diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil index fde89f7a3..d726fcd44 100644 --- a/private/compat/26.0/26.0.ignore.cil +++ b/private/compat/26.0/26.0.ignore.cil @@ -205,10 +205,12 @@ vendor_shell vendor_socket_hook_prop vndk_prop + vold_config_prop vold_metadata_file vold_prepare_subdirs vold_prepare_subdirs_exec vold_service + vold_status_prop vrflinger_vsync_service wait_for_keymaster wait_for_keymaster_exec diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil index 18564c355..27faba7ee 100644 --- a/private/compat/27.0/27.0.ignore.cil +++ b/private/compat/27.0/27.0.ignore.cil @@ -183,10 +183,12 @@ vendor_shell vendor_socket_hook_prop vndk_prop + vold_config_prop vold_metadata_file vold_prepare_subdirs vold_prepare_subdirs_exec vold_service + vold_status_prop vrflinger_vsync_service wait_for_keymaster wait_for_keymaster_exec diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil index 6d9a6d998..d81263cdd 100644 --- a/private/compat/29.0/29.0.cil +++ b/private/compat/29.0/29.0.cil @@ -1,6 +1,8 @@ ;; types removed from current policy (type ashmemd) +(type exported_vold_prop) (type exported2_config_prop) +(type exported2_vold_prop) (type hal_wifi_offload_hwservice) (type install_recovery) (type install_recovery_exec) @@ -1199,7 +1201,7 @@ (typeattributeset exported2_default_prop_29_0 (exported2_default_prop)) (typeattributeset exported2_radio_prop_29_0 (exported2_radio_prop)) (typeattributeset exported2_system_prop_29_0 (exported2_system_prop)) -(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop)) +(typeattributeset exported2_vold_prop_29_0 (exported2_vold_prop vold_config_prop)) (typeattributeset exported3_default_prop_29_0 (exported3_default_prop)) (typeattributeset exported3_radio_prop_29_0 (exported3_radio_prop)) (typeattributeset exported3_system_prop_29_0 (exported3_system_prop)) @@ -1220,7 +1222,7 @@ (typeattributeset exported_secure_prop_29_0 (exported_secure_prop)) (typeattributeset exported_system_prop_29_0 (exported_system_prop)) (typeattributeset exported_system_radio_prop_29_0 (exported_system_radio_prop)) -(typeattributeset exported_vold_prop_29_0 (exported_vold_prop)) +(typeattributeset exported_vold_prop_29_0 (exported_vold_prop vold_status_prop)) (typeattributeset exported_wifi_prop_29_0 (exported_wifi_prop)) (typeattributeset external_vibrator_service_29_0 (external_vibrator_service)) (typeattributeset face_service_29_0 (face_service)) diff --git a/private/domain.te b/private/domain.te index 845b878dc..8163aea44 100644 --- a/private/domain.te +++ b/private/domain.te @@ -78,12 +78,12 @@ not_compatible_property(` get_prop(domain, exported_system_radio_prop) get_prop(domain, exported2_radio_prop) get_prop(domain, exported2_system_prop) - get_prop(domain, exported2_vold_prop) get_prop(domain, exported3_default_prop) get_prop(domain, exported3_radio_prop) get_prop(domain, exported3_system_prop) get_prop(domain, systemsound_config_prop) get_prop(domain, vendor_default_prop) + get_prop(domain, vold_config_prop) ') compatible_property_only(` get_prop({coredomain appdomain shell}, core_property_type) @@ -92,13 +92,13 @@ compatible_property_only(` get_prop({coredomain appdomain shell}, exported_system_radio_prop) get_prop({coredomain appdomain shell}, exported2_radio_prop) get_prop({coredomain appdomain shell}, exported2_system_prop) - get_prop({coredomain appdomain shell}, exported2_vold_prop) get_prop({coredomain appdomain shell}, exported3_default_prop) get_prop({coredomain appdomain shell}, exported3_radio_prop) get_prop({coredomain appdomain shell}, exported3_system_prop) get_prop({coredomain appdomain shell}, exported_camera_prop) get_prop({coredomain appdomain shell}, systemsound_config_prop) get_prop({coredomain appdomain shell}, userspace_reboot_config_prop) + get_prop({coredomain appdomain shell}, vold_config_prop) get_prop({coredomain shell}, userspace_reboot_exported_prop) get_prop({coredomain shell}, userspace_reboot_log_prop) get_prop({coredomain shell}, userspace_reboot_test_prop) diff --git a/private/property.te b/private/property.te index 1a91a448d..0cdadbf17 100644 --- a/private/property.te +++ b/private/property.te @@ -142,10 +142,8 @@ compatible_property_only(` exported_fingerprint_prop exported_system_prop exported_system_radio_prop - exported_vold_prop exported2_default_prop exported2_system_prop - exported2_vold_prop exported3_default_prop exported3_system_prop -nfc_prop @@ -244,7 +242,6 @@ compatible_property_only(` exported_ffs_prop exported_system_radio_prop exported2_system_prop - exported2_vold_prop exported3_default_prop exported3_system_prop systemsound_config_prop diff --git a/private/property_contexts b/private/property_contexts index fc8f991cd..da47bdc56 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -392,17 +392,17 @@ ro.control_privapp_permissions u:object_r:exported3_default_prop:s0 exact string ro.cp_system_other_odex u:object_r:exported3_default_prop:s0 exact int -ro.crypto.allow_encrypt_override u:object_r:exported2_vold_prop:s0 exact bool -ro.crypto.fde_algorithm u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.fde_sector_size u:object_r:exported2_vold_prop:s0 exact int -ro.crypto.dm_default_key.options_format.version u:object_r:exported2_vold_prop:s0 exact int -ro.crypto.scrypt_params u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.set_dun u:object_r:exported2_vold_prop:s0 exact bool -ro.crypto.volume.contents_mode u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.volume.filenames_mode u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.volume.metadata.encryption u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.volume.metadata.method u:object_r:exported2_vold_prop:s0 exact string -ro.crypto.volume.options u:object_r:exported2_vold_prop:s0 exact string +ro.crypto.allow_encrypt_override u:object_r:vold_config_prop:s0 exact bool +ro.crypto.dm_default_key.options_format.version u:object_r:vold_config_prop:s0 exact int +ro.crypto.fde_algorithm u:object_r:vold_config_prop:s0 exact string +ro.crypto.fde_sector_size u:object_r:vold_config_prop:s0 exact int +ro.crypto.scrypt_params u:object_r:vold_config_prop:s0 exact string +ro.crypto.set_dun u:object_r:vold_config_prop:s0 exact bool +ro.crypto.volume.contents_mode u:object_r:vold_config_prop:s0 exact string +ro.crypto.volume.filenames_mode u:object_r:vold_config_prop:s0 exact string +ro.crypto.volume.metadata.encryption u:object_r:vold_config_prop:s0 exact string +ro.crypto.volume.metadata.method u:object_r:vold_config_prop:s0 exact string +ro.crypto.volume.options u:object_r:vold_config_prop:s0 exact string ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string @@ -483,7 +483,7 @@ telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int -vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int +vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool @@ -594,8 +594,8 @@ ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string -ro.crypto.state u:object_r:exported_vold_prop:s0 exact enum encrypted unencrypted unsupported -ro.crypto.type u:object_r:exported_vold_prop:s0 exact enum block file none +ro.crypto.state u:object_r:vold_status_prop:s0 exact enum encrypted unencrypted unsupported +ro.crypto.type u:object_r:vold_status_prop:s0 exact enum block file none ro.debuggable u:object_r:exported2_default_prop:s0 exact int @@ -623,7 +623,7 @@ sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact i sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool -vold.decrypt u:object_r:exported_vold_prop:s0 exact string +vold.decrypt u:object_r:vold_status_prop:s0 exact string # vendor-init-settable|public-readable aaudio.hw_burst_min_usec u:object_r:exported_default_prop:s0 exact int diff --git a/private/vold.te b/private/vold.te index 19d74b1f9..32107793b 100644 --- a/private/vold.te +++ b/private/vold.te @@ -19,9 +19,10 @@ type_transition vold storage_file:dir storage_stub_file; type_transition vold mnt_media_rw_file:dir mnt_media_rw_stub_file; # Property Service +get_prop(vold, vold_config_prop) + set_prop(vold, vold_prop) -set_prop(vold, exported_vold_prop) -set_prop(vold, exported2_vold_prop) +set_prop(vold, vold_status_prop) set_prop(vold, powerctl_prop) set_prop(vold, ctl_fuse_prop) set_prop(vold, restorecon_prop) diff --git a/public/domain.te b/public/domain.te index 7bee8ec9f..8a747ed3a 100644 --- a/public/domain.te +++ b/public/domain.te @@ -102,12 +102,12 @@ get_prop(domain, exported_fingerprint_prop) get_prop(domain, exported_radio_prop) get_prop(domain, exported_secure_prop) get_prop(domain, exported_system_prop) -get_prop(domain, exported_vold_prop) get_prop(domain, exported2_default_prop) get_prop(domain, logd_prop) get_prop(domain, socket_hook_prop) get_prop(domain, vendor_socket_hook_prop) get_prop(domain, vndk_prop) +get_prop(domain, vold_status_prop) # Binder cache properties are world-readable get_prop(domain, binder_cache_bluetooth_server_prop) diff --git a/public/property.te b/public/property.te index 42f3f47fc..cbf17bfb9 100644 --- a/public/property.te +++ b/public/property.te @@ -67,6 +67,7 @@ system_restricted_prop(socket_hook_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) system_restricted_prop(userspace_reboot_exported_prop) +system_restricted_prop(vold_status_prop) compatible_property_only(` # DO NOT ADD ANY PROPERTIES HERE @@ -83,7 +84,6 @@ compatible_property_only(` system_restricted_prop(exported_dumpstate_prop) system_restricted_prop(exported_fingerprint_prop) system_restricted_prop(exported_secure_prop) - system_restricted_prop(exported_vold_prop) system_restricted_prop(ffs_prop) system_restricted_prop(fingerprint_prop) system_restricted_prop(heapprofd_prop) @@ -113,8 +113,9 @@ system_vendor_config_prop(userspace_reboot_config_prop) system_vendor_config_prop(vehicle_hal_prop) system_vendor_config_prop(vendor_security_patch_level_prop) system_vendor_config_prop(vendor_socket_hook_prop) -system_vendor_config_prop(vndk_prop) system_vendor_config_prop(virtual_ab_prop) +system_vendor_config_prop(vndk_prop) +system_vendor_config_prop(vold_config_prop) # Properties with no restrictions system_public_prop(audio_prop) @@ -130,7 +131,6 @@ system_public_prop(dumpstate_options_prop) system_public_prop(exported_system_prop) system_public_prop(exported2_radio_prop) system_public_prop(exported2_system_prop) -system_public_prop(exported2_vold_prop) system_public_prop(exported3_radio_prop) system_public_prop(exported_bluetooth_prop) system_public_prop(exported_dalvik_prop) @@ -211,7 +211,6 @@ not_compatible_property(` system_public_prop(exported_dumpstate_prop) system_public_prop(exported_fingerprint_prop) system_public_prop(exported_secure_prop) - system_public_prop(exported_vold_prop) system_public_prop(ffs_prop) system_public_prop(fingerprint_prop) system_public_prop(heapprofd_prop) diff --git a/public/vendor_init.te b/public/vendor_init.te index c9a619ff4..bd9ec1630 100644 --- a/public/vendor_init.te +++ b/public/vendor_init.te @@ -224,7 +224,6 @@ set_prop(vendor_init, exported_radio_prop) set_prop(vendor_init, exported_system_radio_prop) set_prop(vendor_init, exported_wifi_prop) set_prop(vendor_init, exported2_system_prop) -set_prop(vendor_init, exported2_vold_prop) set_prop(vendor_init, exported3_default_prop) set_prop(vendor_init, exported3_radio_prop) set_prop(vendor_init, logd_prop)