From 86a85c4e77850548997337bc270f467ef394e49d Mon Sep 17 00:00:00 2001
From: Alan Stokes <alanstokes@google.com>
Date: Thu, 2 May 2024 12:49:10 +0100
Subject: [PATCH] Add some new classes and access vectors

These have been added to the kernel and to Android sepolicy, but not
yet here. This doesn't make much difference, but it does avoid some
(harmless) warnings at policy load time.

While I'm here, remove some userspace classes which don't exist in
Microdroid and probably never will.

Bug: 215093641
Test: Policy still builds; TH
Change-Id: Id2f778919e492162c1a7d77822d74d7978522118
---
 microdroid/system/private/access_vectors   | 63 +++-------------------
 microdroid/system/private/security_classes | 11 +---
 2 files changed, 10 insertions(+), 64 deletions(-)

diff --git a/microdroid/system/private/access_vectors b/microdroid/system/private/access_vectors
index 22f2ffa1d..8c9b5daff 100644
--- a/microdroid/system/private/access_vectors
+++ b/microdroid/system/private/access_vectors
@@ -395,6 +395,7 @@ inherits socket
 	nlmsg_read
 	nlmsg_write
 	nlmsg_readpriv
+	nlmsg_getneigh
 }
 
 class netlink_tcpdiag_socket
@@ -691,61 +692,6 @@ class hwservice_manager
 	list
 }
 
-class keystore_key
-{
-	get_state
-	get
-	insert
-	delete
-	exist
-	list
-	reset
-	password
-	lock
-	unlock
-	is_empty
-	sign
-	verify
-	grant
-	duplicate
-	clear_uid
-	add_auth
-	user_changed
-	gen_unique_id
-}
-
-class keystore2
-{
-	add_auth
-	change_password
-	change_user
-	clear_ns
-	clear_uid
-	early_boot_ended
-	get_auth_token
-	get_state
-	list
-	lock
-	report_off_body
-	reset
-	unlock
-}
-
-class keystore2_key
-{
-	convert_storage_key_to_ephemeral
-	delete
-	gen_unique_id
-	get_info
-	grant
-	manage_blob
-	rebind
-	req_forced_op
-	update
-	use
-	use_dev_id
-}
-
 class drmservice {
 	consumeRights
 	setPlaybackStatus
@@ -775,3 +721,10 @@ class lockdown
 	integrity
 	confidentiality
 }
+
+class io_uring
+{
+	override_creds
+	sqpoll
+	cmd
+}
diff --git a/microdroid/system/private/security_classes b/microdroid/system/private/security_classes
index 200b030cc..e74092807 100644
--- a/microdroid/system/private/security_classes
+++ b/microdroid/system/private/security_classes
@@ -142,6 +142,8 @@ class xdp_socket
 
 class perf_event
 
+class io_uring
+
 # Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
 class lockdown
 
@@ -154,14 +156,5 @@ class service_manager           # userspace
 # hardware service manager      # userspace
 class hwservice_manager
 
-# Legacy Keystore key permissions
-class keystore_key              # userspace
-
-# Keystore 2.0 permissions
-class keystore2                 # userspace
-
-# Keystore 2.0 key permissions
-class keystore2_key             # userspace
-
 class drmservice                # userspace
 # FLASK