Merge "Introduce apex_info_file type"

commit: 31331a64602f127bf2299b61f4e3d1bb67193be3 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Wed May 27 05:50:07 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Wed May 27 05:50:07 2020 +0000
tree: 2941c3e3b27d804569c91fb2707b39e9eee8c8e0
parent: e4b92d0b42211afc153e416ec64c1e21de2f3202 [diff]
parent: 93a99cf8fcbd8f864918e54483d693e9ac5dcb5d [diff]
diff --git a/private/app.te b/private/app.te
index 9964605..4da06bc 100644
--- a/private/app.te
+++ b/private/app.te

@@ -2,6 +2,13 @@
 # the implementation of ActivityManager.isDeviceInTestHarnessMode()
 get_prop(appdomain, test_harness_prop)
 
+get_prop(appdomain, boot_status_prop)
+get_prop(appdomain, dalvik_config_prop)
+get_prop(appdomain, surfaceflinger_color_prop)
+get_prop(appdomain, systemsound_config_prop)
+get_prop(appdomain, userspace_reboot_config_prop)
+get_prop(appdomain, vold_config_prop)
+
 userdebug_or_eng(`perfetto_producer({ appdomain })')
 
 # Prevent apps from causing presubmit failures.

diff --git a/private/coredomain.te b/private/coredomain.te
index 895507c..d95abc7 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te

@@ -1,4 +1,6 @@
+get_prop(coredomain, boot_status_prop)
 get_prop(coredomain, camera_config_prop)
+get_prop(coredomain, dalvik_config_prop)
 get_prop(coredomain, dalvik_runtime_prop)
 get_prop(coredomain, exported_pm_prop)
 get_prop(coredomain, ffs_config_prop)
@@ -7,8 +9,12 @@
 get_prop(coredomain, init_service_status_prop)
 get_prop(coredomain, lmkd_config_prop)
 get_prop(coredomain, pm_prop)
+get_prop(coredomain, surfaceflinger_color_prop)
+get_prop(coredomain, systemsound_config_prop)
 get_prop(coredomain, usb_config_prop)
 get_prop(coredomain, usb_control_prop)
+get_prop(coredomain, userspace_reboot_config_prop)
+get_prop(coredomain, vold_config_prop)
 
 full_treble_only(`
 neverallow {

diff --git a/private/domain.te b/private/domain.te
index bdf5ebd..84184e6 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -72,33 +72,24 @@
 # For now, everyone can access core property files
 # Device specific properties are not granted by default
 not_compatible_property(`
-    get_prop(domain, boot_status_prop)
+    # DO NOT ADD ANY PROPERTIES HERE
     get_prop(domain, core_property_type)
-    get_prop(domain, dalvik_config_prop)
     get_prop(domain, exported2_radio_prop)
     get_prop(domain, exported2_system_prop)
     get_prop(domain, exported3_default_prop)
     get_prop(domain, exported3_radio_prop)
     get_prop(domain, exported3_system_prop)
-    get_prop(domain, surfaceflinger_color_prop)
-    get_prop(domain, systemsound_config_prop)
     get_prop(domain, vendor_default_prop)
-    get_prop(domain, vold_config_prop)
 ')
 compatible_property_only(`
-    get_prop({coredomain appdomain shell}, boot_status_prop)
+    # DO NOT ADD ANY PROPERTIES HERE
     get_prop({coredomain appdomain shell}, core_property_type)
-    get_prop({coredomain appdomain shell}, dalvik_config_prop)
     get_prop({coredomain appdomain shell}, exported2_radio_prop)
     get_prop({coredomain appdomain shell}, exported2_system_prop)
     get_prop({coredomain appdomain shell}, exported3_default_prop)
     get_prop({coredomain appdomain shell}, exported3_radio_prop)
     get_prop({coredomain appdomain shell}, exported3_system_prop)
     get_prop({coredomain appdomain shell}, exported_camera_prop)
-    get_prop({coredomain appdomain shell}, surfaceflinger_color_prop)
-    get_prop({coredomain appdomain shell}, systemsound_config_prop)
-    get_prop({coredomain appdomain shell}, userspace_reboot_config_prop)
-    get_prop({coredomain appdomain shell}, vold_config_prop)
     get_prop({coredomain shell}, userspace_reboot_exported_prop)
     get_prop({coredomain shell}, userspace_reboot_log_prop)
     get_prop({coredomain shell}, userspace_reboot_test_prop)

diff --git a/public/bootanim.te b/public/bootanim.te
index eb3eba5..acef6da 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te

@@ -23,6 +23,7 @@
 
 allow bootanim audioserver_service:service_manager find;
 allow bootanim surfaceflinger_service:service_manager find;
+allow bootanim surfaceflinger:unix_stream_socket { read write };
 
 # Allow access to ion memory allocation device
 allow bootanim ion_device:chr_file rw_file_perms;

diff --git a/public/property.te b/public/property.te
index ba033f6..ba09be2 100644
--- a/public/property.te
+++ b/public/property.te

@@ -72,6 +72,7 @@
 system_restricted_prop(socket_hook_prop)
 system_restricted_prop(system_boot_reason_prop)
 system_restricted_prop(system_jvmti_agent_prop)
+system_restricted_prop(usb_prop)
 system_restricted_prop(userspace_reboot_exported_prop)
 system_restricted_prop(vold_status_prop)
 
@@ -96,7 +97,6 @@
     system_restricted_prop(shell_prop)
     system_restricted_prop(test_harness_prop)
     system_restricted_prop(theme_prop)
-    system_restricted_prop(usb_prop)
     system_restricted_prop(use_memfd_prop)
     system_restricted_prop(vold_prop)
 ')
@@ -235,7 +235,6 @@
     system_public_prop(shell_prop)
     system_public_prop(test_harness_prop)
     system_public_prop(theme_prop)
-    system_public_prop(usb_prop)
     system_public_prop(use_memfd_prop)
     system_public_prop(vold_prop)
 ')
commit	31331a64602f127bf2299b61f4e3d1bb67193be3	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Wed May 27 05:50:07 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Wed May 27 05:50:07 2020 +0000
tree	2941c3e3b27d804569c91fb2707b39e9eee8c8e0
parent	e4b92d0b42211afc153e416ec64c1e21de2f3202 [diff]
parent	93a99cf8fcbd8f864918e54483d693e9ac5dcb5d [diff]