootstat_file mnt_pass_through_file diff --git a/prebuilts/api/30.0/private/lmkd.te b/prebuilts/api/30.0/private/lmkd.te index a07ce879c..e51cddb4c 100644 --- a/prebuilts/api/30.0/private/lmkd.te +++ b/prebuilts/api/30.0/private/lmkd.te @@ -1,3 +1,8 @@ typeattribute lmkd coredomain; init_daemon_domain(lmkd) + +# Set lmkd.* properties. +set_prop(lmkd, lmkd_prop) + +neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set; diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts index b29ef3c4f..a117fccd9 100644 --- a/prebuilts/api/30.0/private/property_contexts +++ b/prebuilts/api/30.0/private/property_contexts @@ -42,6 +42,7 @@ llk. u:object_r:llkd_prop:s0 khungtask. u:object_r:llkd_prop:s0 ro.llk. u:object_r:llkd_prop:s0 ro.khungtask. u:object_r:llkd_prop:s0 +lmkd.reinit u:object_r:lmkd_prop:s0 exact int log. u:object_r:log_prop:s0 log.tag u:object_r:log_tag_prop:s0 log.tag.WifiHAL u:object_r:wifi_log_prop:s0 diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index b96efa9b3..316d3c693 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -155,6 +155,7 @@ system_public_prop(exported_system_radio_prop) system_public_prop(exported_wifi_prop) system_public_prop(sota_prop) system_public_prop(hwservicemanager_prop) +system_public_prop(lmkd_prop) system_public_prop(logd_prop) system_public_prop(logpersistd_logging_prop) system_public_prop(log_prop) diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te index 9db846b21..12a360eb8 100644 --- a/prebuilts/api/30.0/public/vendor_init.te +++ b/prebuilts/api/30.0/public/vendor_init.te @@ -229,6 +229,7 @@ set_prop(vendor_init, exported2_vold_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) set_prop(vendor_init, incremental_prop) +set_prop(vendor_init, lmkd_prop) set_prop(vendor_init, logd_prop) set_prop(vendor_init, log_tag_prop) set_prop(vendor_init, log_prop) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 7c7727bdb..e614c9719 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -74,6 +74,7 @@ mirror_data_file light_service linkerconfig_file + lmkd_prop media_variant_prop metadata_bootstat_file mnt_pass_through_file diff --git a/private/lmkd.te b/private/lmkd.te index a07ce879c..e51cddb4c 100644 --- a/private/lmkd.te +++ b/private/lmkd.te @@ -1,3 +1,8 @@ typeattribute lmkd coredomain; init_daemon_domain(lmkd) + +# Set lmkd.* properties. +set_prop(lmkd, lmkd_prop) + +neverallow { -init -lmkd -vendor_init } lmkd_prop:property_service set; diff --git a/private/property_contexts b/private/property_contexts index b29ef3c4f..a117fccd9 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -42,6 +42,7 @@ llk. u:object_r:llkd_prop:s0 khungtask. u:object_r:llkd_prop:s0 ro.llk. u:object_r:llkd_prop:s0 ro.khungtask. u:object_r:llkd_prop:s0 +lmkd.reinit u:object_r:lmkd_prop:s0 exact int log. u:object_r:log_prop:s0 log.tag u:object_r:log_tag_prop:s0 log.tag.WifiHAL u:object_r:wifi_log_prop:s0 diff --git a/public/property.te b/public/property.te index b96efa9b3..316d3c693 100644 --- a/public/property.te +++ b/public/property.te @@ -155,6 +155,7 @@ system_public_prop(exported_system_radio_prop) system_public_prop(exported_wifi_prop) system_public_prop(sota_prop) system_public_prop(hwservicemanager_prop) +system_public_prop(lmkd_prop) system_public_prop(logd_prop) system_public_prop(logpersistd_logging_prop) system_public_prop(log_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index 9db846b21..12a360eb8 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -229,6 +229,7 @@ set_prop(vendor_init, exported2_vold_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) set_prop(vendor_init, incremental_prop) +set_prop(vendor_init, lmkd_prop) set_prop(vendor_init, logd_prop) set_prop(vendor_init, log_tag_prop) set_prop(vendor_init, log_prop) From ec7b180bc8eecddb75c9acd75ae5de54ba1bbcae Mon Sep 17 00:00:00 2001 From: Stefano Galarraga Date: Mon, 11 May 2020 08:28:05 +0100 Subject: [PATCH 113/163] Sync prebuilts with NNAPI enablement change Synchronizing changes in prebuilt dumpstate.te with changes in Ibad9b68736ccbdc3ed796606fd1d78ca04f98ad0. Test: build + boot Bug: 145388549 Bug: 154169913 Change-Id: I8ad5245181d79e787e26910ee4e701e2ae6812c9 --- prebuilts/api/30.0/public/dumpstate.te | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/prebuilts/api/30.0/public/dumpstate.te b/prebuilts/api/30.0/public/dumpstate.te index 55705a9b3..c3051756b 100644 --- a/prebuilts/api/30.0/public/dumpstate.te +++ b/prebuilts/api/30.0/public/dumpstate.te @@ -85,6 +85,7 @@ allow dumpstate { hal_graphics_allocator_server hal_graphics_composer_server hal_health_server + hal_neuralnetworks_server hal_omx_server hal_power_server hal_power_stats_server @@ -135,9 +136,10 @@ r_dir_file(dumpstate, cgroup) binder_call(dumpstate, binderservicedomain) binder_call(dumpstate, { appdomain netd wificond }) -hal_client_domain(dumpstate, hal_dumpstate) -hal_client_domain(dumpstate, hal_wifi) -hal_client_domain(dumpstate, hal_graphics_allocator) +dump_hal(hal_dumpstate) +dump_hal(hal_wifi) +dump_hal(hal_graphics_allocator) +dump_hal(hal_neuralnetworks) # Vibrate the device after we are done collecting the bugreport hal_client_domain(dumpstate, hal_vibrator) From 7b59ae50e61c603a3162c8270ed6c4037731e5c2 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Mon, 11 May 2020 16:01:57 +0900 Subject: [PATCH 114/163] Remove sys.vdso property This is an experimental property on Q and doesn't need anymore. Bug: 154885206 Test: N/A Change-Id: I80415edc002345849b375e07fdf5783cf60c2446 --- private/property_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/private/property_contexts b/private/property_contexts index 88c07c162..17a135fd9 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -511,7 +511,6 @@ persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool -sys.vdso u:object_r:exported3_system_prop:s0 exact string persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool From 8df611bb4649d4117192dc3e3edb0a1fb42c49a8 Mon Sep 17 00:00:00 2001 From: Yiming Jing Date: Thu, 23 Apr 2020 16:18:58 +0000 Subject: [PATCH 115/163] DO NOT MERGE: Remove duplicate neverallow for hal_audio_server Cherry picked from commit 996059 (rvc-dev-plus-aosp), which is auto merged from aosp/1290960 (master). In addition, 'prebuilts/api/30.0/public/hal_audio.te' is updated to be consistent with 'public/hal_audio.te'. Bug: 155306710 Test: tested with the following rules in 'vendor/hal_audio_default.te' Test: type hal_audio_socket, domain; Test: typeattribute hal_audio_default hal_automotive_socket_exemption; Test: allow hal_audio_default hal_audio_socket:tcp_socket connect; Test: m -j should compile sepolicy without complaints Change-Id: I0b8a5f9c9d826680223dbb9204862ea46c557856 (cherry picked from commit 9960590f8d2b8d502c9ff0ee70cdd41a2244937c) --- prebuilts/api/30.0/public/hal_audio.te | 4 ---- public/hal_audio.te | 4 ---- 2 files changed, 8 deletions(-) diff --git a/prebuilts/api/30.0/public/hal_audio.te b/prebuilts/api/30.0/public/hal_audio.te index d54b2b250..5958f2c96 100644 --- a/prebuilts/api/30.0/public/hal_audio.te +++ b/prebuilts/api/30.0/public/hal_audio.te @@ -30,10 +30,6 @@ vndbinder_use(hal_audio) # Should never execute any executable without a domain transition neverallow hal_audio_server { file_type fs_type }:file execute_no_trans; -# Should never need network access. -# Disallow network sockets. -neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *; - # Only audio HAL may directly access the audio hardware neverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *; diff --git a/public/hal_audio.te b/public/hal_audio.te index d54b2b250..5958f2c96 100644 --- a/public/hal_audio.te +++ b/public/hal_audio.te @@ -30,10 +30,6 @@ vndbinder_use(hal_audio) # Should never execute any executable without a domain transition neverallow hal_audio_server { file_type fs_type }:file execute_no_trans; -# Should never need network access. -# Disallow network sockets. -neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *; - # Only audio HAL may directly access the audio hardware neverallow { halserverdomain -hal_audio_server -hal_omx_server } audio_device:chr_file *; From 4062937968cadb7927be5b15c13ece98fbd9311a Mon Sep 17 00:00:00 2001 From: Malcolm Chen Date: Fri, 8 May 2020 12:07:06 -0700 Subject: [PATCH 116/163] Expose max.active.modem to be vendor inittable. And rename it properly. Bug: 154072245 Test: manual Change-Id: I85b060ef90a747b43e1ab386337ffc5b49d29e57 Merged-In: I85b060ef90a747b43e1ab386337ffc5b49d29e57 --- prebuilts/api/30.0/public/property_contexts | 1 + public/property_contexts | 1 + 2 files changed, 2 insertions(+) diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts index 5abe85b82..7bd1b726a 100644 --- a/prebuilts/api/30.0/public/property_contexts +++ b/prebuilts/api/30.0/public/property_contexts @@ -184,6 +184,7 @@ sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool sys.usb.state u:object_r:exported2_system_prop:s0 exact string telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int +telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool diff --git a/public/property_contexts b/public/property_contexts index 5abe85b82..7bd1b726a 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -184,6 +184,7 @@ sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int sys.usb.ffs.mtp.ready u:object_r:exported_ffs_prop:s0 exact bool sys.usb.state u:object_r:exported2_system_prop:s0 exact string telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int +telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool From a6d6f677a2ed4778cfd9ce45293b9186148869a4 Mon Sep 17 00:00:00 2001 From: Evan Severson Date: Mon, 4 May 2020 15:13:34 -0700 Subject: [PATCH 117/163] Allow permission controller to use radio service Test: Observe denial go away Bug: 153997991 Change-Id: I9a11e226867a5d68f2490f5143963cc66bd09538 --- prebuilts/api/30.0/private/permissioncontroller_app.te | 1 + private/permissioncontroller_app.te | 1 + 2 files changed, 2 insertions(+) diff --git a/prebuilts/api/30.0/private/permissioncontroller_app.te b/prebuilts/api/30.0/private/permissioncontroller_app.te index 8a6f6aa26..41185e3da 100644 --- a/prebuilts/api/30.0/private/permissioncontroller_app.te +++ b/prebuilts/api/30.0/private/permissioncontroller_app.te @@ -27,6 +27,7 @@ allow permissioncontroller_app incidentcompanion_service:service_manager find; allow permissioncontroller_app IProxyService_service:service_manager find; allow permissioncontroller_app location_service:service_manager find; allow permissioncontroller_app media_session_service:service_manager find; +allow permissioncontroller_app radio_service:service_manager find; allow permissioncontroller_app surfaceflinger_service:service_manager find; allow permissioncontroller_app telecom_service:service_manager find; allow permissioncontroller_app trust_service:service_manager find; diff --git a/private/permissioncontroller_app.te b/private/permissioncontroller_app.te index 8a6f6aa26..41185e3da 100644 --- a/private/permissioncontroller_app.te +++ b/private/permissioncontroller_app.te @@ -27,6 +27,7 @@ allow permissioncontroller_app incidentcompanion_service:service_manager find; allow permissioncontroller_app IProxyService_service:service_manager find; allow permissioncontroller_app location_service:service_manager find; allow permissioncontroller_app media_session_service:service_manager find; +allow permissioncontroller_app radio_service:service_manager find; allow permissioncontroller_app surfaceflinger_service:service_manager find; allow permissioncontroller_app telecom_service:service_manager find; allow permissioncontroller_app trust_service:service_manager find; From 1d63d5d0756d0d47ef6ec816b3c35b3b96bd50d4 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Wed, 6 May 2020 20:07:33 +0900 Subject: [PATCH 118/163] Relabel ro.build. properties - exported_fingerprint_prop is deleted - other ro.build. properties become build_prop Bug: 155844385 Test: sepolicy_tests Change-Id: Ic1194e8e7c23394e5a7c6176f9f9598109bb5fb7 --- private/compat/27.0/27.0.ignore.cil | 1 + private/compat/30.0/30.0.cil | 6 ++-- private/property.te | 1 - private/property_contexts | 43 ++++++++++++++--------------- private/system_server.te | 1 - public/domain.te | 4 ++- public/property.te | 7 ++--- 7 files changed, 30 insertions(+), 33 deletions(-) diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index e6b9f4f69..520bb02fe 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -30,6 +30,7 @@ bluetooth_a2dp_offload_prop bpfloader bpfloader_exec + build_prop camera_config_prop cgroup_bpf charger_exec diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil index 766518be3..0a21e03ba 100644 --- a/private/compat/30.0/30.0.cil +++ b/private/compat/30.0/30.0.cil @@ -2,6 +2,7 @@ (type exported_audio_prop) (type exported_dalvik_prop) (type exported_ffs_prop) +(type exported_fingerprint_prop) (type exported_vold_prop) (type exported2_config_prop) (type exported2_vold_prop) @@ -285,7 +286,6 @@ (expandtypeattribute (ffs_prop_30_0) true) (expandtypeattribute (file_contexts_file_30_0) true) (expandtypeattribute (file_integrity_service_30_0) true) -(expandtypeattribute (fingerprint_prop_30_0) true) (expandtypeattribute (fingerprint_service_30_0) true) (expandtypeattribute (fingerprint_vendor_data_file_30_0) true) (expandtypeattribute (fingerprintd_30_0) true) @@ -1342,6 +1342,7 @@ (typeattributeset exported2_default_prop_30_0 ( exported2_default_prop aac_drc_prop + build_prop libc_debug_prop)) (typeattributeset exported2_radio_prop_30_0 (exported2_radio_prop)) (typeattributeset exported2_system_prop_30_0 @@ -1367,7 +1368,7 @@ ( exported_ffs_prop ffs_config_prop ffs_control_prop)) -(typeattributeset exported_fingerprint_prop_30_0 (exported_fingerprint_prop)) +(typeattributeset exported_fingerprint_prop_30_0 (exported_fingerprint_prop fingerprint_prop)) (typeattributeset exported_overlay_prop_30_0 (exported_overlay_prop)) (typeattributeset exported_pm_prop_30_0 (exported_pm_prop)) (typeattributeset exported_radio_prop_30_0 (exported_radio_prop)) @@ -1383,7 +1384,6 @@ (typeattributeset ffs_prop_30_0 (ffs_prop)) (typeattributeset file_contexts_file_30_0 (file_contexts_file)) (typeattributeset file_integrity_service_30_0 (file_integrity_service)) -(typeattributeset fingerprint_prop_30_0 (fingerprint_prop)) (typeattributeset fingerprint_service_30_0 (fingerprint_service)) (typeattributeset fingerprint_vendor_data_file_30_0 (fingerprint_vendor_data_file)) (typeattributeset fingerprintd_30_0 (fingerprintd)) diff --git a/private/property.te b/private/property.te index 4bd7e1a94..d634d29b0 100644 --- a/private/property.te +++ b/private/property.te @@ -136,7 +136,6 @@ compatible_property_only(` exported_config_prop exported_default_prop exported_dumpstate_prop - exported_fingerprint_prop exported_system_prop exported_system_radio_prop exported2_default_prop diff --git a/private/property_contexts b/private/property_contexts index 9fdcb1ac5..20dcef794 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -112,7 +112,7 @@ ro.crypto. u:object_r:vold_prop:s0 # ro.build.fingerprint is either set in /system/build.prop, or is # set at runtime by system_server. -ro.build.fingerprint u:object_r:fingerprint_prop:s0 +ro.build.fingerprint u:object_r:fingerprint_prop:s0 exact string ro.persistent_properties.ready u:object_r:persistent_properties_ready_prop:s0 @@ -585,31 +585,30 @@ ro.bootloader u:object_r:exported2_default_prop:s0 exact string ro.boottime.init.mount.data u:object_r:boottime_public_prop:s0 exact string ro.boottime.init.fsck.data u:object_r:boottime_public_prop:s0 exact string -ro.build.date u:object_r:exported2_default_prop:s0 exact string -ro.build.date.utc u:object_r:exported2_default_prop:s0 exact int -ro.build.description u:object_r:exported2_default_prop:s0 exact string -ro.build.display.id u:object_r:exported2_default_prop:s0 exact string -ro.build.fingerprint u:object_r:exported_fingerprint_prop:s0 exact string -ro.build.host u:object_r:exported2_default_prop:s0 exact string -ro.build.id u:object_r:exported2_default_prop:s0 exact string -ro.build.product u:object_r:exported2_default_prop:s0 exact string -ro.build.system_root_image u:object_r:exported2_default_prop:s0 exact bool -ro.build.tags u:object_r:exported2_default_prop:s0 exact string -ro.build.user u:object_r:exported2_default_prop:s0 exact string -ro.build.version.base_os u:object_r:exported2_default_prop:s0 exact string -ro.build.version.codename u:object_r:exported2_default_prop:s0 exact string -ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string -ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int -ro.build.version.release u:object_r:exported2_default_prop:s0 exact string -ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string -ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int -ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string +ro.build.date u:object_r:build_prop:s0 exact string +ro.build.date.utc u:object_r:build_prop:s0 exact int +ro.build.description u:object_r:build_prop:s0 exact string +ro.build.display.id u:object_r:build_prop:s0 exact string +ro.build.host u:object_r:build_prop:s0 exact string +ro.build.id u:object_r:build_prop:s0 exact string +ro.build.product u:object_r:build_prop:s0 exact string +ro.build.system_root_image u:object_r:build_prop:s0 exact bool +ro.build.tags u:object_r:build_prop:s0 exact string +ro.build.user u:object_r:build_prop:s0 exact string +ro.build.version.base_os u:object_r:build_prop:s0 exact string +ro.build.version.codename u:object_r:build_prop:s0 exact string +ro.build.version.incremental u:object_r:build_prop:s0 exact string +ro.build.version.preview_sdk u:object_r:build_prop:s0 exact int +ro.build.version.release u:object_r:build_prop:s0 exact string +ro.build.version.release_or_codename u:object_r:build_prop:s0 exact string +ro.build.version.sdk u:object_r:build_prop:s0 exact int +ro.build.version.security_patch u:object_r:build_prop:s0 exact string + +ro.debuggable u:object_r:build_prop:s0 exact bool ro.crypto.state u:object_r:vold_status_prop:s0 exact enum encrypted unencrypted unsupported ro.crypto.type u:object_r:vold_status_prop:s0 exact enum block file none -ro.debuggable u:object_r:exported2_default_prop:s0 exact int - ro.hardware u:object_r:exported2_default_prop:s0 exact string ro.product.brand u:object_r:exported2_default_prop:s0 exact string diff --git a/private/system_server.te b/private/system_server.te index e9f57f1ef..db8bdc99e 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -610,7 +610,6 @@ set_prop(system_server, exported_system_radio_prop) set_prop(system_server, debug_prop) set_prop(system_server, powerctl_prop) set_prop(system_server, fingerprint_prop) -set_prop(system_server, exported_fingerprint_prop) set_prop(system_server, device_logging_prop) set_prop(system_server, dumpstate_options_prop) set_prop(system_server, overlay_prop) diff --git a/public/domain.te b/public/domain.te index 2e17f420f..038079d60 100644 --- a/public/domain.te +++ b/public/domain.te @@ -94,15 +94,16 @@ allow domain properties_serial:file r_file_perms; allow domain property_info:file r_file_perms; # Public readable properties +get_prop(domain, build_prop) get_prop(domain, debug_prop) get_prop(domain, exported_config_prop) get_prop(domain, exported_default_prop) get_prop(domain, exported_dumpstate_prop) -get_prop(domain, exported_fingerprint_prop) get_prop(domain, exported_radio_prop) get_prop(domain, exported_secure_prop) get_prop(domain, exported_system_prop) get_prop(domain, exported2_default_prop) +get_prop(domain, fingerprint_prop) get_prop(domain, libc_debug_prop) get_prop(domain, logd_prop) get_prop(domain, socket_hook_prop) @@ -542,6 +543,7 @@ compatible_property_only(` ') neverallow { domain -init } aac_drc_prop:property_service set; +neverallow { domain -init } build_prop:property_service set; # Do not allow reading device's serial number from system properties except form # a few whitelisted domains. diff --git a/public/property.te b/public/property.te index 50ef6a211..1840fcfad 100644 --- a/public/property.te +++ b/public/property.te @@ -61,6 +61,8 @@ system_restricted_prop(binder_cache_telephony_server_prop) system_restricted_prop(boot_status_prop) system_restricted_prop(boottime_public_prop) system_restricted_prop(bq_config_prop) +system_restricted_prop(build_prop) +system_restricted_prop(fingerprint_prop) system_restricted_prop(libc_debug_prop) system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) @@ -84,9 +86,7 @@ compatible_property_only(` system_restricted_prop(exported2_default_prop) system_restricted_prop(exported3_system_prop) system_restricted_prop(exported_dumpstate_prop) - system_restricted_prop(exported_fingerprint_prop) system_restricted_prop(exported_secure_prop) - system_restricted_prop(fingerprint_prop) system_restricted_prop(heapprofd_prop) system_restricted_prop(net_radio_prop) system_restricted_prop(pan_result_prop) @@ -217,9 +217,7 @@ not_compatible_property(` system_public_prop(exported2_default_prop) system_public_prop(exported3_system_prop) system_public_prop(exported_dumpstate_prop) - system_public_prop(exported_fingerprint_prop) system_public_prop(exported_secure_prop) - system_public_prop(fingerprint_prop) system_public_prop(heapprofd_prop) system_public_prop(net_radio_prop) system_public_prop(pan_result_prop) @@ -256,7 +254,6 @@ typeattribute debug_prop core_property_type; typeattribute default_prop core_property_type; typeattribute dhcp_prop core_property_type; typeattribute dumpstate_prop core_property_type; -typeattribute fingerprint_prop core_property_type; typeattribute logd_prop core_property_type; typeattribute net_radio_prop core_property_type; typeattribute nfc_prop core_property_type; From 77efb419f33d6acbd3967fdd237ff3283e960f39 Mon Sep 17 00:00:00 2001 From: Collin Fijalkovich Date: Wed, 29 Apr 2020 16:10:15 -0700 Subject: [PATCH 119/163] Allow ActivityManagerService to start cacheDump service. Configures SELinux to allow ActivityManagerService to start a cacheinfo service that is responsible for dumping per-process cache state. Bug: 153661880 Test: adb shell dumpsys cacheinfo Test: adb bugreport Change-Id: Id6a4bdf2a9cb6d7f076b08706e0f91d377f38603 --- prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/service_contexts | 1 + prebuilts/api/30.0/public/service.te | 1 + private/compat/29.0/29.0.ignore.cil | 1 + private/service_contexts | 1 + public/service.te | 1 + 6 files changed, 6 insertions(+) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index e614c9719..0a9da30bf 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -28,6 +28,7 @@ binderfs_logs_proc boringssl_self_test bq_config_prop + cacheinfo_service charger_prop cold_boot_done_prop credstore diff --git a/prebuilts/api/30.0/private/service_contexts b/prebuilts/api/30.0/private/service_contexts index e01dcc1af..5c6f1a476 100644 --- a/prebuilts/api/30.0/private/service_contexts +++ b/prebuilts/api/30.0/private/service_contexts @@ -40,6 +40,7 @@ bluetooth_manager u:object_r:bluetooth_manager_service:s bluetooth u:object_r:bluetooth_service:s0 broadcastradio u:object_r:broadcastradio_service:s0 bugreport u:object_r:bugreport_service:s0 +cacheinfo u:object_r:cacheinfo_service:s0 carrier_config u:object_r:radio_service:s0 clipboard u:object_r:clipboard_service:s0 com.android.net.IProxyService u:object_r:IProxyService_service:s0 diff --git a/prebuilts/api/30.0/public/service.te b/prebuilts/api/30.0/public/service.te index 968e523cf..3c17179b6 100644 --- a/prebuilts/api/30.0/public/service.te +++ b/prebuilts/api/30.0/public/service.te @@ -63,6 +63,7 @@ type binder_calls_stats_service, system_server_service, service_manager_type; type blob_store_service, app_api_service, system_server_service, service_manager_type; type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type broadcastradio_service, system_server_service, service_manager_type; +type cacheinfo_service, system_api_service, system_server_service, service_manager_type; type cameraproxy_service, system_server_service, service_manager_type; type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type contexthub_service, app_api_service, system_server_service, service_manager_type; diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index e614c9719..0a9da30bf 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -28,6 +28,7 @@ binderfs_logs_proc boringssl_self_test bq_config_prop + cacheinfo_service charger_prop cold_boot_done_prop credstore diff --git a/private/service_contexts b/private/service_contexts index e01dcc1af..5c6f1a476 100644 --- a/private/service_contexts +++ b/private/service_contexts @@ -40,6 +40,7 @@ bluetooth_manager u:object_r:bluetooth_manager_service:s bluetooth u:object_r:bluetooth_service:s0 broadcastradio u:object_r:broadcastradio_service:s0 bugreport u:object_r:bugreport_service:s0 +cacheinfo u:object_r:cacheinfo_service:s0 carrier_config u:object_r:radio_service:s0 clipboard u:object_r:clipboard_service:s0 com.android.net.IProxyService u:object_r:IProxyService_service:s0 diff --git a/public/service.te b/public/service.te index 968e523cf..3c17179b6 100644 --- a/public/service.te +++ b/public/service.te @@ -63,6 +63,7 @@ type binder_calls_stats_service, system_server_service, service_manager_type; type blob_store_service, app_api_service, system_server_service, service_manager_type; type bluetooth_manager_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type broadcastradio_service, system_server_service, service_manager_type; +type cacheinfo_service, system_api_service, system_server_service, service_manager_type; type cameraproxy_service, system_server_service, service_manager_type; type clipboard_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type contexthub_service, app_api_service, system_server_service, service_manager_type; From fdda81a5213e35e516ae24f9e4eb1ed55df60055 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Wed, 13 May 2020 14:40:49 +0200 Subject: [PATCH 120/163] incident_service: only disallow untrusted access Allow device-specific domains to access the incident_service. Test: build Bug: 156479626 (Cherry picked from commit 2aa8042f9db1eac2fb19f479f9f0a5ebd76d9ab6) Change-Id: I64d844f7a549afb4224d91b086c1f5fd76d0664c --- prebuilts/api/30.0/private/app_neverallows.te | 3 +++ prebuilts/api/30.0/private/incidentd.te | 15 --------------- private/app_neverallows.te | 3 +++ private/incidentd.te | 15 --------------- 4 files changed, 6 insertions(+), 30 deletions(-) diff --git a/prebuilts/api/30.0/private/app_neverallows.te b/prebuilts/api/30.0/private/app_neverallows.te index 66e9f69d2..115718700 100644 --- a/prebuilts/api/30.0/private/app_neverallows.te +++ b/prebuilts/api/30.0/private/app_neverallows.te @@ -257,3 +257,6 @@ neverallow { -untrusted_app_25 -untrusted_app_27 } mnt_sdcard_file:lnk_file *; + +# Only privileged apps may find the incident service +neverallow all_untrusted_apps incident_service:service_manager find; diff --git a/prebuilts/api/30.0/private/incidentd.te b/prebuilts/api/30.0/private/incidentd.te index 405684ae6..656f69fed 100644 --- a/prebuilts/api/30.0/private/incidentd.te +++ b/prebuilts/api/30.0/private/incidentd.te @@ -179,21 +179,6 @@ userdebug_or_eng(` ### ### neverallow rules ### - -# only specific domains can find the incident service -neverallow { - domain - -dumpstate - -incident - -incidentd - -perfetto - -permissioncontroller_app - -priv_app - -statsd - -system_app - -system_server -} incident_service:service_manager find; - # only incidentd and the other root services in limited circumstances # can get to the files in /data/misc/incidents # diff --git a/private/app_neverallows.te b/private/app_neverallows.te index 66e9f69d2..115718700 100644 --- a/private/app_neverallows.te +++ b/private/app_neverallows.te @@ -257,3 +257,6 @@ neverallow { -untrusted_app_25 -untrusted_app_27 } mnt_sdcard_file:lnk_file *; + +# Only privileged apps may find the incident service +neverallow all_untrusted_apps incident_service:service_manager find; diff --git a/private/incidentd.te b/private/incidentd.te index 405684ae6..656f69fed 100644 --- a/private/incidentd.te +++ b/private/incidentd.te @@ -179,21 +179,6 @@ userdebug_or_eng(` ### ### neverallow rules ### - -# only specific domains can find the incident service -neverallow { - domain - -dumpstate - -incident - -incidentd - -perfetto - -permissioncontroller_app - -priv_app - -statsd - -system_app - -system_server -} incident_service:service_manager find; - # only incidentd and the other root services in limited circumstances # can get to the files in /data/misc/incidents # From 44fbcdb677d040a7ff9949db8457347a5299b4a0 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Mon, 27 Apr 2020 21:13:01 +0900 Subject: [PATCH 121/163] Rename system_radio_prop For whatever reason sys.usb.config* has been labeled as system_radio_prop, which doesn't make sense. Changing context name as usb_prop. For the same reason exported_system_radio_prop is also renamed to usb-related names. Bug: 71814576 Bug: 154885206 Test: m selinux_policy Change-Id: If30bc620dbeac926a8b9bcde908357fda739a6c1 --- private/charger.te | 1 - private/compat/27.0/27.0.ignore.cil | 2 ++ private/compat/30.0/30.0.cil | 9 +++++++-- private/coredomain.te | 3 +++ private/domain.te | 2 -- private/property.te | 13 ++++++++++--- private/property_contexts | 18 ++++++++++-------- private/recovery.te | 4 ++-- private/system_app.te | 8 ++++---- private/system_server.te | 4 ++-- public/property.te | 9 +++++---- public/vendor_init.te | 2 +- 12 files changed, 46 insertions(+), 29 deletions(-) diff --git a/private/charger.te b/private/charger.te index 13d1b14f9..719ae3c98 100644 --- a/private/charger.te +++ b/private/charger.te @@ -4,7 +4,6 @@ typeattribute charger coredomain; # process when running in charger mode. set_prop(charger, system_prop) set_prop(charger, exported_system_prop) -set_prop(charger, exported2_system_prop) set_prop(charger, exported3_system_prop) get_prop(charger, charger_prop) diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index 504d0b66e..3d649a09d 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -187,6 +187,8 @@ untrusted_app_all_devpts update_engine_log_data_file uri_grants_service + usb_config_prop + usb_control_prop usbd usbd_exec usbd_tmpfs diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil index 767324ddb..973d5804c 100644 --- a/private/compat/30.0/30.0.cil +++ b/private/compat/30.0/30.0.cil @@ -3,10 +3,12 @@ (type exported_dalvik_prop) (type exported_ffs_prop) (type exported_fingerprint_prop) +(type exported_system_radio_prop) (type exported_vold_prop) (type exported2_config_prop) (type exported2_vold_prop) (type ffs_prop) +(type system_radio_prop) (expandtypeattribute (DockObserver_service_30_0) true) (expandtypeattribute (IProxyService_service_30_0) true) @@ -1379,7 +1381,10 @@ (typeattributeset exported_radio_prop_30_0 (exported_radio_prop)) (typeattributeset exported_secure_prop_30_0 (exported_secure_prop)) (typeattributeset exported_system_prop_30_0 (exported_system_prop)) -(typeattributeset exported_system_radio_prop_30_0 (exported_system_radio_prop)) +(typeattributeset exported_system_radio_prop_30_0 + ( exported_system_radio_prop + usb_config_prop + usb_control_prop)) (typeattributeset exported_vold_prop_30_0 (exported_vold_prop vold_status_prop)) (typeattributeset exported_wifi_prop_30_0 (exported_wifi_prop)) (typeattributeset external_vibrator_service_30_0 (external_vibrator_service)) @@ -2008,7 +2013,7 @@ (typeattributeset system_net_netd_hwservice_30_0 (system_net_netd_hwservice)) (typeattributeset system_passwd_file_30_0 (system_passwd_file)) (typeattributeset system_prop_30_0 (system_prop)) -(typeattributeset system_radio_prop_30_0 (system_radio_prop)) +(typeattributeset system_radio_prop_30_0 (system_radio_prop usb_prop)) (typeattributeset system_seccomp_policy_file_30_0 (system_seccomp_policy_file)) (typeattributeset system_security_cacerts_file_30_0 (system_security_cacerts_file)) (typeattributeset system_server_30_0 (system_server)) diff --git a/private/coredomain.te b/private/coredomain.te index bf6cdd540..887f51a57 100644 --- a/private/coredomain.te +++ b/private/coredomain.te @@ -6,6 +6,9 @@ get_prop(coredomain, camera_config_prop) get_prop(coredomain, hdmi_config_prop) get_prop(coredomain, dalvik_runtime_prop) +get_prop(coredomain, usb_config_prop) +get_prop(coredomain, usb_control_prop) + full_treble_only(` neverallow { coredomain diff --git a/private/domain.te b/private/domain.te index 5bbb8d41f..bdf5ebd4e 100644 --- a/private/domain.te +++ b/private/domain.te @@ -75,7 +75,6 @@ not_compatible_property(` get_prop(domain, boot_status_prop) get_prop(domain, core_property_type) get_prop(domain, dalvik_config_prop) - get_prop(domain, exported_system_radio_prop) get_prop(domain, exported2_radio_prop) get_prop(domain, exported2_system_prop) get_prop(domain, exported3_default_prop) @@ -90,7 +89,6 @@ compatible_property_only(` get_prop({coredomain appdomain shell}, boot_status_prop) get_prop({coredomain appdomain shell}, core_property_type) get_prop({coredomain appdomain shell}, dalvik_config_prop) - get_prop({coredomain appdomain shell}, exported_system_radio_prop) get_prop({coredomain appdomain shell}, exported2_radio_prop) get_prop({coredomain appdomain shell}, exported2_system_prop) get_prop({coredomain appdomain shell}, exported3_default_prop) diff --git a/private/property.te b/private/property.te index 0ea7a4017..fd8ea3bf8 100644 --- a/private/property.te +++ b/private/property.te @@ -86,7 +86,7 @@ neverallow * { -restorecon_prop -shell_prop -system_prop - -system_radio_prop + -usb_prop -vold_prop }:file no_rw_file_perms; @@ -137,11 +137,11 @@ compatible_property_only(` exported_default_prop exported_dumpstate_prop exported_system_prop - exported_system_radio_prop exported2_default_prop exported2_system_prop exported3_default_prop exported3_system_prop + usb_control_prop -nfc_prop -powerctl_prop -radio_prop @@ -235,7 +235,6 @@ compatible_property_only(` core_property_type dalvik_config_prop extended_core_property_type - exported_system_radio_prop exported2_system_prop exported3_default_prop exported3_system_prop @@ -361,3 +360,11 @@ neverallow { -system_server -vendor_init } dalvik_runtime_prop:property_service set; + +neverallow { + -coredomain + -vendor_init +} { + usb_config_prop + usb_control_prop +}:property_service set; diff --git a/private/property_contexts b/private/property_contexts index efa6408fa..dc5a80483 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -9,7 +9,6 @@ net.qmi u:object_r:net_radio_prop:s0 net.lte u:object_r:net_radio_prop:s0 net.cdma u:object_r:net_radio_prop:s0 net.dns u:object_r:net_dns_prop:s0 -sys.usb.config u:object_r:system_radio_prop:s0 ril. u:object_r:radio_prop:s0 ro.ril. u:object_r:radio_prop:s0 gsm. u:object_r:radio_prop:s0 @@ -481,9 +480,16 @@ ro.zygote u:object_r:exported3_default_prop:s0 exact string sendbug.preferred.domain u:object_r:exported3_default_prop:s0 exact string -sys.usb.controller u:object_r:exported2_system_prop:s0 exact string -sys.usb.mtp.device_type u:object_r:exported2_system_prop:s0 exact int -sys.usb.state u:object_r:exported2_system_prop:s0 exact string +persist.sys.usb.usbradio.config u:object_r:usb_control_prop:s0 exact string + +sys.usb.config u:object_r:usb_control_prop:s0 exact string +sys.usb.configfs u:object_r:usb_control_prop:s0 exact int +sys.usb.controller u:object_r:usb_control_prop:s0 exact string +sys.usb.state u:object_r:usb_control_prop:s0 exact string + +sys.usb.mtp.device_type u:object_r:usb_config_prop:s0 exact int + +sys.usb.config. u:object_r:usb_prop:s0 sys.usb.ffs.aio_compat u:object_r:ffs_config_prop:s0 exact bool sys.usb.ffs.max_read u:object_r:ffs_config_prop:s0 exact int @@ -510,14 +516,10 @@ sys.boot_completed u:object_r:boot_status_prop:s0 exact bool persist.sys.device_provisioned u:object_r:exported3_system_prop:s0 exact string persist.sys.theme u:object_r:theme_prop:s0 exact string -persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string sys.retaildemo.enabled u:object_r:exported3_system_prop:s0 exact int sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool -sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string -sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int - aac_drc_boost u:object_r:aac_drc_prop:s0 exact int aac_drc_cut u:object_r:aac_drc_prop:s0 exact int aac_drc_enc_target_level u:object_r:aac_drc_prop:s0 exact int diff --git a/private/recovery.te b/private/recovery.te index e1151a45a..bb22914ed 100644 --- a/private/recovery.te +++ b/private/recovery.te @@ -14,8 +14,8 @@ recovery_only(` set_prop(recovery, ffs_control_prop) # Set sys.usb.config when switching into fastboot. - set_prop(recovery, system_radio_prop) - set_prop(recovery, exported_system_radio_prop) + set_prop(recovery, usb_control_prop) + set_prop(recovery, usb_prop) # Read ro.boot.bootreason get_prop(recovery, bootloader_boot_reason_prop) diff --git a/private/system_app.te b/private/system_app.te index 73acb9573..e160ff468 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -48,13 +48,13 @@ set_prop(system_app, exported2_system_prop) set_prop(system_app, exported3_system_prop) set_prop(system_app, logd_prop) set_prop(system_app, net_radio_prop) -set_prop(system_app, system_radio_prop) -set_prop(system_app, exported_system_radio_prop) +set_prop(system_app, usb_control_prop) +set_prop(system_app, usb_prop) set_prop(system_app, log_tag_prop) userdebug_or_eng(`set_prop(system_app, logpersistd_logging_prop)') auditallow system_app net_radio_prop:property_service set; -auditallow system_app system_radio_prop:property_service set; -auditallow system_app exported_system_radio_prop:property_service set; +auditallow system_app usb_control_prop:property_service set; +auditallow system_app usb_prop:property_service set; # Allow Settings to enable Dynamic System Update set_prop(system_app, dynamic_system_prop) diff --git a/private/system_server.te b/private/system_server.te index 67af9be19..a049696b5 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -605,8 +605,8 @@ set_prop(system_server, theme_prop) set_prop(system_server, dhcp_prop) set_prop(system_server, net_radio_prop) set_prop(system_server, net_dns_prop) -set_prop(system_server, system_radio_prop) -set_prop(system_server, exported_system_radio_prop) +set_prop(system_server, usb_control_prop) +set_prop(system_server, usb_prop) set_prop(system_server, debug_prop) set_prop(system_server, powerctl_prop) set_prop(system_server, fingerprint_prop) diff --git a/public/property.te b/public/property.te index 3baa2290a..c574fd7b6 100644 --- a/public/property.te +++ b/public/property.te @@ -92,9 +92,9 @@ compatible_property_only(` system_restricted_prop(pan_result_prop) system_restricted_prop(persist_debug_prop) system_restricted_prop(shell_prop) - system_restricted_prop(system_radio_prop) system_restricted_prop(test_harness_prop) system_restricted_prop(theme_prop) + system_restricted_prop(usb_prop) system_restricted_prop(use_memfd_prop) system_restricted_prop(vold_prop) ') @@ -118,6 +118,7 @@ system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(surfaceflinger_prop) system_vendor_config_prop(systemsound_config_prop) +system_vendor_config_prop(usb_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) system_vendor_config_prop(vehicle_hal_prop) system_vendor_config_prop(vendor_security_patch_level_prop) @@ -147,7 +148,6 @@ system_public_prop(exported_bluetooth_prop) system_public_prop(exported_overlay_prop) system_public_prop(exported_pm_prop) system_public_prop(exported_radio_prop) -system_public_prop(exported_system_radio_prop) system_public_prop(exported_wifi_prop) system_public_prop(ffs_control_prop) system_public_prop(sota_prop) @@ -165,6 +165,7 @@ system_public_prop(radio_prop) system_public_prop(serialno_prop) system_public_prop(surfaceflinger_color_prop) system_public_prop(system_prop) +system_public_prop(usb_control_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) system_public_prop(zram_control_prop) @@ -228,9 +229,9 @@ not_compatible_property(` system_public_prop(pan_result_prop) system_public_prop(persist_debug_prop) system_public_prop(shell_prop) - system_public_prop(system_radio_prop) system_public_prop(test_harness_prop) system_public_prop(theme_prop) + system_public_prop(usb_prop) system_public_prop(use_memfd_prop) system_public_prop(vold_prop) ') @@ -270,5 +271,5 @@ typeattribute radio_prop core_property_type; typeattribute restorecon_prop core_property_type; typeattribute shell_prop core_property_type; typeattribute system_prop core_property_type; -typeattribute system_radio_prop core_property_type; +typeattribute usb_prop core_property_type; typeattribute vold_prop core_property_type; diff --git a/public/vendor_init.te b/public/vendor_init.te index a745e5285..6c9a8b8bd 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -219,7 +219,6 @@ set_prop(vendor_init, exported_default_prop) set_prop(vendor_init, exported_overlay_prop) set_prop(vendor_init, exported_pm_prop) set_prop(vendor_init, exported_radio_prop) -set_prop(vendor_init, exported_system_radio_prop) set_prop(vendor_init, exported_wifi_prop) set_prop(vendor_init, exported2_system_prop) set_prop(vendor_init, exported3_default_prop) @@ -233,6 +232,7 @@ set_prop(vendor_init, log_prop) set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, serialno_prop) set_prop(vendor_init, surfaceflinger_color_prop) +set_prop(vendor_init, usb_control_prop) set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vendor_default_prop) From d895b40f2ef71fe7a4197be90b1460f6475c5501 Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Fri, 8 May 2020 14:28:54 -0700 Subject: [PATCH 122/163] servicemanager: add dump fd permissions Getting hit when bugreport tries to dump this. Fixes: 155835324 Test: adb bugreport, check denials (cherry picked from commit b0fb5b44f8558146d7e287bd7d8b603226a1e31d) Merged-In: I189aeba2d3a5dfafccb8f8a4db224db71820faca Change-Id: Ic044f245d8fee9f7a49cf23f76961f7dedbb3d8b --- prebuilts/api/30.0/public/servicemanager.te | 2 ++ public/servicemanager.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/prebuilts/api/30.0/public/servicemanager.te b/prebuilts/api/30.0/public/servicemanager.te index 10347d913..85777f534 100644 --- a/prebuilts/api/30.0/public/servicemanager.te +++ b/prebuilts/api/30.0/public/servicemanager.te @@ -22,6 +22,8 @@ allow servicemanager service_contexts_file:file r_file_perms; not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;') add_service(servicemanager, service_manager_service) +allow servicemanager dumpstate:fd use; +allow servicemanager dumpstate:fifo_file write; # Check SELinux permissions. selinux_check_access(servicemanager) diff --git a/public/servicemanager.te b/public/servicemanager.te index 10347d913..85777f534 100644 --- a/public/servicemanager.te +++ b/public/servicemanager.te @@ -22,6 +22,8 @@ allow servicemanager service_contexts_file:file r_file_perms; not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;') add_service(servicemanager, service_manager_service) +allow servicemanager dumpstate:fd use; +allow servicemanager dumpstate:fifo_file write; # Check SELinux permissions. selinux_check_access(servicemanager) From 35895ddb792de31b4db475e44fdaf553a32e7e8f Mon Sep 17 00:00:00 2001 From: Alistair Delva Date: Fri, 15 May 2020 10:51:39 -0700 Subject: [PATCH 123/163] Allow sgdisk to use BLKPBSZGET ioctl The gpt_fdisk project was updated recently, but sepolicy was not updated with it :) Now sgdisk can use BLKPBSZGET to detect the physical block size. Seen on cuttlefish when adding external SD Card support to it. avc: denied { ioctl } for comm="sgdisk" path="/dev/block/vold/disk:252,16" dev="tmpfs" ino=8625 ioctlcmd=0x127b scontext=u:r:sgdisk:s0 tcontext=u:object_r:vold_device:s0 tclass=blk_file permissive=0 Bug: 156286088 Change-Id: I9f2df88ee253261b52f3022838380fbb1cab6da0 --- prebuilts/api/30.0/public/sgdisk.te | 2 ++ public/sgdisk.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/prebuilts/api/30.0/public/sgdisk.te b/prebuilts/api/30.0/public/sgdisk.te index 9d7124983..e5a9152e2 100644 --- a/prebuilts/api/30.0/public/sgdisk.te +++ b/prebuilts/api/30.0/public/sgdisk.te @@ -17,6 +17,8 @@ allowxperm sgdisk vold_device:blk_file ioctl { HDIO_GETGEO }; allowxperm sgdisk vold_device:blk_file ioctl { BLKGETSIZE }; # Force a re-read of the partition table. allowxperm sgdisk vold_device:blk_file ioctl { BLKRRPART }; +# Allow reading of the physical block size. +allowxperm sgdisk vold_device:blk_file ioctl { BLKPBSZGET }; # Inherit and use pty created by android_fork_execvp() allow sgdisk devpts:chr_file { read write ioctl getattr }; diff --git a/public/sgdisk.te b/public/sgdisk.te index 9d7124983..e5a9152e2 100644 --- a/public/sgdisk.te +++ b/public/sgdisk.te @@ -17,6 +17,8 @@ allowxperm sgdisk vold_device:blk_file ioctl { HDIO_GETGEO }; allowxperm sgdisk vold_device:blk_file ioctl { BLKGETSIZE }; # Force a re-read of the partition table. allowxperm sgdisk vold_device:blk_file ioctl { BLKRRPART }; +# Allow reading of the physical block size. +allowxperm sgdisk vold_device:blk_file ioctl { BLKPBSZGET }; # Inherit and use pty created by android_fork_execvp() allow sgdisk devpts:chr_file { read write ioctl getattr }; From f1de4c02cc3da98d052ca81e48e7d4682eea6088 Mon Sep 17 00:00:00 2001 From: Jiyong Park Date: Mon, 11 May 2020 20:49:07 +0900 Subject: [PATCH 124/163] Introduce apex_info_file type /apex/apex-info-file.xml is labeled as apex_info_file. It is created/written by apexd once by apexd, and can be read by zygote and system_server. The content of the file is essentially the same as the return value of getAllPackages() call to apexd. Bug: 154823184 Test: m Change-Id: Ic6af79ddebf465b389d9dcb5fd569d3a786423b2 --- private/apexd.te | 6 ++++++ private/compat/30.0/30.0.ignore.cil | 1 + private/file_contexts | 2 ++ private/system_server.te | 3 +++ private/zygote.te | 3 +++ public/file.te | 3 +++ public/init.te | 1 + public/vendor_init.te | 1 + 8 files changed, 20 insertions(+) diff --git a/private/apexd.te b/private/apexd.te index c03790cd2..4d9f5ac6f 100644 --- a/private/apexd.te +++ b/private/apexd.te @@ -64,6 +64,9 @@ allow apexd apex_mnt_dir:filesystem { mount unmount }; allow apexd apex_mnt_dir:dir mounton; # allow apexd to create symlinks in /apex allow apexd apex_mnt_dir:lnk_file create_file_perms; +# allow apexd to create /apex/apex-info-list.xml and relabel to apex_info_file +allow apexd apex_mnt_dir:file { create_file_perms relabelfrom }; +allow apexd apex_info_file:file relabelto; # allow apexd to unlink apex files in /data/apex/active # note that apexd won't be able to unlink files in /data/app-staging/session_XXXX, # because it doesn't have write permission for staging_data_file object. @@ -159,3 +162,6 @@ neverallow { domain -apexd -init -vold_prepare_subdirs } apex_rollback_data_file # only apexd can set apexd sysprop set_prop(apexd, apexd_prop) neverallow { domain -apexd -init } apexd_prop:property_service set; + +# only apexd can write apex-info-list.xml +neverallow { domain -apexd } apex_info_file:file no_w_file_perms; diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil index 3bc59e111..4c444d367 100644 --- a/private/compat/30.0/30.0.ignore.cil +++ b/private/compat/30.0/30.0.ignore.cil @@ -5,4 +5,5 @@ (typeattribute new_objects) (typeattributeset new_objects ( new_objects + apex_info_file gnss_device)) diff --git a/private/file_contexts b/private/file_contexts index 218bb5112..dd64d57fe 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -33,6 +33,8 @@ /sys u:object_r:sysfs:s0 /apex u:object_r:apex_mnt_dir:s0 +/apex/apex-info-list.xml u:object_r:apex_info_file:s0 + # Symlinks /bin u:object_r:rootfs:s0 /bugreports u:object_r:rootfs:s0 diff --git a/private/system_server.te b/private/system_server.te index bd87eade9..4a3a538a6 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -1094,6 +1094,9 @@ allow system_server apexd:binder call; # Allow system server to scan /apex for flattened APEXes allow system_server apex_mnt_dir:dir r_dir_perms; +# Allow system server to read /apex/apex-info-list.xml +allow system_server apex_info_file:file r_file_perms; + # Allow system server to communicate to system-suspend's control interface allow system_server system_suspend_control_service:service_manager find; binder_call(system_server, system_suspend) diff --git a/private/zygote.te b/private/zygote.te index 5f08f8d6b..b1e2378ad 100644 --- a/private/zygote.te +++ b/private/zygote.te @@ -200,6 +200,9 @@ unix_socket_send(zygote, system_unsolzygote, system_server) # Allow zygote to access media_variant_prop for static initialization get_prop(zygote, media_variant_prop) +# Allow zygote to read /apex/apex-info-list.xml +allow zygote apex_info_file:file r_file_perms; + ### ### neverallow rules ### diff --git a/public/file.te b/public/file.te index 462e71d21..8f6b8ebe3 100644 --- a/public/file.te +++ b/public/file.te @@ -336,6 +336,9 @@ type mnt_product_file, file_type; # Mount point used for APEX images type apex_mnt_dir, file_type; +# /apex/apex-info-list.xml created by apexd +type apex_info_file, file_type; + # /postinstall: Mount point used by update_engine to run postinstall. type postinstall_mnt_dir, file_type; # Files inside the /postinstall mountpoint are all labeled as postinstall_file. diff --git a/public/init.te b/public/init.te index 403b4c5e6..1390e9e97 100644 --- a/public/init.te +++ b/public/init.te @@ -203,6 +203,7 @@ allow init { allow init { file_type + -apex_info_file -app_data_file -exec_type -gsi_data_file diff --git a/public/vendor_init.te b/public/vendor_init.te index a344eaa91..360d95120 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -74,6 +74,7 @@ allow vendor_init { -vold_metadata_file -gsi_metadata_file -apex_metadata_file + -apex_info_file }:file { create getattr open read write setattr relabelfrom unlink map }; allow vendor_init { From b79c462f1bb2de4e784eeda5df25b9de8fa00b77 Mon Sep 17 00:00:00 2001 From: Hongguang Chen Date: Thu, 23 Apr 2020 23:43:13 -0700 Subject: [PATCH 125/163] Support TCP based fastbootd in recovery mode. The IPv6 link-local address is used to avoid expose device to out of network segment. BUG: 152544169 BUG: 155198345 Test: manual test. Change-Id: I0ce8c12de9976c01e57a6433c7fb50235e907dc5 Merged-In: I0ce8c12de9976c01e57a6433c7fb50235e907dc5 Merged-In: I409aeccd31293bf0ae3be5b1dbafe5a74daaaa9d --- prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/property_contexts | 3 +++ prebuilts/api/30.0/public/fastbootd.te | 8 ++++++++ prebuilts/api/30.0/public/property.te | 1 + prebuilts/api/30.0/public/recovery.te | 9 +++++++++ private/compat/29.0/29.0.ignore.cil | 1 + private/property_contexts | 3 +++ public/fastbootd.te | 8 ++++++++ public/property.te | 1 + public/recovery.te | 9 +++++++++ 10 files changed, 44 insertions(+) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index 0a9da30bf..53b4e71ef 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -44,6 +44,7 @@ device_config_configuration_prop emergency_affordance_service exported_camera_prop + fastbootd_protocol_prop file_integrity_service fwk_automotive_display_hwservice gmscore_app diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts index a117fccd9..1a5471f49 100644 --- a/prebuilts/api/30.0/private/property_contexts +++ b/prebuilts/api/30.0/private/property_contexts @@ -97,6 +97,9 @@ test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0 sys.lmk. u:object_r:system_lmk_prop:s0 sys.trace. u:object_r:system_trace_prop:s0 +# Fastbootd protocol control property +fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp + # Boolean property set by system server upon boot indicating # if device is fully owned by organization instead of being # a personal device. diff --git a/prebuilts/api/30.0/public/fastbootd.te b/prebuilts/api/30.0/public/fastbootd.te index f10e6492d..878781721 100644 --- a/prebuilts/api/30.0/public/fastbootd.te +++ b/prebuilts/api/30.0/public/fastbootd.te @@ -120,6 +120,14 @@ recovery_only(` # Determine allocation scheme (whether B partitions needs to be # at the second half of super. get_prop(fastbootd, virtual_ab_prop) + + # Needed for TCP protocol + allow fastbootd node:tcp_socket node_bind; + allow fastbootd port:tcp_socket name_bind; + allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept }; + + # Get fastbootd protocol property + get_prop(fastbootd, fastbootd_protocol_prop) ') ### diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index 316d3c693..a81b6b4f9 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -14,6 +14,7 @@ system_internal_prop(device_config_sys_traced_prop) system_internal_prop(device_config_window_manager_native_boot_prop) system_internal_prop(device_config_configuration_prop) system_internal_prop(firstboot_prop) +system_internal_prop(fastbootd_protocol_prop) system_internal_prop(gsid_prop) system_internal_prop(init_perf_lsm_hooks_prop) system_internal_prop(init_svc_debug_prop) diff --git a/prebuilts/api/30.0/public/recovery.te b/prebuilts/api/30.0/public/recovery.te index 16b670f96..63a9cea62 100644 --- a/prebuilts/api/30.0/public/recovery.te +++ b/prebuilts/api/30.0/public/recovery.te @@ -154,6 +154,15 @@ recovery_only(` # Allow mounting /metadata for writing update states allow recovery metadata_file:dir { getattr mounton }; + + # These are needed to allow recovery to manage network + allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read }; + allow recovery self:global_capability_class_set net_admin; + allow recovery self:tcp_socket { create ioctl }; + allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS }; + + # Set fastbootd protocol property + set_prop(recovery, fastbootd_protocol_prop) ') ### diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 0a9da30bf..53b4e71ef 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -44,6 +44,7 @@ device_config_configuration_prop emergency_affordance_service exported_camera_prop + fastbootd_protocol_prop file_integrity_service fwk_automotive_display_hwservice gmscore_app diff --git a/private/property_contexts b/private/property_contexts index a117fccd9..1a5471f49 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -97,6 +97,9 @@ test.userspace_reboot.requested u:object_r:userspace_reboot_test_prop:s0 sys.lmk. u:object_r:system_lmk_prop:s0 sys.trace. u:object_r:system_trace_prop:s0 +# Fastbootd protocol control property +fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp + # Boolean property set by system server upon boot indicating # if device is fully owned by organization instead of being # a personal device. diff --git a/public/fastbootd.te b/public/fastbootd.te index f10e6492d..878781721 100644 --- a/public/fastbootd.te +++ b/public/fastbootd.te @@ -120,6 +120,14 @@ recovery_only(` # Determine allocation scheme (whether B partitions needs to be # at the second half of super. get_prop(fastbootd, virtual_ab_prop) + + # Needed for TCP protocol + allow fastbootd node:tcp_socket node_bind; + allow fastbootd port:tcp_socket name_bind; + allow fastbootd self:tcp_socket { create_socket_perms_no_ioctl listen accept }; + + # Get fastbootd protocol property + get_prop(fastbootd, fastbootd_protocol_prop) ') ### diff --git a/public/property.te b/public/property.te index 316d3c693..a81b6b4f9 100644 --- a/public/property.te +++ b/public/property.te @@ -14,6 +14,7 @@ system_internal_prop(device_config_sys_traced_prop) system_internal_prop(device_config_window_manager_native_boot_prop) system_internal_prop(device_config_configuration_prop) system_internal_prop(firstboot_prop) +system_internal_prop(fastbootd_protocol_prop) system_internal_prop(gsid_prop) system_internal_prop(init_perf_lsm_hooks_prop) system_internal_prop(init_svc_debug_prop) diff --git a/public/recovery.te b/public/recovery.te index 16b670f96..63a9cea62 100644 --- a/public/recovery.te +++ b/public/recovery.te @@ -154,6 +154,15 @@ recovery_only(` # Allow mounting /metadata for writing update states allow recovery metadata_file:dir { getattr mounton }; + + # These are needed to allow recovery to manage network + allow recovery self:netlink_route_socket { create write read nlmsg_readpriv nlmsg_read }; + allow recovery self:global_capability_class_set net_admin; + allow recovery self:tcp_socket { create ioctl }; + allowxperm recovery self:tcp_socket ioctl { SIOCGIFFLAGS SIOCSIFFLAGS }; + + # Set fastbootd protocol property + set_prop(recovery, fastbootd_protocol_prop) ') ### From 73dede86b430694593dc7230f44a09cf067a1c67 Mon Sep 17 00:00:00 2001 From: Daniel Rosenberg Date: Mon, 11 May 2020 22:50:40 -0700 Subject: [PATCH 126/163] Add sdcardfs variable to storage_config_props This property allows us to disable sdcardfs if it is present. The old property ended up getting repurposed, so a new one was needed. Mediaprovider will also need to access this to determine what actions it needs to take. Test: builds Bug: 155222498 Change-Id: I66ac106613cbb374f54659601e4ba3f61eaecd2f Merged-In: I66ac106613cbb374f54659601e4ba3f61eaecd2f --- prebuilts/api/30.0/private/app.te | 3 +++ prebuilts/api/30.0/private/mediaprovider_app.te | 3 +++ prebuilts/api/30.0/public/app.te | 4 ---- prebuilts/api/30.0/public/property_contexts | 1 + private/app.te | 3 +++ private/mediaprovider_app.te | 3 +++ public/app.te | 4 ---- public/property_contexts | 1 + 8 files changed, 14 insertions(+), 8 deletions(-) diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te index a03bcb094..99646050d 100644 --- a/prebuilts/api/30.0/private/app.te +++ b/prebuilts/api/30.0/private/app.te @@ -35,3 +35,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') } { domain -appdomain -crash_dump -rs }:process { transition }; neverallow { appdomain -shell userdebug_or_eng(`-su') } { domain -appdomain }:process { dyntransition }; + +# Don't allow regular apps access to storage configuration properties. +neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms; diff --git a/prebuilts/api/30.0/private/mediaprovider_app.te b/prebuilts/api/30.0/private/mediaprovider_app.te index 0b1047ae8..335c1b610 100644 --- a/prebuilts/api/30.0/private/mediaprovider_app.te +++ b/prebuilts/api/30.0/private/mediaprovider_app.te @@ -40,3 +40,6 @@ allowxperm mediaprovider_app media_rw_data_file:{ dir file } ioctl { }; allow mediaprovider_app proc_filesystems:file r_file_perms; + +#Allow MediaProvider to see if sdcardfs is in use +get_prop(mediaprovider_app, storage_config_prop) diff --git a/prebuilts/api/30.0/public/app.te b/prebuilts/api/30.0/public/app.te index 9c635aa82..e5b9fd670 100644 --- a/prebuilts/api/30.0/public/app.te +++ b/prebuilts/api/30.0/public/app.te @@ -566,10 +566,6 @@ neverallow { -system_app } { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms; - -# Don't allow apps access to storage configuration properties. -neverallow appdomain storage_config_prop:file no_rw_file_perms; - # Apps cannot access proc_uid_time_in_state neverallow appdomain proc_uid_time_in_state:file *; diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts index 7bd1b726a..7abc15707 100644 --- a/prebuilts/api/30.0/public/property_contexts +++ b/prebuilts/api/30.0/public/property_contexts @@ -73,6 +73,7 @@ dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool +external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string diff --git a/private/app.te b/private/app.te index a03bcb094..99646050d 100644 --- a/private/app.te +++ b/private/app.te @@ -35,3 +35,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') } { domain -appdomain -crash_dump -rs }:process { transition }; neverallow { appdomain -shell userdebug_or_eng(`-su') } { domain -appdomain }:process { dyntransition }; + +# Don't allow regular apps access to storage configuration properties. +neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms; diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te index 0b1047ae8..335c1b610 100644 --- a/private/mediaprovider_app.te +++ b/private/mediaprovider_app.te @@ -40,3 +40,6 @@ allowxperm mediaprovider_app media_rw_data_file:{ dir file } ioctl { }; allow mediaprovider_app proc_filesystems:file r_file_perms; + +#Allow MediaProvider to see if sdcardfs is in use +get_prop(mediaprovider_app, storage_config_prop) diff --git a/public/app.te b/public/app.te index 9c635aa82..e5b9fd670 100644 --- a/public/app.te +++ b/public/app.te @@ -566,10 +566,6 @@ neverallow { -system_app } { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms; - -# Don't allow apps access to storage configuration properties. -neverallow appdomain storage_config_prop:file no_rw_file_perms; - # Apps cannot access proc_uid_time_in_state neverallow appdomain proc_uid_time_in_state:file *; diff --git a/public/property_contexts b/public/property_contexts index 7bd1b726a..7abc15707 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -73,6 +73,7 @@ dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool +external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string From 0fc93a21ddc65530d577fe47a73122a6d0f1b9cf Mon Sep 17 00:00:00 2001 From: Marin Shalamanov Date: Wed, 20 May 2020 14:29:05 +0200 Subject: [PATCH 127/163] Allow the boot animation to receive display events Test: manually make sure that boot animation is resizing when display is changed Bug: 156448328 Merged-In: I9f754900a0b32551f656ce2097a3a41245b02218 Change-Id: I9f754900a0b32551f656ce2097a3a41245b02218 --- prebuilts/api/30.0/public/bootanim.te | 1 + public/bootanim.te | 1 + 2 files changed, 2 insertions(+) diff --git a/prebuilts/api/30.0/public/bootanim.te b/prebuilts/api/30.0/public/bootanim.te index e8cb98bbc..bd2bec6e9 100644 --- a/prebuilts/api/30.0/public/bootanim.te +++ b/prebuilts/api/30.0/public/bootanim.te @@ -23,6 +23,7 @@ allow bootanim audio_device:chr_file rw_file_perms; allow bootanim audioserver_service:service_manager find; allow bootanim surfaceflinger_service:service_manager find; +allow bootanim surfaceflinger:unix_stream_socket { read write }; # Allow access to ion memory allocation device allow bootanim ion_device:chr_file rw_file_perms; diff --git a/public/bootanim.te b/public/bootanim.te index e8cb98bbc..bd2bec6e9 100644 --- a/public/bootanim.te +++ b/public/bootanim.te @@ -23,6 +23,7 @@ allow bootanim audio_device:chr_file rw_file_perms; allow bootanim audioserver_service:service_manager find; allow bootanim surfaceflinger_service:service_manager find; +allow bootanim surfaceflinger:unix_stream_socket { read write }; # Allow access to ion memory allocation device allow bootanim ion_device:chr_file rw_file_perms; From 534c9412ab143912a63791e77dc5f5d88460f0f4 Mon Sep 17 00:00:00 2001 From: Alistair Delva Date: Thu, 21 May 2020 09:15:57 -0700 Subject: [PATCH 128/163] Add sepolicy for ro.boot.fstab_suffix The fstab_suffix can be passed as 'androidboot.fstab_suffix=' on the kernel command line, or as an Android DT node. It specifies an override suffix for the fsmgr fstab search: /odm/etc/fstab.${fstab_suffix} /vendor/etc/fstab.${fstab_suffix} /fstab.${fstab_suffix} Bug: 142424832 Change-Id: I9c0acf7a5ae3cdba505460247decf2de9997cac1 Merged-In: I9c0acf7a5ae3cdba505460247decf2de9997cac1 --- prebuilts/api/30.0/public/property_contexts | 1 + public/property_contexts | 1 + 2 files changed, 2 insertions(+) diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts index 7bd1b726a..dc9657d01 100644 --- a/prebuilts/api/30.0/public/property_contexts +++ b/prebuilts/api/30.0/public/property_contexts @@ -314,6 +314,7 @@ ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string ro.board.platform u:object_r:exported_default_prop:s0 exact string ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int +ro.boot.fstab_suffix u:object_r:exported_default_prop:s0 exact string ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string diff --git a/public/property_contexts b/public/property_contexts index 7bd1b726a..dc9657d01 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -314,6 +314,7 @@ ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string ro.board.platform u:object_r:exported_default_prop:s0 exact string ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int +ro.boot.fstab_suffix u:object_r:exported_default_prop:s0 exact string ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string ro.boot.product.hardware.sku u:object_r:exported_default_prop:s0 exact string ro.boot.product.vendor.sku u:object_r:exported_default_prop:s0 exact string From bf6009da7ebe0576e8a4d33464586dced52e4266 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Thu, 28 May 2020 15:04:48 +0200 Subject: [PATCH 129/163] Add sepolicy for FUSE control filesystem. To allow vold to abort it. Bug: 153411204 Test: vold can access it Change-Id: I334eaf3459905c27d614db8eda18c27e62bea5fa --- prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/genfs_contexts | 2 ++ prebuilts/api/30.0/public/domain.te | 3 +++ prebuilts/api/30.0/public/file.te | 1 + prebuilts/api/30.0/public/vold.te | 4 ++++ private/compat/29.0/29.0.ignore.cil | 1 + private/genfs_contexts | 2 ++ public/domain.te | 3 +++ public/file.te | 1 + public/vold.te | 4 ++++ 10 files changed, 22 insertions(+) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index 53b4e71ef..6f4dfbcf8 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -47,6 +47,7 @@ fastbootd_protocol_prop file_integrity_service fwk_automotive_display_hwservice + fusectlfs gmscore_app hal_can_bus_hwservice hal_can_controller_hwservice diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts index b423e64f3..51f2ce7c4 100644 --- a/prebuilts/api/30.0/private/genfs_contexts +++ b/prebuilts/api/30.0/private/genfs_contexts @@ -98,6 +98,8 @@ genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0 genfscon proc /vmstat u:object_r:proc_vmstat:s0 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0 +genfscon fusectl / u:object_r:fusectlfs:s0 + # selinuxfs booleans can be individually labeled. genfscon selinuxfs / u:object_r:selinuxfs:s0 genfscon cgroup / u:object_r:cgroup:s0 diff --git a/prebuilts/api/30.0/public/domain.te b/prebuilts/api/30.0/public/domain.te index 265489647..ed4aded2d 100644 --- a/prebuilts/api/30.0/public/domain.te +++ b/prebuilts/api/30.0/public/domain.te @@ -1286,6 +1286,9 @@ neverallow { domain -init -vendor_init -dumpstate } debugfs:{ file lnk_file } no # Do not allow executable files in debugfs. neverallow domain debugfs_type:file { execute execute_no_trans }; +# Don't allow access to the FUSE control filesystem, except to vold and init's +neverallow { domain -vold -init -vendor_init } fusectlfs:file no_rw_file_perms; + # Profiles contain untrusted data and profman parses that. We should only run # in from installd forked processes. neverallow { diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te index 462e71d21..7f56d9adc 100644 --- a/prebuilts/api/30.0/public/file.te +++ b/prebuilts/api/30.0/public/file.te @@ -75,6 +75,7 @@ type proc_vmallocinfo, fs_type, proc_type; type proc_vmstat, fs_type, proc_type; type proc_zoneinfo, fs_type, proc_type; type selinuxfs, fs_type, mlstrustedobject; +type fusectlfs, fs_type; type cgroup, fs_type, mlstrustedobject; type cgroup_bpf, fs_type; type sysfs, fs_type, sysfs_type, mlstrustedobject; diff --git a/prebuilts/api/30.0/public/vold.te b/prebuilts/api/30.0/public/vold.te index 5d3eccf76..1d125d3aa 100644 --- a/prebuilts/api/30.0/public/vold.te +++ b/prebuilts/api/30.0/public/vold.te @@ -215,6 +215,10 @@ allow vold asec_public_file:file { relabelto setattr }; allow vold unlabeled:dir { r_dir_perms setattr relabelfrom }; allow vold unlabeled:file { r_file_perms setattr relabelfrom }; +# Access to FUSE control filesystem to hard-abort FUSE mounts +allow vold fusectlfs:file rw_file_perms; +allow vold fusectlfs:dir rw_dir_perms; + # Handle wake locks (used for device encryption) wakelock_use(vold) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 53b4e71ef..6f4dfbcf8 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -47,6 +47,7 @@ fastbootd_protocol_prop file_integrity_service fwk_automotive_display_hwservice + fusectlfs gmscore_app hal_can_bus_hwservice hal_can_controller_hwservice diff --git a/private/genfs_contexts b/private/genfs_contexts index b423e64f3..51f2ce7c4 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -98,6 +98,8 @@ genfscon proc /vmallocinfo u:object_r:proc_vmallocinfo:s0 genfscon proc /vmstat u:object_r:proc_vmstat:s0 genfscon proc /zoneinfo u:object_r:proc_zoneinfo:s0 +genfscon fusectl / u:object_r:fusectlfs:s0 + # selinuxfs booleans can be individually labeled. genfscon selinuxfs / u:object_r:selinuxfs:s0 genfscon cgroup / u:object_r:cgroup:s0 diff --git a/public/domain.te b/public/domain.te index 265489647..ed4aded2d 100644 --- a/public/domain.te +++ b/public/domain.te @@ -1286,6 +1286,9 @@ neverallow { domain -init -vendor_init -dumpstate } debugfs:{ file lnk_file } no # Do not allow executable files in debugfs. neverallow domain debugfs_type:file { execute execute_no_trans }; +# Don't allow access to the FUSE control filesystem, except to vold and init's +neverallow { domain -vold -init -vendor_init } fusectlfs:file no_rw_file_perms; + # Profiles contain untrusted data and profman parses that. We should only run # in from installd forked processes. neverallow { diff --git a/public/file.te b/public/file.te index 462e71d21..7f56d9adc 100644 --- a/public/file.te +++ b/public/file.te @@ -75,6 +75,7 @@ type proc_vmallocinfo, fs_type, proc_type; type proc_vmstat, fs_type, proc_type; type proc_zoneinfo, fs_type, proc_type; type selinuxfs, fs_type, mlstrustedobject; +type fusectlfs, fs_type; type cgroup, fs_type, mlstrustedobject; type cgroup_bpf, fs_type; type sysfs, fs_type, sysfs_type, mlstrustedobject; diff --git a/public/vold.te b/public/vold.te index 5d3eccf76..1d125d3aa 100644 --- a/public/vold.te +++ b/public/vold.te @@ -215,6 +215,10 @@ allow vold asec_public_file:file { relabelto setattr }; allow vold unlabeled:dir { r_dir_perms setattr relabelfrom }; allow vold unlabeled:file { r_file_perms setattr relabelfrom }; +# Access to FUSE control filesystem to hard-abort FUSE mounts +allow vold fusectlfs:file rw_file_perms; +allow vold fusectlfs:dir rw_dir_perms; + # Handle wake locks (used for device encryption) wakelock_use(vold) From bad0743a1ba4b5271a31a5efe6c96a1545df731d Mon Sep 17 00:00:00 2001 From: Victor Hsieh Date: Thu, 28 May 2020 17:40:56 -0700 Subject: [PATCH 130/163] Remove unused sepolicy by fsverity_init Keystore access was reverted a while ago in ag/10598373. Bug: 112038744 Test: atest CtsAppSecurityHostTestCases:android.appsecurity.cts.ApkVerityInstallTest Test: atest GtsPlayFsiTestCases GtsPlayFsiHostTestCases ApkVerityTest Change-Id: Ic170624f5a718806adf54ab12e8f4b9f17c7775b Merged-In: Ic170624f5a718806adf54ab12e8f4b9f17c7775b --- prebuilts/api/30.0/private/fsverity_init.te | 5 ----- private/fsverity_init.te | 5 ----- 2 files changed, 10 deletions(-) diff --git a/prebuilts/api/30.0/private/fsverity_init.te b/prebuilts/api/30.0/private/fsverity_init.te index 25595254c..4bb3d0ffb 100644 --- a/prebuilts/api/30.0/private/fsverity_init.te +++ b/prebuilts/api/30.0/private/fsverity_init.te @@ -3,11 +3,6 @@ type fsverity_init_exec, exec_type, file_type, system_file_type; init_daemon_domain(fsverity_init) -# Allow to retrieve keys from keystore. -binder_use(fsverity_init) -use_keystore(fsverity_init) -allow fsverity_init keystore:keystore_key { list get }; - # Allow to read /proc/keys for searching key id. allow fsverity_init proc_keys:file r_file_perms; diff --git a/private/fsverity_init.te b/private/fsverity_init.te index 25595254c..4bb3d0ffb 100644 --- a/private/fsverity_init.te +++ b/private/fsverity_init.te @@ -3,11 +3,6 @@ type fsverity_init_exec, exec_type, file_type, system_file_type; init_daemon_domain(fsverity_init) -# Allow to retrieve keys from keystore. -binder_use(fsverity_init) -use_keystore(fsverity_init) -allow fsverity_init keystore:keystore_key { list get }; - # Allow to read /proc/keys for searching key id. allow fsverity_init proc_keys:file r_file_perms; From be5c4de29fe7ead7fa55ab6865d9f397dd179a30 Mon Sep 17 00:00:00 2001 From: Mohammad Samiul Islam Date: Tue, 19 May 2020 12:43:18 +0100 Subject: [PATCH 131/163] Create sepolicy for allowing system_server rw in /metadata/staged-install Bug: 146343545 Test: presubmit Change-Id: I4a7a74ec4c5046d167741389a40da7f330d4c63d --- prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/file_contexts | 1 + prebuilts/api/30.0/private/system_server.te | 4 ++++ prebuilts/api/30.0/public/file.te | 2 ++ private/compat/29.0/29.0.ignore.cil | 1 + private/file_contexts | 1 + private/system_server.te | 4 ++++ public/file.te | 2 ++ 8 files changed, 16 insertions(+) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index 53b4e71ef..d1356809e 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -94,6 +94,7 @@ snapshotctl_log_data_file socket_hook_prop soundtrigger_middleware_service + staged_install_file storage_config_prop sysfs_dm_verity system_adbd_prop diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts index 4f86f710f..b86d9a29f 100644 --- a/prebuilts/api/30.0/private/file_contexts +++ b/prebuilts/api/30.0/private/file_contexts @@ -707,6 +707,7 @@ /metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0 /metadata/ota(/.*)? u:object_r:ota_metadata_file:s0 /metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0 +/metadata/staged-install(/.*)? u:object_r:staged_install_file:s0 ############################# # asec containers diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te index 84f881077..8c7afab84 100644 --- a/prebuilts/api/30.0/private/system_server.te +++ b/prebuilts/api/30.0/private/system_server.te @@ -1116,6 +1116,10 @@ allow system_server metadata_file:dir search; allow system_server password_slot_metadata_file:dir rw_dir_perms; allow system_server password_slot_metadata_file:file create_file_perms; +# Allow system server rw access to files in /metadata/staged-install folder +allow system_server staged_install_file:dir rw_dir_perms; +allow system_server staged_install_file:file create_file_perms; + # Allow init to set sysprop used to compute stats about userspace reboot. set_prop(system_server, userspace_reboot_log_prop) diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te index 462e71d21..d6bd8979f 100644 --- a/prebuilts/api/30.0/public/file.te +++ b/prebuilts/api/30.0/public/file.te @@ -231,6 +231,8 @@ type apex_metadata_file, file_type; type ota_metadata_file, file_type; # property files within /metadata/bootstat type metadata_bootstat_file, file_type; +# Staged install files within /metadata/staged-install +type staged_install_file, file_type; # Type for /dev/cpu_variant:.*. type dev_cpu_variant, file_type; diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 53b4e71ef..d1356809e 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -94,6 +94,7 @@ snapshotctl_log_data_file socket_hook_prop soundtrigger_middleware_service + staged_install_file storage_config_prop sysfs_dm_verity system_adbd_prop diff --git a/private/file_contexts b/private/file_contexts index 4f86f710f..b86d9a29f 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -707,6 +707,7 @@ /metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0 /metadata/ota(/.*)? u:object_r:ota_metadata_file:s0 /metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0 +/metadata/staged-install(/.*)? u:object_r:staged_install_file:s0 ############################# # asec containers diff --git a/private/system_server.te b/private/system_server.te index 84f881077..8c7afab84 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -1116,6 +1116,10 @@ allow system_server metadata_file:dir search; allow system_server password_slot_metadata_file:dir rw_dir_perms; allow system_server password_slot_metadata_file:file create_file_perms; +# Allow system server rw access to files in /metadata/staged-install folder +allow system_server staged_install_file:dir rw_dir_perms; +allow system_server staged_install_file:file create_file_perms; + # Allow init to set sysprop used to compute stats about userspace reboot. set_prop(system_server, userspace_reboot_log_prop) diff --git a/public/file.te b/public/file.te index 462e71d21..d6bd8979f 100644 --- a/public/file.te +++ b/public/file.te @@ -231,6 +231,8 @@ type apex_metadata_file, file_type; type ota_metadata_file, file_type; # property files within /metadata/bootstat type metadata_bootstat_file, file_type; +# Staged install files within /metadata/staged-install +type staged_install_file, file_type; # Type for /dev/cpu_variant:.*. type dev_cpu_variant, file_type; From 9ef72aae58dfe3c7fdd66414a748a35fa9d1d27f Mon Sep 17 00:00:00 2001 From: Yan Wang Date: Mon, 1 Jun 2020 20:05:30 +0000 Subject: [PATCH 132/163] sepolicy: Allow iorapd process to send signal to prefetch and inode2filename process. Bug: 157282668 Test: Check no avc: denied in logcat. Change-Id: I298cea931c8d6f178bc0195bfced0e8efc51fcad --- prebuilts/api/30.0/public/iorapd.te | 4 ++++ public/iorapd.te | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/prebuilts/api/30.0/public/iorapd.te b/prebuilts/api/30.0/public/iorapd.te index 426eccae6..3bf8cbdc6 100644 --- a/prebuilts/api/30.0/public/iorapd.te +++ b/prebuilts/api/30.0/public/iorapd.te @@ -42,6 +42,10 @@ unix_socket_connect(iorapd, traced_consumer, traced) # Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time. allow iorapd system_file:file rx_file_perms; +# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd. +allow iorapd iorap_inode2filename:process signull; +allow iorapd iorap_prefetcherd:process signull; + ### ### neverallow rules ### diff --git a/public/iorapd.te b/public/iorapd.te index 426eccae6..3bf8cbdc6 100644 --- a/public/iorapd.te +++ b/public/iorapd.te @@ -42,6 +42,10 @@ unix_socket_connect(iorapd, traced_consumer, traced) # Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time. allow iorapd system_file:file rx_file_perms; +# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd. +allow iorapd iorap_inode2filename:process signull; +allow iorapd iorap_prefetcherd:process signull; + ### ### neverallow rules ### From 4d36eae8affaffce00063d37fe7f1d570cca1f1f Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Thu, 14 May 2020 21:47:43 +0900 Subject: [PATCH 133/163] Add contexts for exported telephony props To remove bad context names, two contexts are added. - telephony_config_prop - telephony_status_prop exported_radio_prop, exported2_radio_prop are removed. Cleaning up exported3_radio_prop will be a follow-up task. Bug: 152471138 Bug: 155844385 Test: boot and see no denials Test: usim works on blueline Change-Id: Iff9a4635c709f3ebe266cd811df3a1b4d3a242c2 --- private/compat/27.0/27.0.ignore.cil | 2 ++ private/compat/30.0/30.0.cil | 5 +++- private/coredomain.te | 2 ++ private/domain.te | 2 -- private/property.te | 9 +++++-- private/property_contexts | 38 ++++++++++++----------------- private/radio.te | 3 +-- public/domain.te | 2 +- public/hal_telephony.te | 3 +-- public/property.te | 4 +-- public/vendor_init.te | 2 -- 11 files changed, 36 insertions(+), 36 deletions(-) diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index 42b1ef05f..9605e34b7 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -174,6 +174,8 @@ system_lmk_prop system_update_service systemsound_config_prop + telephony_config_prop + telephony_status_prop test_boot_reason_prop time_prop timedetector_service diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil index b49c17390..8efa6cb8d 100644 --- a/private/compat/30.0/30.0.cil +++ b/private/compat/30.0/30.0.cil @@ -4,8 +4,10 @@ (type exported_ffs_prop) (type exported_fingerprint_prop) (type exported_system_radio_prop) +(type exported_radio_prop) (type exported_vold_prop) (type exported2_config_prop) +(type exported2_radio_prop) (type exported2_vold_prop) (type ffs_prop) (type system_radio_prop) @@ -1360,6 +1362,7 @@ hdmi_config_prop lmkd_config_prop media_config_prop + telephony_config_prop zram_config_prop)) (typeattributeset exported3_radio_prop_30_0 (exported3_radio_prop)) (typeattributeset exported3_system_prop_30_0 @@ -1385,7 +1388,7 @@ (typeattributeset exported_fingerprint_prop_30_0 (exported_fingerprint_prop fingerprint_prop)) (typeattributeset exported_overlay_prop_30_0 (exported_overlay_prop)) (typeattributeset exported_pm_prop_30_0 (exported_pm_prop)) -(typeattributeset exported_radio_prop_30_0 (exported_radio_prop)) +(typeattributeset exported_radio_prop_30_0 (exported_radio_prop telephony_status_prop)) (typeattributeset exported_secure_prop_30_0 (exported_secure_prop)) (typeattributeset exported_system_prop_30_0 (exported_system_prop)) (typeattributeset exported_system_radio_prop_30_0 diff --git a/private/coredomain.te b/private/coredomain.te index d8b278c19..065036c9c 100644 --- a/private/coredomain.te +++ b/private/coredomain.te @@ -10,6 +10,8 @@ get_prop(coredomain, lmkd_config_prop) get_prop(coredomain, pm_prop) get_prop(coredomain, surfaceflinger_color_prop) get_prop(coredomain, systemsound_config_prop) +get_prop(coredomain, telephony_config_prop) + get_prop(coredomain, usb_config_prop) get_prop(coredomain, usb_control_prop) get_prop(coredomain, userspace_reboot_config_prop) diff --git a/private/domain.te b/private/domain.te index 84184e639..d5632679d 100644 --- a/private/domain.te +++ b/private/domain.te @@ -74,7 +74,6 @@ get_prop(domain, bq_config_prop); not_compatible_property(` # DO NOT ADD ANY PROPERTIES HERE get_prop(domain, core_property_type) - get_prop(domain, exported2_radio_prop) get_prop(domain, exported2_system_prop) get_prop(domain, exported3_default_prop) get_prop(domain, exported3_radio_prop) @@ -84,7 +83,6 @@ not_compatible_property(` compatible_property_only(` # DO NOT ADD ANY PROPERTIES HERE get_prop({coredomain appdomain shell}, core_property_type) - get_prop({coredomain appdomain shell}, exported2_radio_prop) get_prop({coredomain appdomain shell}, exported2_system_prop) get_prop({coredomain appdomain shell}, exported3_default_prop) get_prop({coredomain appdomain shell}, exported3_radio_prop) diff --git a/private/property.te b/private/property.te index ecbfff3c9..93545b547 100644 --- a/private/property.te +++ b/private/property.te @@ -165,7 +165,6 @@ compatible_property_only(` -hal_telephony_server -vendor_init } { - exported_radio_prop exported3_radio_prop }:property_service set; @@ -175,7 +174,6 @@ compatible_property_only(` -appdomain -hal_telephony_server } { - exported2_radio_prop radio_prop }:property_service set; @@ -393,3 +391,10 @@ neverallow { init_service_status_private_prop init_service_status_prop }:property_service set; + +neverallow { + -init + -radio + -appdomain + -hal_telephony_server +} telephony_status_prop:property_service set; diff --git a/private/property_contexts b/private/property_contexts index 10f086cd2..c4b553370 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -250,8 +250,6 @@ persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0 # history size. ro.lib_gui.frame_event_history_size u:object_r:bq_config_prop:s0 -persist.radio.airplane_mode_on u:object_r:exported2_radio_prop:s0 exact bool - af.fast_track_multiplier u:object_r:audio_config_prop:s0 exact int ro.af.client_heap_size_kbyte u:object_r:audio_config_prop:s0 exact int @@ -358,10 +356,6 @@ persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_pro persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string -persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int -persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int -persist.dbg.wfc_avail_ovr u:object_r:exported3_default_prop:s0 exact int - persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string persist.sys.hdmi.keep_awake u:object_r:hdmi_config_prop:s0 exact bool @@ -389,9 +383,6 @@ ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string -ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool -ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool - ro.config.alarm_alert u:object_r:systemsound_config_prop:s0 exact string ro.config.alarm_vol_default u:object_r:systemsound_config_prop:s0 exact int ro.config.alarm_vol_steps u:object_r:systemsound_config_prop:s0 exact int @@ -462,18 +453,12 @@ ro.oem_unlock_supported u:object_r:exported3_default_prop:s0 exact int ro.opengles.version u:object_r:exported3_default_prop:s0 exact int -ro.radio.noril u:object_r:exported3_default_prop:s0 exact string - ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string ro.statsd.enable u:object_r:exported3_default_prop:s0 exact bool ro.storage_manager.enabled u:object_r:exported3_default_prop:s0 exact bool -ro.telephony.call_ring.multiple u:object_r:exported3_default_prop:s0 exact bool -ro.telephony.default_cdma_sub u:object_r:exported3_default_prop:s0 exact int -ro.telephony.default_network u:object_r:exported3_default_prop:s0 exact string - ro.vehicle.hal u:object_r:vehicle_hal_prop:s0 exact string ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string @@ -506,9 +491,6 @@ sys.usb.ffs.max_write u:object_r:ffs_config_prop:s0 exact int sys.usb.ffs.ready u:object_r:ffs_control_prop:s0 exact bool sys.usb.ffs.mtp.ready u:object_r:ffs_control_prop:s0 exact bool -telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int -telephony.active_modems.max_count u:object_r:exported3_default_prop:s0 exact int - tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int @@ -685,8 +667,6 @@ aaudio.mmap_exclusive_policy u:object_r:exported_default_prop:s0 exact int aaudio.mmap_policy u:object_r:exported_default_prop:s0 exact int aaudio.wakeup_delay_usec u:object_r:exported_default_prop:s0 exact int -gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string - media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool persist.rcs.supported u:object_r:exported_default_prop:s0 exact int @@ -770,8 +750,6 @@ ro.oem.key1 u:object_r:exported_default_prop:s0 exact string ro.product.vndk.version u:object_r:vndk_prop:s0 exact string -ro.telephony.iwlan_operation_mode u:object_r:exported_radio_prop:s0 exact enum default legacy AP-assisted - ro.vndk.lite u:object_r:vndk_prop:s0 exact bool ro.vndk.version u:object_r:vndk_prop:s0 exact string @@ -860,3 +838,19 @@ cache_key.package_info u:object_r:binder_cache_system_server_p cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string + +gsm.sim.operator.numeric u:object_r:telephony_status_prop:s0 exact string +persist.radio.airplane_mode_on u:object_r:telephony_status_prop:s0 exact bool + +ro.com.android.dataroaming u:object_r:telephony_config_prop:s0 exact bool +ro.com.android.prov_mobiledata u:object_r:telephony_config_prop:s0 exact bool +ro.radio.noril u:object_r:telephony_config_prop:s0 exact string +ro.telephony.call_ring.multiple u:object_r:telephony_config_prop:s0 exact bool +ro.telephony.default_cdma_sub u:object_r:telephony_config_prop:s0 exact int +ro.telephony.default_network u:object_r:telephony_config_prop:s0 exact string +ro.telephony.iwlan_operation_mode u:object_r:telephony_config_prop:s0 exact enum default legacy AP-assisted +telephony.active_modems.max_count u:object_r:telephony_config_prop:s0 exact int +telephony.lteOnCdmaDevice u:object_r:telephony_config_prop:s0 exact int +persist.dbg.volte_avail_ovr u:object_r:telephony_config_prop:s0 exact int +persist.dbg.vt_avail_ovr u:object_r:telephony_config_prop:s0 exact int +persist.dbg.wfc_avail_ovr u:object_r:telephony_config_prop:s0 exact int diff --git a/private/radio.te b/private/radio.te index db9820d60..fad617417 100644 --- a/private/radio.te +++ b/private/radio.te @@ -6,10 +6,9 @@ read_runtime_log_tags(radio) # Property service set_prop(radio, radio_prop) -set_prop(radio, exported_radio_prop) -set_prop(radio, exported2_radio_prop) set_prop(radio, exported3_radio_prop) set_prop(radio, net_radio_prop) +set_prop(radio, telephony_status_prop) # ctl interface set_prop(radio, ctl_rildaemon_prop) diff --git a/public/domain.te b/public/domain.te index 56bf5462b..faaff87e5 100644 --- a/public/domain.te +++ b/public/domain.te @@ -101,7 +101,6 @@ get_prop(domain, debug_prop) get_prop(domain, exported_config_prop) get_prop(domain, exported_default_prop) get_prop(domain, exported_dumpstate_prop) -get_prop(domain, exported_radio_prop) get_prop(domain, exported_secure_prop) get_prop(domain, exported_system_prop) get_prop(domain, exported2_default_prop) @@ -111,6 +110,7 @@ get_prop(domain, libc_debug_prop) get_prop(domain, logd_prop) get_prop(domain, socket_hook_prop) get_prop(domain, surfaceflinger_prop) +get_prop(domain, telephony_status_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) get_prop(domain, vold_status_prop) diff --git a/public/hal_telephony.te b/public/hal_telephony.te index 3e4b65dfa..c5b593138 100644 --- a/public/hal_telephony.te +++ b/public/hal_telephony.te @@ -21,9 +21,8 @@ allow hal_telephony_server bluetooth_efs_file:dir r_dir_perms; # property service set_prop(hal_telephony_server, radio_prop) -set_prop(hal_telephony_server, exported_radio_prop) -set_prop(hal_telephony_server, exported2_radio_prop) set_prop(hal_telephony_server, exported3_radio_prop) +set_prop(hal_telephony_server, telephony_status_prop) allow hal_telephony_server tty_device:chr_file rw_file_perms; diff --git a/public/property.te b/public/property.te index 0117519bd..787268a83 100644 --- a/public/property.te +++ b/public/property.te @@ -123,6 +123,7 @@ system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(surfaceflinger_prop) system_vendor_config_prop(systemsound_config_prop) +system_vendor_config_prop(telephony_config_prop) system_vendor_config_prop(usb_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) system_vendor_config_prop(vehicle_hal_prop) @@ -146,13 +147,11 @@ system_public_prop(dalvik_runtime_prop) system_public_prop(debug_prop) system_public_prop(dumpstate_options_prop) system_public_prop(exported_system_prop) -system_public_prop(exported2_radio_prop) system_public_prop(exported2_system_prop) system_public_prop(exported3_radio_prop) system_public_prop(exported_bluetooth_prop) system_public_prop(exported_overlay_prop) system_public_prop(exported_pm_prop) -system_public_prop(exported_radio_prop) system_public_prop(exported_wifi_prop) system_public_prop(ffs_control_prop) system_public_prop(sota_prop) @@ -170,6 +169,7 @@ system_public_prop(radio_prop) system_public_prop(serialno_prop) system_public_prop(surfaceflinger_color_prop) system_public_prop(system_prop) +system_public_prop(telephony_status_prop) system_public_prop(usb_control_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index 360d95120..30eba23d8 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -219,7 +219,6 @@ set_prop(vendor_init, exported_config_prop) set_prop(vendor_init, exported_default_prop) set_prop(vendor_init, exported_overlay_prop) set_prop(vendor_init, exported_pm_prop) -set_prop(vendor_init, exported_radio_prop) set_prop(vendor_init, exported_wifi_prop) set_prop(vendor_init, exported2_system_prop) set_prop(vendor_init, exported3_default_prop) @@ -244,7 +243,6 @@ set_prop(vendor_init, wifi_log_prop) set_prop(vendor_init, zram_control_prop) get_prop(vendor_init, boot_status_prop) -get_prop(vendor_init, exported2_radio_prop) get_prop(vendor_init, exported3_system_prop) get_prop(vendor_init, ota_prop) get_prop(vendor_init, provisioned_prop) From 8a86424e3404cef78810c40f88fd7683a9182952 Mon Sep 17 00:00:00 2001 From: Bowgo Tsai Date: Tue, 2 Jun 2020 22:16:12 +0800 Subject: [PATCH 134/163] Copying platform seinfo into vendor partition Some vendor apps are using platform key for signing. This moves them to untrusted_app domain when the system partition is switched to a Generic System Image (GSI), because the value of platform's seinfo in /system/etc/selinux/plat_mac_permissions.xml has been changed. Duplicating the device-specific platform seinfo into /vendor/etc/selinux/vendor_mac_permissions.xml to make it self-contained within the vendor partition. Bug: 157141777 Test: boot the device with a GSI, then `adb shell ps -eZ | grep qtidata` Test: ./build/make/tools/releasetools/sign_target_files_apks \ --default_key_mappings path/to/keydir \ -o out/dist/-target_files-*.zip \ signed-tardis-target_files.zip and checks the platform seinfo in /vendor/etc/selinux/vendor_mac_permissions.xml is replaced. Change-Id: Ic9a79780e30f456138e4de67210cc60ac2e490d6 --- mac_permissions.mk | 3 ++- vendor/keys.conf | 19 ++++++++++++++ vendor/mac_permissions.xml | 53 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 74 insertions(+), 1 deletion(-) create mode 100644 vendor/keys.conf create mode 100644 vendor/mac_permissions.xml diff --git a/mac_permissions.mk b/mac_permissions.mk index 3bcff95a0..3cc015147 100644 --- a/mac_permissions.mk +++ b/mac_permissions.mk @@ -122,7 +122,8 @@ $(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_vendor_mac_perms_files) $(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys.py \ $(all_vendor_mac_perms_files) @mkdir -p $(dir $@) - $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES) + $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \ + $(HOST_OUT_EXECUTABLES)/insertkeys.py -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES) vendor_mac_perms_keys.tmp := all_vendor_mac_perms_files := diff --git a/vendor/keys.conf b/vendor/keys.conf new file mode 100644 index 000000000..71ad2c9ee --- /dev/null +++ b/vendor/keys.conf @@ -0,0 +1,19 @@ +# +# Maps an arbitrary tag [TAGNAME] with the string contents found in +# TARGET_BUILD_VARIANT. Common convention is to start TAGNAME with an @ and +# name it after the base file name of the pem file. +# +# Each tag (section) then allows one to specify any string found in +# TARGET_BUILD_VARIANT. Typcially this is user, eng, and userdebug. Another +# option is to use ALL which will match ANY TARGET_BUILD_VARIANT string. +# + +# Some vendor apps are using platform key for signing. +# This moves them to untrusted_app domain when the system partition is +# switched to a Generic System Image (GSI), because the value of platform's +# seinfo in /system/etc/selinux/plat_mac_permissions.xml has been changed. +# Duplicating the device-specific platform seinfo into +# /vendor/etc/selinux/vendor_mac_permissions.xml to make it self-contained +# within the vendor partition. +[@PLATFORM] +ALL : $DEFAULT_SYSTEM_DEV_CERTIFICATE/platform.x509.pem diff --git a/vendor/mac_permissions.xml b/vendor/mac_permissions.xml new file mode 100644 index 000000000..2d6fab0d0 --- /dev/null +++ b/vendor/mac_permissions.xml @@ -0,0 +1,53 @@ + + + + + + + + + + From fbfa8ce0ae7e00a302324f276b8ced87d539a353 Mon Sep 17 00:00:00 2001 From: Peiyong Lin Date: Thu, 4 Jun 2020 18:11:25 -0700 Subject: [PATCH 135/163] Update sepolicy for GPU profiling properties. A device must indicate whether GPU profiling is supported or not through setting these two properties properly. CTS needs to read these two properties in order to run corresponding compliance tests. Hence need to update sepolicy for these two properties. Bug: b/157832445 Test: Test on Pixel 4 Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3 --- prebuilts/api/30.0/private/app.te | 3 +++ prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/shell.te | 3 +++ prebuilts/api/30.0/public/property.te | 8 ++++++++ prebuilts/api/30.0/public/property_contexts | 4 ++++ private/app.te | 3 +++ private/compat/29.0/29.0.ignore.cil | 1 + private/property.te | 7 +++++++ private/property_contexts | 4 ++++ private/shell.te | 3 +++ public/property.te | 1 + 11 files changed, 38 insertions(+) diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te index a03bcb094..b2ddd84b4 100644 --- a/prebuilts/api/30.0/private/app.te +++ b/prebuilts/api/30.0/private/app.te @@ -35,3 +35,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') } { domain -appdomain -crash_dump -rs }:process { transition }; neverallow { appdomain -shell userdebug_or_eng(`-su') } { domain -appdomain }:process { dyntransition }; + +# Allow to read graphics related properties. +get_prop(appdomain, graphics_config_prop) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index e35841fe5..1ca89e1a4 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -48,6 +48,7 @@ fwk_automotive_display_hwservice fusectlfs gmscore_app + graphics_config_prop hal_can_bus_hwservice hal_can_controller_hwservice hal_identity_service diff --git a/prebuilts/api/30.0/private/shell.te b/prebuilts/api/30.0/private/shell.te index 76ff0734d..fd7876332 100644 --- a/prebuilts/api/30.0/private/shell.te +++ b/prebuilts/api/30.0/private/shell.te @@ -90,3 +90,6 @@ allow shell simpleperf_exec:file rx_file_perms; # not the whole system. allow shell self:perf_event { open read write kernel }; neverallow shell self:perf_event ~{ open read write kernel }; + +# Allow to read graphics related properties. +get_prop(shell, graphics_config_prop) diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index a435b4dc9..1bcc2081c 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -118,6 +118,7 @@ system_vendor_config_prop(exported_camera_prop) system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(graphics_config_prop) system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(userspace_reboot_config_prop) @@ -599,3 +600,10 @@ neverallow { } { userspace_reboot_test_prop }:property_service set; + +neverallow { + -init + -vendor_init +} { + graphics_config_prop +}:property_service set; diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts index 5abe85b82..40f68899e 100644 --- a/prebuilts/api/30.0/public/property_contexts +++ b/prebuilts/api/30.0/public/property_contexts @@ -466,3 +466,7 @@ cache_key.package_info u:object_r:binder_cache_system_server_p cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string + +# Graphics related properties +graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool +graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string diff --git a/private/app.te b/private/app.te index 4da06bc7f..b76f1d0bf 100644 --- a/private/app.te +++ b/private/app.te @@ -45,3 +45,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') } # Don't allow regular apps access to storage configuration properties. neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms; + +# Allow to read graphics related properties. +get_prop(appdomain, graphics_config_prop) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 4e43dea92..1d4216c36 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -50,6 +50,7 @@ fusectlfs gmscore_app gnss_device + graphics_config_prop hal_can_bus_hwservice hal_can_controller_hwservice hal_identity_service diff --git a/private/property.te b/private/property.te index 64c8af1c2..1aa4ddfa5 100644 --- a/private/property.te +++ b/private/property.te @@ -399,3 +399,10 @@ neverallow { -hal_telephony_server not_compatible_property(`-vendor_init') } telephony_status_prop:property_service set; + +neverallow { + -init + -vendor_init +} { + graphics_config_prop +}:property_service set; diff --git a/private/property_contexts b/private/property_contexts index c4b553370..2489c135f 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -854,3 +854,7 @@ telephony.lteOnCdmaDevice u:object_r:telephony_config_prop:s0 exact int persist.dbg.volte_avail_ovr u:object_r:telephony_config_prop:s0 exact int persist.dbg.vt_avail_ovr u:object_r:telephony_config_prop:s0 exact int persist.dbg.wfc_avail_ovr u:object_r:telephony_config_prop:s0 exact int + +# Graphics related properties +graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool +graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string diff --git a/private/shell.te b/private/shell.te index 63757ebba..2a2af0ffb 100644 --- a/private/shell.te +++ b/private/shell.te @@ -140,3 +140,6 @@ get_prop(shell, system_boot_reason_prop) get_prop(shell, init_perf_lsm_hooks_prop) userdebug_or_eng(`set_prop(shell, persist_debug_prop)') + +# Allow to read graphics related properties. +get_prop(shell, graphics_config_prop) diff --git a/public/property.te b/public/property.te index 787268a83..8c989746b 100644 --- a/public/property.te +++ b/public/property.te @@ -115,6 +115,7 @@ system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) system_vendor_config_prop(ffs_config_prop) +system_vendor_config_prop(graphics_config_prop) system_vendor_config_prop(hdmi_config_prop) system_vendor_config_prop(incremental_prop) system_vendor_config_prop(lmkd_config_prop) From 374424fc609259cad3613be370139d81d52d8ccb Mon Sep 17 00:00:00 2001 From: Peiyong Lin Date: Wed, 3 Jun 2020 22:40:24 -0700 Subject: [PATCH 136/163] Update sepolicy for GPU profiling properties. A device must indicate whether GPU profiling is supported or not through setting these two properties properly. CTS needs to read these two properties in order to run corresponding compliance tests. Hence need to update sepolicy for these two properties. Bug: b/157832445 Test: Test on Pixel 4 Change-Id: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3 Merged-In: I6f400ecbbd5e78b645bb620fa24747e9367c2ff3 --- prebuilts/api/30.0/private/app.te | 3 +++ prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/shell.te | 3 +++ prebuilts/api/30.0/public/property.te | 8 ++++++++ prebuilts/api/30.0/public/property_contexts | 4 ++++ private/app.te | 3 +++ private/compat/29.0/29.0.ignore.cil | 1 + private/shell.te | 3 +++ public/property.te | 8 ++++++++ public/property_contexts | 4 ++++ 10 files changed, 38 insertions(+) diff --git a/prebuilts/api/30.0/private/app.te b/prebuilts/api/30.0/private/app.te index 99646050d..9882d8f9b 100644 --- a/prebuilts/api/30.0/private/app.te +++ b/prebuilts/api/30.0/private/app.te @@ -38,3 +38,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') } # Don't allow regular apps access to storage configuration properties. neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms; + +# Allow to read graphics related properties. +get_prop(appdomain, graphics_config_prop) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index 795864bc0..1cdfce0ee 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -49,6 +49,7 @@ fwk_automotive_display_hwservice fusectlfs gmscore_app + graphics_config_prop hal_can_bus_hwservice hal_can_controller_hwservice hal_identity_service diff --git a/prebuilts/api/30.0/private/shell.te b/prebuilts/api/30.0/private/shell.te index 76ff0734d..43e4dd529 100644 --- a/prebuilts/api/30.0/private/shell.te +++ b/prebuilts/api/30.0/private/shell.te @@ -90,3 +90,6 @@ allow shell simpleperf_exec:file rx_file_perms; # not the whole system. allow shell self:perf_event { open read write kernel }; neverallow shell self:perf_event ~{ open read write kernel }; + +# Allow to read graphics related properties. +get_prop(shell, graphics_config_prop) \ No newline at end of file diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index a81b6b4f9..5bc1af2f8 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -119,6 +119,7 @@ system_vendor_config_prop(exported_camera_prop) system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(graphics_config_prop) system_vendor_config_prop(incremental_prop) system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) @@ -602,3 +603,10 @@ neverallow { } { userspace_reboot_test_prop }:property_service set; + +neverallow { + -init + -vendor_init +} { + graphics_config_prop +}:property_service set; diff --git a/prebuilts/api/30.0/public/property_contexts b/prebuilts/api/30.0/public/property_contexts index 003a4f01a..f985200e0 100644 --- a/prebuilts/api/30.0/public/property_contexts +++ b/prebuilts/api/30.0/public/property_contexts @@ -469,3 +469,7 @@ cache_key.package_info u:object_r:binder_cache_system_server_p cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string + +# Graphics related properties +graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool +graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string diff --git a/private/app.te b/private/app.te index 99646050d..9882d8f9b 100644 --- a/private/app.te +++ b/private/app.te @@ -38,3 +38,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') } # Don't allow regular apps access to storage configuration properties. neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms; + +# Allow to read graphics related properties. +get_prop(appdomain, graphics_config_prop) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 795864bc0..1cdfce0ee 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -49,6 +49,7 @@ fwk_automotive_display_hwservice fusectlfs gmscore_app + graphics_config_prop hal_can_bus_hwservice hal_can_controller_hwservice hal_identity_service diff --git a/private/shell.te b/private/shell.te index 76ff0734d..43e4dd529 100644 --- a/private/shell.te +++ b/private/shell.te @@ -90,3 +90,6 @@ allow shell simpleperf_exec:file rx_file_perms; # not the whole system. allow shell self:perf_event { open read write kernel }; neverallow shell self:perf_event ~{ open read write kernel }; + +# Allow to read graphics related properties. +get_prop(shell, graphics_config_prop) \ No newline at end of file diff --git a/public/property.te b/public/property.te index a81b6b4f9..5bc1af2f8 100644 --- a/public/property.te +++ b/public/property.te @@ -119,6 +119,7 @@ system_vendor_config_prop(exported_camera_prop) system_vendor_config_prop(exported_config_prop) system_vendor_config_prop(exported_default_prop) system_vendor_config_prop(exported3_default_prop) +system_vendor_config_prop(graphics_config_prop) system_vendor_config_prop(incremental_prop) system_vendor_config_prop(media_variant_prop) system_vendor_config_prop(storage_config_prop) @@ -602,3 +603,10 @@ neverallow { } { userspace_reboot_test_prop }:property_service set; + +neverallow { + -init + -vendor_init +} { + graphics_config_prop +}:property_service set; diff --git a/public/property_contexts b/public/property_contexts index 003a4f01a..f985200e0 100644 --- a/public/property_contexts +++ b/public/property_contexts @@ -469,3 +469,7 @@ cache_key.package_info u:object_r:binder_cache_system_server_p cache_key.bluetooth. u:object_r:binder_cache_bluetooth_server_prop:s0 prefix string cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string + +# Graphics related properties +graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool +graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string From a9df37fff269f08b1455d84f47721302e310049b Mon Sep 17 00:00:00 2001 From: Yan Wang Date: Mon, 8 Jun 2020 18:46:12 +0000 Subject: [PATCH 137/163] selinux: Allow system_server to access files in iorapd dir. Bug: 158007508 Test: make and see if system server could access iorapd dir. Change-Id: I4cff9b4154d7e633d8437de84c51ac1ca334cbcf --- prebuilts/api/30.0/public/iorapd.te | 8 ++++++++ public/iorapd.te | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/prebuilts/api/30.0/public/iorapd.te b/prebuilts/api/30.0/public/iorapd.te index 3bf8cbdc6..b9706994e 100644 --- a/prebuilts/api/30.0/public/iorapd.te +++ b/prebuilts/api/30.0/public/iorapd.te @@ -46,6 +46,12 @@ allow iorapd system_file:file rx_file_perms; allow iorapd iorap_inode2filename:process signull; allow iorapd iorap_prefetcherd:process signull; +# Allowing system_server to check for the existence and size of files under iorapd +# dir without collecting any sensitive app data. +# This is used to predict if iorapd is doing prefetching or not. +allow system_server iorapd_data_file:dir { getattr open read search }; +allow system_server iorapd_data_file:file getattr; + ### ### neverallow rules ### @@ -59,6 +65,7 @@ neverallow { domain -init -iorapd + -system_server } iorapd_data_file:dir *; neverallow { @@ -73,6 +80,7 @@ neverallow { -kernel -vendor_init -iorapd + -system_server } { iorapd_data_file }:notdevfile_class_set *; # Only system_server and shell (for dumpsys) can interact with iorapd over binder diff --git a/public/iorapd.te b/public/iorapd.te index 3bf8cbdc6..b9706994e 100644 --- a/public/iorapd.te +++ b/public/iorapd.te @@ -46,6 +46,12 @@ allow iorapd system_file:file rx_file_perms; allow iorapd iorap_inode2filename:process signull; allow iorapd iorap_prefetcherd:process signull; +# Allowing system_server to check for the existence and size of files under iorapd +# dir without collecting any sensitive app data. +# This is used to predict if iorapd is doing prefetching or not. +allow system_server iorapd_data_file:dir { getattr open read search }; +allow system_server iorapd_data_file:file getattr; + ### ### neverallow rules ### @@ -59,6 +65,7 @@ neverallow { domain -init -iorapd + -system_server } iorapd_data_file:dir *; neverallow { @@ -73,6 +80,7 @@ neverallow { -kernel -vendor_init -iorapd + -system_server } { iorapd_data_file }:notdevfile_class_set *; # Only system_server and shell (for dumpsys) can interact with iorapd over binder From d40dfdc4c067390cc9cad5a2d66f47c792143be9 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Mon, 8 Jun 2020 20:31:33 +0200 Subject: [PATCH 138/163] Don't give uid-based categories to app_zygote and isolated processes. The mapping of UIDs to categories can only take 16 bits, yet isolated processes start at UID 90000. Additionally, the main purpose of these categories was to isolate app-private storage, but since isolated processes don't have access to app-private storage anyway, removing them doesn't hurt. The upside is that this allows us to remove mIstrustedsubject from the app_zygote domain, which prevents app code running in that context from assigning itself arbitrary categories. Bug: 157598026 Test: inspect categories of app_zygote and children; verify Chrome works Merged-In: Idfa8625d939cf30f3683436949bb4f335851622a Change-Id: Idfa8625d939cf30f3683436949bb4f335851622a --- prebuilts/api/30.0/private/app_zygote.te | 7 +++---- prebuilts/api/30.0/private/seapp_contexts | 4 ++-- private/app_zygote.te | 7 +++---- private/seapp_contexts | 4 ++-- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/prebuilts/api/30.0/private/app_zygote.te b/prebuilts/api/30.0/private/app_zygote.te index a826f7fc7..928532322 100644 --- a/prebuilts/api/30.0/private/app_zygote.te +++ b/prebuilts/api/30.0/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -95,12 +92,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/prebuilts/api/30.0/private/seapp_contexts b/prebuilts/api/30.0/private/seapp_contexts index 1bad9c11b..0a25789d4 100644 --- a/prebuilts/api/30.0/private/seapp_contexts +++ b/prebuilts/api/30.0/private/seapp_contexts @@ -151,8 +151,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all diff --git a/private/app_zygote.te b/private/app_zygote.te index a826f7fc7..928532322 100644 --- a/private/app_zygote.te +++ b/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -95,12 +92,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/private/seapp_contexts b/private/seapp_contexts index e944063c9..a40b16f95 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -151,8 +151,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all From c3880d05940c139dcf6f6c5ff6f40fc4e2976ea2 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Mon, 8 Jun 2020 20:31:33 +0200 Subject: [PATCH 139/163] Don't give uid-based categories to app_zygote and isolated processes. The mapping of UIDs to categories can only take 16 bits, yet isolated processes start at UID 90000. Additionally, the main purpose of these categories was to isolate app-private storage, but since isolated processes don't have access to app-private storage anyway, removing them doesn't hurt. The upside is that this allows us to remove mIstrustedsubject from the app_zygote domain, which prevents app code running in that context from assigning itself arbitrary categories. Bug: 157598026 Test: inspect categories of app_zygote and children; verify Chrome works Merged-In: Idfa8625d939cf30f3683436949bb4f335851622a Change-Id: Idfa8625d939cf30f3683436949bb4f335851622a --- prebuilts/api/30.0/private/app_zygote.te | 7 +++---- prebuilts/api/30.0/private/seapp_contexts | 4 ++-- private/app_zygote.te | 7 +++---- private/seapp_contexts | 4 ++-- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/prebuilts/api/30.0/private/app_zygote.te b/prebuilts/api/30.0/private/app_zygote.te index a826f7fc7..928532322 100644 --- a/prebuilts/api/30.0/private/app_zygote.te +++ b/prebuilts/api/30.0/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -95,12 +92,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/prebuilts/api/30.0/private/seapp_contexts b/prebuilts/api/30.0/private/seapp_contexts index 1bad9c11b..0a25789d4 100644 --- a/prebuilts/api/30.0/private/seapp_contexts +++ b/prebuilts/api/30.0/private/seapp_contexts @@ -151,8 +151,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all diff --git a/private/app_zygote.te b/private/app_zygote.te index a826f7fc7..928532322 100644 --- a/private/app_zygote.te +++ b/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -95,12 +92,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/private/seapp_contexts b/private/seapp_contexts index 1bad9c11b..0a25789d4 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -151,8 +151,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all From 46e512ad469cb240a97d3172b017a3421046c229 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Mon, 8 Jun 2020 20:31:33 +0200 Subject: [PATCH 140/163] Don't give uid-based categories to app_zygote and isolated processes. The mapping of UIDs to categories can only take 16 bits, yet isolated processes start at UID 90000. Additionally, the main purpose of these categories was to isolate app-private storage, but since isolated processes don't have access to app-private storage anyway, removing them doesn't hurt. The upside is that this allows us to remove mIstrustedsubject from the app_zygote domain, which prevents app code running in that context from assigning itself arbitrary categories. Bug: 157598026 Test: inspect categories of app_zygote and children; verify Chrome works Merged-In: Idfa8625d939cf30f3683436949bb4f335851622a Merged-In: I608a096cecffc1c1ff837611ca500a8da3cf1320 Change-Id: I608a096cecffc1c1ff837611ca500a8da3cf1320 --- prebuilts/api/29.0/private/app_zygote.te | 7 +++---- prebuilts/api/29.0/private/seapp_contexts | 4 ++-- private/app_zygote.te | 7 +++---- private/seapp_contexts | 4 ++-- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/prebuilts/api/29.0/private/app_zygote.te b/prebuilts/api/29.0/private/app_zygote.te index e44c1beb2..467f34198 100644 --- a/prebuilts/api/29.0/private/app_zygote.te +++ b/prebuilts/api/29.0/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -89,12 +86,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/prebuilts/api/29.0/private/seapp_contexts b/prebuilts/api/29.0/private/seapp_contexts index ad8a76cd9..b898d3e1c 100644 --- a/prebuilts/api/29.0/private/seapp_contexts +++ b/prebuilts/api/29.0/private/seapp_contexts @@ -150,8 +150,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all diff --git a/private/app_zygote.te b/private/app_zygote.te index e44c1beb2..467f34198 100644 --- a/private/app_zygote.te +++ b/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -89,12 +86,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/private/seapp_contexts b/private/seapp_contexts index ad8a76cd9..b898d3e1c 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -150,8 +150,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all From 4c386e10c98b63cdb07bd940287e2cf1a63526c0 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Mon, 8 Jun 2020 20:31:33 +0200 Subject: [PATCH 141/163] Don't give uid-based categories to app_zygote and isolated processes. The mapping of UIDs to categories can only take 16 bits, yet isolated processes start at UID 90000. Additionally, the main purpose of these categories was to isolate app-private storage, but since isolated processes don't have access to app-private storage anyway, removing them doesn't hurt. The upside is that this allows us to remove mIstrustedsubject from the app_zygote domain, which prevents app code running in that context from assigning itself arbitrary categories. Bug: 157598026 Test: inspect categories of app_zygote and children; verify Chrome works Merged-In: Idfa8625d939cf30f3683436949bb4f335851622a Merged-In: I608a096cecffc1c1ff837611ca500a8da3cf1320 Change-Id: I608a096cecffc1c1ff837611ca500a8da3cf1320 --- prebuilts/api/29.0/private/app_zygote.te | 7 +++---- prebuilts/api/29.0/private/seapp_contexts | 4 ++-- private/app_zygote.te | 7 +++---- private/seapp_contexts | 4 ++-- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/prebuilts/api/29.0/private/app_zygote.te b/prebuilts/api/29.0/private/app_zygote.te index e44c1beb2..467f34198 100644 --- a/prebuilts/api/29.0/private/app_zygote.te +++ b/prebuilts/api/29.0/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -89,12 +86,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/prebuilts/api/29.0/private/seapp_contexts b/prebuilts/api/29.0/private/seapp_contexts index ad8a76cd9..b898d3e1c 100644 --- a/prebuilts/api/29.0/private/seapp_contexts +++ b/prebuilts/api/29.0/private/seapp_contexts @@ -150,8 +150,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all diff --git a/private/app_zygote.te b/private/app_zygote.te index e44c1beb2..467f34198 100644 --- a/private/app_zygote.te +++ b/private/app_zygote.te @@ -4,9 +4,6 @@ typeattribute app_zygote coredomain; ###### Policy below is different from regular zygote-spawned apps ###### -# The app_zygote needs to be able to transition domains. -typeattribute app_zygote mlstrustedsubject; - # Allow access to temporary files, which is normally permitted through # a domain macro. tmpfs_domain(app_zygote); @@ -89,12 +86,14 @@ neverallow { domain -zygote } app_zygote:process dyntransition; neverallow app_zygote property_socket:sock_file write; neverallow app_zygote property_type:property_service set; -# Should not have any access to non-app data files. +# Should not have any access to data files. neverallow app_zygote { bluetooth_data_file nfc_data_file radio_data_file shell_data_file + app_data_file + privapp_data_file }:file { rwx_file_perms }; neverallow app_zygote { diff --git a/private/seapp_contexts b/private/seapp_contexts index ad8a76cd9..b898d3e1c 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -150,8 +150,8 @@ user=radio seinfo=platform domain=radio type=radio_data_file user=shared_relro domain=shared_relro user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file user=webview_zygote seinfo=webview_zygote domain=webview_zygote -user=_isolated domain=isolated_app levelFrom=all -user=_app seinfo=app_zygote domain=app_zygote levelFrom=all +user=_isolated domain=isolated_app levelFrom=user +user=_app seinfo=app_zygote domain=app_zygote levelFrom=user user=_app seinfo=media domain=mediaprovider name=android.process.media type=app_data_file levelFrom=user user=_app seinfo=platform domain=platform_app type=app_data_file levelFrom=user user=_app isEphemeralApp=true domain=ephemeral_app type=app_data_file levelFrom=all From 0112daa9bfb7474e83a37983791dd481810c7a49 Mon Sep 17 00:00:00 2001 From: Hasini Gunasinghe Date: Wed, 10 Jun 2020 23:34:41 +0000 Subject: [PATCH 142/163] Allow keystore to write to statsd. Keystore logging is migrated to use statsd. Therefore, keystore needs permission to write to statsd. Test: Treehugger passes. Bug: 157664923 Change-Id: I2fb61fd7e9732191e6991f199d04b5425b637830 --- prebuilts/api/30.0/private/keystore.te | 3 +++ private/keystore.te | 3 +++ 2 files changed, 6 insertions(+) diff --git a/prebuilts/api/30.0/private/keystore.te b/prebuilts/api/30.0/private/keystore.te index ee6dbdf2a..81b6dfb86 100644 --- a/prebuilts/api/30.0/private/keystore.te +++ b/prebuilts/api/30.0/private/keystore.te @@ -13,3 +13,6 @@ allow keystore platform_app:binder call; # Allow to check whether security logging is enabled. get_prop(keystore, device_logging_prop) + +# Allow keystore to write to statsd. +unix_socket_send(keystore, statsdw, statsd) diff --git a/private/keystore.te b/private/keystore.te index ee6dbdf2a..81b6dfb86 100644 --- a/private/keystore.te +++ b/private/keystore.te @@ -13,3 +13,6 @@ allow keystore platform_app:binder call; # Allow to check whether security logging is enabled. get_prop(keystore, device_logging_prop) + +# Allow keystore to write to statsd. +unix_socket_send(keystore, statsdw, statsd) From 0379e48ecf6bbefcb9a476cf907a9b1d15928e04 Mon Sep 17 00:00:00 2001 From: Amy Zhang Date: Fri, 12 Jun 2020 15:37:05 -0700 Subject: [PATCH 143/163] Add app_api_service in TunerResourceManager system service sepolicy Make TunerResourceManager accessible through CTS Test: atest android.media.tv.tuner.cts Bug: 158868205 Change-Id: Ica202eacd674ae8f05000b31b76b31c50d8f761c --- prebuilts/api/30.0/public/service.te | 2 +- public/service.te | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/prebuilts/api/30.0/public/service.te b/prebuilts/api/30.0/public/service.te index 3c17179b6..f27772eab 100644 --- a/prebuilts/api/30.0/public/service.te +++ b/prebuilts/api/30.0/public/service.te @@ -183,7 +183,7 @@ type timezone_service, system_server_service, service_manager_type; type timezonedetector_service, system_server_service, service_manager_type; type trust_service, app_api_service, system_server_service, service_manager_type; type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; -type tv_tuner_resource_mgr_service, system_server_service, service_manager_type; +type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type; type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type updatelock_service, system_api_service, system_server_service, service_manager_type; type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; diff --git a/public/service.te b/public/service.te index 3c17179b6..f27772eab 100644 --- a/public/service.te +++ b/public/service.te @@ -183,7 +183,7 @@ type timezone_service, system_server_service, service_manager_type; type timezonedetector_service, system_server_service, service_manager_type; type trust_service, app_api_service, system_server_service, service_manager_type; type tv_input_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; -type tv_tuner_resource_mgr_service, system_server_service, service_manager_type; +type tv_tuner_resource_mgr_service, app_api_service, system_server_service, service_manager_type; type uimode_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; type updatelock_service, system_api_service, system_server_service, service_manager_type; type uri_grants_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type; From 98412ab60466c148370dd4ee4b83d3bb1e0a069c Mon Sep 17 00:00:00 2001 From: Amy Hsu Date: Tue, 5 May 2020 13:20:30 +0800 Subject: [PATCH 144/163] sepolicy: change vendor property to system property 1. Add surfaceflinger_display_prop property context 2. Set context for graphics.display.kernel_idle_timer.enabled 3. Context for system property that is get by surfaceflinger and set by vendor_init and system_app. W /system/bin/init: type=1107 audit(0.0:5): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.display.enable_kernel_idle_timer pid=2396 uid=1000 gid=1000 scontext=u:r:system_app:s0 tcontext=u:object_r:vendor_display_prop:s0 tclass=property_service permissive=0' Bug:137064289 Test: $ make selinux_policy. Check kernel idle timer works correct. Change-Id: I77a82b5abfe5a771418dab5d40b404a1cdca4deb --- prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/property_contexts | 3 +++ prebuilts/api/30.0/private/surfaceflinger.te | 3 +++ prebuilts/api/30.0/private/system_app.te | 2 ++ prebuilts/api/30.0/public/property.te | 9 +++++++++ prebuilts/api/30.0/public/vendor_init.te | 1 + private/compat/29.0/29.0.ignore.cil | 1 + private/property_contexts | 3 +++ private/surfaceflinger.te | 3 +++ private/system_app.te | 2 ++ public/property.te | 9 +++++++++ public/vendor_init.te | 1 + 12 files changed, 38 insertions(+) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index 1cdfce0ee..e13889d6f 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -98,6 +98,7 @@ soundtrigger_middleware_service staged_install_file storage_config_prop + surfaceflinger_display_prop sysfs_dm_verity system_adbd_prop system_config_service diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts index 1a5471f49..ae0c4315c 100644 --- a/prebuilts/api/30.0/private/property_contexts +++ b/prebuilts/api/30.0/private/property_contexts @@ -263,3 +263,6 @@ init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_p init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int + +# vendor-init-settable +graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool diff --git a/prebuilts/api/30.0/private/surfaceflinger.te b/prebuilts/api/30.0/private/surfaceflinger.te index cf709df31..36c39d639 100644 --- a/prebuilts/api/30.0/private/surfaceflinger.te +++ b/prebuilts/api/30.0/private/surfaceflinger.te @@ -58,6 +58,9 @@ set_prop(surfaceflinger, exported2_system_prop) set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, ctl_bootanim_prop) +# Get properties +get_prop(surfaceflinger, surfaceflinger_display_prop) + # Use open files supplied by an app. allow surfaceflinger appdomain:fd use; allow surfaceflinger { app_data_file privapp_data_file }:file { read write }; diff --git a/prebuilts/api/30.0/private/system_app.te b/prebuilts/api/30.0/private/system_app.te index 0b77bb372..1e91be0eb 100644 --- a/prebuilts/api/30.0/private/system_app.te +++ b/prebuilts/api/30.0/private/system_app.te @@ -57,6 +57,8 @@ auditallow system_app system_radio_prop:property_service set; auditallow system_app exported_system_radio_prop:property_service set; # Allow Settings to enable Dynamic System Update set_prop(system_app, dynamic_system_prop) +# Allow Settings to config display kernel idle timer +set_prop(system_app, surfaceflinger_display_prop) # ctl interface set_prop(system_app, ctl_default_prop) diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index 5bc1af2f8..80918e914 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -168,6 +168,7 @@ system_public_prop(ota_prop) system_public_prop(powerctl_prop) system_public_prop(radio_prop) system_public_prop(serialno_prop) +system_public_prop(surfaceflinger_display_prop) system_public_prop(system_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) @@ -610,3 +611,11 @@ neverallow { } { graphics_config_prop }:property_service set; + +neverallow { + -init + -vendor_init + -system_app +} { + surfaceflinger_display_prop +}:property_service set; diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te index 12a360eb8..04f81cb1e 100644 --- a/prebuilts/api/30.0/public/vendor_init.te +++ b/prebuilts/api/30.0/public/vendor_init.te @@ -236,6 +236,7 @@ set_prop(vendor_init, log_prop) set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, serialno_prop) set_prop(vendor_init, storage_config_prop) +set_prop(vendor_init, surfaceflinger_display_prop) set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vendor_default_prop) diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 1cdfce0ee..e13889d6f 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -98,6 +98,7 @@ soundtrigger_middleware_service staged_install_file storage_config_prop + surfaceflinger_display_prop sysfs_dm_verity system_adbd_prop system_config_service diff --git a/private/property_contexts b/private/property_contexts index 1a5471f49..ae0c4315c 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -263,3 +263,6 @@ init.userspace_reboot.sigterm.timeoutmillis u:object_r:userspace_reboot_config_p init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int + +# vendor-init-settable +graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te index cf709df31..36c39d639 100644 --- a/private/surfaceflinger.te +++ b/private/surfaceflinger.te @@ -58,6 +58,9 @@ set_prop(surfaceflinger, exported2_system_prop) set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, ctl_bootanim_prop) +# Get properties +get_prop(surfaceflinger, surfaceflinger_display_prop) + # Use open files supplied by an app. allow surfaceflinger appdomain:fd use; allow surfaceflinger { app_data_file privapp_data_file }:file { read write }; diff --git a/private/system_app.te b/private/system_app.te index 0b77bb372..1e91be0eb 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -57,6 +57,8 @@ auditallow system_app system_radio_prop:property_service set; auditallow system_app exported_system_radio_prop:property_service set; # Allow Settings to enable Dynamic System Update set_prop(system_app, dynamic_system_prop) +# Allow Settings to config display kernel idle timer +set_prop(system_app, surfaceflinger_display_prop) # ctl interface set_prop(system_app, ctl_default_prop) diff --git a/public/property.te b/public/property.te index 5bc1af2f8..80918e914 100644 --- a/public/property.te +++ b/public/property.te @@ -168,6 +168,7 @@ system_public_prop(ota_prop) system_public_prop(powerctl_prop) system_public_prop(radio_prop) system_public_prop(serialno_prop) +system_public_prop(surfaceflinger_display_prop) system_public_prop(system_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) @@ -610,3 +611,11 @@ neverallow { } { graphics_config_prop }:property_service set; + +neverallow { + -init + -vendor_init + -system_app +} { + surfaceflinger_display_prop +}:property_service set; diff --git a/public/vendor_init.te b/public/vendor_init.te index 12a360eb8..04f81cb1e 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -236,6 +236,7 @@ set_prop(vendor_init, log_prop) set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, serialno_prop) set_prop(vendor_init, storage_config_prop) +set_prop(vendor_init, surfaceflinger_display_prop) set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vendor_default_prop) From 8b86f89a1d99f585de4de219a056690ec1b7fbd6 Mon Sep 17 00:00:00 2001 From: Ashwini Oruganti Date: Mon, 15 Jun 2020 11:14:04 -0700 Subject: [PATCH 145/163] Actually route PermissionController to the right domain com.android.permissioncontroller was getting routed to platform_app since specified seinfo takes precedence over unspecified seinfo. This change adds seinfo=platform to the rule for com.android.permissioncontroller so it correctly runs in the permissioncontroller_app domain. Bug: 158953123 Test: Treehugger + android.security.cts.SELinuxHostTest#testPermissionControllerDomain Change-Id: I721fbf43a9774ed11414dd084bedaeb7216a76dd Merged-In: I721fbf43a9774ed11414dd084bedaeb7216a76dd --- prebuilts/api/30.0/private/seapp_contexts | 2 +- private/seapp_contexts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/prebuilts/api/30.0/private/seapp_contexts b/prebuilts/api/30.0/private/seapp_contexts index 0a25789d4..a8c61be8f 100644 --- a/prebuilts/api/30.0/private/seapp_contexts +++ b/prebuilts/api/30.0/private/seapp_contexts @@ -160,7 +160,7 @@ user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all user=_app isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all -user=_app isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all +user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user diff --git a/private/seapp_contexts b/private/seapp_contexts index 0a25789d4..a8c61be8f 100644 --- a/private/seapp_contexts +++ b/private/seapp_contexts @@ -160,7 +160,7 @@ user=_app isPrivApp=true domain=priv_app type=privapp_data_file levelFrom=user user=_app isPrivApp=true name=com.google.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all user=_app isPrivApp=true name=com.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all -user=_app isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all +user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user From cd2996d1e133b89ef05ceaf76161dc40bc8b51d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20=C5=BBenczykowski?= Date: Wed, 17 Jun 2020 16:58:24 +0000 Subject: [PATCH 146/163] grant bpfloader ability to fetch the fd of pinned bpf programs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: W bpfloader: type=1400 audit(0.0:13): avc: denied { read } for name="prog_offload_schedcls_ingress_tether_rawip" dev="bpf" ino=12551 scontext=u:r:bpfloader:s0 tcontext=u:object_r:fs_bpf:s0 tclass=file permissive=0 Test: builds, atest, treehugger Bug: 150040815 Signed-off-by: Maciej Żenczykowski Merged-In: I3c7b116bc95d2534a3b72f2e3f19c4a2d8ee83f2 Change-Id: I3c7b116bc95d2534a3b72f2e3f19c4a2d8ee83f2 --- prebuilts/api/30.0/private/bpfloader.te | 2 +- private/bpfloader.te | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/prebuilts/api/30.0/private/bpfloader.te b/prebuilts/api/30.0/private/bpfloader.te index 249f3df72..74a8e2504 100644 --- a/prebuilts/api/30.0/private/bpfloader.te +++ b/prebuilts/api/30.0/private/bpfloader.te @@ -5,7 +5,7 @@ typeattribute bpfloader coredomain; # These permissions are required to pin ebpf maps & programs. allow bpfloader fs_bpf:dir { search write add_name }; -allow bpfloader fs_bpf:file { create setattr }; +allow bpfloader fs_bpf:file { create setattr read }; # Allow bpfloader to create bpf maps and programs. allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run }; diff --git a/private/bpfloader.te b/private/bpfloader.te index 249f3df72..74a8e2504 100644 --- a/private/bpfloader.te +++ b/private/bpfloader.te @@ -5,7 +5,7 @@ typeattribute bpfloader coredomain; # These permissions are required to pin ebpf maps & programs. allow bpfloader fs_bpf:dir { search write add_name }; -allow bpfloader fs_bpf:file { create setattr }; +allow bpfloader fs_bpf:file { create setattr read }; # Allow bpfloader to create bpf maps and programs. allow bpfloader self:bpf { map_create map_read map_write prog_load prog_run }; From c851deef793808839239b1d772a06f088355123f Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Tue, 18 Feb 2020 23:38:09 -0800 Subject: [PATCH 147/163] Allow kernel to write to update_engine_data_file This is needed to run update_engine unittests in cuttlefish. In the test, the directory is mounted as R/W. Denial: avc: denied { write } for path="/data/misc/update_engine/tmp/a_img.NqUpaa" dev="dm-4" ino=3048 scontext=u:r:kernel:s0 tcontext=u:object_r:update_engine_data_file:s0 tclass=file permissive=0 strace: mount("/dev/block/loop26", "/data/local/tmp/.org.chromium.Chromium.3s2KYE", "ext2", 0, "") = -1 EIO (I/O error) Bug: 157594374 Test: unittests pass Change-Id: I4658eb60240bd725bac2aef30305747ffe50aeb6 (cherry picked from commit 9f7947348f34e423141291dd276752186f419566) --- prebuilts/api/30.0/public/kernel.te | 4 ++-- public/kernel.te | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/prebuilts/api/30.0/public/kernel.te b/prebuilts/api/30.0/public/kernel.te index 42fe2c476..35018e91e 100644 --- a/prebuilts/api/30.0/public/kernel.te +++ b/prebuilts/api/30.0/public/kernel.te @@ -65,10 +65,10 @@ allow kernel vold:fd use; allow kernel { app_data_file privapp_data_file }:file read; allow kernel asec_image_file:file read; -# Allow reading loop device in update_engine_unittests. (b/28319454) +# Allow mounting loop device in update_engine_unittests. (b/28319454) # and for LTP kernel tests (b/73220071) userdebug_or_eng(` - allow kernel update_engine_data_file:file read; + allow kernel update_engine_data_file:file { read write }; allow kernel nativetest_data_file:file { read write }; ') diff --git a/public/kernel.te b/public/kernel.te index 42fe2c476..35018e91e 100644 --- a/public/kernel.te +++ b/public/kernel.te @@ -65,10 +65,10 @@ allow kernel vold:fd use; allow kernel { app_data_file privapp_data_file }:file read; allow kernel asec_image_file:file read; -# Allow reading loop device in update_engine_unittests. (b/28319454) +# Allow mounting loop device in update_engine_unittests. (b/28319454) # and for LTP kernel tests (b/73220071) userdebug_or_eng(` - allow kernel update_engine_data_file:file read; + allow kernel update_engine_data_file:file { read write }; allow kernel nativetest_data_file:file { read write }; ') From 0d0391f931768e118d29e69259c5a69c293e4d05 Mon Sep 17 00:00:00 2001 From: Midas Chien Date: Wed, 17 Jun 2020 22:13:21 +0800 Subject: [PATCH 148/163] sepolicy: allow surfaceflinger to set surfaceflinger_display_prop W//system/bin/init: type=1107 audit(0.0:51): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=graphics.display.kernel_idle_timer.enabled pid=643 uid=1000 gid=1003 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:surfaceflinger_display_prop:s0 tclass=property_service permissive=0 Bug: 157513573 Test: surfaceflinger can set graphics.display.kernel_idle_timer.enabled Test: vendor_init can get graphics.display.kernel_idle_timer.enabled Change-Id: I78023a7857c8aa81a8863010b875bcb885bae614 --- prebuilts/api/30.0/private/property_contexts | 2 +- prebuilts/api/30.0/private/surfaceflinger.te | 4 +--- prebuilts/api/30.0/private/system_app.te | 2 -- prebuilts/api/30.0/public/property.te | 5 ++--- prebuilts/api/30.0/public/vendor_init.te | 2 +- private/property.te | 3 +-- private/property_contexts | 2 +- private/surfaceflinger.te | 4 +--- private/system_app.te | 2 -- public/property.te | 2 +- public/vendor_init.te | 2 +- 11 files changed, 10 insertions(+), 20 deletions(-) diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts index 32f5e1b5a..c3134f982 100644 --- a/prebuilts/api/30.0/private/property_contexts +++ b/prebuilts/api/30.0/private/property_contexts @@ -257,5 +257,5 @@ init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_p init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int -# vendor-init-settable +# surfaceflinger-settable graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool diff --git a/prebuilts/api/30.0/private/surfaceflinger.te b/prebuilts/api/30.0/private/surfaceflinger.te index 36c39d639..2e9ce197a 100644 --- a/prebuilts/api/30.0/private/surfaceflinger.te +++ b/prebuilts/api/30.0/private/surfaceflinger.te @@ -57,9 +57,7 @@ set_prop(surfaceflinger, exported_system_prop) set_prop(surfaceflinger, exported2_system_prop) set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, ctl_bootanim_prop) - -# Get properties -get_prop(surfaceflinger, surfaceflinger_display_prop) +set_prop(surfaceflinger, surfaceflinger_display_prop) # Use open files supplied by an app. allow surfaceflinger appdomain:fd use; diff --git a/prebuilts/api/30.0/private/system_app.te b/prebuilts/api/30.0/private/system_app.te index 1e91be0eb..0b77bb372 100644 --- a/prebuilts/api/30.0/private/system_app.te +++ b/prebuilts/api/30.0/private/system_app.te @@ -57,8 +57,6 @@ auditallow system_app system_radio_prop:property_service set; auditallow system_app exported_system_radio_prop:property_service set; # Allow Settings to enable Dynamic System Update set_prop(system_app, dynamic_system_prop) -# Allow Settings to config display kernel idle timer -set_prop(system_app, surfaceflinger_display_prop) # ctl interface set_prop(system_app, ctl_default_prop) diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index 683d8710d..d9ac231de 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -76,6 +76,7 @@ system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(restorecon_prop) system_restricted_prop(socket_hook_prop) +system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(userspace_reboot_exported_prop) @@ -165,7 +166,6 @@ system_public_prop(ota_prop) system_public_prop(powerctl_prop) system_public_prop(radio_prop) system_public_prop(serialno_prop) -system_public_prop(surfaceflinger_display_prop) system_public_prop(system_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) @@ -611,8 +611,7 @@ neverallow { neverallow { -init - -vendor_init - -system_app + -surfaceflinger } { surfaceflinger_display_prop }:property_service set; diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te index 2d091e732..df203be6e 100644 --- a/prebuilts/api/30.0/public/vendor_init.te +++ b/prebuilts/api/30.0/public/vendor_init.te @@ -234,7 +234,6 @@ set_prop(vendor_init, log_prop) set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, serialno_prop) set_prop(vendor_init, storage_config_prop) -set_prop(vendor_init, surfaceflinger_display_prop) set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vendor_default_prop) @@ -245,6 +244,7 @@ set_prop(vendor_init, wifi_log_prop) get_prop(vendor_init, exported2_radio_prop) get_prop(vendor_init, exported3_system_prop) +get_prop(vendor_init, surfaceflinger_display_prop) get_prop(vendor_init, theme_prop) get_prop(vendor_init, ota_prop) diff --git a/private/property.te b/private/property.te index c5a4f83a4..b5505e542 100644 --- a/private/property.te +++ b/private/property.te @@ -409,8 +409,7 @@ neverallow { neverallow { -init - -vendor_init - -system_app + -surfaceflinger } { surfaceflinger_display_prop }:property_service set; diff --git a/private/property_contexts b/private/property_contexts index bab2a1aa9..e75fd0433 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -859,6 +859,6 @@ persist.dbg.wfc_avail_ovr u:object_r:telephony_config_prop:s0 exact int graphics.gpu.profiler.support u:object_r:graphics_config_prop:s0 exact bool graphics.gpu.profiler.vulkan_layer_apk u:object_r:graphics_config_prop:s0 exact string -# vendor-init-settable +# surfaceflinger-settable graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te index a1602461d..37601b94b 100644 --- a/private/surfaceflinger.te +++ b/private/surfaceflinger.te @@ -56,9 +56,7 @@ set_prop(surfaceflinger, system_prop) set_prop(surfaceflinger, exported_system_prop) set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, ctl_bootanim_prop) - -# Get properties -get_prop(surfaceflinger, surfaceflinger_display_prop) +set_prop(surfaceflinger, surfaceflinger_display_prop) # Use open files supplied by an app. allow surfaceflinger appdomain:fd use; diff --git a/private/system_app.te b/private/system_app.te index 18d4a870f..e160ff468 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -57,8 +57,6 @@ auditallow system_app usb_control_prop:property_service set; auditallow system_app usb_prop:property_service set; # Allow Settings to enable Dynamic System Update set_prop(system_app, dynamic_system_prop) -# Allow Settings to config display kernel idle timer -set_prop(system_app, surfaceflinger_display_prop) # ctl interface set_prop(system_app, ctl_default_prop) diff --git a/public/property.te b/public/property.te index 3248c2b4d..5771a35d1 100644 --- a/public/property.te +++ b/public/property.te @@ -71,6 +71,7 @@ system_restricted_prop(provisioned_prop) system_restricted_prop(restorecon_prop) system_restricted_prop(retaildemo_prop) system_restricted_prop(socket_hook_prop) +system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(usb_prop) @@ -169,7 +170,6 @@ system_public_prop(powerctl_prop) system_public_prop(radio_prop) system_public_prop(serialno_prop) system_public_prop(surfaceflinger_color_prop) -system_public_prop(surfaceflinger_display_prop) system_public_prop(system_prop) system_public_prop(telephony_status_prop) system_public_prop(usb_control_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index c7a3a2086..c742206ef 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -233,7 +233,6 @@ set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, serialno_prop) set_prop(vendor_init, surfaceflinger_color_prop) set_prop(vendor_init, usb_control_prop) -set_prop(vendor_init, surfaceflinger_display_prop) set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vendor_default_prop) @@ -248,6 +247,7 @@ get_prop(vendor_init, exported3_system_prop) get_prop(vendor_init, ota_prop) get_prop(vendor_init, provisioned_prop) get_prop(vendor_init, retaildemo_prop) +get_prop(vendor_init, surfaceflinger_display_prop) get_prop(vendor_init, theme_prop) From 58fc40a8ba83a0acd976074635832b81e2b44235 Mon Sep 17 00:00:00 2001 From: Midas Chien Date: Wed, 17 Jun 2020 22:13:21 +0800 Subject: [PATCH 149/163] sepolicy: allow surfaceflinger to set surfaceflinger_display_prop W//system/bin/init: type=1107 audit(0.0:51): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=graphics.display.kernel_idle_timer.enabled pid=643 uid=1000 gid=1003 scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:surfaceflinger_display_prop:s0 tclass=property_service permissive=0 Bug: 157513573 Test: surfaceflinger can set graphics.display.kernel_idle_timer.enabled Test: vendor_init can get graphics.display.kernel_idle_timer.enabled Change-Id: I78023a7857c8aa81a8863010b875bcb885bae614 Merged-In: I78023a7857c8aa81a8863010b875bcb885bae614 Merged-In: Ic26874a74b10b13539846de33b3a8aa745c9841a --- prebuilts/api/30.0/private/property_contexts | 2 +- prebuilts/api/30.0/private/surfaceflinger.te | 4 +--- prebuilts/api/30.0/private/system_app.te | 2 -- prebuilts/api/30.0/public/property.te | 5 ++--- prebuilts/api/30.0/public/vendor_init.te | 2 +- private/property_contexts | 2 +- private/surfaceflinger.te | 4 +--- private/system_app.te | 2 -- public/property.te | 5 ++--- public/vendor_init.te | 2 +- 10 files changed, 10 insertions(+), 20 deletions(-) diff --git a/prebuilts/api/30.0/private/property_contexts b/prebuilts/api/30.0/private/property_contexts index ae0c4315c..7908bb107 100644 --- a/prebuilts/api/30.0/private/property_contexts +++ b/prebuilts/api/30.0/private/property_contexts @@ -264,5 +264,5 @@ init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_p init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int -# vendor-init-settable +# surfaceflinger-settable graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool diff --git a/prebuilts/api/30.0/private/surfaceflinger.te b/prebuilts/api/30.0/private/surfaceflinger.te index 36c39d639..2e9ce197a 100644 --- a/prebuilts/api/30.0/private/surfaceflinger.te +++ b/prebuilts/api/30.0/private/surfaceflinger.te @@ -57,9 +57,7 @@ set_prop(surfaceflinger, exported_system_prop) set_prop(surfaceflinger, exported2_system_prop) set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, ctl_bootanim_prop) - -# Get properties -get_prop(surfaceflinger, surfaceflinger_display_prop) +set_prop(surfaceflinger, surfaceflinger_display_prop) # Use open files supplied by an app. allow surfaceflinger appdomain:fd use; diff --git a/prebuilts/api/30.0/private/system_app.te b/prebuilts/api/30.0/private/system_app.te index 1e91be0eb..0b77bb372 100644 --- a/prebuilts/api/30.0/private/system_app.te +++ b/prebuilts/api/30.0/private/system_app.te @@ -57,8 +57,6 @@ auditallow system_app system_radio_prop:property_service set; auditallow system_app exported_system_radio_prop:property_service set; # Allow Settings to enable Dynamic System Update set_prop(system_app, dynamic_system_prop) -# Allow Settings to config display kernel idle timer -set_prop(system_app, surfaceflinger_display_prop) # ctl interface set_prop(system_app, ctl_default_prop) diff --git a/prebuilts/api/30.0/public/property.te b/prebuilts/api/30.0/public/property.te index 80918e914..9a93518d6 100644 --- a/prebuilts/api/30.0/public/property.te +++ b/prebuilts/api/30.0/public/property.te @@ -77,6 +77,7 @@ system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(restorecon_prop) system_restricted_prop(socket_hook_prop) +system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(userspace_reboot_exported_prop) @@ -168,7 +169,6 @@ system_public_prop(ota_prop) system_public_prop(powerctl_prop) system_public_prop(radio_prop) system_public_prop(serialno_prop) -system_public_prop(surfaceflinger_display_prop) system_public_prop(system_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) @@ -614,8 +614,7 @@ neverallow { neverallow { -init - -vendor_init - -system_app + -surfaceflinger } { surfaceflinger_display_prop }:property_service set; diff --git a/prebuilts/api/30.0/public/vendor_init.te b/prebuilts/api/30.0/public/vendor_init.te index 04f81cb1e..36bb5cbd7 100644 --- a/prebuilts/api/30.0/public/vendor_init.te +++ b/prebuilts/api/30.0/public/vendor_init.te @@ -236,7 +236,6 @@ set_prop(vendor_init, log_prop) set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, serialno_prop) set_prop(vendor_init, storage_config_prop) -set_prop(vendor_init, surfaceflinger_display_prop) set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vendor_default_prop) @@ -247,6 +246,7 @@ set_prop(vendor_init, wifi_log_prop) get_prop(vendor_init, exported2_radio_prop) get_prop(vendor_init, exported3_system_prop) +get_prop(vendor_init, surfaceflinger_display_prop) get_prop(vendor_init, theme_prop) get_prop(vendor_init, ota_prop) diff --git a/private/property_contexts b/private/property_contexts index ae0c4315c..7908bb107 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -264,5 +264,5 @@ init.userspace_reboot.started.timeoutmillis u:object_r:userspace_reboot_config_p init.userspace_reboot.userdata_remount.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int init.userspace_reboot.watchdog.timeoutmillis u:object_r:userspace_reboot_config_prop:s0 exact int -# vendor-init-settable +# surfaceflinger-settable graphics.display.kernel_idle_timer.enabled u:object_r:surfaceflinger_display_prop:s0 exact bool diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te index 36c39d639..2e9ce197a 100644 --- a/private/surfaceflinger.te +++ b/private/surfaceflinger.te @@ -57,9 +57,7 @@ set_prop(surfaceflinger, exported_system_prop) set_prop(surfaceflinger, exported2_system_prop) set_prop(surfaceflinger, exported3_system_prop) set_prop(surfaceflinger, ctl_bootanim_prop) - -# Get properties -get_prop(surfaceflinger, surfaceflinger_display_prop) +set_prop(surfaceflinger, surfaceflinger_display_prop) # Use open files supplied by an app. allow surfaceflinger appdomain:fd use; diff --git a/private/system_app.te b/private/system_app.te index 1e91be0eb..0b77bb372 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -57,8 +57,6 @@ auditallow system_app system_radio_prop:property_service set; auditallow system_app exported_system_radio_prop:property_service set; # Allow Settings to enable Dynamic System Update set_prop(system_app, dynamic_system_prop) -# Allow Settings to config display kernel idle timer -set_prop(system_app, surfaceflinger_display_prop) # ctl interface set_prop(system_app, ctl_default_prop) diff --git a/public/property.te b/public/property.te index 80918e914..9a93518d6 100644 --- a/public/property.te +++ b/public/property.te @@ -77,6 +77,7 @@ system_restricted_prop(module_sdkextensions_prop) system_restricted_prop(nnapi_ext_deny_product_prop) system_restricted_prop(restorecon_prop) system_restricted_prop(socket_hook_prop) +system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(userspace_reboot_exported_prop) @@ -168,7 +169,6 @@ system_public_prop(ota_prop) system_public_prop(powerctl_prop) system_public_prop(radio_prop) system_public_prop(serialno_prop) -system_public_prop(surfaceflinger_display_prop) system_public_prop(system_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) @@ -614,8 +614,7 @@ neverallow { neverallow { -init - -vendor_init - -system_app + -surfaceflinger } { surfaceflinger_display_prop }:property_service set; diff --git a/public/vendor_init.te b/public/vendor_init.te index 04f81cb1e..36bb5cbd7 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -236,7 +236,6 @@ set_prop(vendor_init, log_prop) set_prop(vendor_init, rebootescrow_hal_prop) set_prop(vendor_init, serialno_prop) set_prop(vendor_init, storage_config_prop) -set_prop(vendor_init, surfaceflinger_display_prop) set_prop(vendor_init, userspace_reboot_config_prop) set_prop(vendor_init, vehicle_hal_prop) set_prop(vendor_init, vendor_default_prop) @@ -247,6 +246,7 @@ set_prop(vendor_init, wifi_log_prop) get_prop(vendor_init, exported2_radio_prop) get_prop(vendor_init, exported3_system_prop) +get_prop(vendor_init, surfaceflinger_display_prop) get_prop(vendor_init, theme_prop) get_prop(vendor_init, ota_prop) From 3e299e3a6fa7c32178e01e00497f318da32cdb85 Mon Sep 17 00:00:00 2001 From: Peiyong Lin Date: Wed, 17 Jun 2020 16:15:11 -0700 Subject: [PATCH 150/163] Allow system server to communicate with GPU service. Currently system server also has a GPU service. We use that to observe updatable driver package changes, in order to communciate that information down to the GPU service, this patch allows system server to make binder call. Bug: b/157832445, b/159240322 Test: adb shell dumpsys gpu Change-Id: I9c32c690707e24a5cfbdfdc62feeea9705321f5b Merged-In: I9c32c690707e24a5cfbdfdc62feeea9705321f5b --- prebuilts/api/30.0/private/system_server.te | 1 + private/system_server.te | 1 + 2 files changed, 2 insertions(+) diff --git a/prebuilts/api/30.0/private/system_server.te b/prebuilts/api/30.0/private/system_server.te index 8c7afab84..66c46ed97 100644 --- a/prebuilts/api/30.0/private/system_server.te +++ b/prebuilts/api/30.0/private/system_server.te @@ -208,6 +208,7 @@ binder_call(system_server, binderservicedomain) binder_call(system_server, dumpstate) binder_call(system_server, fingerprintd) binder_call(system_server, gatekeeperd) +binder_call(system_server, gpuservice) binder_call(system_server, idmap) binder_call(system_server, installd) binder_call(system_server, incidentd) diff --git a/private/system_server.te b/private/system_server.te index 8c7afab84..66c46ed97 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -208,6 +208,7 @@ binder_call(system_server, binderservicedomain) binder_call(system_server, dumpstate) binder_call(system_server, fingerprintd) binder_call(system_server, gatekeeperd) +binder_call(system_server, gpuservice) binder_call(system_server, idmap) binder_call(system_server, installd) binder_call(system_server, incidentd) From e0fed1f9b84de0b6a611e315757ea16220b6ee8b Mon Sep 17 00:00:00 2001 From: linpeter Date: Fri, 12 Jun 2020 16:25:41 +0800 Subject: [PATCH 151/163] sepolicy: label vendor_service_contexts as vendor_service_contexts_file Due to AIDL HAL introduction, vendors can publish services with servicemanager. vendor_service_contexts is labeled as vendor_service_contexts_file, not nonplat_service_contexts_file. And pack it to vendor partition. Bug: 154066722 Test: check file label Merged-In: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969 Change-Id: Ic74b12e4c8e60079c0872b6c27ab2f018fb43969 --- Android.mk | 1 + prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/file_contexts | 4 +++- prebuilts/api/30.0/public/domain.te | 1 + prebuilts/api/30.0/public/file.te | 3 +++ prebuilts/api/30.0/public/servicemanager.te | 3 +++ private/compat/29.0/29.0.ignore.cil | 1 + private/file_contexts | 4 +++- public/domain.te | 1 + public/file.te | 3 +++ public/servicemanager.te | 3 +++ 11 files changed, 23 insertions(+), 2 deletions(-) diff --git a/Android.mk b/Android.mk index 6c25fc1b5..f545b4156 100644 --- a/Android.mk +++ b/Android.mk @@ -346,6 +346,7 @@ LOCAL_REQUIRED_MODULES += \ vendor_property_contexts \ vendor_property_contexts_test \ vendor_seapp_contexts \ + vendor_service_contexts \ vendor_hwservice_contexts \ vendor_hwservice_contexts_test \ vndservice_contexts \ diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index e13889d6f..846d8c2b0 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -123,6 +123,7 @@ vendor_boringssl_self_test vendor_install_recovery vendor_install_recovery_exec + vendor_service_contexts_file vendor_socket_hook_prop vendor_socket_hook_prop virtual_ab_prop)) diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts index b86d9a29f..4b0cab785 100644 --- a/prebuilts/api/30.0/private/file_contexts +++ b/prebuilts/api/30.0/private/file_contexts @@ -378,7 +378,9 @@ # HAL location /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 -/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0 +/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0 + +/(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0 /(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0 diff --git a/prebuilts/api/30.0/public/domain.te b/prebuilts/api/30.0/public/domain.te index ed4aded2d..8cb495037 100644 --- a/prebuilts/api/30.0/public/domain.te +++ b/prebuilts/api/30.0/public/domain.te @@ -1005,6 +1005,7 @@ full_treble_only(` -vendor_app_file -vendor_apex_file -vendor_configs_file + -vendor_service_contexts_file -vendor_framework_file -vendor_idc_file -vendor_keychars_file diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te index dffa5a38c..e7b305020 100644 --- a/prebuilts/api/30.0/public/file.te +++ b/prebuilts/api/30.0/public/file.te @@ -507,6 +507,9 @@ type sepolicy_file, system_file_type, file_type; # service_contexts file type service_contexts_file, system_file_type, file_type; +# vendor service_contexts file +type vendor_service_contexts_file, vendor_file_type, file_type; + # nonplat service_contexts file (only accessible on non full-treble devices) type nonplat_service_contexts_file, vendor_file_type, file_type; diff --git a/prebuilts/api/30.0/public/servicemanager.te b/prebuilts/api/30.0/public/servicemanager.te index 85777f534..63fc2273a 100644 --- a/prebuilts/api/30.0/public/servicemanager.te +++ b/prebuilts/api/30.0/public/servicemanager.te @@ -18,6 +18,9 @@ allow servicemanager { }:binder transfer; allow servicemanager service_contexts_file:file r_file_perms; + +allow servicemanager vendor_service_contexts_file:file r_file_perms; + # nonplat_service_contexts only accessible on non full-treble devices not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;') diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index e13889d6f..846d8c2b0 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -123,6 +123,7 @@ vendor_boringssl_self_test vendor_install_recovery vendor_install_recovery_exec + vendor_service_contexts_file vendor_socket_hook_prop vendor_socket_hook_prop virtual_ab_prop)) diff --git a/private/file_contexts b/private/file_contexts index b86d9a29f..4b0cab785 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -378,7 +378,9 @@ # HAL location /(vendor|system/vendor)/lib(64)?/hw u:object_r:vendor_hal_file:s0 -/(vendor|system/vendor)/etc/selinux/(vendor|nonplat)_service_contexts u:object_r:nonplat_service_contexts_file:s0 +/(vendor|system/vendor)/etc/selinux/nonplat_service_contexts u:object_r:nonplat_service_contexts_file:s0 + +/(vendor|system/vendor)/etc/selinux/vendor_service_contexts u:object_r:vendor_service_contexts_file:s0 /(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0 diff --git a/public/domain.te b/public/domain.te index ed4aded2d..8cb495037 100644 --- a/public/domain.te +++ b/public/domain.te @@ -1005,6 +1005,7 @@ full_treble_only(` -vendor_app_file -vendor_apex_file -vendor_configs_file + -vendor_service_contexts_file -vendor_framework_file -vendor_idc_file -vendor_keychars_file diff --git a/public/file.te b/public/file.te index dffa5a38c..e7b305020 100644 --- a/public/file.te +++ b/public/file.te @@ -507,6 +507,9 @@ type sepolicy_file, system_file_type, file_type; # service_contexts file type service_contexts_file, system_file_type, file_type; +# vendor service_contexts file +type vendor_service_contexts_file, vendor_file_type, file_type; + # nonplat service_contexts file (only accessible on non full-treble devices) type nonplat_service_contexts_file, vendor_file_type, file_type; diff --git a/public/servicemanager.te b/public/servicemanager.te index 85777f534..63fc2273a 100644 --- a/public/servicemanager.te +++ b/public/servicemanager.te @@ -18,6 +18,9 @@ allow servicemanager { }:binder transfer; allow servicemanager service_contexts_file:file r_file_perms; + +allow servicemanager vendor_service_contexts_file:file r_file_perms; + # nonplat_service_contexts only accessible on non full-treble devices not_full_treble(`allow servicemanager nonplat_service_contexts_file:file r_file_perms;') From 072b01438e02e9d3cfba04c768e7a440549cc8b1 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Tue, 16 Jun 2020 20:00:41 +0900 Subject: [PATCH 152/163] Add new context packagemanager_config_prop To remove bad context names exported[23]_default_prop Bug: 155844385 Test: m selinux_policy Change-Id: Ic4bbc8e45d810368a96f6985c2234798e73be82d --- private/compat/27.0/27.0.ignore.cil | 1 + private/compat/30.0/30.0.cil | 1 + private/property.te | 7 +++++++ private/property_contexts | 5 ++--- private/system_server.te | 3 +++ private/zygote.te | 3 +++ public/property.te | 1 + 7 files changed, 18 insertions(+), 3 deletions(-) diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index c35edccb4..a4b552d5b 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -134,6 +134,7 @@ network_watchlist_data_file network_watchlist_service overlayfs_file + packagemanager_config_prop perfetto perfetto_exec perfetto_tmpfs diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil index 70e875b36..d5ddbbff7 100644 --- a/private/compat/30.0/30.0.cil +++ b/private/compat/30.0/30.0.cil @@ -1362,6 +1362,7 @@ hdmi_config_prop lmkd_config_prop media_config_prop + packagemanager_config_prop recovery_config_prop telephony_config_prop zram_config_prop)) diff --git a/private/property.te b/private/property.te index b5505e542..6591a9c95 100644 --- a/private/property.te +++ b/private/property.te @@ -414,3 +414,10 @@ neverallow { surfaceflinger_display_prop }:property_service set; +neverallow { + -init + -dumpstate + -system_server + -vendor_init + -zygote +} packagemanager_config_prop:file no_rw_file_perms; diff --git a/private/property_contexts b/private/property_contexts index 1380acc12..991e89dad 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -396,9 +396,8 @@ ro.config.vc_call_vol_default u:object_r:systemsound_config_prop:s0 exact int ro.config.per_app_memcg u:object_r:exported3_default_prop:s0 exact bool -ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string - -ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int +ro.control_privapp_permissions u:object_r:packagemanager_config_prop:s0 exact enum disable enforce log +ro.cp_system_other_odex u:object_r:packagemanager_config_prop:s0 exact bool ro.crypto.allow_encrypt_override u:object_r:vold_config_prop:s0 exact bool ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int diff --git a/private/system_server.te b/private/system_server.te index 88e722830..7fe6f0b5a 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -694,6 +694,9 @@ set_prop(system_server, zram_control_prop) # Read/write persist.sys.dalvik.vm.lib.2 set_prop(system_server, dalvik_runtime_prop) +# Read ro.control_privapp_permissions and ro.cp_system_other_odex +get_prop(system_server, packagemanager_config_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/private/zygote.te b/private/zygote.te index b1e2378ad..07154b0c4 100644 --- a/private/zygote.te +++ b/private/zygote.te @@ -200,6 +200,9 @@ unix_socket_send(zygote, system_unsolzygote, system_server) # Allow zygote to access media_variant_prop for static initialization get_prop(zygote, media_variant_prop) +# Allow zygote to read ro.control_privapp_permissions and ro.cp_system_other_odex +get_prop(zygote, packagemanager_config_prop) + # Allow zygote to read /apex/apex-info-list.xml allow zygote apex_info_file:file r_file_perms; diff --git a/public/property.te b/public/property.te index ea517cda0..038eb419d 100644 --- a/public/property.te +++ b/public/property.te @@ -122,6 +122,7 @@ system_vendor_config_prop(incremental_prop) system_vendor_config_prop(lmkd_config_prop) system_vendor_config_prop(media_config_prop) system_vendor_config_prop(media_variant_prop) +system_vendor_config_prop(packagemanager_config_prop) system_vendor_config_prop(recovery_config_prop) system_vendor_config_prop(storage_config_prop) system_vendor_config_prop(surfaceflinger_prop) From 11aaf9c6b56f4b933fc9cd5129c177da21e18a17 Mon Sep 17 00:00:00 2001 From: Adam Shih Date: Wed, 24 Jun 2020 16:58:35 -0400 Subject: [PATCH 153/163] Let dumpstate access hal_identity Bug: 158614313 Test: CtsSecurityHostTestCases:android.security.cts.SELinuxHostTest#testNoBugreportDenials Merged-In: Ic07e64b0bb18f948764e7bde5985eab91747b882 Change-Id: I6f30510c391db03111a5bb2694049b32f742ff0c --- prebuilts/api/30.0/public/dumpstate.te | 1 + public/dumpstate.te | 1 + 2 files changed, 2 insertions(+) diff --git a/prebuilts/api/30.0/public/dumpstate.te b/prebuilts/api/30.0/public/dumpstate.te index c3051756b..8d99a3cd3 100644 --- a/prebuilts/api/30.0/public/dumpstate.te +++ b/prebuilts/api/30.0/public/dumpstate.te @@ -136,6 +136,7 @@ r_dir_file(dumpstate, cgroup) binder_call(dumpstate, binderservicedomain) binder_call(dumpstate, { appdomain netd wificond }) +dump_hal(hal_identity) dump_hal(hal_dumpstate) dump_hal(hal_wifi) dump_hal(hal_graphics_allocator) diff --git a/public/dumpstate.te b/public/dumpstate.te index c3051756b..8d99a3cd3 100644 --- a/public/dumpstate.te +++ b/public/dumpstate.te @@ -136,6 +136,7 @@ r_dir_file(dumpstate, cgroup) binder_call(dumpstate, binderservicedomain) binder_call(dumpstate, { appdomain netd wificond }) +dump_hal(hal_identity) dump_hal(hal_dumpstate) dump_hal(hal_wifi) dump_hal(hal_graphics_allocator) From c7507f1b9bf509fbe844a80fc02f136a09a67e9b Mon Sep 17 00:00:00 2001 From: Yiwei Zhang Date: Wed, 24 Jun 2020 20:42:39 -0700 Subject: [PATCH 154/163] GPU Memory: allow tracing gpu_mem/gpu_mem_total on user build Bug: 158431662 Test: enable the tracepoint on user build Change-Id: I61560003c5cc92f2563fb98bdaee9bfd4807f46a Merged-In: I61560003c5cc92f2563fb98bdaee9bfd4807f46a --- prebuilts/api/30.0/private/genfs_contexts | 2 ++ private/genfs_contexts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts index 51f2ce7c4..0add2344a 100644 --- a/prebuilts/api/30.0/private/genfs_contexts +++ b/prebuilts/api/30.0/private/genfs_contexts @@ -249,6 +249,7 @@ genfscon tracefs /events/oom/oom_score_adj_update/ u:objec genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0 @@ -294,6 +295,7 @@ genfscon debugfs /tracing/events/oom/oom_score_adj_update/ genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/ftrace/print/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0 genfscon debugfs /kcov u:object_r:debugfs_kcov:s0 diff --git a/private/genfs_contexts b/private/genfs_contexts index 51f2ce7c4..0add2344a 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -249,6 +249,7 @@ genfscon tracefs /events/oom/oom_score_adj_update/ u:objec genfscon tracefs /events/task/task_rename/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/task/task_newtask/ u:object_r:debugfs_tracing:s0 genfscon tracefs /events/ftrace/print/ u:object_r:debugfs_tracing:s0 +genfscon tracefs /events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/trace_clock u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/buffer_size_kb u:object_r:debugfs_tracing:s0 @@ -294,6 +295,7 @@ genfscon debugfs /tracing/events/oom/oom_score_adj_update/ genfscon debugfs /tracing/events/task/task_rename/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/task/task_newtask/ u:object_r:debugfs_tracing:s0 genfscon debugfs /tracing/events/ftrace/print/ u:object_r:debugfs_tracing:s0 +genfscon debugfs /tracing/events/gpu_mem/gpu_mem_total u:object_r:debugfs_tracing:s0 genfscon debugfs /kcov u:object_r:debugfs_kcov:s0 From 2b2cde7592fac9b8701b80431f032ee4cd64c654 Mon Sep 17 00:00:00 2001 From: Ryan Savitski Date: Tue, 24 Mar 2020 21:39:41 +0000 Subject: [PATCH 155/163] perfetto: minor quality of life tweaks Change 1: when running the "perfetto" binary via "adb shell perfetto...", ctrl-Cing the host process doesn't propagate the teardown to the on-device process (which normally should stop the tracing session immediately). Allow signals adbd->perfetto to resolve. Change 2: don't print audit logs for a harmless isatty() check on adb sockets when they're the stderr of a "perfetto" process. Example denials from the isatty() check (ioctl is TCGETS): avc: denied { getattr } for path="socket:[244990]" dev="sockfs" ino=244990 scontext=u:r:perfetto:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=0 avc: denied { ioctl } for path="socket:[244992]" dev="sockfs" ino=244992 ioctlcmd=0x5401 scontext=u:r:perfetto:s0 tcontext=u:r:adbd:s0 tclass=unix_stream_socket permissive=0 Example denial from ctrl-c'ing "adb shell perfetto ...": avc: denied { signal } for comm=7368656C6C20737663203134343537 scontext=u:r:adbd:s0 tcontext=u:r:perfetto:s0 tclass=process permissive=0 === This is a CP of commit 5f1f1b6a7a524cb39c1ec2dff62450c8d13ec62d, with updated 30.0 prebuilts. Using a new Change-Id since as far as I understand, the prebuilts should still be merged downstream. Bug: 159988048 Tested: patched onto an internal branch, then verified that denials are gone on a flashed crosshatch-userdebug. Change-Id: Ie7780128fcd80a051e809bfc98f21179cb3f0ecc --- prebuilts/api/30.0/private/adbd.te | 5 +++++ prebuilts/api/30.0/private/perfetto.te | 8 ++++++++ private/adbd.te | 5 +++++ private/perfetto.te | 8 ++++++++ 4 files changed, 26 insertions(+) diff --git a/prebuilts/api/30.0/private/adbd.te b/prebuilts/api/30.0/private/adbd.te index 89fa1f9e2..be4f0f708 100644 --- a/prebuilts/api/30.0/private/adbd.te +++ b/prebuilts/api/30.0/private/adbd.te @@ -180,6 +180,11 @@ r_dir_file(adbd, apk_data_file) allow adbd rootfs:dir r_dir_perms; +# Allow killing child "perfetto" binary processes, which auto-transition to +# their own domain. Allows propagating termination of "adb shell perfetto ..." +# invocations. +allow adbd perfetto:process signal; + # Allow to pull Perfetto traces. allow adbd perfetto_traces_data_file:file r_file_perms; allow adbd perfetto_traces_data_file:dir r_dir_perms; diff --git a/prebuilts/api/30.0/private/perfetto.te b/prebuilts/api/30.0/private/perfetto.te index 06e4ed116..25c70d26c 100644 --- a/prebuilts/api/30.0/private/perfetto.te +++ b/prebuilts/api/30.0/private/perfetto.te @@ -47,6 +47,14 @@ allow perfetto devpts:chr_file rw_file_perms; allow perfetto incident_service:service_manager find; binder_call(perfetto, incidentd) +# perfetto log formatter calls isatty() on its stderr. Denial when running +# under adbd is harmless. Avoid generating denial logs. +dontaudit perfetto adbd:unix_stream_socket getattr; +dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls; +# As above, when adbd is running in "su" domain (only the ioctl is denied in +# practice). +dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls; + ### ### Neverallow rules ### diff --git a/private/adbd.te b/private/adbd.te index 89fa1f9e2..be4f0f708 100644 --- a/private/adbd.te +++ b/private/adbd.te @@ -180,6 +180,11 @@ r_dir_file(adbd, apk_data_file) allow adbd rootfs:dir r_dir_perms; +# Allow killing child "perfetto" binary processes, which auto-transition to +# their own domain. Allows propagating termination of "adb shell perfetto ..." +# invocations. +allow adbd perfetto:process signal; + # Allow to pull Perfetto traces. allow adbd perfetto_traces_data_file:file r_file_perms; allow adbd perfetto_traces_data_file:dir r_dir_perms; diff --git a/private/perfetto.te b/private/perfetto.te index 06e4ed116..25c70d26c 100644 --- a/private/perfetto.te +++ b/private/perfetto.te @@ -47,6 +47,14 @@ allow perfetto devpts:chr_file rw_file_perms; allow perfetto incident_service:service_manager find; binder_call(perfetto, incidentd) +# perfetto log formatter calls isatty() on its stderr. Denial when running +# under adbd is harmless. Avoid generating denial logs. +dontaudit perfetto adbd:unix_stream_socket getattr; +dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls; +# As above, when adbd is running in "su" domain (only the ioctl is denied in +# practice). +dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls; + ### ### Neverallow rules ### From 8519c6d316b12c30a453b43014ef31fb7f4d937f Mon Sep 17 00:00:00 2001 From: Ryan Savitski Date: Mon, 22 Jun 2020 19:35:14 +0100 Subject: [PATCH 156/163] perfetto: don't audit isatty() check on shell pipes Per the bug rvc CTS runs are being polluted by denial logs from the best-effort isatty ( -> TCGETS ioctl) check done by the perfetto's log formatter. This patch suppresses the denial, which is what's proposed for the scope of rvc. I believe that what's actually being denied is the ioctl itself, NOT the TCGETS aspect of it (there is a domain-wide fifo_file TCGETS allowxperms rule in domain.te:303). But the "dontauditxerms" suppresses the denial anyway. Bug: 159988048 Tested: flashed crosshatch-userdebug, verified that CTS is no longer causing audit logs reported in the bug. Change-Id: Ieee1d7de8b023dd632d0e37afa3a2434cfd1a3a1 --- prebuilts/api/30.0/private/perfetto.te | 2 ++ private/perfetto.te | 2 ++ 2 files changed, 4 insertions(+) diff --git a/prebuilts/api/30.0/private/perfetto.te b/prebuilts/api/30.0/private/perfetto.te index 25c70d26c..0161361c7 100644 --- a/prebuilts/api/30.0/private/perfetto.te +++ b/prebuilts/api/30.0/private/perfetto.te @@ -54,6 +54,8 @@ dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls; # As above, when adbd is running in "su" domain (only the ioctl is denied in # practice). dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls; +# Similarly, CTS tests end up hitting a denial on shell pipes. +dontauditxperm perfetto shell:fifo_file ioctl unpriv_tty_ioctls; ### ### Neverallow rules diff --git a/private/perfetto.te b/private/perfetto.te index 25c70d26c..0161361c7 100644 --- a/private/perfetto.te +++ b/private/perfetto.te @@ -54,6 +54,8 @@ dontauditxperm perfetto adbd:unix_stream_socket ioctl unpriv_tty_ioctls; # As above, when adbd is running in "su" domain (only the ioctl is denied in # practice). dontauditxperm perfetto su:unix_stream_socket ioctl unpriv_tty_ioctls; +# Similarly, CTS tests end up hitting a denial on shell pipes. +dontauditxperm perfetto shell:fifo_file ioctl unpriv_tty_ioctls; ### ### Neverallow rules From 1f9e45ee4bc1da4daab26d0e7a42edc52a1e0497 Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Wed, 10 Jun 2020 12:27:12 +0200 Subject: [PATCH 157/163] Label kprobes and restrict access Bug: 149659981 Test: build & boot Pixel Change-Id: I6abcd1bb9af15e7ba0f1f5e711ea9ac661bffc25 Merged-In: I6abcd1bb9af15e7ba0f1f5e711ea9ac661bffc25 --- prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil | 1 + prebuilts/api/30.0/private/domain.te | 3 +++ prebuilts/api/30.0/private/genfs_contexts | 1 + prebuilts/api/30.0/public/file.te | 1 + private/compat/29.0/29.0.ignore.cil | 1 + private/domain.te | 3 +++ private/genfs_contexts | 1 + public/file.te | 1 + 8 files changed, 12 insertions(+) diff --git a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil index 846d8c2b0..fdea691ea 100644 --- a/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil +++ b/prebuilts/api/30.0/private/compat/29.0/29.0.ignore.cil @@ -38,6 +38,7 @@ platform_compat_service ctl_apexd_prop dataloader_manager_service + debugfs_kprobes device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop diff --git a/prebuilts/api/30.0/private/domain.te b/prebuilts/api/30.0/private/domain.te index 1a8ce5053..7116dadfd 100644 --- a/prebuilts/api/30.0/private/domain.te +++ b/prebuilts/api/30.0/private/domain.te @@ -369,3 +369,6 @@ neverallow { # This property is being removed. Remove remaining access. neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set; neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read; + +# Kprobes should only be used by adb root +neverallow { domain -init -vendor_init } debugfs_kprobes:file *; diff --git a/prebuilts/api/30.0/private/genfs_contexts b/prebuilts/api/30.0/private/genfs_contexts index 0add2344a..89232bc01 100644 --- a/prebuilts/api/30.0/private/genfs_contexts +++ b/prebuilts/api/30.0/private/genfs_contexts @@ -153,6 +153,7 @@ genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0 genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0 genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0 +genfscon debugfs /kprobes u:object_r:debugfs_kprobes:s0 genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0 genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0 genfscon tracefs / u:object_r:debugfs_tracing_debug:s0 diff --git a/prebuilts/api/30.0/public/file.te b/prebuilts/api/30.0/public/file.te index e7b305020..91257e237 100644 --- a/prebuilts/api/30.0/public/file.te +++ b/prebuilts/api/30.0/public/file.te @@ -131,6 +131,7 @@ type sdcardfs, sdcard_type, fs_type, mlstrustedobject; type vfat, sdcard_type, fs_type, mlstrustedobject; type exfat, sdcard_type, fs_type, mlstrustedobject; type debugfs, fs_type, debugfs_type; +type debugfs_kprobes, fs_type, debugfs_type; type debugfs_mmc, fs_type, debugfs_type; type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject; type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject; diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil index 846d8c2b0..fdea691ea 100644 --- a/private/compat/29.0/29.0.ignore.cil +++ b/private/compat/29.0/29.0.ignore.cil @@ -38,6 +38,7 @@ platform_compat_service ctl_apexd_prop dataloader_manager_service + debugfs_kprobes device_config_storage_native_boot_prop device_config_sys_traced_prop device_config_window_manager_native_boot_prop diff --git a/private/domain.te b/private/domain.te index 1a8ce5053..7116dadfd 100644 --- a/private/domain.te +++ b/private/domain.te @@ -369,3 +369,6 @@ neverallow { # This property is being removed. Remove remaining access. neverallow { domain -init -system_server -vendor_init } net_dns_prop:property_service set; neverallow { domain -dumpstate -init -system_server -vendor_init } net_dns_prop:file read; + +# Kprobes should only be used by adb root +neverallow { domain -init -vendor_init } debugfs_kprobes:file *; diff --git a/private/genfs_contexts b/private/genfs_contexts index 0add2344a..89232bc01 100644 --- a/private/genfs_contexts +++ b/private/genfs_contexts @@ -153,6 +153,7 @@ genfscon sysfs /module/tcp_cubic/parameters u:object_r:sysfs_net:s0 genfscon sysfs /module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0 genfscon sysfs /devices/virtual/timed_output/vibrator/enable u:object_r:sysfs_vibrator:s0 +genfscon debugfs /kprobes u:object_r:debugfs_kprobes:s0 genfscon debugfs /mmc0 u:object_r:debugfs_mmc:s0 genfscon debugfs /tracing u:object_r:debugfs_tracing_debug:s0 genfscon tracefs / u:object_r:debugfs_tracing_debug:s0 diff --git a/public/file.te b/public/file.te index e7b305020..91257e237 100644 --- a/public/file.te +++ b/public/file.te @@ -131,6 +131,7 @@ type sdcardfs, sdcard_type, fs_type, mlstrustedobject; type vfat, sdcard_type, fs_type, mlstrustedobject; type exfat, sdcard_type, fs_type, mlstrustedobject; type debugfs, fs_type, debugfs_type; +type debugfs_kprobes, fs_type, debugfs_type; type debugfs_mmc, fs_type, debugfs_type; type debugfs_trace_marker, fs_type, debugfs_type, mlstrustedobject; type debugfs_tracing, fs_type, debugfs_type, mlstrustedobject; From bb3703c42462c39d14d45c993cb2b8dc4c8f03ea Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Wed, 1 Jul 2020 01:27:49 +0900 Subject: [PATCH 158/163] Allow apps to read packagemanager_config_prop To fix regression of CTS privappPermissionsMustBeEnforced Bug: 159647344 Test: atest PrivappPermissionsTest#privappPermissionsMustBeEnforced Change-Id: I88af05305f9aef6e813d0a72adad63b6b8f99487 --- private/app.te | 1 + private/property.te | 6 ++---- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/private/app.te b/private/app.te index 27ef097f3..7d29134c6 100644 --- a/private/app.te +++ b/private/app.te @@ -4,6 +4,7 @@ get_prop(appdomain, test_harness_prop) get_prop(appdomain, boot_status_prop) get_prop(appdomain, dalvik_config_prop) +get_prop(appdomain, packagemanager_config_prop) get_prop(appdomain, surfaceflinger_color_prop) get_prop(appdomain, systemsound_config_prop) get_prop(appdomain, telephony_config_prop) diff --git a/private/property.te b/private/property.te index 6591a9c95..e339561e1 100644 --- a/private/property.te +++ b/private/property.te @@ -415,9 +415,7 @@ neverallow { }:property_service set; neverallow { - -init - -dumpstate - -system_server + -coredomain + -appdomain -vendor_init - -zygote } packagemanager_config_prop:file no_rw_file_perms; From 112c4135db54210e8fcbfc83512de8eed7a9cc24 Mon Sep 17 00:00:00 2001 From: Justin Yun Date: Thu, 2 Jul 2020 11:22:43 +0900 Subject: [PATCH 159/163] Label /system_ext/lib(64)/* as system_lib_file This needs to be updated to api 30.0 which introduced the system_ext. Bug: 160314910 Test: build and boot Change-Id: I08c4aed640467d11482df08613039726e7395be0 Merged-In: I08c4aed640467d11482df08613039726e7395be0 (cherry picked from commit 85a92849c73ae2b28e8a33a2e01bac47cc9f1684) --- prebuilts/api/30.0/private/file_contexts | 2 ++ private/file_contexts | 2 ++ 2 files changed, 4 insertions(+) diff --git a/prebuilts/api/30.0/private/file_contexts b/prebuilts/api/30.0/private/file_contexts index 4b0cab785..9620b7512 100644 --- a/prebuilts/api/30.0/private/file_contexts +++ b/prebuilts/api/30.0/private/file_contexts @@ -453,6 +453,8 @@ /(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0 /(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0 +/(system_ext|system/system_ext)/lib(64)?(/.*)? u:object_r:system_lib_file:s0 + ############################# # Vendor files from /(product|system/product)/vendor_overlay # diff --git a/private/file_contexts b/private/file_contexts index 4b0cab785..9620b7512 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -453,6 +453,8 @@ /(system_ext|system/system_ext)/bin/aidl_lazy_test_server u:object_r:aidl_lazy_test_server_exec:s0 /(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0 +/(system_ext|system/system_ext)/lib(64)?(/.*)? u:object_r:system_lib_file:s0 + ############################# # Vendor files from /(product|system/product)/vendor_overlay # From 00cfcb921543cbce56be070063a412a9cee1bfff Mon Sep 17 00:00:00 2001 From: Nicolas Geoffray Date: Mon, 6 Jul 2020 10:15:39 +0100 Subject: [PATCH 160/163] Fix sepolicy of ART module. The dex2oat debug binary ends with the bitness. Bug: 160137482 Test: adb shell cmd package bg-dexopt-job Merged-In: If78cd100eb1c0245e425361d56e1936f1c6c98a6 Change-Id: If78cd100eb1c0245e425361d56e1936f1c6c98a6 --- apex/com.android.art.debug-file_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts index 20e5a25fc..8007efd6d 100644 --- a/apex/com.android.art.debug-file_contexts +++ b/apex/com.android.art.debug-file_contexts @@ -2,7 +2,7 @@ # System files # (/.*)? u:object_r:system_file:s0 -/bin/dex2oat(32|64)?(d)? u:object_r:dex2oat_exec:s0 +/bin/dex2oat(d)?(32|64)? u:object_r:dex2oat_exec:s0 /bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0 /bin/profman(d)? u:object_r:profman_exec:s0 /lib(64)?(/.*)? u:object_r:system_lib_file:s0 From 5491d7e26cad49e8e48281e320270b0dbd0926fd Mon Sep 17 00:00:00 2001 From: "P.Adarsh Reddy" Date: Fri, 19 Jun 2020 20:53:48 +0530 Subject: [PATCH 161/163] Uncrypt: Allow uncrypt to write on ota_package_file. This adds sepolicy rule to allow uncrypt module to write on OTA zip (for f2fs_pin_file functionality). Also, add a few dontaudit rules to suppress harmless denials. Denials: I uncrypt : type=1400 audit(0.0:177): avc: denied { write } for name="update.zip" dev="dm-10" ino=7727 scontext=u:r:uncrypt:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=0 I uncrypt : type=1400 audit(0.0:175): avc: denied { search } for name="/" dev="sda9" ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0 I uncrypt : type=1400 audit(0.0:176): avc: denied { search } for name="gsi" dev="sda9" ino=19 scontext=u:r:uncrypt:s0 tcontext=u:object_r:gsi_metadata_file:s0 tclass=dir permissive=0 Bug: 158070965 Cherry-Pick-Of: 916bd874d68eb21aba1ad38d0689d5d66cc4f1e9 Merged-In: I473c5ee218c32b481040ef85caca907a48aadee6 Change-Id: I473c5ee218c32b481040ef85caca907a48aadee6 --- prebuilts/api/30.0/public/uncrypt.te | 8 ++++++-- public/uncrypt.te | 8 ++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/prebuilts/api/30.0/public/uncrypt.te b/prebuilts/api/30.0/public/uncrypt.te index 28dc3f209..4114b2add 100644 --- a/prebuilts/api/30.0/public/uncrypt.te +++ b/prebuilts/api/30.0/public/uncrypt.te @@ -15,9 +15,9 @@ allow uncrypt cache_file:dir search; allow uncrypt cache_recovery_file:dir rw_dir_perms; allow uncrypt cache_recovery_file:file create_file_perms; -# Read OTA zip file at /data/ota_package/. +# Read and write(for f2fs_pin_file) on OTA zip file at /data/ota_package/. allow uncrypt ota_package_file:dir r_dir_perms; -allow uncrypt ota_package_file:file r_file_perms; +allow uncrypt ota_package_file:file rw_file_perms; # Write to /dev/socket/uncrypt unix_socket_connect(uncrypt, uncrypt, uncrypt) @@ -40,3 +40,7 @@ allow uncrypt proc_cmdline:file r_file_perms; # Read files in /sys r_dir_file(uncrypt, sysfs_dt_firmware_android) + +# Suppress the denials coming from ReadDefaultFstab call. +dontaudit uncrypt gsi_metadata_file:dir search; +dontaudit uncrypt metadata_file:dir search; diff --git a/public/uncrypt.te b/public/uncrypt.te index 28dc3f209..4114b2add 100644 --- a/public/uncrypt.te +++ b/public/uncrypt.te @@ -15,9 +15,9 @@ allow uncrypt cache_file:dir search; allow uncrypt cache_recovery_file:dir rw_dir_perms; allow uncrypt cache_recovery_file:file create_file_perms; -# Read OTA zip file at /data/ota_package/. +# Read and write(for f2fs_pin_file) on OTA zip file at /data/ota_package/. allow uncrypt ota_package_file:dir r_dir_perms; -allow uncrypt ota_package_file:file r_file_perms; +allow uncrypt ota_package_file:file rw_file_perms; # Write to /dev/socket/uncrypt unix_socket_connect(uncrypt, uncrypt, uncrypt) @@ -40,3 +40,7 @@ allow uncrypt proc_cmdline:file r_file_perms; # Read files in /sys r_dir_file(uncrypt, sysfs_dt_firmware_android) + +# Suppress the denials coming from ReadDefaultFstab call. +dontaudit uncrypt gsi_metadata_file:dir search; +dontaudit uncrypt metadata_file:dir search; From 65cecec142df8b3d6594f5c4dc72e6fc2d9e35a5 Mon Sep 17 00:00:00 2001 From: JaeMan Date: Mon, 6 Jul 2020 16:01:20 +0000 Subject: [PATCH 162/163] Add ro.vendor.build.version.sdk to build_vendor_prop At b/160209547, it is needed to read ro.vendor.build.version.sdk prop to determine whether skipping test or not based on vendor image's release version. But ro.vendor.build.version.sdk is not added to property_contexts and failed to read that prop in tests. So, added ro.vendor.build.version.sdk to property_contexts for checking vendor image's release version in test. Bug: 160209547 Test: m selinux_policy Change-Id: I86bcfa632de61c5805e42aea3a1f232ae4ad080e --- private/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/private/property_contexts b/private/property_contexts index d3e1221b0..f7b267fe9 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -634,6 +634,7 @@ ro.vendor.build.date u:object_r:build_vendor_prop:s0 exact string ro.vendor.build.date.utc u:object_r:build_vendor_prop:s0 exact int ro.vendor.build.fingerprint u:object_r:build_vendor_prop:s0 exact string ro.vendor.build.version.incremental u:object_r:build_vendor_prop:s0 exact string +ro.vendor.build.version.sdk u:object_r:build_vendor_prop:s0 exact int ro.product.board u:object_r:build_vendor_prop:s0 exact string ro.product.first_api_level u:object_r:build_vendor_prop:s0 exact int From 3b66e9b9f855ad0694efed405a30d64265854784 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Thu, 25 Jun 2020 21:20:42 +0900 Subject: [PATCH 163/163] Add wifi_hal_prop and remove exported_wifi_prop To remove bad context names "exported*_prop" Bug: 155844385 Test: boot and see no denials Change-Id: Icd30be64355699618735d4012461835eca8cd651 Merged-In: Icd30be64355699618735d4012461835eca8cd651 (cherry picked from commit 37c2d4d0c9669f3c7590f3dfccfac3c9725d1b5a) --- private/compat/27.0/27.0.ignore.cil | 1 + private/compat/30.0/30.0.cil | 3 ++- private/gmscore_app.te | 3 +-- private/priv_app.te | 3 +-- private/property.te | 5 +++-- private/property_contexts | 13 ++++++------- private/wificond.te | 2 +- public/hal_wifi.te | 2 +- public/property.te | 2 +- public/vendor_init.te | 2 +- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index b00ad453e..c80c4dc6e 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -229,6 +229,7 @@ wait_for_keymaster_exec wait_for_keymaster_tmpfs watchdogd_tmpfs + wifi_hal_prop wm_trace_data_file wpantund wpantund_exec diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil index 138d65d16..c2babb831 100644 --- a/private/compat/30.0/30.0.cil +++ b/private/compat/30.0/30.0.cil @@ -6,6 +6,7 @@ (type exported_system_radio_prop) (type exported_radio_prop) (type exported_vold_prop) +(type exported_wifi_prop) (type exported2_config_prop) (type exported2_radio_prop) (type exported2_vold_prop) @@ -1406,7 +1407,7 @@ usb_config_prop usb_control_prop)) (typeattributeset exported_vold_prop_30_0 (exported_vold_prop vold_status_prop)) -(typeattributeset exported_wifi_prop_30_0 (exported_wifi_prop)) +(typeattributeset exported_wifi_prop_30_0 (exported_wifi_prop wifi_hal_prop)) (typeattributeset external_vibrator_service_30_0 (external_vibrator_service)) (typeattributeset face_service_30_0 (face_service)) (typeattributeset face_vendor_data_file_30_0 (face_vendor_data_file)) diff --git a/private/gmscore_app.te b/private/gmscore_app.te index 235532676..698857b96 100644 --- a/private/gmscore_app.te +++ b/private/gmscore_app.te @@ -53,8 +53,7 @@ dontaudit gmscore_app sysfs:file r_file_perms; dontaudit gmscore_app sysfs_android_usb:file r_file_perms; dontaudit gmscore_app sysfs_dm:file r_file_perms; dontaudit gmscore_app sysfs_loop:file r_file_perms; -dontaudit gmscore_app wifi_prop:file r_file_perms; -dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms; +dontaudit gmscore_app { wifi_prop wifi_hal_prop }:file r_file_perms; dontaudit gmscore_app mirror_data_file:dir search; dontaudit gmscore_app mnt_vendor_file:dir search; diff --git a/private/priv_app.te b/private/priv_app.te index d5b8d3ffa..57dcfc592 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -134,8 +134,7 @@ dontaudit priv_app sysfs:dir read; dontaudit priv_app sysfs:file read; dontaudit priv_app sysfs_android_usb:file read; dontaudit priv_app sysfs_dm:file r_file_perms; -dontaudit priv_app wifi_prop:file read; -dontaudit priv_app { wifi_prop exported_wifi_prop }:file read; +dontaudit priv_app { wifi_prop wifi_hal_prop }:file read; # allow privileged apps to use UDP sockets provided by the system server but not # modify them other than to connect diff --git a/private/property.te b/private/property.te index 97a54f840..8817094fd 100644 --- a/private/property.te +++ b/private/property.te @@ -218,12 +218,13 @@ compatible_property_only(` neverallow { domain - -coredomain + -init + -dumpstate -hal_wifi_server -wificond -vendor_init } { - exported_wifi_prop + wifi_hal_prop }:property_service set; # Prevent properties from being read diff --git a/private/property_contexts b/private/property_contexts index 5c95ae6c9..638a25574 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -490,8 +490,6 @@ tombstoned.max_tombstone_count u:object_r:tombstone_config_prop:s0 exact int vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int -wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded - apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready dev.bootcomplete u:object_r:boot_status_prop:s0 exact bool @@ -755,11 +753,12 @@ ro.vts.coverage u:object_r:vts_config_prop:s0 exact int vts.native_server.on u:object_r:vts_status_prop:s0 exact bool -wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string -wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string -wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string -wifi.direct.interface u:object_r:exported_default_prop:s0 exact string -wifi.interface u:object_r:exported_default_prop:s0 exact string +wifi.active.interface u:object_r:wifi_hal_prop:s0 exact string +wifi.aware.interface u:object_r:wifi_hal_prop:s0 exact string +wifi.concurrent.interface u:object_r:wifi_hal_prop:s0 exact string +wifi.direct.interface u:object_r:wifi_hal_prop:s0 exact string +wifi.interface u:object_r:wifi_hal_prop:s0 exact string +wlan.driver.status u:object_r:wifi_hal_prop:s0 exact enum ok unloaded ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool diff --git a/private/wificond.te b/private/wificond.te index 1912256ff..8bf37cafd 100644 --- a/private/wificond.te +++ b/private/wificond.te @@ -1,6 +1,6 @@ typeattribute wificond coredomain; -set_prop(wificond, exported_wifi_prop) +set_prop(wificond, wifi_hal_prop) set_prop(wificond, wifi_prop) set_prop(wificond, ctl_default_prop) diff --git a/public/hal_wifi.te b/public/hal_wifi.te index ecc13597a..fddfda183 100644 --- a/public/hal_wifi.te +++ b/public/hal_wifi.te @@ -7,7 +7,7 @@ hal_attribute_hwservice(hal_wifi, hal_wifi_hwservice) r_dir_file(hal_wifi, proc_net_type) r_dir_file(hal_wifi, sysfs_type) -set_prop(hal_wifi, exported_wifi_prop) +set_prop(hal_wifi, wifi_hal_prop) set_prop(hal_wifi, wifi_prop) # allow hal wifi set interfaces up and down and get the factory MAC diff --git a/public/property.te b/public/property.te index 107d60297..c845d009d 100644 --- a/public/property.te +++ b/public/property.te @@ -165,7 +165,6 @@ system_public_prop(exported3_radio_prop) system_public_prop(exported_bluetooth_prop) system_public_prop(exported_overlay_prop) system_public_prop(exported_pm_prop) -system_public_prop(exported_wifi_prop) system_public_prop(ffs_control_prop) system_public_prop(sota_prop) system_public_prop(hwservicemanager_prop) @@ -184,6 +183,7 @@ system_public_prop(surfaceflinger_color_prop) system_public_prop(system_prop) system_public_prop(telephony_status_prop) system_public_prop(usb_control_prop) +system_public_prop(wifi_hal_prop) system_public_prop(wifi_log_prop) system_public_prop(wifi_prop) system_public_prop(zram_control_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index c742206ef..48cdeb8ae 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -219,7 +219,6 @@ set_prop(vendor_init, exported_config_prop) set_prop(vendor_init, exported_default_prop) set_prop(vendor_init, exported_overlay_prop) set_prop(vendor_init, exported_pm_prop) -set_prop(vendor_init, exported_wifi_prop) set_prop(vendor_init, exported2_system_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) @@ -239,6 +238,7 @@ set_prop(vendor_init, vendor_default_prop) set_prop(vendor_init, vendor_security_patch_level_prop) set_prop(vendor_init, vndk_prop) set_prop(vendor_init, virtual_ab_prop) +set_prop(vendor_init, wifi_hal_prop) set_prop(vendor_init, wifi_log_prop) set_prop(vendor_init, zram_control_prop)