diff options
33 files changed, 144 insertions, 6 deletions
diff --git a/prebuilts/api/30.0/public/attributes b/prebuilts/api/30.0/public/attributes index 19623afd6..0c91692bc 100644 --- a/prebuilts/api/30.0/public/attributes +++ b/prebuilts/api/30.0/public/attributes @@ -91,15 +91,19 @@ attribute extended_core_property_type; # All properties defined by /system. attribute system_property_type; +expandattribute system_property_type false; # All /system-defined properties used only in /system. attribute system_internal_property_type; +expandattribute system_internal_property_type false; # All /system-defined properties which can't be written outside /system. attribute system_restricted_property_type; +expandattribute system_restricted_property_type false; # All /system-defined properties with no restrictions. attribute system_public_property_type; +expandattribute system_public_property_type false; # All properties defined by /product. # Currently there are no enforcements between /system and /product, so for now @@ -111,15 +115,19 @@ define(`product_public_type', `system_public_property_type') # All properties defined by /vendor. attribute vendor_property_type; +expandattribute vendor_property_type false; # All /vendor-defined properties used only in /vendor. attribute vendor_internal_property_type; +expandattribute vendor_internal_property_type false; # All /vendor-defined properties which can't be written outside /vendor. attribute vendor_restricted_property_type; +expandattribute vendor_restricted_property_type false; # All /vendor-defined properties with no restrictions. attribute vendor_public_property_type; +expandattribute vendor_public_property_type false; # All service_manager types created by system_server attribute system_server_service; diff --git a/prebuilts/api/31.0/private/mediatranscoding.te b/prebuilts/api/31.0/private/mediatranscoding.te index 2a43cf9b5..073e81d78 100644 --- a/prebuilts/api/31.0/private/mediatranscoding.te +++ b/prebuilts/api/31.0/private/mediatranscoding.te @@ -19,6 +19,7 @@ hal_client_domain(mediatranscoding, hal_graphics_allocator) hal_client_domain(mediatranscoding, hal_configstore) hal_client_domain(mediatranscoding, hal_omx) hal_client_domain(mediatranscoding, hal_codec2) +hal_client_domain(mediatranscoding, hal_allocator) allow mediatranscoding mediaserver_service:service_manager find; allow mediatranscoding mediametrics_service:service_manager find; diff --git a/prebuilts/api/31.0/private/property.te b/prebuilts/api/31.0/private/property.te index 5af18085e..2bb1e044f 100644 --- a/prebuilts/api/31.0/private/property.te +++ b/prebuilts/api/31.0/private/property.te @@ -396,10 +396,12 @@ neverallow { # Allow the shell to set MTE props, so that non-root users with adb shell # access can control the settings on their device. +# Allow system apps to set MTE props, so Developer Options can set them. neverallow { domain -init -shell + -system_app } { arm64_memtag_prop }:property_service set; diff --git a/prebuilts/api/31.0/private/system_app.te b/prebuilts/api/31.0/private/system_app.te index 239686e67..41fac622b 100644 --- a/prebuilts/api/31.0/private/system_app.te +++ b/prebuilts/api/31.0/private/system_app.te @@ -34,6 +34,7 @@ allow system_app wallpaper_file:file r_file_perms; allow system_app icon_file:file r_file_perms; # Write to properties +set_prop(system_app, arm64_memtag_prop) set_prop(system_app, bluetooth_a2dp_offload_prop) set_prop(system_app, bluetooth_audio_hal_prop) set_prop(system_app, bluetooth_prop) diff --git a/prebuilts/api/32.0/private/mediatranscoding.te b/prebuilts/api/32.0/private/mediatranscoding.te index 2a43cf9b5..073e81d78 100644 --- a/prebuilts/api/32.0/private/mediatranscoding.te +++ b/prebuilts/api/32.0/private/mediatranscoding.te @@ -19,6 +19,7 @@ hal_client_domain(mediatranscoding, hal_graphics_allocator) hal_client_domain(mediatranscoding, hal_configstore) hal_client_domain(mediatranscoding, hal_omx) hal_client_domain(mediatranscoding, hal_codec2) +hal_client_domain(mediatranscoding, hal_allocator) allow mediatranscoding mediaserver_service:service_manager find; allow mediatranscoding mediametrics_service:service_manager find; diff --git a/prebuilts/api/32.0/private/property.te b/prebuilts/api/32.0/private/property.te index 587cf5e2f..77e1a7d26 100644 --- a/prebuilts/api/32.0/private/property.te +++ b/prebuilts/api/32.0/private/property.te @@ -396,10 +396,12 @@ neverallow { # Allow the shell to set MTE props, so that non-root users with adb shell # access can control the settings on their device. +# Allow system apps to set MTE props, so Developer Options can set them. neverallow { domain -init -shell + -system_app } { arm64_memtag_prop }:property_service set; diff --git a/prebuilts/api/32.0/private/system_app.te b/prebuilts/api/32.0/private/system_app.te index 239686e67..41fac622b 100644 --- a/prebuilts/api/32.0/private/system_app.te +++ b/prebuilts/api/32.0/private/system_app.te @@ -34,6 +34,7 @@ allow system_app wallpaper_file:file r_file_perms; allow system_app icon_file:file r_file_perms; # Write to properties +set_prop(system_app, arm64_memtag_prop) set_prop(system_app, bluetooth_a2dp_offload_prop) set_prop(system_app, bluetooth_audio_hal_prop) set_prop(system_app, bluetooth_prop) diff --git a/prebuilts/api/33.0/private/app.te b/prebuilts/api/33.0/private/app.te index 86180b075..9a2e02a94 100644 --- a/prebuilts/api/33.0/private/app.te +++ b/prebuilts/api/33.0/private/app.te @@ -54,6 +54,9 @@ get_prop(appdomain, device_config_runtime_native_boot_prop) userdebug_or_eng(`perfetto_producer({ appdomain })') +# Allow the heap dump ART plugin to the count of sessions waiting for OOME +get_prop(appdomain, traced_oome_heap_session_count_prop) + # Prevent apps from causing presubmit failures. # Apps can cause selinux denials by accessing CE storage # and/or external storage. In either case, the selinux denial is diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil index 5876c220e..f1accd952 100644 --- a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil +++ b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil @@ -74,6 +74,7 @@ sysfs_lru_gen_enabled system_dlkm_file tare_service + traced_oome_heap_session_count_prop tv_iapp_service untrusted_app_30 vendor_qcc_authmgr_app diff --git a/prebuilts/api/33.0/private/file.te b/prebuilts/api/33.0/private/file.te index cf9ea026d..c5837f983 100644 --- a/prebuilts/api/33.0/private/file.te +++ b/prebuilts/api/33.0/private/file.te @@ -12,7 +12,7 @@ type fs_bpf_netd_shared, fs_type, bpffs_type; type storaged_data_file, file_type, data_file_type, core_data_file_type; # /data/misc/wmtrace for wm traces -type wm_trace_data_file, file_type, data_file_type, core_data_file_type; +type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; # /data/misc/a11ytrace for accessibility traces type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type; diff --git a/prebuilts/api/33.0/private/platform_app.te b/prebuilts/api/33.0/private/platform_app.te index 6112ae01f..91149f48c 100644 --- a/prebuilts/api/33.0/private/platform_app.te +++ b/prebuilts/api/33.0/private/platform_app.te @@ -57,6 +57,12 @@ userdebug_or_eng(` auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read }; ') +# Allow writing and removing wmshell protolog in /data/misc/wmtrace. +userdebug_or_eng(` + allow platform_app wm_trace_data_file:dir rw_dir_perms; + allow platform_app wm_trace_data_file:file { getattr setattr create unlink w_file_perms }; +') + allow platform_app audioserver_service:service_manager find; allow platform_app cameraserver_service:service_manager find; allow platform_app drmserver_service:service_manager find; @@ -113,6 +119,10 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms; # Allow platform apps to act as Perfetto producers. perfetto_producer(platform_app) +# Allow performance profiling if the app opts in. +can_profile_heap(platform_app) +can_profile_perf(platform_app) + # Allow platform apps to create VMs virtualizationservice_use(platform_app) diff --git a/prebuilts/api/33.0/private/property_contexts b/prebuilts/api/33.0/private/property_contexts index fcd8bb5d2..a09ade264 100644 --- a/prebuilts/api/33.0/private/property_contexts +++ b/prebuilts/api/33.0/private/property_contexts @@ -218,6 +218,9 @@ ro.lowpan. u:object_r:lowpan_prop:s0 # heapprofd properties heapprofd. u:object_r:heapprofd_prop:s0 +# traced properties +traced.oome_heap_session.count u:object_r:traced_oome_heap_session_count_prop:s0 exact uint + # hwservicemanager properties hwservicemanager. u:object_r:hwservicemanager_prop:s0 @@ -351,10 +354,16 @@ audio.offload.min.duration.secs u:object_r:audio_config_prop:s0 exact int audio.spatializer.priority u:object_r:audio_config_prop:s0 exact int audio.spatializer.effect.affinity u:object_r:audio_config_prop:s0 exact int audio.spatializer.effect.util_clamp_min u:object_r:audio_config_prop:s0 exact int +audio.spatializer.pose_predictor_type u:object_r:audio_config_prop:s0 exact enum 0 1 2 3 +audio.spatializer.prediction_duration_ms u:object_r:audio_config_prop:s0 exact int ro.audio.ignore_effects u:object_r:audio_config_prop:s0 exact bool ro.audio.monitorRotation u:object_r:audio_config_prop:s0 exact bool ro.audio.offload_wakelock u:object_r:audio_config_prop:s0 exact bool + +# Configure whether new device has spatialization default enabled. +ro.audio.spatializer_binaural_enabled_default u:object_r:audio_config_prop:s0 exact bool +ro.audio.spatializer_transaural_enabled_default u:object_r:audio_config_prop:s0 exact bool # Boolean property used in AudioService to configure whether # spatializer functionality should be initialized ro.audio.spatializer_enabled u:object_r:audio_config_prop:s0 exact bool diff --git a/prebuilts/api/33.0/private/system_app.te b/prebuilts/api/33.0/private/system_app.te index 76e5f7dac..d82cff793 100644 --- a/prebuilts/api/33.0/private/system_app.te +++ b/prebuilts/api/33.0/private/system_app.te @@ -177,6 +177,10 @@ get_prop(system_app, oem_unlock_prop) # Allow system apps to act as Perfetto producers. perfetto_producer(system_app) +# Allow performance profiling by the platform itself. +can_profile_heap(system_app) +can_profile_perf(system_app) + ### ### Neverallow rules ### diff --git a/prebuilts/api/33.0/private/system_server.te b/prebuilts/api/33.0/private/system_server.te index 6d3bc78d2..5e826bf9f 100644 --- a/prebuilts/api/33.0/private/system_server.te +++ b/prebuilts/api/33.0/private/system_server.te @@ -418,7 +418,14 @@ allow system_server mediaserver:udp_socket rw_socket_perms; allow system_server mediadrmserver:tcp_socket rw_socket_perms; allow system_server mediadrmserver:udp_socket rw_socket_perms; -userdebug_or_eng(`perfetto_producer({ system_server })') +# Allow writing performance tracing data to the Perfetto traced daemon. This +# requires connecting to its producer socket and obtaining a (per-process) +# tmpfs fd. +perfetto_producer(system_server) + +# Allow performance profiling by the platform itself. +can_profile_heap(system_server) +can_profile_perf(system_server) # Get file context allow system_server file_contexts_file:file r_file_perms; @@ -695,6 +702,7 @@ allow system_server server_configurable_flags_data_file:file r_file_perms; # Property Service write set_prop(system_server, system_prop) set_prop(system_server, bootanim_system_prop) +set_prop(system_server, bluetooth_prop) set_prop(system_server, exported_system_prop) set_prop(system_server, exported3_system_prop) set_prop(system_server, safemode_prop) @@ -822,6 +830,9 @@ get_prop(system_server, hypervisor_prop) # Read persist.wm.debug. properties get_prop(system_server, persist_wm_debug_prop) +# Allow the heap dump ART plugin to the count of sessions waiting for OOME +get_prop(system_server, traced_oome_heap_session_count_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/prebuilts/api/33.0/private/system_suspend.te b/prebuilts/api/33.0/private/system_suspend.te index d924187c7..bef7c6d25 100644 --- a/prebuilts/api/33.0/private/system_suspend.te +++ b/prebuilts/api/33.0/private/system_suspend.te @@ -29,6 +29,14 @@ allow system_suspend bluetooth:binder call; allow system_suspend dumpstate:fd use; allow system_suspend dumpstate:fifo_file write; +# Allow init to take kernel wakelock and system suspend to +# remove kenel wakelocks and the capability to access these +# files +allow init sysfs_wake_lock:file rw_file_perms; +allow init self:global_capability2_class_set block_suspend; +allow system_suspend sysfs_wake_lock:file rw_file_perms; +allow system_suspend self:global_capability2_class_set block_suspend; + neverallow { domain -atrace # tracing diff --git a/prebuilts/api/33.0/private/traced.te b/prebuilts/api/33.0/private/traced.te index a6e200e62..0a4afed6a 100644 --- a/prebuilts/api/33.0/private/traced.te +++ b/prebuilts/api/33.0/private/traced.te @@ -68,6 +68,11 @@ allow traced { set_prop(traced, system_trace_prop) # Allow to lazily start producers. set_prop(traced, traced_lazy_prop) +# Allow tracking the count of sessions intercepting Java OutOfMemoryError +# If there are such tracing sessions and an OutOfMemoryError is thrown by ART, +# the hprof plugin intercepts the error, lazily registers a data source to +# traced and collects a heap dump. +set_prop(traced, traced_oome_heap_session_count_prop) # Allow traced to talk to statsd for logging metrics. unix_socket_send(traced, statsdw, statsd) diff --git a/prebuilts/api/33.0/private/update_verifier.te b/prebuilts/api/33.0/private/update_verifier.te index 5e1b27bf8..a8cef379a 100644 --- a/prebuilts/api/33.0/private/update_verifier.te +++ b/prebuilts/api/33.0/private/update_verifier.te @@ -7,3 +7,10 @@ set_prop(update_verifier, powerctl_prop) # Allow to set the OTA related properties e.g. ota.warm_reset. set_prop(update_verifier, ota_prop) + +# allow update_verifier to connect to snapuserd daemon +allow update_verifier snapuserd_socket:sock_file write; +allow update_verifier snapuserd:unix_stream_socket connectto; + +# virtual a/b properties +get_prop(update_verifier, virtual_ab_prop) diff --git a/prebuilts/api/33.0/public/ioctl_defines b/prebuilts/api/33.0/public/ioctl_defines index d46e485ce..f57f18222 100644 --- a/prebuilts/api/33.0/public/ioctl_defines +++ b/prebuilts/api/33.0/public/ioctl_defines @@ -823,6 +823,7 @@ define(`FS_IOC_ENABLE_VERITY', `0x6685') define(`FS_IOC_FIEMAP', `0xc020660b') define(`FS_IOC_FSGETXATTR', `0x801c581f') define(`FS_IOC_FSSETXATTR', `0x401c5820') +define(`FS_IOC_GET_ENCRYPTION_KEY_STATUS', `0xc080661a') define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615') define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616') define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614') diff --git a/prebuilts/api/33.0/public/property.te b/prebuilts/api/33.0/public/property.te index 763a80a59..b8e111bf5 100644 --- a/prebuilts/api/33.0/public/property.te +++ b/prebuilts/api/33.0/public/property.te @@ -90,6 +90,7 @@ system_restricted_prop(sqlite_log_prop) system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) +system_restricted_prop(traced_oome_heap_session_count_prop) system_restricted_prop(ab_update_gki_prop) system_restricted_prop(usb_prop) system_restricted_prop(userspace_reboot_exported_prop) diff --git a/prebuilts/api/33.0/public/vold.te b/prebuilts/api/33.0/public/vold.te index b0fb6d0df..53b2c49c5 100644 --- a/prebuilts/api/33.0/public/vold.te +++ b/prebuilts/api/33.0/public/vold.te @@ -51,6 +51,7 @@ allowxperm vold data_file_type:dir ioctl { FS_IOC_SET_ENCRYPTION_POLICY FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY + FS_IOC_GET_ENCRYPTION_KEY_STATUS }; # Only vold and init should ever set file-based encryption policies. @@ -65,7 +66,7 @@ neverallowxperm { neverallowxperm { domain -vold -} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY }; +} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_GET_ENCRYPTION_KEY_STATUS }; # Allow securely erasing crypto key files. F2FS_IOC_SEC_TRIM_FILE is # tried first. Otherwise, FS_IOC_FIEMAP is needed to get the diff --git a/private/app.te b/private/app.te index 86180b075..9a2e02a94 100644 --- a/private/app.te +++ b/private/app.te @@ -54,6 +54,9 @@ get_prop(appdomain, device_config_runtime_native_boot_prop) userdebug_or_eng(`perfetto_producer({ appdomain })') +# Allow the heap dump ART plugin to the count of sessions waiting for OOME +get_prop(appdomain, traced_oome_heap_session_count_prop) + # Prevent apps from causing presubmit failures. # Apps can cause selinux denials by accessing CE storage # and/or external storage. In either case, the selinux denial is diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil index 5876c220e..f1accd952 100644 --- a/private/compat/32.0/32.0.ignore.cil +++ b/private/compat/32.0/32.0.ignore.cil @@ -74,6 +74,7 @@ sysfs_lru_gen_enabled system_dlkm_file tare_service + traced_oome_heap_session_count_prop tv_iapp_service untrusted_app_30 vendor_qcc_authmgr_app diff --git a/private/file.te b/private/file.te index cf9ea026d..c5837f983 100644 --- a/private/file.te +++ b/private/file.te @@ -12,7 +12,7 @@ type fs_bpf_netd_shared, fs_type, bpffs_type; type storaged_data_file, file_type, data_file_type, core_data_file_type; # /data/misc/wmtrace for wm traces -type wm_trace_data_file, file_type, data_file_type, core_data_file_type; +type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject; # /data/misc/a11ytrace for accessibility traces type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type; diff --git a/private/platform_app.te b/private/platform_app.te index 6112ae01f..91149f48c 100644 --- a/private/platform_app.te +++ b/private/platform_app.te @@ -57,6 +57,12 @@ userdebug_or_eng(` auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read }; ') +# Allow writing and removing wmshell protolog in /data/misc/wmtrace. +userdebug_or_eng(` + allow platform_app wm_trace_data_file:dir rw_dir_perms; + allow platform_app wm_trace_data_file:file { getattr setattr create unlink w_file_perms }; +') + allow platform_app audioserver_service:service_manager find; allow platform_app cameraserver_service:service_manager find; allow platform_app drmserver_service:service_manager find; @@ -113,6 +119,10 @@ dontaudit platform_app debugfs_tracing:file rw_file_perms; # Allow platform apps to act as Perfetto producers. perfetto_producer(platform_app) +# Allow performance profiling if the app opts in. +can_profile_heap(platform_app) +can_profile_perf(platform_app) + # Allow platform apps to create VMs virtualizationservice_use(platform_app) diff --git a/private/property_contexts b/private/property_contexts index fcd8bb5d2..a09ade264 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -218,6 +218,9 @@ ro.lowpan. u:object_r:lowpan_prop:s0 # heapprofd properties heapprofd. u:object_r:heapprofd_prop:s0 +# traced properties +traced.oome_heap_session.count u:object_r:traced_oome_heap_session_count_prop:s0 exact uint + # hwservicemanager properties hwservicemanager. u:object_r:hwservicemanager_prop:s0 @@ -351,10 +354,16 @@ audio.offload.min.duration.secs u:object_r:audio_config_prop:s0 exact int audio.spatializer.priority u:object_r:audio_config_prop:s0 exact int audio.spatializer.effect.affinity u:object_r:audio_config_prop:s0 exact int audio.spatializer.effect.util_clamp_min u:object_r:audio_config_prop:s0 exact int +audio.spatializer.pose_predictor_type u:object_r:audio_config_prop:s0 exact enum 0 1 2 3 +audio.spatializer.prediction_duration_ms u:object_r:audio_config_prop:s0 exact int ro.audio.ignore_effects u:object_r:audio_config_prop:s0 exact bool ro.audio.monitorRotation u:object_r:audio_config_prop:s0 exact bool ro.audio.offload_wakelock u:object_r:audio_config_prop:s0 exact bool + +# Configure whether new device has spatialization default enabled. +ro.audio.spatializer_binaural_enabled_default u:object_r:audio_config_prop:s0 exact bool +ro.audio.spatializer_transaural_enabled_default u:object_r:audio_config_prop:s0 exact bool # Boolean property used in AudioService to configure whether # spatializer functionality should be initialized ro.audio.spatializer_enabled u:object_r:audio_config_prop:s0 exact bool diff --git a/private/system_app.te b/private/system_app.te index 76e5f7dac..d82cff793 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -177,6 +177,10 @@ get_prop(system_app, oem_unlock_prop) # Allow system apps to act as Perfetto producers. perfetto_producer(system_app) +# Allow performance profiling by the platform itself. +can_profile_heap(system_app) +can_profile_perf(system_app) + ### ### Neverallow rules ### diff --git a/private/system_server.te b/private/system_server.te index 6d3bc78d2..5e826bf9f 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -418,7 +418,14 @@ allow system_server mediaserver:udp_socket rw_socket_perms; allow system_server mediadrmserver:tcp_socket rw_socket_perms; allow system_server mediadrmserver:udp_socket rw_socket_perms; -userdebug_or_eng(`perfetto_producer({ system_server })') +# Allow writing performance tracing data to the Perfetto traced daemon. This +# requires connecting to its producer socket and obtaining a (per-process) +# tmpfs fd. +perfetto_producer(system_server) + +# Allow performance profiling by the platform itself. +can_profile_heap(system_server) +can_profile_perf(system_server) # Get file context allow system_server file_contexts_file:file r_file_perms; @@ -695,6 +702,7 @@ allow system_server server_configurable_flags_data_file:file r_file_perms; # Property Service write set_prop(system_server, system_prop) set_prop(system_server, bootanim_system_prop) +set_prop(system_server, bluetooth_prop) set_prop(system_server, exported_system_prop) set_prop(system_server, exported3_system_prop) set_prop(system_server, safemode_prop) @@ -822,6 +830,9 @@ get_prop(system_server, hypervisor_prop) # Read persist.wm.debug. properties get_prop(system_server, persist_wm_debug_prop) +# Allow the heap dump ART plugin to the count of sessions waiting for OOME +get_prop(system_server, traced_oome_heap_session_count_prop) + # Create a socket for connections from debuggerd. allow system_server system_ndebug_socket:sock_file create_file_perms; diff --git a/private/system_suspend.te b/private/system_suspend.te index d924187c7..bef7c6d25 100644 --- a/private/system_suspend.te +++ b/private/system_suspend.te @@ -29,6 +29,14 @@ allow system_suspend bluetooth:binder call; allow system_suspend dumpstate:fd use; allow system_suspend dumpstate:fifo_file write; +# Allow init to take kernel wakelock and system suspend to +# remove kenel wakelocks and the capability to access these +# files +allow init sysfs_wake_lock:file rw_file_perms; +allow init self:global_capability2_class_set block_suspend; +allow system_suspend sysfs_wake_lock:file rw_file_perms; +allow system_suspend self:global_capability2_class_set block_suspend; + neverallow { domain -atrace # tracing diff --git a/private/traced.te b/private/traced.te index a6e200e62..0a4afed6a 100644 --- a/private/traced.te +++ b/private/traced.te @@ -68,6 +68,11 @@ allow traced { set_prop(traced, system_trace_prop) # Allow to lazily start producers. set_prop(traced, traced_lazy_prop) +# Allow tracking the count of sessions intercepting Java OutOfMemoryError +# If there are such tracing sessions and an OutOfMemoryError is thrown by ART, +# the hprof plugin intercepts the error, lazily registers a data source to +# traced and collects a heap dump. +set_prop(traced, traced_oome_heap_session_count_prop) # Allow traced to talk to statsd for logging metrics. unix_socket_send(traced, statsdw, statsd) diff --git a/private/update_verifier.te b/private/update_verifier.te index 5e1b27bf8..a8cef379a 100644 --- a/private/update_verifier.te +++ b/private/update_verifier.te @@ -7,3 +7,10 @@ set_prop(update_verifier, powerctl_prop) # Allow to set the OTA related properties e.g. ota.warm_reset. set_prop(update_verifier, ota_prop) + +# allow update_verifier to connect to snapuserd daemon +allow update_verifier snapuserd_socket:sock_file write; +allow update_verifier snapuserd:unix_stream_socket connectto; + +# virtual a/b properties +get_prop(update_verifier, virtual_ab_prop) diff --git a/public/ioctl_defines b/public/ioctl_defines index d46e485ce..f57f18222 100644 --- a/public/ioctl_defines +++ b/public/ioctl_defines @@ -823,6 +823,7 @@ define(`FS_IOC_ENABLE_VERITY', `0x6685') define(`FS_IOC_FIEMAP', `0xc020660b') define(`FS_IOC_FSGETXATTR', `0x801c581f') define(`FS_IOC_FSSETXATTR', `0x401c5820') +define(`FS_IOC_GET_ENCRYPTION_KEY_STATUS', `0xc080661a') define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615') define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616') define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614') diff --git a/public/property.te b/public/property.te index 763a80a59..b8e111bf5 100644 --- a/public/property.te +++ b/public/property.te @@ -90,6 +90,7 @@ system_restricted_prop(sqlite_log_prop) system_restricted_prop(surfaceflinger_display_prop) system_restricted_prop(system_boot_reason_prop) system_restricted_prop(system_jvmti_agent_prop) +system_restricted_prop(traced_oome_heap_session_count_prop) system_restricted_prop(ab_update_gki_prop) system_restricted_prop(usb_prop) system_restricted_prop(userspace_reboot_exported_prop) diff --git a/public/vold.te b/public/vold.te index b0fb6d0df..53b2c49c5 100644 --- a/public/vold.te +++ b/public/vold.te @@ -51,6 +51,7 @@ allowxperm vold data_file_type:dir ioctl { FS_IOC_SET_ENCRYPTION_POLICY FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY + FS_IOC_GET_ENCRYPTION_KEY_STATUS }; # Only vold and init should ever set file-based encryption policies. @@ -65,7 +66,7 @@ neverallowxperm { neverallowxperm { domain -vold -} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY }; +} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_GET_ENCRYPTION_KEY_STATUS }; # Allow securely erasing crypto key files. F2FS_IOC_SEC_TRIM_FILE is # tried first. Otherwise, FS_IOC_FIEMAP is needed to get the |