Snap for 8618812 from db2d57055002fc4cb3d4ea99c7ee7b9540fcfb5c to mainline-tzdata4-release Change-Id: I00fc1d88f6023e1ef5a3035d2904a5fc472505cb

commit: 3c896fa7ee874945f5cf6b8bb30766fe1a1c4c9b [log] [tgz]
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Fri May 20 00:41:35 2022 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> Fri May 20 00:41:35 2022 +0000
tree: 40204054e3667ed105a998a60c91fe53ec16acee
parent: 6b211f6278a8afb047cf485a61eeaea75e1c2182 [diff]
parent: db2d57055002fc4cb3d4ea99c7ee7b9540fcfb5c [diff]
diff --git a/apex/Android.bp b/apex/Android.bp
index 5d61303..8f11771 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp

@@ -195,13 +195,6 @@
 }
 
 filegroup {
-  name: "com.android.telephony-file_contexts",
-  srcs: [
-    "com.android.telephony-file_contexts",
-  ],
-}
-
-filegroup {
   name: "com.android.tzdata-file_contexts",
   srcs: [
     "com.android.tzdata-file_contexts",

diff --git a/apex/com.android.telephony-file_contexts b/apex/com.android.telephony-file_contexts
deleted file mode 100644
index f3a65d4..0000000
--- a/apex/com.android.telephony-file_contexts
+++ /dev/null

@@ -1 +0,0 @@
-(/.*)?                u:object_r:system_file:s0

diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index 49bc5b3..386f11e 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te

@@ -25,6 +25,10 @@
 # See b/35323867#comment3
 dontaudit compos self:global_capability_class_set dac_override;
 
+# Allow settings system properties that ART expects.
+set_prop(compos, dalvik_config_prop)
+set_prop(compos, device_config_runtime_native_boot_prop)
+
 # Allow running odrefresh in its own domain
 domain_auto_trans(compos, odrefresh_exec, odrefresh)
 

diff --git a/microdroid/system/private/odrefresh.te b/microdroid/system/private/odrefresh.te
index c083547..c236637 100644
--- a/microdroid/system/private/odrefresh.te
+++ b/microdroid/system/private/odrefresh.te

@@ -35,7 +35,10 @@
 # fail immediately. See b/210909688.
 allow odrefresh compos:fd use;
 
-# Silently ignore the access to properties. Unlike on Android, parameters
-# should be passed from command line to avoid global state.
+# Allow odrefresh to read all dalvik system properties. odrefresh needs to record the relevant ones
+# in the output for later verification check.
+get_prop(odrefresh, dalvik_config_prop)
+get_prop(odrefresh, device_config_runtime_native_boot_prop)
+
+# Silently ignore the write to properties, e.g. for setting boot animation progress.
 dontaudit odrefresh property_socket:sock_file write;
-dontaudit odrefresh dalvik_config_prop:file read;

diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index 01aa5e4..6e795dc 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te

@@ -1,6 +1,7 @@
 # Declare ART properties for CompOS
 system_public_prop(dalvik_config_prop)
 system_restricted_prop(device_config_runtime_native_prop)
+system_restricted_prop(device_config_runtime_native_boot_prop)
 
 # Don't audit legacy ctl. property handling.  We only want the newer permission check to appear
 # in the audit log

diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index 68d6df5..6f65eff 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts

@@ -152,7 +152,9 @@
 heapprofd.enable u:object_r:heapprofd_prop:s0 exact bool
 
 # ART properties for CompOS
-dalvik.vm.                            u:object_r:dalvik_config_prop:s0 prefix
-persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0 prefix
+dalvik.vm.                                  u:object_r:dalvik_config_prop:s0 prefix
+ro.dalvik.vm.                               u:object_r:dalvik_config_prop:s0 prefix
+persist.device_config.runtime_native.       u:object_r:device_config_runtime_native_prop:s0 prefix
+persist.device_config.runtime_native_boot.  u:object_r:device_config_runtime_native_boot_prop:s0 prefix
 
 apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string

diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
index d29a3d3..94a8fea 100644
--- a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
+++ b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil

@@ -17,6 +17,7 @@
     connectivity_native_service
     device_config_nnapi_native_prop
     device_config_surface_flinger_native_boot_prop
+    device_config_vendor_system_native_prop
     dice_maintenance_service
     dice_node_service
     diced

diff --git a/prebuilts/api/33.0/private/composd.te b/prebuilts/api/33.0/private/composd.te
index 5f99a92..d007d66 100644
--- a/prebuilts/api/33.0/private/composd.te
+++ b/prebuilts/api/33.0/private/composd.te

@@ -31,6 +31,7 @@
 
 # Read ART's properties
 get_prop(composd, dalvik_config_prop)
+get_prop(composd, device_config_runtime_native_boot_prop)
 
 # We never create any artifact files directly
 neverallow composd apex_art_data_file:file ~unlink;

diff --git a/prebuilts/api/33.0/private/file.te b/prebuilts/api/33.0/private/file.te
index 5a843f9..4161dc9 100644
--- a/prebuilts/api/33.0/private/file.te
+++ b/prebuilts/api/33.0/private/file.te

@@ -19,6 +19,8 @@
 # /data/misc/perfetto-configs for perfetto configs
 type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
 
+# /data/misc_{ce/de}/<user>/sdksandbox root data directory for sdk sandbox processes
+type sdk_sandbox_system_data_file, file_type, data_file_type, core_data_file_type;
 # /data/misc_{ce/de}/<user>/sdksandbox/<app-name>/* subdirectory for sdk sandbox processes
 type sdk_sandbox_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
 
@@ -62,6 +64,7 @@
 type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 type apex_permission_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+type apex_tethering_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 type apex_wifi_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 
 # /data/font/files

diff --git a/prebuilts/api/33.0/private/file_contexts b/prebuilts/api/33.0/private/file_contexts
index b4f42cf..e21c18c 100644
--- a/prebuilts/api/33.0/private/file_contexts
+++ b/prebuilts/api/33.0/private/file_contexts

@@ -589,6 +589,7 @@
 /data/misc/apexdata/com\.android\.compos(/.*)?        u:object_r:apex_compos_data_file:s0
 /data/misc/apexdata/com\.android\.permission(/.*)?    u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.scheduling(/.*)?    u:object_r:apex_system_server_data_file:s0
+/data/misc/apexdata/com\.android\.tethering(/.*)?     u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.uwb(/.*)?           u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.wifi(/.*)?          u:object_r:apex_system_server_data_file:s0
 /data/misc/apexrollback(/.*)?   u:object_r:apex_rollback_data_file:s0
@@ -690,6 +691,10 @@
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
 
+# Sandbox sdk data (managed by installd)
+/data/misc_de/[0-9]+/sdksandbox       u:object_r:sdk_sandbox_system_data_file:s0
+/data/misc_ce/[0-9]+/sdksandbox       u:object_r:sdk_sandbox_system_data_file:s0
+
 # App data snapshots (managed by installd).
 /data/misc_de/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0
 /data/misc_ce/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0

diff --git a/prebuilts/api/33.0/private/installd.te b/prebuilts/api/33.0/private/installd.te
index 251a14f..538641d 100644
--- a/prebuilts/api/33.0/private/installd.te
+++ b/prebuilts/api/33.0/private/installd.te

@@ -48,3 +48,6 @@
 allow installd staging_data_file:dir { open read remove_name rmdir search write };
 
 allow installd { dex2oat dexoptanalyzer }:process { sigkill signal };
+
+# Allow installd manage dirs in /data/misc_ce/0/sdksandbox
+allow installd sdk_sandbox_system_data_file:dir { create_dir_perms relabelfrom };

diff --git a/prebuilts/api/33.0/private/property.te b/prebuilts/api/33.0/private/property.te
index 63081bf..41a4c2f 100644
--- a/prebuilts/api/33.0/private/property.te
+++ b/prebuilts/api/33.0/private/property.te

@@ -47,7 +47,6 @@
 system_internal_prop(virtualizationservice_prop)
 
 # Properties which can't be written outside system
-system_restricted_prop(device_config_vendor_system_native_prop)
 system_restricted_prop(device_config_virtualization_framework_native_prop)
 system_restricted_prop(system_user_mode_emulation_prop)
 

diff --git a/prebuilts/api/33.0/private/sdk_sandbox.te b/prebuilts/api/33.0/private/sdk_sandbox.te
index 46e7be8..193ab51 100644
--- a/prebuilts/api/33.0/private/sdk_sandbox.te
+++ b/prebuilts/api/33.0/private/sdk_sandbox.te

@@ -33,6 +33,7 @@
 allow sdk_sandbox game_service:service_manager find;
 allow sdk_sandbox gpu_service:service_manager find;
 allow sdk_sandbox graphicsstats_service:service_manager find;
+allow sdk_sandbox hardware_properties_service:service_manager find;
 allow sdk_sandbox hint_service:service_manager find;
 allow sdk_sandbox imms_service:service_manager find;
 allow sdk_sandbox input_method_service:service_manager find;
@@ -89,6 +90,8 @@
 allow sdk_sandbox vcn_management_service:service_manager find;
 allow sdk_sandbox webviewupdate_service:service_manager find;
 
+allow sdk_sandbox system_linker_exec:file execute_no_trans;
+
 # Write app-specific trace data to the Perfetto traced damon. This requires
 # connecting to its producer socket and obtaining a (per-process) tmpfs fd.
 perfetto_producer(sdk_sandbox)
@@ -102,7 +105,10 @@
 allow sdk_sandbox system_server:udp_socket {
         connect getattr read recvfrom sendto write getopt setopt };
 
-# allow access to sdksandbox data directory
+# allow sandbox to search in sdk system server directory
+# additionally, for webview to work, getattr has been permitted
+allow sdk_sandbox sdk_sandbox_system_data_file:dir { getattr search };
+# allow sandbox to create files and dirs in sdk data directory
 allow sdk_sandbox sdk_sandbox_data_file:dir create_dir_perms;
 allow sdk_sandbox sdk_sandbox_data_file:file create_file_perms;
 
@@ -151,3 +157,20 @@
 neverallow { sdk_sandbox } tmpfs:dir no_rw_file_perms;
 
 neverallow sdk_sandbox hal_drm_service:service_manager find;
+
+# Only certain system components should have access to sdk_sandbox_system_data_file
+# sdk_sandbox only needs search. Restricted in follow up neverallow rule.
+neverallow {
+    domain
+    -init
+    -installd
+    -sdk_sandbox
+    -system_server
+    -vold_prepare_subdirs
+} sdk_sandbox_system_data_file:dir { create_dir_perms relabelfrom relabelto };
+
+# sdk_sandbox only needs to traverse through the sdk_sandbox_system_data_file
+neverallow sdk_sandbox sdk_sandbox_system_data_file:dir ~{ getattr search };
+
+# Only dirs should be created at sdk_sandbox_system_data_file level
+neverallow { domain -init } sdk_sandbox_system_data_file:file *;

diff --git a/prebuilts/api/33.0/private/system_server.te b/prebuilts/api/33.0/private/system_server.te
index ec7bfe4..ba097f2 100644
--- a/prebuilts/api/33.0/private/system_server.te
+++ b/prebuilts/api/33.0/private/system_server.te

@@ -72,6 +72,9 @@
 allow system_server sysfs_fs_f2fs:dir r_dir_perms;
 allow system_server sysfs_fs_f2fs:file r_file_perms;
 
+# For SdkSandboxManagerService
+allow system_server sdk_sandbox_system_data_file:dir create_dir_perms;
+
 # For art.
 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;
@@ -1362,12 +1365,14 @@
   apex_appsearch_data_file
   apex_permission_data_file
   apex_scheduling_data_file
+  apex_tethering_data_file
   apex_wifi_data_file
 }:dir create_dir_perms;
 allow system_server {
   apex_appsearch_data_file
   apex_permission_data_file
   apex_scheduling_data_file
+  apex_tethering_data_file
   apex_wifi_data_file
 }:file create_file_perms;
 

diff --git a/prebuilts/api/33.0/private/untrusted_app.te b/prebuilts/api/33.0/private/untrusted_app.te
index 62d458d..63b095a 100644
--- a/prebuilts/api/33.0/private/untrusted_app.te
+++ b/prebuilts/api/33.0/private/untrusted_app.te

@@ -14,3 +14,10 @@
 untrusted_app_domain(untrusted_app)
 net_domain(untrusted_app)
 bluetooth_domain(untrusted_app)
+
+# Allow webview to access fd shared by sdksandbox for experiments data
+# TODO(b/229249719): Will not be supported in Android U
+allow untrusted_app sdk_sandbox_data_file:fd use;
+allow untrusted_app sdk_sandbox_data_file:file write;
+
+neverallow untrusted_app sdk_sandbox_data_file:file { open create };

diff --git a/prebuilts/api/33.0/private/vehicle_binding_util.te b/prebuilts/api/33.0/private/vehicle_binding_util.te
index 76d0756..f527944 100644
--- a/prebuilts/api/33.0/private/vehicle_binding_util.te
+++ b/prebuilts/api/33.0/private/vehicle_binding_util.te

@@ -8,8 +8,10 @@
 # allow writing to kmsg during boot
 allow vehicle_binding_util kmsg_device:chr_file { getattr w_file_perms };
 
-# allow reading the binding property from vhal
+# allow reading the binding property from HIDL VHAL.
 hwbinder_use(vehicle_binding_util)
+# allow reading the binding property from AIDL VHAL.
+binder_use(vehicle_binding_util)
 hal_client_domain(vehicle_binding_util, hal_vehicle)
 
 # allow executing vdc

diff --git a/prebuilts/api/33.0/private/vold_prepare_subdirs.te b/prebuilts/api/33.0/private/vold_prepare_subdirs.te
index e1c8044..ddb2828 100644
--- a/prebuilts/api/33.0/private/vold_prepare_subdirs.te
+++ b/prebuilts/api/33.0/private/vold_prepare_subdirs.te

@@ -12,6 +12,7 @@
 allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
 allow vold_prepare_subdirs self:process setfscreate;
 allow vold_prepare_subdirs {
+  sdk_sandbox_system_data_file
   system_data_file
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
@@ -27,6 +28,7 @@
     rollback_data_file
     storaged_data_file
     sdk_sandbox_data_file
+    sdk_sandbox_system_data_file
     system_data_file
     vold_data_file
 }:dir { create_dir_perms relabelto };
@@ -56,6 +58,7 @@
   apex_appsearch_data_file
   apex_permission_data_file
   apex_scheduling_data_file
+  apex_tethering_data_file
   apex_wifi_data_file
 }:dir relabelfrom;
 

diff --git a/prebuilts/api/33.0/private/zygote.te b/prebuilts/api/33.0/private/zygote.te
index ea983fd..c5ba180 100644
--- a/prebuilts/api/33.0/private/zygote.te
+++ b/prebuilts/api/33.0/private/zygote.te

@@ -235,6 +235,9 @@
 allow zygote vendor_apex_file:dir { getattr search };
 allow zygote vendor_apex_file:file { getattr };
 
+# Allow zygote to query for compression/features.
+r_dir_file(zygote, sysfs_fs_f2fs)
+
 ###
 ### neverallow rules
 ###

diff --git a/prebuilts/api/33.0/public/property.te b/prebuilts/api/33.0/public/property.te
index 6024f07..b18f142 100644
--- a/prebuilts/api/33.0/public/property.te
+++ b/prebuilts/api/33.0/public/property.te

@@ -67,6 +67,7 @@
 system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(device_config_surface_flinger_native_boot_prop)
+system_restricted_prop(device_config_vendor_system_native_prop)
 system_restricted_prop(fingerprint_prop)
 system_restricted_prop(gwp_asan_prop)
 system_restricted_prop(hal_instrumentation_prop)

diff --git a/prebuilts/api/33.0/public/vendor_init.te b/prebuilts/api/33.0/public/vendor_init.te
index bc6d3b9..b7302d4 100644
--- a/prebuilts/api/33.0/public/vendor_init.te
+++ b/prebuilts/api/33.0/public/vendor_init.te

@@ -272,6 +272,8 @@
 get_prop(vendor_init, theme_prop)
 set_prop(vendor_init, dck_prop)
 
+# Allow vendor_init to read vendor_system_native device config changes
+get_prop(vendor_init, device_config_vendor_system_native_prop)
 
 ###
 ### neverallow rules

diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index d29a3d3..94a8fea 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil

@@ -17,6 +17,7 @@
     connectivity_native_service
     device_config_nnapi_native_prop
     device_config_surface_flinger_native_boot_prop
+    device_config_vendor_system_native_prop
     dice_maintenance_service
     dice_node_service
     diced

diff --git a/private/composd.te b/private/composd.te
index 5f99a92..d007d66 100644
--- a/private/composd.te
+++ b/private/composd.te

@@ -31,6 +31,7 @@
 
 # Read ART's properties
 get_prop(composd, dalvik_config_prop)
+get_prop(composd, device_config_runtime_native_boot_prop)
 
 # We never create any artifact files directly
 neverallow composd apex_art_data_file:file ~unlink;

diff --git a/private/file.te b/private/file.te
index 5a843f9..4161dc9 100644
--- a/private/file.te
+++ b/private/file.te

@@ -19,6 +19,8 @@
 # /data/misc/perfetto-configs for perfetto configs
 type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
 
+# /data/misc_{ce/de}/<user>/sdksandbox root data directory for sdk sandbox processes
+type sdk_sandbox_system_data_file, file_type, data_file_type, core_data_file_type;
 # /data/misc_{ce/de}/<user>/sdksandbox/<app-name>/* subdirectory for sdk sandbox processes
 type sdk_sandbox_data_file, file_type, data_file_type, core_data_file_type, app_data_file_type;
 
@@ -62,6 +64,7 @@
 type apex_appsearch_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 type apex_permission_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 type apex_scheduling_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
+type apex_tethering_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 type apex_wifi_data_file, file_type, data_file_type, core_data_file_type, apex_data_file_type;
 
 # /data/font/files

diff --git a/private/file_contexts b/private/file_contexts
index b4f42cf..e21c18c 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -589,6 +589,7 @@
 /data/misc/apexdata/com\.android\.compos(/.*)?        u:object_r:apex_compos_data_file:s0
 /data/misc/apexdata/com\.android\.permission(/.*)?    u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.scheduling(/.*)?    u:object_r:apex_system_server_data_file:s0
+/data/misc/apexdata/com\.android\.tethering(/.*)?     u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.uwb(/.*)?           u:object_r:apex_system_server_data_file:s0
 /data/misc/apexdata/com\.android\.wifi(/.*)?          u:object_r:apex_system_server_data_file:s0
 /data/misc/apexrollback(/.*)?   u:object_r:apex_rollback_data_file:s0
@@ -690,6 +691,10 @@
 # Bootchart data
 /data/bootchart(/.*)?		u:object_r:bootchart_data_file:s0
 
+# Sandbox sdk data (managed by installd)
+/data/misc_de/[0-9]+/sdksandbox       u:object_r:sdk_sandbox_system_data_file:s0
+/data/misc_ce/[0-9]+/sdksandbox       u:object_r:sdk_sandbox_system_data_file:s0
+
 # App data snapshots (managed by installd).
 /data/misc_de/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0
 /data/misc_ce/[0-9]+/rollback(/.*)?       u:object_r:rollback_data_file:s0

diff --git a/private/installd.te b/private/installd.te
index 251a14f..538641d 100644
--- a/private/installd.te
+++ b/private/installd.te

@@ -48,3 +48,6 @@
 allow installd staging_data_file:dir { open read remove_name rmdir search write };
 
 allow installd { dex2oat dexoptanalyzer }:process { sigkill signal };
+
+# Allow installd manage dirs in /data/misc_ce/0/sdksandbox
+allow installd sdk_sandbox_system_data_file:dir { create_dir_perms relabelfrom };

diff --git a/private/property.te b/private/property.te
index 63081bf..41a4c2f 100644
--- a/private/property.te
+++ b/private/property.te

@@ -47,7 +47,6 @@
 system_internal_prop(virtualizationservice_prop)
 
 # Properties which can't be written outside system
-system_restricted_prop(device_config_vendor_system_native_prop)
 system_restricted_prop(device_config_virtualization_framework_native_prop)
 system_restricted_prop(system_user_mode_emulation_prop)
 

diff --git a/private/sdk_sandbox.te b/private/sdk_sandbox.te
index 46e7be8..193ab51 100644
--- a/private/sdk_sandbox.te
+++ b/private/sdk_sandbox.te

@@ -33,6 +33,7 @@
 allow sdk_sandbox game_service:service_manager find;
 allow sdk_sandbox gpu_service:service_manager find;
 allow sdk_sandbox graphicsstats_service:service_manager find;
+allow sdk_sandbox hardware_properties_service:service_manager find;
 allow sdk_sandbox hint_service:service_manager find;
 allow sdk_sandbox imms_service:service_manager find;
 allow sdk_sandbox input_method_service:service_manager find;
@@ -89,6 +90,8 @@
 allow sdk_sandbox vcn_management_service:service_manager find;
 allow sdk_sandbox webviewupdate_service:service_manager find;
 
+allow sdk_sandbox system_linker_exec:file execute_no_trans;
+
 # Write app-specific trace data to the Perfetto traced damon. This requires
 # connecting to its producer socket and obtaining a (per-process) tmpfs fd.
 perfetto_producer(sdk_sandbox)
@@ -102,7 +105,10 @@
 allow sdk_sandbox system_server:udp_socket {
         connect getattr read recvfrom sendto write getopt setopt };
 
-# allow access to sdksandbox data directory
+# allow sandbox to search in sdk system server directory
+# additionally, for webview to work, getattr has been permitted
+allow sdk_sandbox sdk_sandbox_system_data_file:dir { getattr search };
+# allow sandbox to create files and dirs in sdk data directory
 allow sdk_sandbox sdk_sandbox_data_file:dir create_dir_perms;
 allow sdk_sandbox sdk_sandbox_data_file:file create_file_perms;
 
@@ -151,3 +157,20 @@
 neverallow { sdk_sandbox } tmpfs:dir no_rw_file_perms;
 
 neverallow sdk_sandbox hal_drm_service:service_manager find;
+
+# Only certain system components should have access to sdk_sandbox_system_data_file
+# sdk_sandbox only needs search. Restricted in follow up neverallow rule.
+neverallow {
+    domain
+    -init
+    -installd
+    -sdk_sandbox
+    -system_server
+    -vold_prepare_subdirs
+} sdk_sandbox_system_data_file:dir { create_dir_perms relabelfrom relabelto };
+
+# sdk_sandbox only needs to traverse through the sdk_sandbox_system_data_file
+neverallow sdk_sandbox sdk_sandbox_system_data_file:dir ~{ getattr search };
+
+# Only dirs should be created at sdk_sandbox_system_data_file level
+neverallow { domain -init } sdk_sandbox_system_data_file:file *;

diff --git a/private/system_server.te b/private/system_server.te
index ec7bfe4..ba097f2 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -72,6 +72,9 @@
 allow system_server sysfs_fs_f2fs:dir r_dir_perms;
 allow system_server sysfs_fs_f2fs:file r_file_perms;
 
+# For SdkSandboxManagerService
+allow system_server sdk_sandbox_system_data_file:dir create_dir_perms;
+
 # For art.
 allow system_server { apex_art_data_file dalvikcache_data_file }:dir r_dir_perms;
 allow system_server { apex_art_data_file dalvikcache_data_file }:file r_file_perms;
@@ -1362,12 +1365,14 @@
   apex_appsearch_data_file
   apex_permission_data_file
   apex_scheduling_data_file
+  apex_tethering_data_file
   apex_wifi_data_file
 }:dir create_dir_perms;
 allow system_server {
   apex_appsearch_data_file
   apex_permission_data_file
   apex_scheduling_data_file
+  apex_tethering_data_file
   apex_wifi_data_file
 }:file create_file_perms;
 

diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index 62d458d..63b095a 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te

@@ -14,3 +14,10 @@
 untrusted_app_domain(untrusted_app)
 net_domain(untrusted_app)
 bluetooth_domain(untrusted_app)
+
+# Allow webview to access fd shared by sdksandbox for experiments data
+# TODO(b/229249719): Will not be supported in Android U
+allow untrusted_app sdk_sandbox_data_file:fd use;
+allow untrusted_app sdk_sandbox_data_file:file write;
+
+neverallow untrusted_app sdk_sandbox_data_file:file { open create };

diff --git a/private/vehicle_binding_util.te b/private/vehicle_binding_util.te
index 76d0756..f527944 100644
--- a/private/vehicle_binding_util.te
+++ b/private/vehicle_binding_util.te

@@ -8,8 +8,10 @@
 # allow writing to kmsg during boot
 allow vehicle_binding_util kmsg_device:chr_file { getattr w_file_perms };
 
-# allow reading the binding property from vhal
+# allow reading the binding property from HIDL VHAL.
 hwbinder_use(vehicle_binding_util)
+# allow reading the binding property from AIDL VHAL.
+binder_use(vehicle_binding_util)
 hal_client_domain(vehicle_binding_util, hal_vehicle)
 
 # allow executing vdc

diff --git a/private/vold_prepare_subdirs.te b/private/vold_prepare_subdirs.te
index e1c8044..ddb2828 100644
--- a/private/vold_prepare_subdirs.te
+++ b/private/vold_prepare_subdirs.te

@@ -12,6 +12,7 @@
 allow vold_prepare_subdirs self:global_capability_class_set { chown dac_override dac_read_search fowner };
 allow vold_prepare_subdirs self:process setfscreate;
 allow vold_prepare_subdirs {
+  sdk_sandbox_system_data_file
   system_data_file
   vendor_data_file
 }:dir { open read write add_name remove_name rmdir relabelfrom };
@@ -27,6 +28,7 @@
     rollback_data_file
     storaged_data_file
     sdk_sandbox_data_file
+    sdk_sandbox_system_data_file
     system_data_file
     vold_data_file
 }:dir { create_dir_perms relabelto };
@@ -56,6 +58,7 @@
   apex_appsearch_data_file
   apex_permission_data_file
   apex_scheduling_data_file
+  apex_tethering_data_file
   apex_wifi_data_file
 }:dir relabelfrom;
 

diff --git a/private/zygote.te b/private/zygote.te
index ea983fd..c5ba180 100644
--- a/private/zygote.te
+++ b/private/zygote.te

@@ -235,6 +235,9 @@
 allow zygote vendor_apex_file:dir { getattr search };
 allow zygote vendor_apex_file:file { getattr };
 
+# Allow zygote to query for compression/features.
+r_dir_file(zygote, sysfs_fs_f2fs)
+
 ###
 ### neverallow rules
 ###

diff --git a/public/property.te b/public/property.te
index 6024f07..b18f142 100644
--- a/public/property.te
+++ b/public/property.te

@@ -67,6 +67,7 @@
 system_restricted_prop(device_config_runtime_native_boot_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(device_config_surface_flinger_native_boot_prop)
+system_restricted_prop(device_config_vendor_system_native_prop)
 system_restricted_prop(fingerprint_prop)
 system_restricted_prop(gwp_asan_prop)
 system_restricted_prop(hal_instrumentation_prop)

diff --git a/public/vendor_init.te b/public/vendor_init.te
index bc6d3b9..b7302d4 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te

@@ -272,6 +272,8 @@
 get_prop(vendor_init, theme_prop)
 set_prop(vendor_init, dck_prop)
 
+# Allow vendor_init to read vendor_system_native device config changes
+get_prop(vendor_init, device_config_vendor_system_native_prop)
 
 ###
 ### neverallow rules
commit	3c896fa7ee874945f5cf6b8bb30766fe1a1c4c9b	[log] [tgz]
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Fri May 20 00:41:35 2022 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	Fri May 20 00:41:35 2022 +0000
tree	40204054e3667ed105a998a60c91fe53ec16acee
parent	6b211f6278a8afb047cf485a61eeaea75e1c2182 [diff]
parent	db2d57055002fc4cb3d4ea99c7ee7b9540fcfb5c [diff]