[automerger skipped] Allow platform_app:systemui to write protolog file am: 95f1221fc1 -s ours
am skip reason: Merged-In I9f77f8995e4bf671616ce6c49eeb93720e31430e with SHA-1 9372026ad2 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/21160895
Change-Id: I0c69f6e627dcf268195a730737abd987ba2b0672
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/Android.bp b/Android.bp
index 8e2a966..4028215 100644
--- a/Android.bp
+++ b/Android.bp
@@ -44,156 +44,6 @@
cc_defaults { name: "selinux_policy_version", cflags: ["-DSEPOLICY_VERSION=30"], }
-se_filegroup {
- name: "28.0.board.compat.map",
- srcs: [
- "compat/28.0/28.0.cil",
- ],
-}
-
-se_filegroup {
- name: "29.0.board.compat.map",
- srcs: [
- "compat/29.0/29.0.cil",
- ],
-}
-
-se_filegroup {
- name: "30.0.board.compat.map",
- srcs: [
- "compat/30.0/30.0.cil",
- ],
-}
-
-se_filegroup {
- name: "31.0.board.compat.map",
- srcs: [
- "compat/31.0/31.0.cil",
- ],
-}
-
-se_filegroup {
- name: "32.0.board.compat.map",
- srcs: [
- "compat/32.0/32.0.cil",
- ],
-}
-
-se_filegroup {
- name: "28.0.board.compat.cil",
- srcs: [
- "compat/28.0/28.0.compat.cil",
- ],
-}
-
-se_filegroup {
- name: "29.0.board.compat.cil",
- srcs: [
- "compat/29.0/29.0.compat.cil",
- ],
-}
-
-se_filegroup {
- name: "30.0.board.compat.cil",
- srcs: [
- "compat/30.0/30.0.compat.cil",
- ],
-}
-
-se_filegroup {
- name: "31.0.board.compat.cil",
- srcs: [
- "compat/31.0/31.0.compat.cil",
- ],
-}
-
-se_filegroup {
- name: "32.0.board.compat.cil",
- srcs: [
- "compat/32.0/32.0.compat.cil",
- ],
-}
-
-se_filegroup {
- name: "28.0.board.ignore.map",
- srcs: [
- "compat/28.0/28.0.ignore.cil",
- ],
-}
-
-se_filegroup {
- name: "29.0.board.ignore.map",
- srcs: [
- "compat/29.0/29.0.ignore.cil",
- ],
-}
-
-se_filegroup {
- name: "30.0.board.ignore.map",
- srcs: [
- "compat/30.0/30.0.ignore.cil",
- ],
-}
-
-se_filegroup {
- name: "31.0.board.ignore.map",
- srcs: [
- "compat/31.0/31.0.ignore.cil",
- ],
-}
-
-se_filegroup {
- name: "32.0.board.ignore.map",
- srcs: [
- "compat/32.0/32.0.ignore.cil",
- ],
-}
-
-se_build_files {
- name: "file_contexts_files",
- srcs: ["file_contexts"],
-}
-
-se_build_files {
- name: "file_contexts_asan_files",
- srcs: ["file_contexts_asan"],
-}
-
-se_build_files {
- name: "file_contexts_overlayfs_files",
- srcs: ["file_contexts_overlayfs"],
-}
-
-se_build_files {
- name: "hwservice_contexts_files",
- srcs: ["hwservice_contexts"],
-}
-
-se_build_files {
- name: "property_contexts_files",
- srcs: ["property_contexts"],
-}
-
-se_build_files {
- name: "service_contexts_files",
- srcs: ["service_contexts"],
-}
-
-se_build_files {
- name: "keystore2_key_contexts_files",
- srcs: ["keystore2_key_contexts"],
-}
-
-se_build_files {
- name: "seapp_contexts_files",
- srcs: ["seapp_contexts"],
-}
-
-se_build_files {
- name: "vndservice_contexts_files",
- srcs: ["vndservice_contexts"],
-}
-
// For vts_treble_sys_prop_test
filegroup {
name: "private_property_contexts",
@@ -367,6 +217,22 @@
stem: "apex_sepolicy.cil",
}
+se_policy_cil {
+ name: "decompiled_sepolicy-without_apex.cil",
+ src: ":precompiled_sepolicy-without_apex",
+ decompile_binary: true,
+}
+
+se_policy_cil {
+ name: "apex_sepolicy-33.decompiled.cil",
+ src: ":precompiled_sepolicy",
+ decompile_binary: true,
+ filter_out: [":decompiled_sepolicy-without_apex.cil"],
+ additional_cil_files: ["com.android.sepolicy/33/definitions/definitions.cil"],
+ secilc_check: false,
+ stem: "apex_sepolicy.decompiled.cil",
+}
+
// userdebug_plat_policy.conf - the userdebug version plat_sepolicy.cil
se_policy_conf {
name: "userdebug_plat_sepolicy.conf",
@@ -875,6 +741,50 @@
},
}
+precompiled_se_policy_binary {
+ name: "precompiled_sepolicy-without_apex",
+ srcs: [
+ ":plat_sepolicy.cil",
+ ":plat_pub_versioned.cil",
+ ":system_ext_sepolicy.cil",
+ ":product_sepolicy.cil",
+ ":vendor_sepolicy.cil",
+ ":odm_sepolicy.cil",
+ ],
+ soong_config_variables: {
+ BOARD_USES_ODMIMAGE: {
+ device_specific: true,
+ conditions_default: {
+ vendor: true,
+ },
+ },
+ IS_TARGET_MIXED_SEPOLICY: {
+ ignore_neverallow: true,
+ },
+ MIXED_SEPOLICY_VERSION: {
+ srcs: [
+ ":plat_%s.cil",
+ ":system_ext_%s.cil",
+ ":product_%s.cil",
+ ],
+ conditions_default: {
+ srcs: [
+ ":plat_mapping_file",
+ ":system_ext_mapping_file",
+ ":product_mapping_file",
+ ],
+ },
+ },
+ },
+ required: [
+ "sepolicy_neverallows",
+ "sepolicy_neverallows_vendor",
+ ],
+ dist: {
+ targets: ["base-sepolicy-files-for-mapping"],
+ },
+}
+
// policy for recovery
se_policy_conf {
name: "recovery_sepolicy.conf",
@@ -1055,27 +965,27 @@
}
// bug_map - Bug tracking information for selinux denials loaded by auditd.
-se_filegroup {
+se_build_files {
name: "bug_map_files",
srcs: ["bug_map"],
}
se_bug_map {
name: "plat_bug_map",
- srcs: [":bug_map_files"],
+ srcs: [":bug_map_files{.plat_private}"],
stem: "bug_map",
}
se_bug_map {
name: "system_ext_bug_map",
- srcs: [":bug_map_files"],
+ srcs: [":bug_map_files{.system_ext_private}"],
stem: "bug_map",
system_ext_specific: true,
}
se_bug_map {
name: "vendor_bug_map",
- srcs: [":bug_map_files"],
+ srcs: [":bug_map_files{.vendor}", ":bug_map_files{.plat_vendor_for_vendor}"],
// Legacy file name of the vendor partition bug_map.
stem: "selinux_denial_metadata",
vendor: true,
diff --git a/Android.mk b/Android.mk
index 8fd90b0..8220fd5 100644
--- a/Android.mk
+++ b/Android.mk
@@ -54,15 +54,7 @@
REQD_MASK_POLICY := $(LOCAL_PATH)/reqd_mask
SYSTEM_EXT_PUBLIC_POLICY := $(SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS)
-ifneq (,$(BOARD_PLAT_PUBLIC_SEPOLICY_DIR))
- # TODO: Disallow BOARD_PLAT_*
- SYSTEM_EXT_PUBLIC_POLICY += $(BOARD_PLAT_PUBLIC_SEPOLICY_DIR)
-endif
SYSTEM_EXT_PRIVATE_POLICY := $(SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS)
-ifneq (,$(BOARD_PLAT_PRIVATE_SEPOLICY_DIR))
- # TODO: Disallow BOARD_PLAT_*
- SYSTEM_EXT_PRIVATE_POLICY += $(BOARD_PLAT_PRIVATE_SEPOLICY_DIR)
-endif
PRODUCT_PUBLIC_POLICY := $(PRODUCT_PUBLIC_SEPOLICY_DIRS)
PRODUCT_PRIVATE_POLICY := $(PRODUCT_PRIVATE_SEPOLICY_DIRS)
@@ -332,6 +324,7 @@
plat_service_contexts_test \
plat_hwservice_contexts \
plat_hwservice_contexts_test \
+ fuzzer_bindings_test \
plat_bug_map \
searchpolicy \
@@ -518,6 +511,8 @@
odm_seapp_contexts \
odm_property_contexts \
odm_property_contexts_test \
+ odm_service_contexts \
+ odm_service_contexts_test \
odm_hwservice_contexts \
odm_hwservice_contexts_test \
odm_mac_permissions.xml
@@ -668,7 +663,6 @@
file_contexts.modules.tmp :=
##################################
-include $(LOCAL_PATH)/mac_permissions.mk
all_fc_files := $(TARGET_OUT)/etc/selinux/plat_file_contexts
all_fc_files += $(TARGET_OUT_VENDOR)/etc/selinux/vendor_file_contexts
diff --git a/TEST_MAPPING b/TEST_MAPPING
index cf99902..efcdb36 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -11,8 +11,10 @@
},
{
"include-filter": "android.security.cts.SELinuxHostTest#testGMSCoreDomain"
+ },
+ {
+ "include-filter": "android.security.cts.SeamendcHostTest"
}
-
]
},
{
diff --git a/apex/Android.bp b/apex/Android.bp
index dda949f..c4080ca 100644
--- a/apex/Android.bp
+++ b/apex/Android.bp
@@ -99,6 +99,13 @@
}
filegroup {
+ name: "com.android.federatedcompute-file_contexts",
+ srcs: [
+ "com.android.federatedcompute-file_contexts",
+ ],
+}
+
+filegroup {
name: "com.android.geotz-file_contexts",
srcs: [
"com.android.geotz-file_contexts",
@@ -265,3 +272,24 @@
"com.android.ondevicepersonalization-file_contexts",
],
}
+
+filegroup {
+ name: "com.android.healthconnect-file_contexts",
+ srcs: [
+ "com.android.healthconnect-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.rkpd-file_contexts",
+ srcs: [
+ "com.android.rkpd-file_contexts",
+ ],
+}
+
+filegroup {
+ name: "com.android.devicelock-file_contexts",
+ srcs: [
+ "com.android.devicelock-file_contexts",
+ ],
+}
diff --git a/apex/com.android.art-file_contexts b/apex/com.android.art-file_contexts
index 2533cac..f1aa92b 100644
--- a/apex/com.android.art-file_contexts
+++ b/apex/com.android.art-file_contexts
@@ -1,10 +1,11 @@
#############################
# System files
#
-(/.*)? u:object_r:system_file:s0
-/bin/artd u:object_r:artd_exec:s0
-/bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0
-/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
-/bin/odrefresh u:object_r:odrefresh_exec:s0
-/bin/profman u:object_r:profman_exec:s0
-/lib(64)?(/.*)? u:object_r:system_lib_file:s0
+(/.*)? u:object_r:system_file:s0
+/bin/art_exec u:object_r:art_exec_exec:s0
+/bin/artd u:object_r:artd_exec:s0
+/bin/dex2oat(32|64)? u:object_r:dex2oat_exec:s0
+/bin/dexoptanalyzer u:object_r:dexoptanalyzer_exec:s0
+/bin/odrefresh u:object_r:odrefresh_exec:s0
+/bin/profman u:object_r:profman_exec:s0
+/lib(64)?(/.*)? u:object_r:system_lib_file:s0
diff --git a/apex/com.android.art.debug-file_contexts b/apex/com.android.art.debug-file_contexts
index a0e9ea0..cc60b70 100644
--- a/apex/com.android.art.debug-file_contexts
+++ b/apex/com.android.art.debug-file_contexts
@@ -2,6 +2,8 @@
# System files
#
(/.*)? u:object_r:system_file:s0
+/bin/art_exec u:object_r:art_exec_exec:s0
+/bin/artd u:object_r:artd_exec:s0
/bin/dex2oat(d)?(32|64)? u:object_r:dex2oat_exec:s0
/bin/dexoptanalyzer(d)? u:object_r:dexoptanalyzer_exec:s0
/bin/odrefresh u:object_r:odrefresh_exec:s0
diff --git a/apex/com.android.conscrypt-file_contexts b/apex/com.android.conscrypt-file_contexts
index abf0085..7b81ab8 100644
--- a/apex/com.android.conscrypt-file_contexts
+++ b/apex/com.android.conscrypt-file_contexts
@@ -4,3 +4,4 @@
(/.*)? u:object_r:system_file:s0
/lib(64)?(/.*)? u:object_r:system_lib_file:s0
/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
+/cacerts(/.*)? u:object_r:system_security_cacerts_file:s0
diff --git a/apex/com.android.devicelock-file_contexts b/apex/com.android.devicelock-file_contexts
new file mode 100644
index 0000000..83b4b58
--- /dev/null
+++ b/apex/com.android.devicelock-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.federatedcompute-file_contexts b/apex/com.android.federatedcompute-file_contexts
new file mode 100644
index 0000000..9398505
--- /dev/null
+++ b/apex/com.android.federatedcompute-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.healthconnect-file_contexts b/apex/com.android.healthconnect-file_contexts
new file mode 100644
index 0000000..9398505
--- /dev/null
+++ b/apex/com.android.healthconnect-file_contexts
@@ -0,0 +1 @@
+(/.*)? u:object_r:system_file:s0
diff --git a/apex/com.android.rkpd-file_contexts b/apex/com.android.rkpd-file_contexts
new file mode 100644
index 0000000..4424c8a
--- /dev/null
+++ b/apex/com.android.rkpd-file_contexts
@@ -0,0 +1,2 @@
+(/.*)? u:object_r:system_file:s0
+/bin/rkpd u:object_r:rkpd_exec:s0
diff --git a/apex/com.android.virt-file_contexts b/apex/com.android.virt-file_contexts
index cc712ff..9c13bd5 100644
--- a/apex/com.android.virt-file_contexts
+++ b/apex/com.android.virt-file_contexts
@@ -1,4 +1,5 @@
(/.*)? u:object_r:system_file:s0
/bin/crosvm u:object_r:crosvm_exec:s0
/bin/fd_server u:object_r:fd_server_exec:s0
+/bin/virtmgr u:object_r:virtualizationmanager_exec:s0
/bin/virtualizationservice u:object_r:virtualizationservice_exec:s0
diff --git a/build/soong/Android.bp b/build/soong/Android.bp
index 8518d4d..83b31b4 100644
--- a/build/soong/Android.bp
+++ b/build/soong/Android.bp
@@ -35,7 +35,7 @@
"build_files.go",
"cil_compat_map.go",
"compat_cil.go",
- "filegroup.go",
+ "mac_permissions.go",
"policy.go",
"selinux.go",
"selinux_contexts.go",
@@ -43,6 +43,8 @@
"sepolicy_neverallow.go",
"sepolicy_vers.go",
"versioned_policy.go",
+ "service_fuzzer_bindings.go",
+ "validate_bindings.go",
],
pluginFor: ["soong_build"],
}
diff --git a/build/soong/bug_map.go b/build/soong/bug_map.go
index 00df33c..e24a21b 100644
--- a/build/soong/bug_map.go
+++ b/build/soong/bug_map.go
@@ -40,7 +40,7 @@
}
type bugMapProperties struct {
- // List of source files. Can reference se_filegroup type modules with the ":module" syntax.
+ // List of source files or se_build_files modules.
Srcs []string `android:"path"`
// Output file name. Defaults to module name if unspecified.
@@ -52,31 +52,7 @@
}
func (b *bugMap) expandSeSources(ctx android.ModuleContext) android.Paths {
- srcPaths := make(android.Paths, 0, len(b.properties.Srcs))
- for _, src := range b.properties.Srcs {
- if m := android.SrcIsModule(src); m != "" {
- module := android.GetModuleFromPathDep(ctx, m, "")
- if module == nil {
- // Error would have been handled by ExtractSourcesDeps
- continue
- }
- if fg, ok := module.(*fileGroup); ok {
- if b.SocSpecific() {
- srcPaths = append(srcPaths, fg.VendorSrcs()...)
- srcPaths = append(srcPaths, fg.SystemVendorSrcs()...)
- } else if b.SystemExtSpecific() {
- srcPaths = append(srcPaths, fg.SystemExtPrivateSrcs()...)
- } else {
- srcPaths = append(srcPaths, fg.SystemPrivateSrcs()...)
- }
- } else {
- ctx.PropertyErrorf("srcs", "%q is not an se_filegroup", m)
- }
- } else {
- srcPaths = append(srcPaths, android.PathForModuleSrc(ctx, src))
- }
- }
- return android.FirstUniquePaths(srcPaths)
+ return android.PathsForModuleSrc(ctx, b.properties.Srcs)
}
func (b *bugMap) GenerateAndroidBuildActions(ctx android.ModuleContext) {
diff --git a/build/soong/build_files.go b/build/soong/build_files.go
index 6cc40c6..383a282 100644
--- a/build/soong/build_files.go
+++ b/build/soong/build_files.go
@@ -92,10 +92,10 @@
func (b *buildFiles) GenerateAndroidBuildActions(ctx android.ModuleContext) {
b.srcs = make(map[string]android.Paths)
- b.srcs[".reqd_mask"] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "reqd_mask"))
- b.srcs[".plat_public"] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "public"))
- b.srcs[".plat_private"] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "private"))
- b.srcs[".plat_vendor"] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "vendor"))
+ b.srcs[".reqd_mask"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "reqd_mask"))
+ b.srcs[".plat_public"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "public"))
+ b.srcs[".plat_private"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "private"))
+ b.srcs[".plat_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "vendor"))
b.srcs[".system_ext_public"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPublicSepolicyDirs()...)
b.srcs[".system_ext_private"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPrivateSepolicyDirs()...)
b.srcs[".product_public"] = b.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs()...)
@@ -117,8 +117,8 @@
// use vendor-supplied plat prebuilts
b.srcs[".reqd_mask_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardReqdMaskPolicy()...)
b.srcs[".plat_vendor_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardPlatVendorPolicy()...)
- b.srcs[".plat_public_for_vendor"] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ctx.DeviceConfig().BoardSepolicyVers(), "public"))
- b.srcs[".plat_private_for_vendor"] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ctx.DeviceConfig().BoardSepolicyVers(), "private"))
+ b.srcs[".plat_public_for_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ctx.DeviceConfig().BoardSepolicyVers(), "public"))
+ b.srcs[".plat_private_for_vendor"] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ctx.DeviceConfig().BoardSepolicyVers(), "private"))
b.srcs[".system_ext_public_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardSystemExtPublicPrebuiltDirs()...)
b.srcs[".system_ext_private_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardSystemExtPrivatePrebuiltDirs()...)
b.srcs[".product_public_for_vendor"] = b.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardProductPublicPrebuiltDirs()...)
@@ -127,8 +127,8 @@
// directories used for compat tests and Treble tests
for _, ver := range ctx.DeviceConfig().PlatformSepolicyCompatVersions() {
- b.srcs[".plat_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ver, "public"))
- b.srcs[".plat_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.ModuleDir(), "prebuilts", "api", ver, "private"))
+ b.srcs[".plat_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ver, "public"))
+ b.srcs[".plat_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join("system", "sepolicy", "prebuilts", "api", ver, "private"))
b.srcs[".system_ext_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public"))
b.srcs[".system_ext_private_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().SystemExtSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "private"))
b.srcs[".product_public_"+ver] = b.findSrcsInDirs(ctx, filepath.Join(ctx.DeviceConfig().ProductSepolicyPrebuiltApiDir(), "prebuilts", "api", ver, "public"))
diff --git a/build/soong/cil_compat_map.go b/build/soong/cil_compat_map.go
index 78e870e..c9daf7c 100644
--- a/build/soong/cil_compat_map.go
+++ b/build/soong/cil_compat_map.go
@@ -59,7 +59,7 @@
// se_cil_compat_map module representing a compatibility mapping file for
// platform versions (x->y). Bottom half represents a mapping (y->z).
// Together the halves are used to generate a (x->z) mapping.
- Top_half *string
+ Top_half *string `android:"path"`
// list of source (.cil) files used to build an the bottom half of sepolicy
// compatibility mapping file. bottom_half may reference the outputs of
// other modules that produce source files like genrule or filegroup using
@@ -94,31 +94,7 @@
}
func expandSeSources(ctx android.ModuleContext, srcFiles []string) android.Paths {
- expandedSrcFiles := make(android.Paths, 0, len(srcFiles))
- for _, s := range srcFiles {
- if m := android.SrcIsModule(s); m != "" {
- module := android.GetModuleFromPathDep(ctx, m, "")
- if module == nil {
- // Error will have been handled by ExtractSourcesDeps
- continue
- }
- if fg, ok := module.(*fileGroup); ok {
- if ctx.ProductSpecific() {
- expandedSrcFiles = append(expandedSrcFiles, fg.ProductPrivateSrcs()...)
- } else if ctx.SystemExtSpecific() {
- expandedSrcFiles = append(expandedSrcFiles, fg.SystemExtPrivateSrcs()...)
- } else {
- expandedSrcFiles = append(expandedSrcFiles, fg.SystemPrivateSrcs()...)
- }
- } else {
- ctx.ModuleErrorf("srcs dependency %q is not an selinux filegroup", m)
- }
- } else {
- p := android.PathForModuleSrc(ctx, s)
- expandedSrcFiles = append(expandedSrcFiles, p)
- }
- }
- return expandedSrcFiles
+ return android.PathsForModuleSrc(ctx, srcFiles)
}
func (c *cilCompatMap) GenerateAndroidBuildActions(ctx android.ModuleContext) {
diff --git a/build/soong/compat_cil.go b/build/soong/compat_cil.go
index e7b3af2..afd2396 100644
--- a/build/soong/compat_cil.go
+++ b/build/soong/compat_cil.go
@@ -48,7 +48,7 @@
}
type compatCilProperties struct {
- // List of source files. Can reference se_filegroup type modules with the ":module" syntax.
+ // List of source files. Can reference se_build_files type modules with the ":module" syntax.
Srcs []string `android:"path"`
// Output file name. Defaults to module name if unspecified.
@@ -60,28 +60,7 @@
}
func (c *compatCil) expandSeSources(ctx android.ModuleContext) android.Paths {
- srcPaths := make(android.Paths, 0, len(c.properties.Srcs))
- for _, src := range c.properties.Srcs {
- if m := android.SrcIsModule(src); m != "" {
- module := android.GetModuleFromPathDep(ctx, m, "")
- if module == nil {
- // Error would have been handled by ExtractSourcesDeps
- continue
- }
- if fg, ok := module.(*fileGroup); ok {
- if c.SystemExtSpecific() {
- srcPaths = append(srcPaths, fg.SystemExtPrivateSrcs()...)
- } else {
- srcPaths = append(srcPaths, fg.SystemPrivateSrcs()...)
- }
- } else {
- ctx.PropertyErrorf("srcs", "%q is not an se_filegroup", m)
- }
- } else {
- srcPaths = append(srcPaths, android.PathForModuleSrc(ctx, src))
- }
- }
- return srcPaths
+ return android.PathsForModuleSrc(ctx, c.properties.Srcs)
}
func (c *compatCil) GenerateAndroidBuildActions(ctx android.ModuleContext) {
diff --git a/build/soong/filegroup.go b/build/soong/filegroup.go
deleted file mode 100644
index 9dd4bd9..0000000
--- a/build/soong/filegroup.go
+++ /dev/null
@@ -1,156 +0,0 @@
-// Copyright 2018 Google Inc. All rights reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package selinux
-
-import (
- "android/soong/android"
- "path/filepath"
-)
-
-func init() {
- android.RegisterModuleType("se_filegroup", FileGroupFactory)
-}
-
-func FileGroupFactory() android.Module {
- module := &fileGroup{}
- module.AddProperties(&module.properties)
- android.InitAndroidModule(module)
- return module
-}
-
-type fileGroupProperties struct {
- // list of source file suffixes used to collect selinux policy files.
- // Source files will be looked up in the following local directories:
- // system/sepolicy/{public, private, vendor, reqd_mask}
- // and directories specified by following config variables:
- // BOARD_SEPOLICY_DIRS, BOARD_ODM_SEPOLICY_DIRS
- // SYSTEM_EXT_PUBLIC_SEPOLICY_DIR, SYSTEM_EXT_PRIVATE_SEPOLICY_DIR
- Srcs []string
-}
-
-type fileGroup struct {
- android.ModuleBase
- properties fileGroupProperties
-
- systemPublicSrcs android.Paths
- systemPrivateSrcs android.Paths
- systemVendorSrcs android.Paths
- systemReqdMaskSrcs android.Paths
-
- systemExtPublicSrcs android.Paths
- systemExtPrivateSrcs android.Paths
-
- productPublicSrcs android.Paths
- productPrivateSrcs android.Paths
-
- vendorSrcs android.Paths
- vendorReqdMaskSrcs android.Paths
- odmSrcs android.Paths
-}
-
-// Source files from system/sepolicy/public
-func (fg *fileGroup) SystemPublicSrcs() android.Paths {
- return fg.systemPublicSrcs
-}
-
-// Source files from system/sepolicy/private
-func (fg *fileGroup) SystemPrivateSrcs() android.Paths {
- return fg.systemPrivateSrcs
-}
-
-// Source files from system/sepolicy/vendor
-func (fg *fileGroup) SystemVendorSrcs() android.Paths {
- return fg.systemVendorSrcs
-}
-
-// Source files from system/sepolicy/reqd_mask
-func (fg *fileGroup) SystemReqdMaskSrcs() android.Paths {
- return fg.systemReqdMaskSrcs
-}
-
-// Source files from SYSTEM_EXT_PUBLIC_SEPOLICY_DIR
-func (fg *fileGroup) SystemExtPublicSrcs() android.Paths {
- return fg.systemExtPublicSrcs
-}
-
-// Source files from SYSTEM_EXT_PRIVATE_SEPOLICY_DIR
-func (fg *fileGroup) SystemExtPrivateSrcs() android.Paths {
- return fg.systemExtPrivateSrcs
-}
-
-// Source files from PRODUCT_PUBLIC_SEPOLICY_DIRS
-func (fg *fileGroup) ProductPublicSrcs() android.Paths {
- return fg.productPublicSrcs
-}
-
-// Source files from PRODUCT_PRIVATE_SEPOLICY_DIRS
-func (fg *fileGroup) ProductPrivateSrcs() android.Paths {
- return fg.productPrivateSrcs
-}
-
-// Source files from BOARD_VENDOR_SEPOLICY_DIRS
-func (fg *fileGroup) VendorSrcs() android.Paths {
- return fg.vendorSrcs
-}
-
-func (fg *fileGroup) VendorReqdMaskSrcs() android.Paths {
- return fg.vendorReqdMaskSrcs
-}
-
-// Source files from BOARD_ODM_SEPOLICY_DIRS
-func (fg *fileGroup) OdmSrcs() android.Paths {
- return fg.odmSrcs
-}
-
-func (fg *fileGroup) findSrcsInDirs(ctx android.ModuleContext, dirs []string) android.Paths {
- result := android.Paths{}
- for _, f := range fg.properties.Srcs {
- for _, d := range dirs {
- path := filepath.Join(d, f)
- files, _ := ctx.GlobWithDeps(path, nil)
- for _, f := range files {
- result = append(result, android.PathForSource(ctx, f))
- }
- }
- }
- return result
-}
-
-func (fg *fileGroup) findSrcsInDir(ctx android.ModuleContext, dir string) android.Paths {
- return fg.findSrcsInDirs(ctx, []string{dir})
-}
-
-func (fg *fileGroup) DepsMutator(ctx android.BottomUpMutatorContext) {}
-
-func (fg *fileGroup) GenerateAndroidBuildActions(ctx android.ModuleContext) {
- fg.systemPublicSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "public"))
- fg.systemPrivateSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "private"))
- fg.systemReqdMaskSrcs = fg.findSrcsInDir(ctx, filepath.Join(ctx.ModuleDir(), "reqd_mask"))
-
- fg.systemExtPublicSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPublicSepolicyDirs())
- fg.systemExtPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().SystemExtPrivateSepolicyDirs())
-
- fg.productPublicSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPublicSepolicyDirs())
- fg.productPrivateSrcs = fg.findSrcsInDirs(ctx, ctx.Config().ProductPrivateSepolicyDirs())
-
- systemVendorDirs := ctx.DeviceConfig().BoardPlatVendorPolicy()
- if len(systemVendorDirs) == 0 || ctx.DeviceConfig().PlatformSepolicyVersion() == ctx.DeviceConfig().BoardSepolicyVers() {
- systemVendorDirs = []string{filepath.Join(ctx.ModuleDir(), "vendor")}
- }
- fg.systemVendorSrcs = fg.findSrcsInDirs(ctx, systemVendorDirs)
- fg.vendorReqdMaskSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().BoardReqdMaskPolicy())
- fg.vendorSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().VendorSepolicyDirs())
- fg.odmSrcs = fg.findSrcsInDirs(ctx, ctx.DeviceConfig().OdmSepolicyDirs())
-}
diff --git a/build/soong/go.mod b/build/soong/go.mod
new file mode 100644
index 0000000..37bc985
--- /dev/null
+++ b/build/soong/go.mod
@@ -0,0 +1,23 @@
+module android/soong/sepolicy
+
+require (
+ android/soong v0.0.0
+ github.com/google/blueprint v0.0.0
+ golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f // indirect
+)
+
+replace android/soong v0.0.0 => ../../../../build/soong
+
+replace google.golang.org/protobuf v0.0.0 => ../../../../external/golang-protobuf
+
+replace github.com/google/blueprint v0.0.0 => ../../../../build/blueprint
+
+// Indirect deps from golang-protobuf
+exclude github.com/golang/protobuf v1.5.0
+
+replace github.com/google/go-cmp v0.5.5 => ../../../../external/go-cmp
+
+// Indirect dep from go-cmp
+exclude golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
+
+go 1.13
diff --git a/build/soong/go.sum b/build/soong/go.sum
new file mode 100644
index 0000000..cbe76d9
--- /dev/null
+++ b/build/soong/go.sum
@@ -0,0 +1,2 @@
+golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f h1:uF6paiQQebLeSXkrTqHqz0MXhXXS1KgF41eUdBNvxK0=
+golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8=
diff --git a/build/soong/mac_permissions.go b/build/soong/mac_permissions.go
new file mode 100644
index 0000000..9615d12
--- /dev/null
+++ b/build/soong/mac_permissions.go
@@ -0,0 +1,144 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+ "fmt"
+ "io"
+
+ "github.com/google/blueprint/proptools"
+
+ "android/soong/android"
+)
+
+var (
+ // Should be synced with keys.conf.
+ AllPlatformKeys = []string{
+ "platform",
+ "sdk_sandbox",
+ "media",
+ "networkstack",
+ "shared",
+ "testkey",
+ "bluetooth",
+ }
+)
+
+type macPermissionsProperties struct {
+ // keys.conf files to control the mapping of "tags" found in the mac_permissions.xml files.
+ Keys []string `android:"path"`
+
+ // Source files for the generated mac_permissions.xml file.
+ Srcs []string `android:"path"`
+
+ // Output file name. Defaults to module name
+ Stem *string
+}
+
+type macPermissionsModule struct {
+ android.ModuleBase
+
+ properties macPermissionsProperties
+ outputPath android.ModuleOutPath
+ installPath android.InstallPath
+}
+
+func init() {
+ android.RegisterModuleType("mac_permissions", macPermissionsFactory)
+}
+
+func getAllPlatformKeyPaths(ctx android.ModuleContext) android.Paths {
+ var platformKeys android.Paths
+
+ defaultCertificateDir := ctx.Config().DefaultAppCertificateDir(ctx)
+ for _, key := range AllPlatformKeys {
+ platformKeys = append(platformKeys, defaultCertificateDir.Join(ctx, key+".x509.pem"))
+ }
+
+ return platformKeys
+}
+
+func (m *macPermissionsModule) DepsMutator(ctx android.BottomUpMutatorContext) {
+ // do nothing
+}
+
+func (m *macPermissionsModule) stem() string {
+ return proptools.StringDefault(m.properties.Stem, m.Name())
+}
+
+func buildVariant(ctx android.ModuleContext) string {
+ if ctx.Config().Eng() {
+ return "eng"
+ }
+ if ctx.Config().Debuggable() {
+ return "userdebug"
+ }
+ return "user"
+}
+
+func (m *macPermissionsModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ platformKeys := getAllPlatformKeyPaths(ctx)
+ keys := android.PathsForModuleSrc(ctx, m.properties.Keys)
+ srcs := android.PathsForModuleSrc(ctx, m.properties.Srcs)
+
+ m4Keys := android.PathForModuleGen(ctx, "mac_perms_keys.tmp")
+ rule := android.NewRuleBuilder(pctx, ctx)
+ rule.Command().
+ Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
+ Text("--fatal-warnings -s").
+ FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
+ Inputs(keys).
+ FlagWithOutput("> ", m4Keys).
+ Implicits(platformKeys)
+
+ m.outputPath = android.PathForModuleOut(ctx, m.stem())
+ rule.Command().Text("DEFAULT_SYSTEM_DEV_CERTIFICATE="+ctx.Config().DefaultAppCertificateDir(ctx).String()).
+ Text("MAINLINE_SEPOLICY_DEV_CERTIFICATES="+ctx.Config().MainlineSepolicyDevCertificatesDir(ctx).String()).
+ BuiltTool("insertkeys").
+ FlagWithArg("-t ", buildVariant(ctx)).
+ Input(m4Keys).
+ FlagWithOutput("-o ", m.outputPath).
+ Inputs(srcs)
+
+ rule.Build("mac_permission", "build "+m.Name())
+
+ m.installPath = android.PathForModuleInstall(ctx, "etc", "selinux")
+ ctx.InstallFile(m.installPath, m.stem(), m.outputPath)
+}
+
+func (m *macPermissionsModule) AndroidMk() android.AndroidMkData {
+ return android.AndroidMkData{
+ Class: "ETC",
+ OutputFile: android.OptionalPathForPath(m.outputPath),
+ Extra: []android.AndroidMkExtraFunc{
+ func(w io.Writer, outputFile android.Path) {
+ fmt.Fprintln(w, "LOCAL_MODULE_PATH :=", m.installPath.String())
+ fmt.Fprintln(w, "LOCAL_INSTALLED_MODULE_STEM :=", m.stem())
+ },
+ },
+ }
+}
+
+// mac_permissions module generates a mac_permissions.xml file from given keys.conf and
+// source files. The following variables are supported for keys.conf files.
+//
+// DEFAULT_SYSTEM_DEV_CERTIFICATE
+// MAINLINE_SEPOLICY_DEV_CERTIFICATES
+func macPermissionsFactory() android.Module {
+ m := &macPermissionsModule{}
+ m.AddProperties(&m.properties)
+ android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
+ return m
+}
diff --git a/build/soong/policy.go b/build/soong/policy.go
index b1840da..aea8e09 100644
--- a/build/soong/policy.go
+++ b/build/soong/policy.go
@@ -45,10 +45,9 @@
"mls",
"policy_capabilities",
"te_macros",
- "attributes",
"ioctl_defines",
"ioctl_macros",
- "*.te",
+ "attributes|*.te",
"roles_decl",
"roles",
"users",
@@ -198,7 +197,10 @@
func findPolicyConfOrder(name string) int {
for idx, pattern := range policyConfOrder {
- if pattern == name || (pattern == "*.te" && strings.HasSuffix(name, ".te")) {
+ // We could use regexp but it seems like an overkill
+ if pattern == "attributes|*.te" && (name == "attributes" || strings.HasSuffix(name, ".te")) {
+ return idx
+ } else if pattern == name {
return idx
}
}
@@ -285,6 +287,10 @@
// Policy file to be compiled to cil file.
Src *string `android:"path"`
+ // If true, the input policy file is a binary policy that will be decompiled to a cil file.
+ // Defaults to false.
+ Decompile_binary *bool
+
// Additional cil files to be added in the end of the output. This is to support workarounds
// which are not supported by the policy language.
Additional_cil_files []string `android:"path"`
@@ -336,17 +342,15 @@
func (c *policyCil) compileConfToCil(ctx android.ModuleContext, conf android.Path) android.OutputPath {
cil := android.PathForModuleOut(ctx, c.stem()).OutputPath
rule := android.NewRuleBuilder(pctx, ctx)
- rule.Command().BuiltTool("checkpolicy").
+ checkpolicyCmd := rule.Command().BuiltTool("checkpolicy").
Flag("-C"). // Write CIL
Flag("-M"). // Enable MLS
FlagWithArg("-c ", strconv.Itoa(PolicyVers)).
FlagWithOutput("-o ", cil).
Input(conf)
- if len(c.properties.Additional_cil_files) > 0 {
- rule.Command().Text("cat").
- Inputs(android.PathsForModuleSrc(ctx, c.properties.Additional_cil_files)).
- Text(">> ").Output(cil)
+ if proptools.Bool(c.properties.Decompile_binary) {
+ checkpolicyCmd.Flag("-b") // Read binary
}
if len(c.properties.Filter_out) > 0 {
@@ -357,6 +361,12 @@
FlagWithOutput("-t ", cil)
}
+ if len(c.properties.Additional_cil_files) > 0 {
+ rule.Command().Text("cat").
+ Inputs(android.PathsForModuleSrc(ctx, c.properties.Additional_cil_files)).
+ Text(">> ").Output(cil)
+ }
+
if proptools.Bool(c.properties.Remove_line_marker) {
rule.Command().Text("grep -v").
Text(proptools.ShellEscape(";;")).
@@ -446,6 +456,9 @@
// Whether this module is directly installable to one of the partitions. Default is true
Installable *bool
+
+ // List of domains that are allowed to be in permissive mode on user builds.
+ Permissive_domains_on_user_builds []string
}
type policyBinary struct {
@@ -502,11 +515,19 @@
// permissive check is performed only in user build (not debuggable).
if !ctx.Config().Debuggable() {
permissiveDomains := android.PathForModuleOut(ctx, c.stem()+"_permissive")
- rule.Command().BuiltTool("sepolicy-analyze").
+ cmd := rule.Command().BuiltTool("sepolicy-analyze").
Input(bin).
- Text("permissive").
- Text(" > ").
- Output(permissiveDomains)
+ Text("permissive")
+ // Filter-out domains listed in permissive_domains_on_user_builds
+ allowedDomains := c.properties.Permissive_domains_on_user_builds
+ if len(allowedDomains) != 0 {
+ cmd.Text("| { grep -Fxv")
+ for _, d := range allowedDomains {
+ cmd.FlagWithArg("-e ", proptools.ShellEscape(d))
+ }
+ cmd.Text(" || true; }") // no match doesn't fail the cmd
+ }
+ cmd.Text(" > ").Output(permissiveDomains)
rule.Temporary(permissiveDomains)
msg := `==========\n` +
diff --git a/build/soong/selinux_contexts.go b/build/soong/selinux_contexts.go
index 463a978..6a971da 100644
--- a/build/soong/selinux_contexts.go
+++ b/build/soong/selinux_contexts.go
@@ -247,11 +247,21 @@
rule := android.NewRuleBuilder(pctx, ctx)
+ newlineFile := android.PathForModuleGen(ctx, "newline")
+
+ rule.Command().Text("echo").FlagWithOutput("> ", newlineFile)
+ rule.Temporary(newlineFile)
+
+ var inputsWithNewline android.Paths
+ for _, input := range inputs {
+ inputsWithNewline = append(inputsWithNewline, input, newlineFile)
+ }
+
rule.Command().
Tool(ctx.Config().PrebuiltBuildTool(ctx, "m4")).
Text("--fatal-warnings -s").
FlagForEachArg("-D", ctx.DeviceConfig().SepolicyM4Defs()).
- Inputs(inputs).
+ Inputs(inputsWithNewline).
FlagWithOutput("> ", builtContext)
if proptools.Bool(m.properties.Remove_comment) {
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
new file mode 100644
index 0000000..8e11850
--- /dev/null
+++ b/build/soong/service_fuzzer_bindings.go
@@ -0,0 +1,465 @@
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+var EXCEPTION_NO_FUZZER = []string{}
+
+//
+// To add a fuzzer for service, add your service name and fuzzer name in ServiceFuzzerBindings
+// example of entry -
+// "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
+
+var (
+ ServiceFuzzerBindings = map[string][]string{
+ "android.hardware.audio.core.IConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/a2dp": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/bluetooth": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/hearing_aid": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/msd": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/r_submix": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/stub": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/usb": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.effect.IFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.sounddose.ISoundDoseFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.authsecret.IAuthSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.IFace/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.broadcastradio.IBroadcastRadio/amfm": EXCEPTION_NO_FUZZER,
+ "android.hardware.broadcastradio.IBroadcastRadio/dab": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
+ "android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.composer3.IComposer/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.storage.IStorage/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
+ "android.hardware.identity.IIdentityCredentialStore/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.input.processor.IInputProcessor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.ir.IConsumerIr/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.light.ILights/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.memtrack.IMemtrack/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.net.nlinterceptor.IInterceptor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.nfc.INfc/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.oemlock.IOemLock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.IPower/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.stats.IPowerStats/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.config.IRadioConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.media.IImsMedia/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE3": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tetheroffload.IOffload/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.uwb.IUwb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibrator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
+ "android.hardware.weaver.IWeaver/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.IWifi/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.cameraservice.service.ICameraService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
+ "android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
+ "android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
+ "android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
+ "android.system.net.netd.INetd/default": EXCEPTION_NO_FUZZER,
+ "android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
+ "accessibility": EXCEPTION_NO_FUZZER,
+ "account": EXCEPTION_NO_FUZZER,
+ "activity": EXCEPTION_NO_FUZZER,
+ "activity_task": EXCEPTION_NO_FUZZER,
+ "adb": EXCEPTION_NO_FUZZER,
+ "adservices_manager": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_1": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_test_2": EXCEPTION_NO_FUZZER,
+ "aidl_lazy_cb_test": EXCEPTION_NO_FUZZER,
+ "alarm": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/default": EXCEPTION_NO_FUZZER,
+ "android.os.UpdateEngineService": EXCEPTION_NO_FUZZER,
+ "android.os.UpdateEngineStableService": EXCEPTION_NO_FUZZER,
+ "android.frameworks.automotive.display.ICarDisplayProxy/default": EXCEPTION_NO_FUZZER,
+ "android.security.apc": EXCEPTION_NO_FUZZER,
+ "android.security.authorization": EXCEPTION_NO_FUZZER,
+ "android.security.compat": EXCEPTION_NO_FUZZER,
+ "android.security.dice.IDiceMaintenance": EXCEPTION_NO_FUZZER,
+ "android.security.dice.IDiceNode": EXCEPTION_NO_FUZZER,
+ "android.security.identity": EXCEPTION_NO_FUZZER,
+ "android.security.keystore": EXCEPTION_NO_FUZZER,
+ "android.security.legacykeystore": EXCEPTION_NO_FUZZER,
+ "android.security.maintenance": EXCEPTION_NO_FUZZER,
+ "android.security.metrics": EXCEPTION_NO_FUZZER,
+ "android.security.remoteprovisioning": EXCEPTION_NO_FUZZER,
+ "android.security.remoteprovisioning.IRemotelyProvisionedKeyPool": EXCEPTION_NO_FUZZER,
+ "android.service.gatekeeper.IGateKeeperService": EXCEPTION_NO_FUZZER,
+ "android.system.composd": EXCEPTION_NO_FUZZER,
+ "android.system.virtualizationservice": EXCEPTION_NO_FUZZER,
+ "ambient_context": EXCEPTION_NO_FUZZER,
+ "app_binding": EXCEPTION_NO_FUZZER,
+ "app_hibernation": EXCEPTION_NO_FUZZER,
+ "app_integrity": EXCEPTION_NO_FUZZER,
+ "app_prediction": EXCEPTION_NO_FUZZER,
+ "app_search": EXCEPTION_NO_FUZZER,
+ "apexservice": EXCEPTION_NO_FUZZER,
+ "attestation_verification": EXCEPTION_NO_FUZZER,
+ "blob_store": EXCEPTION_NO_FUZZER,
+ "gsiservice": EXCEPTION_NO_FUZZER,
+ "appops": EXCEPTION_NO_FUZZER,
+ "appwidget": EXCEPTION_NO_FUZZER,
+ "artd": EXCEPTION_NO_FUZZER,
+ "assetatlas": EXCEPTION_NO_FUZZER,
+ "attention": EXCEPTION_NO_FUZZER,
+ "audio": EXCEPTION_NO_FUZZER,
+ "auth": EXCEPTION_NO_FUZZER,
+ "autofill": EXCEPTION_NO_FUZZER,
+ "background_install_control": EXCEPTION_NO_FUZZER,
+ "backup": EXCEPTION_NO_FUZZER,
+ "batteryproperties": EXCEPTION_NO_FUZZER,
+ "batterystats": EXCEPTION_NO_FUZZER,
+ "battery": EXCEPTION_NO_FUZZER,
+ "binder_calls_stats": EXCEPTION_NO_FUZZER,
+ "biometric": EXCEPTION_NO_FUZZER,
+ "bluetooth_manager": EXCEPTION_NO_FUZZER,
+ "bluetooth": EXCEPTION_NO_FUZZER,
+ "broadcastradio": EXCEPTION_NO_FUZZER,
+ "bugreport": EXCEPTION_NO_FUZZER,
+ "cacheinfo": EXCEPTION_NO_FUZZER,
+ "carrier_config": EXCEPTION_NO_FUZZER,
+ "clipboard": EXCEPTION_NO_FUZZER,
+ "cloudsearch": EXCEPTION_NO_FUZZER,
+ "cloudsearch_service": EXCEPTION_NO_FUZZER,
+ "com.android.net.IProxyService": EXCEPTION_NO_FUZZER,
+ "companiondevice": EXCEPTION_NO_FUZZER,
+ "communal": EXCEPTION_NO_FUZZER,
+ "platform_compat": EXCEPTION_NO_FUZZER,
+ "platform_compat_native": EXCEPTION_NO_FUZZER,
+ "connectivity": EXCEPTION_NO_FUZZER,
+ "connectivity_native": EXCEPTION_NO_FUZZER,
+ "connmetrics": EXCEPTION_NO_FUZZER,
+ "consumer_ir": EXCEPTION_NO_FUZZER,
+ "content": EXCEPTION_NO_FUZZER,
+ "content_capture": EXCEPTION_NO_FUZZER,
+ "content_suggestions": EXCEPTION_NO_FUZZER,
+ "contexthub": EXCEPTION_NO_FUZZER,
+ "country_detector": EXCEPTION_NO_FUZZER,
+ "coverage": EXCEPTION_NO_FUZZER,
+ "cpuinfo": EXCEPTION_NO_FUZZER,
+ "credential": EXCEPTION_NO_FUZZER,
+ "crossprofileapps": EXCEPTION_NO_FUZZER,
+ "dataloader_manager": EXCEPTION_NO_FUZZER,
+ "dbinfo": EXCEPTION_NO_FUZZER,
+ "device_config": EXCEPTION_NO_FUZZER,
+ "device_policy": EXCEPTION_NO_FUZZER,
+ "device_identifiers": EXCEPTION_NO_FUZZER,
+ "deviceidle": EXCEPTION_NO_FUZZER,
+ "device_lock": EXCEPTION_NO_FUZZER,
+ "device_state": EXCEPTION_NO_FUZZER,
+ "devicestoragemonitor": EXCEPTION_NO_FUZZER,
+ "diskstats": EXCEPTION_NO_FUZZER,
+ "display": EXCEPTION_NO_FUZZER,
+ "dnsresolver": EXCEPTION_NO_FUZZER,
+ "domain_verification": EXCEPTION_NO_FUZZER,
+ "color_display": EXCEPTION_NO_FUZZER,
+ "netd_listener": EXCEPTION_NO_FUZZER,
+ "network_watchlist": EXCEPTION_NO_FUZZER,
+ "DockObserver": EXCEPTION_NO_FUZZER,
+ "dreams": EXCEPTION_NO_FUZZER,
+ "drm.drmManager": EXCEPTION_NO_FUZZER,
+ "dropbox": EXCEPTION_NO_FUZZER,
+ "dumpstate": EXCEPTION_NO_FUZZER,
+ "dynamic_system": EXCEPTION_NO_FUZZER,
+ "econtroller": EXCEPTION_NO_FUZZER,
+ "emergency_affordance": EXCEPTION_NO_FUZZER,
+ "euicc_card_controller": EXCEPTION_NO_FUZZER,
+ "external_vibrator_service": EXCEPTION_NO_FUZZER,
+ "ethernet": EXCEPTION_NO_FUZZER,
+ "face": EXCEPTION_NO_FUZZER,
+ "file_integrity": EXCEPTION_NO_FUZZER,
+ "fingerprint": EXCEPTION_NO_FUZZER,
+ "font": EXCEPTION_NO_FUZZER,
+ "android.hardware.fingerprint.IFingerprintDaemon": EXCEPTION_NO_FUZZER,
+ "game": EXCEPTION_NO_FUZZER,
+ "gfxinfo": EXCEPTION_NO_FUZZER,
+ "gnss_time_update_service": EXCEPTION_NO_FUZZER,
+ "grammatical_inflection": EXCEPTION_NO_FUZZER,
+ "graphicsstats": EXCEPTION_NO_FUZZER,
+ "gpu": EXCEPTION_NO_FUZZER,
+ "hardware": EXCEPTION_NO_FUZZER,
+ "hardware_properties": EXCEPTION_NO_FUZZER,
+ "hdmi_control": EXCEPTION_NO_FUZZER,
+ "healthconnect": EXCEPTION_NO_FUZZER,
+ "ions": EXCEPTION_NO_FUZZER,
+ "idmap": EXCEPTION_NO_FUZZER,
+ "incident": EXCEPTION_NO_FUZZER,
+ "incidentcompanion": EXCEPTION_NO_FUZZER,
+ "inputflinger": EXCEPTION_NO_FUZZER,
+ "input_method": EXCEPTION_NO_FUZZER,
+ "input": EXCEPTION_NO_FUZZER,
+ "installd": EXCEPTION_NO_FUZZER,
+ "iphonesubinfo_msim": EXCEPTION_NO_FUZZER,
+ "iphonesubinfo2": EXCEPTION_NO_FUZZER,
+ "iphonesubinfo": EXCEPTION_NO_FUZZER,
+ "ims": EXCEPTION_NO_FUZZER,
+ "imms": EXCEPTION_NO_FUZZER,
+ "incremental": EXCEPTION_NO_FUZZER,
+ "ipsec": EXCEPTION_NO_FUZZER,
+ "ircsmessage": EXCEPTION_NO_FUZZER,
+ "iris": EXCEPTION_NO_FUZZER,
+ "isms_msim": EXCEPTION_NO_FUZZER,
+ "isms2": EXCEPTION_NO_FUZZER,
+ "isms": EXCEPTION_NO_FUZZER,
+ "isub": EXCEPTION_NO_FUZZER,
+ "jobscheduler": EXCEPTION_NO_FUZZER,
+ "launcherapps": EXCEPTION_NO_FUZZER,
+ "legacy_permission": EXCEPTION_NO_FUZZER,
+ "lights": EXCEPTION_NO_FUZZER,
+ "locale": EXCEPTION_NO_FUZZER,
+ "location": EXCEPTION_NO_FUZZER,
+ "location_time_zone_manager": EXCEPTION_NO_FUZZER,
+ "lock_settings": EXCEPTION_NO_FUZZER,
+ "logcat": EXCEPTION_NO_FUZZER,
+ "logd": EXCEPTION_NO_FUZZER,
+ "looper_stats": EXCEPTION_NO_FUZZER,
+ "lpdump_service": EXCEPTION_NO_FUZZER,
+ "mdns": EXCEPTION_NO_FUZZER,
+ "media.aaudio": EXCEPTION_NO_FUZZER,
+ "media.audio_flinger": EXCEPTION_NO_FUZZER,
+ "media.audio_policy": EXCEPTION_NO_FUZZER,
+ "media.camera": EXCEPTION_NO_FUZZER,
+ "media.camera.proxy": EXCEPTION_NO_FUZZER,
+ "media.log": EXCEPTION_NO_FUZZER,
+ "media.player": EXCEPTION_NO_FUZZER,
+ "media.metrics": EXCEPTION_NO_FUZZER,
+ "media.extractor": EXCEPTION_NO_FUZZER,
+ "media.transcoding": EXCEPTION_NO_FUZZER,
+ "media.resource_manager": EXCEPTION_NO_FUZZER,
+ "media.resource_observer": EXCEPTION_NO_FUZZER,
+ "media.sound_trigger_hw": EXCEPTION_NO_FUZZER,
+ "media.drm": EXCEPTION_NO_FUZZER,
+ "media.tuner": EXCEPTION_NO_FUZZER,
+ "media_communication": EXCEPTION_NO_FUZZER,
+ "media_metrics": EXCEPTION_NO_FUZZER,
+ "media_projection": EXCEPTION_NO_FUZZER,
+ "media_resource_monitor": EXCEPTION_NO_FUZZER,
+ "media_router": EXCEPTION_NO_FUZZER,
+ "media_session": EXCEPTION_NO_FUZZER,
+ "meminfo": EXCEPTION_NO_FUZZER,
+ "memtrack.proxy": EXCEPTION_NO_FUZZER,
+ "midi": EXCEPTION_NO_FUZZER,
+ "mount": EXCEPTION_NO_FUZZER,
+ "music_recognition": EXCEPTION_NO_FUZZER,
+ "nearby": EXCEPTION_NO_FUZZER,
+ "netd": EXCEPTION_NO_FUZZER,
+ "netpolicy": EXCEPTION_NO_FUZZER,
+ "netstats": EXCEPTION_NO_FUZZER,
+ "network_stack": EXCEPTION_NO_FUZZER,
+ "network_management": EXCEPTION_NO_FUZZER,
+ "network_score": EXCEPTION_NO_FUZZER,
+ "network_time_update_service": EXCEPTION_NO_FUZZER,
+ "nfc": EXCEPTION_NO_FUZZER,
+ "notification": EXCEPTION_NO_FUZZER,
+ "oem_lock": EXCEPTION_NO_FUZZER,
+ "ondevicepersonalization_system_service": EXCEPTION_NO_FUZZER,
+ "otadexopt": EXCEPTION_NO_FUZZER,
+ "overlay": EXCEPTION_NO_FUZZER,
+ "pac_proxy": EXCEPTION_NO_FUZZER,
+ "package": EXCEPTION_NO_FUZZER,
+ "package_native": EXCEPTION_NO_FUZZER,
+ "people": EXCEPTION_NO_FUZZER,
+ "performance_hint": EXCEPTION_NO_FUZZER,
+ "permission": EXCEPTION_NO_FUZZER,
+ "permissionmgr": EXCEPTION_NO_FUZZER,
+ "permission_checker": EXCEPTION_NO_FUZZER,
+ "persistent_data_block": EXCEPTION_NO_FUZZER,
+ "phone_msim": EXCEPTION_NO_FUZZER,
+ "phone1": EXCEPTION_NO_FUZZER,
+ "phone2": EXCEPTION_NO_FUZZER,
+ "phone": EXCEPTION_NO_FUZZER,
+ "pinner": EXCEPTION_NO_FUZZER,
+ "powerstats": EXCEPTION_NO_FUZZER,
+ "power": EXCEPTION_NO_FUZZER,
+ "print": EXCEPTION_NO_FUZZER,
+ "processinfo": EXCEPTION_NO_FUZZER,
+ "procstats": EXCEPTION_NO_FUZZER,
+ "profcollectd": EXCEPTION_NO_FUZZER,
+ "radio.phonesubinfo": EXCEPTION_NO_FUZZER,
+ "radio.phone": EXCEPTION_NO_FUZZER,
+ "radio.sms": EXCEPTION_NO_FUZZER,
+ "rcs": EXCEPTION_NO_FUZZER,
+ "reboot_readiness": EXCEPTION_NO_FUZZER,
+ "recovery": EXCEPTION_NO_FUZZER,
+ "remote_provisioning": EXCEPTION_NO_FUZZER,
+ "resolver": EXCEPTION_NO_FUZZER,
+ "resources": EXCEPTION_NO_FUZZER,
+ "restrictions": EXCEPTION_NO_FUZZER,
+ "rkpd.registrar": EXCEPTION_NO_FUZZER,
+ "rkpd.refresh": EXCEPTION_NO_FUZZER,
+ "role": EXCEPTION_NO_FUZZER,
+ "rollback": EXCEPTION_NO_FUZZER,
+ "rttmanager": EXCEPTION_NO_FUZZER,
+ "runtime": EXCEPTION_NO_FUZZER,
+ "safety_center": EXCEPTION_NO_FUZZER,
+ "samplingprofiler": EXCEPTION_NO_FUZZER,
+ "scheduling_policy": EXCEPTION_NO_FUZZER,
+ "search": EXCEPTION_NO_FUZZER,
+ "search_ui": EXCEPTION_NO_FUZZER,
+ "secure_element": EXCEPTION_NO_FUZZER,
+ "sec_key_att_app_id_provider": EXCEPTION_NO_FUZZER,
+ "selection_toolbar": EXCEPTION_NO_FUZZER,
+ "sensorservice": EXCEPTION_NO_FUZZER,
+ "sensor_privacy": EXCEPTION_NO_FUZZER,
+ "serial": EXCEPTION_NO_FUZZER,
+ "servicediscovery": EXCEPTION_NO_FUZZER,
+ "manager": []string{"servicemanager_fuzzer"},
+ "settings": EXCEPTION_NO_FUZZER,
+ "shortcut": EXCEPTION_NO_FUZZER,
+ "simphonebook_msim": EXCEPTION_NO_FUZZER,
+ "simphonebook2": EXCEPTION_NO_FUZZER,
+ "simphonebook": EXCEPTION_NO_FUZZER,
+ "sip": EXCEPTION_NO_FUZZER,
+ "slice": EXCEPTION_NO_FUZZER,
+ "smartspace": EXCEPTION_NO_FUZZER,
+ "speech_recognition": EXCEPTION_NO_FUZZER,
+ "stats": EXCEPTION_NO_FUZZER,
+ "statsbootstrap": EXCEPTION_NO_FUZZER,
+ "statscompanion": EXCEPTION_NO_FUZZER,
+ "statsmanager": EXCEPTION_NO_FUZZER,
+ "soundtrigger": EXCEPTION_NO_FUZZER,
+ "soundtrigger_middleware": EXCEPTION_NO_FUZZER,
+ "statusbar": EXCEPTION_NO_FUZZER,
+ "storaged": EXCEPTION_NO_FUZZER,
+ "storaged_pri": EXCEPTION_NO_FUZZER,
+ "storagestats": EXCEPTION_NO_FUZZER,
+ "sdk_sandbox": EXCEPTION_NO_FUZZER,
+ "SurfaceFlinger": EXCEPTION_NO_FUZZER,
+ "SurfaceFlingerAIDL": EXCEPTION_NO_FUZZER,
+ "suspend_control": EXCEPTION_NO_FUZZER,
+ "suspend_control_internal": EXCEPTION_NO_FUZZER,
+ "system_config": EXCEPTION_NO_FUZZER,
+ "system_server_dumper": EXCEPTION_NO_FUZZER,
+ "system_update": EXCEPTION_NO_FUZZER,
+ "tare": EXCEPTION_NO_FUZZER,
+ "task": EXCEPTION_NO_FUZZER,
+ "telecom": EXCEPTION_NO_FUZZER,
+ "telephony.registry": EXCEPTION_NO_FUZZER,
+ "telephony_ims": EXCEPTION_NO_FUZZER,
+ "testharness": EXCEPTION_NO_FUZZER,
+ "tethering": EXCEPTION_NO_FUZZER,
+ "textclassification": EXCEPTION_NO_FUZZER,
+ "textservices": EXCEPTION_NO_FUZZER,
+ "texttospeech": EXCEPTION_NO_FUZZER,
+ "time_detector": EXCEPTION_NO_FUZZER,
+ "time_zone_detector": EXCEPTION_NO_FUZZER,
+ "thermalservice": EXCEPTION_NO_FUZZER,
+ "tracing.proxy": EXCEPTION_NO_FUZZER,
+ "translation": EXCEPTION_NO_FUZZER,
+ "transparency": EXCEPTION_NO_FUZZER,
+ "trust": EXCEPTION_NO_FUZZER,
+ "tv_interactive_app": EXCEPTION_NO_FUZZER,
+ "tv_input": EXCEPTION_NO_FUZZER,
+ "tv_tuner_resource_mgr": EXCEPTION_NO_FUZZER,
+ "uce": EXCEPTION_NO_FUZZER,
+ "uimode": EXCEPTION_NO_FUZZER,
+ "updatelock": EXCEPTION_NO_FUZZER,
+ "uri_grants": EXCEPTION_NO_FUZZER,
+ "usagestats": EXCEPTION_NO_FUZZER,
+ "usb": EXCEPTION_NO_FUZZER,
+ "user": EXCEPTION_NO_FUZZER,
+ "uwb": EXCEPTION_NO_FUZZER,
+ "vcn_management": EXCEPTION_NO_FUZZER,
+ "vibrator": EXCEPTION_NO_FUZZER,
+ "vibrator_manager": EXCEPTION_NO_FUZZER,
+ "virtualdevice": EXCEPTION_NO_FUZZER,
+ "virtual_touchpad": EXCEPTION_NO_FUZZER,
+ "voiceinteraction": EXCEPTION_NO_FUZZER,
+ "vold": EXCEPTION_NO_FUZZER,
+ "vpn_management": EXCEPTION_NO_FUZZER,
+ "vrmanager": EXCEPTION_NO_FUZZER,
+ "wallpaper": EXCEPTION_NO_FUZZER,
+ "wallpaper_effects_generation": EXCEPTION_NO_FUZZER,
+ "webviewupdate": EXCEPTION_NO_FUZZER,
+ "wifip2p": EXCEPTION_NO_FUZZER,
+ "wifiscanner": EXCEPTION_NO_FUZZER,
+ "wifi": EXCEPTION_NO_FUZZER,
+ "wifinl80211": EXCEPTION_NO_FUZZER,
+ "wifiaware": EXCEPTION_NO_FUZZER,
+ "wifirtt": EXCEPTION_NO_FUZZER,
+ "window": EXCEPTION_NO_FUZZER,
+ "*": EXCEPTION_NO_FUZZER,
+ }
+)
diff --git a/build/soong/validate_bindings.go b/build/soong/validate_bindings.go
new file mode 100644
index 0000000..7ba6453
--- /dev/null
+++ b/build/soong/validate_bindings.go
@@ -0,0 +1,109 @@
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package selinux
+
+import (
+ "encoding/json"
+ "fmt"
+
+ "android/soong/android"
+)
+
+func init() {
+ android.RegisterModuleType("fuzzer_bindings_test", fuzzerBindingsTestFactory)
+ android.PreArchMutators(registerFuzzerMutators)
+}
+
+func registerFuzzerMutators(ctx android.RegisterMutatorsContext) {
+ ctx.BottomUp("addFuzzerConfigDeps", addFuzzerConfigDeps).Parallel()
+}
+
+func addFuzzerConfigDeps(ctx android.BottomUpMutatorContext) {
+ if _, ok := ctx.Module().(*fuzzerBindingsTestModule); ok {
+ for _, fuzzers := range ServiceFuzzerBindings {
+ for _, fuzzer := range fuzzers {
+ if !ctx.OtherModuleExists(fuzzer) && !ctx.Config().AllowMissingDependencies() {
+ panic(fmt.Errorf("Fuzzer doesn't exist : %s", fuzzer))
+ }
+ }
+ }
+ }
+}
+
+type bindingsTestProperties struct {
+ // Contexts files to be tested.
+ Srcs []string `android:"path"`
+}
+
+type fuzzerBindingsTestModule struct {
+ android.ModuleBase
+ tool string
+ properties bindingsTestProperties
+ testTimestamp android.ModuleOutPath
+}
+
+// fuzzer_bindings_test checks if a fuzzer is implemented for every service in service_contexts
+func fuzzerBindingsTestFactory() android.Module {
+ m := &fuzzerBindingsTestModule{tool: "fuzzer_bindings_check"}
+ m.AddProperties(&m.properties)
+ android.InitAndroidArchModule(m, android.DeviceSupported, android.MultilibCommon)
+ return m
+}
+
+func (m *fuzzerBindingsTestModule) GenerateAndroidBuildActions(ctx android.ModuleContext) {
+ tool := m.tool
+ if tool != "fuzzer_bindings_check" {
+ panic(fmt.Errorf("%q: unknown tool name: %q", ctx.ModuleName(), tool))
+ }
+
+ if len(m.properties.Srcs) == 0 {
+ ctx.PropertyErrorf("srcs", "can't be empty")
+ return
+ }
+
+ // Generate a json file which contains existing bindings
+ rootPath := android.PathForIntermediates(ctx, "bindings.json")
+ jsonString, parseError := json.Marshal(ServiceFuzzerBindings)
+ if parseError != nil {
+ panic(fmt.Errorf("Error while marshalling ServiceFuzzerBindings dict. Check Format"))
+ }
+ android.WriteFileRule(ctx, rootPath, string(jsonString))
+
+ //input module json, service context and binding files here
+ srcs := android.PathsForModuleSrc(ctx, m.properties.Srcs)
+ rule := android.NewRuleBuilder(pctx, ctx)
+
+ rule.Command().BuiltTool(tool).Flag("-s").Inputs(srcs).Flag("-b").Input(rootPath)
+
+ // Every Soong module needs to generate an output even if it doesn't require it
+ m.testTimestamp = android.PathForModuleOut(ctx, "timestamp")
+ rule.Command().Text("touch").Output(m.testTimestamp)
+ rule.Build("fuzzer_bindings_test", "running service:fuzzer bindings test: "+ctx.ModuleName())
+}
+
+func (m *fuzzerBindingsTestModule) AndroidMkEntries() []android.AndroidMkEntries {
+ return []android.AndroidMkEntries{android.AndroidMkEntries{
+ Class: "FAKE",
+ // OutputFile is needed, even though BUILD_PHONY_PACKAGE doesn't use it.
+ // Without OutputFile this module won't be exported to Makefile.
+ OutputFile: android.OptionalPathForPath(m.testTimestamp),
+ Include: "$(BUILD_PHONY_PACKAGE)",
+ ExtraEntries: []android.AndroidMkExtraEntriesFunc{
+ func(ctx android.AndroidMkExtraEntriesContext, entries *android.AndroidMkEntries) {
+ entries.SetString("LOCAL_ADDITIONAL_DEPENDENCIES", m.testTimestamp.String())
+ },
+ },
+ }}
+}
diff --git a/com.android.sepolicy/33/definitions/definitions.cil b/com.android.sepolicy/33/definitions/definitions.cil
new file mode 100644
index 0000000..ffe4660
--- /dev/null
+++ b/com.android.sepolicy/33/definitions/definitions.cil
@@ -0,0 +1,15 @@
+; This file is required for sepolicy amend (go/seamendc).
+; The seamendc binary reads an amend SELinux policy as input in CIL format and applies its rules to
+; a binary SELinux policy. To parse the input correctly, we require the amend policy to be a valid
+; standalone policy. This file contains the preliminary statements(sid, sidorder, etc.) and
+; definitions (type, typeattribute, class, etc.) necessary to make the amend policy compile
+; successfully.
+(sid amend)
+(sidorder (amend))
+
+(classorder (file))
+
+;;;;;;;;;;;;;;;;;;;;;; shell.te ;;;;;;;;;;;;;;;;;;;;;;
+(type shell)
+(type sepolicy_test_file)
+(class file (ioctl read getattr lock map open watch watch_reads))
diff --git a/compat/Android.bp b/compat/Android.bp
index bc8409a..61acd40 100644
--- a/compat/Android.bp
+++ b/compat/Android.bp
@@ -23,45 +23,177 @@
default_applicable_licenses: ["system_sepolicy_license"],
}
+se_build_files {
+ name: "28.0.board.compat.map",
+ srcs: [
+ "compat/28.0/28.0.cil",
+ ],
+}
+
+se_build_files {
+ name: "29.0.board.compat.map",
+ srcs: [
+ "compat/29.0/29.0.cil",
+ ],
+}
+
+se_build_files {
+ name: "30.0.board.compat.map",
+ srcs: [
+ "compat/30.0/30.0.cil",
+ ],
+}
+
+se_build_files {
+ name: "31.0.board.compat.map",
+ srcs: [
+ "compat/31.0/31.0.cil",
+ ],
+}
+
+se_build_files {
+ name: "32.0.board.compat.map",
+ srcs: [
+ "compat/32.0/32.0.cil",
+ ],
+}
+
+se_build_files {
+ name: "33.0.board.compat.map",
+ srcs: [
+ "compat/33.0/33.0.cil",
+ ],
+}
+
+se_build_files {
+ name: "28.0.board.compat.cil",
+ srcs: [
+ "compat/28.0/28.0.compat.cil",
+ ],
+}
+
+se_build_files {
+ name: "29.0.board.compat.cil",
+ srcs: [
+ "compat/29.0/29.0.compat.cil",
+ ],
+}
+
+se_build_files {
+ name: "30.0.board.compat.cil",
+ srcs: [
+ "compat/30.0/30.0.compat.cil",
+ ],
+}
+
+se_build_files {
+ name: "31.0.board.compat.cil",
+ srcs: [
+ "compat/31.0/31.0.compat.cil",
+ ],
+}
+
+se_build_files {
+ name: "32.0.board.compat.cil",
+ srcs: [
+ "compat/32.0/32.0.compat.cil",
+ ],
+}
+
+se_build_files {
+ name: "33.0.board.compat.cil",
+ srcs: [
+ "compat/33.0/33.0.compat.cil",
+ ],
+}
+
+se_build_files {
+ name: "28.0.board.ignore.map",
+ srcs: [
+ "compat/28.0/28.0.ignore.cil",
+ ],
+}
+
+se_build_files {
+ name: "29.0.board.ignore.map",
+ srcs: [
+ "compat/29.0/29.0.ignore.cil",
+ ],
+}
+
+se_build_files {
+ name: "30.0.board.ignore.map",
+ srcs: [
+ "compat/30.0/30.0.ignore.cil",
+ ],
+}
+
+se_build_files {
+ name: "31.0.board.ignore.map",
+ srcs: [
+ "compat/31.0/31.0.ignore.cil",
+ ],
+}
+
+se_build_files {
+ name: "32.0.board.ignore.map",
+ srcs: [
+ "compat/32.0/32.0.ignore.cil",
+ ],
+}
+
+se_build_files {
+ name: "33.0.board.ignore.map",
+ srcs: [
+ "compat/33.0/33.0.ignore.cil",
+ ],
+}
+
se_cil_compat_map {
name: "plat_28.0.cil",
stem: "28.0.cil",
- bottom_half: [":28.0.board.compat.map"],
+ bottom_half: [":28.0.board.compat.map{.plat_private}"],
top_half: "plat_29.0.cil",
}
se_cil_compat_map {
name: "plat_29.0.cil",
stem: "29.0.cil",
- bottom_half: [":29.0.board.compat.map"],
+ bottom_half: [":29.0.board.compat.map{.plat_private}"],
top_half: "plat_30.0.cil",
}
se_cil_compat_map {
name: "plat_30.0.cil",
stem: "30.0.cil",
- bottom_half: [":30.0.board.compat.map"],
+ bottom_half: [":30.0.board.compat.map{.plat_private}"],
top_half: "plat_31.0.cil",
}
se_cil_compat_map {
name: "plat_31.0.cil",
stem: "31.0.cil",
- bottom_half: [":31.0.board.compat.map"],
+ bottom_half: [":31.0.board.compat.map{.plat_private}"],
top_half: "plat_32.0.cil",
}
se_cil_compat_map {
name: "plat_32.0.cil",
stem: "32.0.cil",
- bottom_half: [":32.0.board.compat.map"],
- // top_half: "plat_33.0.cil",
+ bottom_half: [":32.0.board.compat.map{.plat_private}"],
+ top_half: "plat_33.0.cil",
+}
+
+se_cil_compat_map {
+ name: "plat_33.0.cil",
+ stem: "33.0.cil",
+ bottom_half: [":33.0.board.compat.map{.plat_private}"],
}
se_cil_compat_map {
name: "system_ext_28.0.cil",
stem: "28.0.cil",
- bottom_half: [":28.0.board.compat.map"],
+ bottom_half: [":28.0.board.compat.map{.system_ext_private}"],
top_half: "system_ext_29.0.cil",
system_ext_specific: true,
}
@@ -69,7 +201,7 @@
se_cil_compat_map {
name: "system_ext_29.0.cil",
stem: "29.0.cil",
- bottom_half: [":29.0.board.compat.map"],
+ bottom_half: [":29.0.board.compat.map{.system_ext_private}"],
top_half: "system_ext_30.0.cil",
system_ext_specific: true,
}
@@ -77,7 +209,7 @@
se_cil_compat_map {
name: "system_ext_30.0.cil",
stem: "30.0.cil",
- bottom_half: [":30.0.board.compat.map"],
+ bottom_half: [":30.0.board.compat.map{.system_ext_private}"],
top_half: "system_ext_31.0.cil",
system_ext_specific: true,
}
@@ -85,7 +217,7 @@
se_cil_compat_map {
name: "system_ext_31.0.cil",
stem: "31.0.cil",
- bottom_half: [":31.0.board.compat.map"],
+ bottom_half: [":31.0.board.compat.map{.system_ext_private}"],
top_half: "system_ext_32.0.cil",
system_ext_specific: true,
}
@@ -93,15 +225,22 @@
se_cil_compat_map {
name: "system_ext_32.0.cil",
stem: "32.0.cil",
- bottom_half: [":32.0.board.compat.map"],
- // top_half: "system_ext_33.0.cil",
+ bottom_half: [":32.0.board.compat.map{.system_ext_private}"],
+ top_half: "system_ext_33.0.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "system_ext_33.0.cil",
+ stem: "33.0.cil",
+ bottom_half: [":33.0.board.compat.map{.system_ext_private}"],
system_ext_specific: true,
}
se_cil_compat_map {
name: "product_28.0.cil",
stem: "28.0.cil",
- bottom_half: [":28.0.board.compat.map"],
+ bottom_half: [":28.0.board.compat.map{.product_private}"],
top_half: "product_29.0.cil",
product_specific: true,
}
@@ -109,7 +248,7 @@
se_cil_compat_map {
name: "product_29.0.cil",
stem: "29.0.cil",
- bottom_half: [":29.0.board.compat.map"],
+ bottom_half: [":29.0.board.compat.map{.product_private}"],
top_half: "product_30.0.cil",
product_specific: true,
}
@@ -117,7 +256,7 @@
se_cil_compat_map {
name: "product_30.0.cil",
stem: "30.0.cil",
- bottom_half: [":30.0.board.compat.map"],
+ bottom_half: [":30.0.board.compat.map{.product_private}"],
top_half: "product_31.0.cil",
product_specific: true,
}
@@ -125,7 +264,7 @@
se_cil_compat_map {
name: "product_31.0.cil",
stem: "31.0.cil",
- bottom_half: [":31.0.board.compat.map"],
+ bottom_half: [":31.0.board.compat.map{.product_private}"],
top_half: "product_32.0.cil",
product_specific: true,
}
@@ -133,143 +272,179 @@
se_cil_compat_map {
name: "product_32.0.cil",
stem: "32.0.cil",
- bottom_half: [":32.0.board.compat.map"],
- // top_half: "product_33.0.cil",
+ bottom_half: [":32.0.board.compat.map{.product_private}"],
+ top_half: "product_33.0.cil",
+ product_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_33.0.cil",
+ stem: "33.0.cil",
+ bottom_half: [":33.0.board.compat.map{.product_private}"],
product_specific: true,
}
se_cil_compat_map {
name: "28.0.ignore.cil",
- bottom_half: [":28.0.board.ignore.map"],
+ bottom_half: [":28.0.board.ignore.map{.plat_private}"],
top_half: "29.0.ignore.cil",
}
se_cil_compat_map {
name: "29.0.ignore.cil",
- bottom_half: [":29.0.board.ignore.map"],
+ bottom_half: [":29.0.board.ignore.map{.plat_private}"],
top_half: "30.0.ignore.cil",
}
se_cil_compat_map {
name: "30.0.ignore.cil",
- bottom_half: [":30.0.board.ignore.map"],
+ bottom_half: [":30.0.board.ignore.map{.plat_private}"],
top_half: "31.0.ignore.cil",
}
se_cil_compat_map {
name: "31.0.ignore.cil",
- bottom_half: [":31.0.board.ignore.map"],
+ bottom_half: [":31.0.board.ignore.map{.plat_private}"],
top_half: "32.0.ignore.cil",
}
se_cil_compat_map {
name: "32.0.ignore.cil",
- bottom_half: [":32.0.board.ignore.map"],
- // top_half: "33.0.ignore.cil",
+ bottom_half: [":32.0.board.ignore.map{.plat_private}"],
+ top_half: "33.0.ignore.cil",
+}
+
+se_cil_compat_map {
+ name: "33.0.ignore.cil",
+ bottom_half: [":33.0.board.ignore.map{.plat_private}"],
}
se_cil_compat_map {
name: "system_ext_30.0.ignore.cil",
- bottom_half: [":30.0.board.ignore.map"],
+ bottom_half: [":30.0.board.ignore.map{.system_ext_private}"],
top_half: "system_ext_31.0.ignore.cil",
system_ext_specific: true,
}
se_cil_compat_map {
name: "system_ext_31.0.ignore.cil",
- bottom_half: [":31.0.board.ignore.map"],
+ bottom_half: [":31.0.board.ignore.map{.system_ext_private}"],
top_half: "system_ext_32.0.ignore.cil",
system_ext_specific: true,
}
se_cil_compat_map {
name: "system_ext_32.0.ignore.cil",
- bottom_half: [":32.0.board.ignore.map"],
- // top_half: "system_ext_33.0.ignore.cil",
+ bottom_half: [":32.0.board.ignore.map{.system_ext_private}"],
+ top_half: "system_ext_33.0.ignore.cil",
+ system_ext_specific: true,
+}
+
+se_cil_compat_map {
+ name: "system_ext_33.0.ignore.cil",
+ bottom_half: [":33.0.board.ignore.map{.system_ext_private}"],
system_ext_specific: true,
}
se_cil_compat_map {
name: "product_30.0.ignore.cil",
- bottom_half: [":30.0.board.ignore.map"],
+ bottom_half: [":30.0.board.ignore.map{.product_private}"],
top_half: "product_31.0.ignore.cil",
product_specific: true,
}
se_cil_compat_map {
name: "product_31.0.ignore.cil",
- bottom_half: [":31.0.board.ignore.map"],
+ bottom_half: [":31.0.board.ignore.map{.product_private}"],
top_half: "product_32.0.ignore.cil",
product_specific: true,
}
se_cil_compat_map {
name: "product_32.0.ignore.cil",
- bottom_half: [":32.0.board.ignore.map"],
- // top_half: "product_33.0.ignore.cil",
+ bottom_half: [":32.0.board.ignore.map{.product_private}"],
+ top_half: "product_33.0.ignore.cil",
+ product_specific: true,
+}
+
+se_cil_compat_map {
+ name: "product_33.0.ignore.cil",
+ bottom_half: [":33.0.board.ignore.map{.product_private}"],
product_specific: true,
}
se_compat_cil {
name: "28.0.compat.cil",
- srcs: [":28.0.board.compat.cil"],
+ srcs: [":28.0.board.compat.cil{.plat_private}"],
}
se_compat_cil {
name: "29.0.compat.cil",
- srcs: [":29.0.board.compat.cil"],
+ srcs: [":29.0.board.compat.cil{.plat_private}"],
}
se_compat_cil {
name: "30.0.compat.cil",
- srcs: [":30.0.board.compat.cil"],
+ srcs: [":30.0.board.compat.cil{.plat_private}"],
}
se_compat_cil {
name: "31.0.compat.cil",
- srcs: [":31.0.board.compat.cil"],
+ srcs: [":31.0.board.compat.cil{.plat_private}"],
}
se_compat_cil {
name: "32.0.compat.cil",
- srcs: [":32.0.board.compat.cil"],
+ srcs: [":32.0.board.compat.cil{.plat_private}"],
+}
+
+se_compat_cil {
+ name: "33.0.compat.cil",
+ srcs: [":33.0.board.compat.cil{.plat_private}"],
}
se_compat_cil {
name: "system_ext_28.0.compat.cil",
- srcs: [":28.0.board.compat.cil"],
+ srcs: [":28.0.board.compat.cil{.system_ext_private}"],
stem: "28.0.compat.cil",
system_ext_specific: true,
}
se_compat_cil {
name: "system_ext_29.0.compat.cil",
- srcs: [":29.0.board.compat.cil"],
+ srcs: [":29.0.board.compat.cil{.system_ext_private}"],
stem: "29.0.compat.cil",
system_ext_specific: true,
}
se_compat_cil {
name: "system_ext_30.0.compat.cil",
- srcs: [":30.0.board.compat.cil"],
+ srcs: [":30.0.board.compat.cil{.system_ext_private}"],
stem: "30.0.compat.cil",
system_ext_specific: true,
}
se_compat_cil {
name: "system_ext_31.0.compat.cil",
- srcs: [":31.0.board.compat.cil"],
+ srcs: [":31.0.board.compat.cil{.system_ext_private}"],
stem: "31.0.compat.cil",
system_ext_specific: true,
}
se_compat_cil {
name: "system_ext_32.0.compat.cil",
- srcs: [":32.0.board.compat.cil"],
+ srcs: [":32.0.board.compat.cil{.system_ext_private}"],
stem: "32.0.compat.cil",
system_ext_specific: true,
}
+se_compat_cil {
+ name: "system_ext_33.0.compat.cil",
+ srcs: [":33.0.board.compat.cil{.system_ext_private}"],
+ stem: "33.0.compat.cil",
+ system_ext_specific: true,
+}
+
se_compat_test {
name: "sepolicy_compat_test",
}
diff --git a/contexts/Android.bp b/contexts/Android.bp
index 2a5a058..d5cd8ae 100644
--- a/contexts/Android.bp
+++ b/contexts/Android.bp
@@ -23,6 +23,51 @@
default_applicable_licenses: ["system_sepolicy_license"],
}
+se_build_files {
+ name: "file_contexts_files",
+ srcs: ["file_contexts"],
+}
+
+se_build_files {
+ name: "file_contexts_asan_files",
+ srcs: ["file_contexts_asan"],
+}
+
+se_build_files {
+ name: "file_contexts_overlayfs_files",
+ srcs: ["file_contexts_overlayfs"],
+}
+
+se_build_files {
+ name: "hwservice_contexts_files",
+ srcs: ["hwservice_contexts"],
+}
+
+se_build_files {
+ name: "property_contexts_files",
+ srcs: ["property_contexts"],
+}
+
+se_build_files {
+ name: "service_contexts_files",
+ srcs: ["service_contexts"],
+}
+
+se_build_files {
+ name: "keystore2_key_contexts_files",
+ srcs: ["keystore2_key_contexts"],
+}
+
+se_build_files {
+ name: "seapp_contexts_files",
+ srcs: ["seapp_contexts"],
+}
+
+se_build_files {
+ name: "vndservice_contexts_files",
+ srcs: ["vndservice_contexts"],
+}
+
file_contexts {
name: "plat_file_contexts",
srcs: [":file_contexts_files{.plat_private}"],
@@ -232,6 +277,15 @@
recovery_available: true,
}
+service_contexts {
+ name: "odm_service_contexts",
+ srcs: [
+ ":service_contexts_files{.odm}",
+ ],
+ device_specific: true,
+ recovery_available: true,
+}
+
keystore2_key_contexts {
name: "plat_keystore2_key_contexts",
srcs: [":keystore2_key_contexts_files{.plat_private}"],
@@ -470,8 +524,19 @@
sepolicy: ":precompiled_sepolicy",
}
+service_contexts_test {
+ name: "odm_service_contexts_test",
+ srcs: [":odm_service_contexts"],
+ sepolicy: ":precompiled_sepolicy",
+}
+
vndservice_contexts_test {
name: "vndservice_contexts_test",
srcs: [":vndservice_contexts"],
sepolicy: ":precompiled_sepolicy",
}
+
+fuzzer_bindings_test {
+ name: "fuzzer_bindings_test",
+ srcs: [":plat_service_contexts"],
+}
diff --git a/mac_permissions.mk b/mac_permissions.mk
deleted file mode 100644
index ad17b8f..0000000
--- a/mac_permissions.mk
+++ /dev/null
@@ -1,175 +0,0 @@
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := plat_mac_permissions.xml
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-all_plat_mac_perms_keys := $(call build_policy, keys.conf, $(PLAT_PRIVATE_POLICY) $(SYSTEM_EXT_PRIVATE_POLICY) $(PRODUCT_PRIVATE_POLICY))
-all_plat_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PLAT_PRIVATE_POLICY))
-
-# Build keys.conf
-plat_mac_perms_keys.tmp := $(intermediates)/plat_keys.tmp
-$(plat_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(plat_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_plat_mac_perms_keys)
-$(plat_mac_perms_keys.tmp): $(all_plat_mac_perms_keys) $(M4)
- @mkdir -p $(dir $@)
- $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
-
-# Should be synced with keys.conf.
-all_plat_keys := platform sdk_sandbox media networkstack shared testkey bluetooth
-all_plat_keys := $(all_plat_keys:%=$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))/%.x509.pem)
-
-$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_plat_mac_perms_files)
-$(LOCAL_BUILT_MODULE): $(plat_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
-$(all_plat_mac_perms_files) $(all_plat_keys)
- @mkdir -p $(dir $@)
- $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
- MAINLINE_SEPOLICY_DEV_CERTIFICATES="$(MAINLINE_SEPOLICY_DEV_CERTIFICATES)" \
- $(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
-
-all_plat_keys :=
-all_plat_mac_perms_files :=
-all_plat_mac_perms_keys :=
-plat_mac_perms_keys.tmp :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := system_ext_mac_permissions.xml
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_SYSTEM_EXT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-all_system_ext_mac_perms_keys := $(call build_policy, keys.conf, $(SYSTEM_EXT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
-all_system_ext_mac_perms_files := $(call build_policy, mac_permissions.xml, $(SYSTEM_EXT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
-
-# Build keys.conf
-system_ext_mac_perms_keys.tmp := $(intermediates)/system_ext_keys.tmp
-$(system_ext_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(system_ext_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_system_ext_mac_perms_keys)
-$(system_ext_mac_perms_keys.tmp): $(all_system_ext_mac_perms_keys) $(M4)
- @mkdir -p $(dir $@)
- $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_system_ext_mac_perms_files)
-$(LOCAL_BUILT_MODULE): $(system_ext_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
-$(all_system_ext_mac_perms_files)
- @mkdir -p $(dir $@)
- $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
-
-system_ext_mac_perms_keys.tmp :=
-all_system_ext_mac_perms_files :=
-all_system_ext_mac_perms_keys :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := product_mac_permissions.xml
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_PRODUCT)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-all_product_mac_perms_keys := $(call build_policy, keys.conf, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
-all_product_mac_perms_files := $(call build_policy, mac_permissions.xml, $(PRODUCT_PRIVATE_POLICY) $(REQD_MASK_POLICY))
-
-# Build keys.conf
-product_mac_perms_keys.tmp := $(intermediates)/product_keys.tmp
-$(product_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(product_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_product_mac_perms_keys)
-$(product_mac_perms_keys.tmp): $(all_product_mac_perms_keys) $(M4)
- @mkdir -p $(dir $@)
- $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_product_mac_perms_files)
-$(LOCAL_BUILT_MODULE): $(product_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
-$(all_product_mac_perms_files)
- @mkdir -p $(dir $@)
- $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
-
-product_mac_perms_keys.tmp :=
-all_product_mac_perms_files :=
-all_product_mac_perms_keys :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := vendor_mac_permissions.xml
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-all_vendor_mac_perms_keys := $(call build_policy, keys.conf, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY))
-all_vendor_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_PLAT_VENDOR_POLICY) $(BOARD_VENDOR_SEPOLICY_DIRS) $(BOARD_REQD_MASK_POLICY))
-
-# Build keys.conf
-vendor_mac_perms_keys.tmp := $(intermediates)/vendor_keys.tmp
-$(vendor_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(vendor_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_vendor_mac_perms_keys)
-$(vendor_mac_perms_keys.tmp): $(all_vendor_mac_perms_keys) $(M4)
- @mkdir -p $(dir $@)
- $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_vendor_mac_perms_files)
-$(LOCAL_BUILT_MODULE): $(vendor_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
-$(all_vendor_mac_perms_files)
- @mkdir -p $(dir $@)
- $(hide) DEFAULT_SYSTEM_DEV_CERTIFICATE="$(dir $(DEFAULT_SYSTEM_DEV_CERTIFICATE))" \
- $(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
-
-vendor_mac_perms_keys.tmp :=
-all_vendor_mac_perms_files :=
-all_vendor_mac_perms_keys :=
-
-##################################
-include $(CLEAR_VARS)
-
-LOCAL_MODULE := odm_mac_permissions.xml
-LOCAL_LICENSE_KINDS := SPDX-license-identifier-Apache-2.0 legacy_unencumbered
-LOCAL_LICENSE_CONDITIONS := notice unencumbered
-LOCAL_NOTICE_FILE := $(LOCAL_PATH)/NOTICE
-LOCAL_MODULE_CLASS := ETC
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_PATH := $(TARGET_OUT_ODM)/etc/selinux
-
-include $(BUILD_SYSTEM)/base_rules.mk
-
-all_odm_mac_perms_keys := $(call build_policy, keys.conf, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
-all_odm_mac_perms_files := $(call build_policy, mac_permissions.xml, $(BOARD_ODM_SEPOLICY_DIRS) $(REQD_MASK_POLICY))
-
-# Build keys.conf
-odm_mac_perms_keys.tmp := $(intermediates)/odm_keys.tmp
-$(odm_mac_perms_keys.tmp): PRIVATE_ADDITIONAL_M4DEFS := $(LOCAL_ADDITIONAL_M4DEFS)
-$(odm_mac_perms_keys.tmp): PRIVATE_KEYS := $(all_odm_mac_perms_keys)
-$(odm_mac_perms_keys.tmp): $(all_odm_mac_perms_keys) $(M4)
- @mkdir -p $(dir $@)
- $(hide) $(M4) --fatal-warnings -s $(PRIVATE_ADDITIONAL_M4DEFS) $(PRIVATE_KEYS) > $@
-
-$(LOCAL_BUILT_MODULE): PRIVATE_MAC_PERMS_FILES := $(all_odm_mac_perms_files)
-$(LOCAL_BUILT_MODULE): $(odm_mac_perms_keys.tmp) $(HOST_OUT_EXECUTABLES)/insertkeys \
-$(all_odm_mac_perms_files)
- @mkdir -p $(dir $@)
- $(hide) $(HOST_OUT_EXECUTABLES)/insertkeys -t $(TARGET_BUILD_VARIANT) -c $(TOP) $< -o $@ $(PRIVATE_MAC_PERMS_FILES)
-
-odm_mac_perms_keys.tmp :=
-all_odm_mac_perms_files :=
diff --git a/mac_permissions/Android.bp b/mac_permissions/Android.bp
new file mode 100644
index 0000000..401f78c
--- /dev/null
+++ b/mac_permissions/Android.bp
@@ -0,0 +1,98 @@
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// This file contains module definitions for mac_permissions.xml files.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "system_sepolicy_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["system_sepolicy_license"],
+}
+
+se_build_files {
+ name: "keys.conf",
+ srcs: ["keys.conf"],
+}
+
+se_build_files {
+ name: "mac_permissions.xml",
+ srcs: ["mac_permissions.xml"],
+}
+
+mac_permissions {
+ name: "plat_mac_permissions.xml",
+ keys: [
+ ":keys.conf{.plat_private}",
+ ":keys.conf{.system_ext_private}",
+ ":keys.conf{.product_private}",
+ ],
+ srcs: [":mac_permissions.xml{.plat_private}"],
+}
+
+mac_permissions {
+ name: "system_ext_mac_permissions.xml",
+ keys: [
+ ":keys.conf{.system_ext_private}",
+ ":keys.conf{.reqd_mask}",
+ ],
+ srcs: [
+ ":mac_permissions.xml{.system_ext_private}",
+ ":mac_permissions.xml{.reqd_mask}",
+ ],
+ system_ext_specific: true,
+}
+
+mac_permissions {
+ name: "product_mac_permissions.xml",
+ keys: [
+ ":keys.conf{.product_private}",
+ ":keys.conf{.reqd_mask}",
+ ],
+ srcs: [
+ ":mac_permissions.xml{.product_private}",
+ ":mac_permissions.xml{.reqd_mask}",
+ ],
+ product_specific: true,
+}
+
+mac_permissions {
+ name: "vendor_mac_permissions.xml",
+ keys: [
+ ":keys.conf{.plat_vendor_for_vendor}",
+ ":keys.conf{.vendor}",
+ ":keys.conf{.reqd_mask_for_vendor}",
+ ],
+ srcs: [
+ ":mac_permissions.xml{.plat_vendor_for_vendor}",
+ ":mac_permissions.xml{.vendor}",
+ ":mac_permissions.xml{.reqd_mask_for_vendor}",
+ ],
+ vendor: true,
+}
+
+mac_permissions {
+ name: "odm_mac_permissions.xml",
+ keys: [
+ ":keys.conf{.odm}",
+ ":keys.conf{.reqd_mask_for_vendor}",
+ ],
+ srcs: [
+ ":mac_permissions.xml{.odm}",
+ ":mac_permissions.xml{.reqd_mask_for_vendor}",
+ ],
+ device_specific: true,
+}
diff --git a/microdroid/Android.bp b/microdroid/Android.bp
index 0628a5b..12bb8f7 100644
--- a/microdroid/Android.bp
+++ b/microdroid/Android.bp
@@ -241,6 +241,11 @@
":microdroid_vendor_sepolicy.cil",
],
installable: false,
+
+ // b/259729287. In Microdroid, su is allowed to be in permissive mode.
+ // This is to support fully debuggable VMs on user builds. This is safe
+ // because we don't start adbd at all on non-debuggable VMs.
+ permissive_domains_on_user_builds: ["su"],
}
genrule {
@@ -277,14 +282,6 @@
installable: false,
}
-prebuilt_etc {
- name: "microdroid_service_contexts",
- filename: "plat_service_contexts",
- src: "system/private/service_contexts",
- relative_install_path: "selinux",
- installable: false,
-}
-
// For CTS
se_policy_conf {
name: "microdroid_general_sepolicy.conf",
diff --git a/microdroid/system/private/adbd.te b/microdroid/system/private/adbd.te
index ed74ddd..9a50f67 100644
--- a/microdroid/system/private/adbd.te
+++ b/microdroid/system/private/adbd.te
@@ -4,10 +4,12 @@
domain_auto_trans(adbd, shell_exec, shell)
-userdebug_or_eng(`
- allow adbd self:process setcurrent;
- allow adbd su:process dyntransition;
-')
+# Allow adbd to transition to su. In Android, this is disallowed in user builds.
+# However, Microdroid allows it even in user builds because apps should be able
+# to adb root into their "debuggable" VMs in user builds. Disabling adbd for
+# non debuggable VMs are done by not starting adbd at all using sysprops.
+allow adbd self:process setcurrent;
+allow adbd su:process dyntransition;
# Do not sanitize the environment or open fds of the shell. Allow signaling
# created processes.
@@ -55,3 +57,6 @@
# adbd tries to run mdnsd, but mdnsd doesn't exist. Just dontaudit ctl permissions.
# TODO(b/200902288): patch adb and remove this rule
dontaudit adbd { ctl_default_prop ctl_start_prop }:property_service set;
+
+# only adbd can transition to su.
+neverallow {domain -adbd} su:process { transition dyntransition };
diff --git a/microdroid/system/private/apkdmverity.te b/microdroid/system/private/apkdmverity.te
index 0545744..ce29abc 100644
--- a/microdroid/system/private/apkdmverity.te
+++ b/microdroid/system/private/apkdmverity.te
@@ -32,6 +32,9 @@
# allow apkdmverity to log to the kernel
allow apkdmverity kmsg_device:chr_file w_file_perms;
+# allow apkdmverity to write kmsg_debug (stdio_to_kmsg) inherited from microdroid_manager.
+allow apkdmverity kmsg_debug_device:chr_file w_file_perms;
+
# apkdmverity is forked from microdroid_manager
allow apkdmverity microdroid_manager:fd use;
diff --git a/microdroid/system/private/authfs_service.te b/microdroid/system/private/authfs_service.te
index e7e9ef0..05dea40 100644
--- a/microdroid/system/private/authfs_service.te
+++ b/microdroid/system/private/authfs_service.te
@@ -9,10 +9,6 @@
# Allow domain transition from init.
init_daemon_domain(authfs_service)
-# Allow running as a binder service.
-binder_call(authfs_service, servicemanager)
-add_service(authfs_service, authfs_binder_service)
-
# Allow domain transition into authfs.
domain_auto_trans(authfs_service, authfs_exec, authfs)
diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index 386f11e..f4bb79b 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te
@@ -2,21 +2,6 @@
type compos, domain, coredomain, microdroid_payload;
type compos_exec, exec_type, file_type, system_file_type;
-# Expose RPC Binder service over vsock
-allow compos self:vsock_socket { create_socket_perms_no_ioctl listen accept };
-
-# Allow using various binder services
-binder_use(compos);
-allow compos authfs_binder_service:service_manager find;
-binder_call(compos, authfs_service);
-
-# Read artifacts created by odrefresh and create signature files.
-allow compos authfs_fuse:dir rw_dir_perms;
-allow compos authfs_fuse:file create_file_perms;
-
-# Allow locating the authfs mount directory.
-allow compos authfs_data_file:dir search;
-
# Run derive_classpath in our domain
allow compos derive_classpath_exec:file rx_file_perms;
allow compos apex_mnt_dir:dir r_dir_perms;
diff --git a/microdroid/system/private/compos_key_helper.te b/microdroid/system/private/compos_key_helper.te
index 56f8d2a..0d617fb 100644
--- a/microdroid/system/private/compos_key_helper.te
+++ b/microdroid/system/private/compos_key_helper.te
@@ -6,15 +6,12 @@
# Block crash dumps to ensure the secrets are not leaked.
typeattribute compos_key_helper no_crash_dump_domain;
-# Allow using DICE binder service
-binder_use(compos_key_helper);
-allow compos_key_helper dice_node_service:service_manager find;
-binder_call(compos_key_helper, diced);
-allow compos_key_helper diced:diced { get_attestation_chain derive };
-
# Communicate with compos via stdin/stdout pipes
allow compos_key_helper compos:fd use;
allow compos_key_helper compos:fifo_file { getattr read write };
# Write to /dev/kmsg.
allow compos_key_helper kmsg_device:chr_file rw_file_perms;
+
+# Communicate with microdroid manager to get DICE information
+unix_socket_connect(compos_key_helper, vm_payload_service, microdroid_manager)
diff --git a/microdroid/system/private/crash_dump.te b/microdroid/system/private/crash_dump.te
index 61dfa0b..8dcb4b1 100644
--- a/microdroid/system/private/crash_dump.te
+++ b/microdroid/system/private/crash_dump.te
@@ -28,10 +28,6 @@
# Append to tombstone files.
allow crash_dump tombstone_data_file:file { append getattr };
-# crash_dump writes out logcat logs at the bottom of tombstones,
-# which is super useful in some cases.
-unix_socket_connect(crash_dump, logdr, logd)
-
# Crash dump is not intended to access the following files. Since these
# are WAI, suppress the denials to clean up the logs.
dontaudit crash_dump {
@@ -56,7 +52,6 @@
-crash_dump
-init
-kernel
- -logd
-no_crash_dump_domain
-ueventd
-vendor_init
@@ -65,7 +60,6 @@
userdebug_or_eng(`
allow crash_dump {
apexd
- logd
}:process { ptrace signal sigchld sigstop sigkill };
')
diff --git a/microdroid/system/private/dex2oat.te b/microdroid/system/private/dex2oat.te
index d259e1c..bd93f6e 100644
--- a/microdroid/system/private/dex2oat.te
+++ b/microdroid/system/private/dex2oat.te
@@ -30,7 +30,10 @@
# Allow dex2oat to read /apex/apex-info-list.xml
allow dex2oat apex_info_file:file r_file_perms;
-# Don't audit because we don't configure the compiler through system properties
-# in the VM.
-dontaudit dex2oat dalvik_config_prop:file { open read getattr map };
+# Allow reading dalvik system properties that may affect compilation
+get_prop(dex2oat, dalvik_config_prop)
+get_prop(dex2oat, device_config_runtime_native_boot_prop)
+
+# Don't audit because we don't configure the compiler through these
+# properties in the VM.
dontaudit dex2oat device_config_runtime_native_prop:file { open read getattr map };
diff --git a/microdroid/system/private/diced.te b/microdroid/system/private/diced.te
deleted file mode 100644
index 2dba244..0000000
--- a/microdroid/system/private/diced.te
+++ /dev/null
@@ -1,23 +0,0 @@
-type diced, domain, coredomain;
-type diced_exec, system_file_type, exec_type, file_type;
-
-# Block crash dumps to ensure the DICE secrets are not leaked.
-typeattribute diced no_crash_dump_domain;
-
-# diced can be started by init
-init_daemon_domain(diced)
-
-# diced can talk to dice HAL
-hal_client_domain(diced, hal_dice)
-
-# diced hosts AIDL services
-binder_use(diced)
-binder_service(diced)
-add_service(diced, dice_node_service)
-add_service(diced, dice_maintenance_service)
-
-# diced can check SELinux permissions.
-selinux_check_access(diced)
-
-# diced is using bootstrap bionic
-use_bootstrap_libs(diced)
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index d87df40..4251a9e 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -46,18 +46,6 @@
allow domain null_device:chr_file rw_file_perms;
allow domain zero_device:chr_file rw_file_perms;
-# /dev/binder can be accessed by ... everyone! :)
-allow domain binder_device:chr_file rw_file_perms;
-
-# Restrict binder ioctls to an allowlist. Additional ioctl commands may be
-# added to individual domains, but this sets safe defaults for all processes.
-allowxperm domain binder_device:chr_file ioctl { unpriv_binder_ioctls };
-
-# /dev/binderfs needs to be accessed by everyone too!
-allow domain binderfs:dir { getattr search };
-allow domain binderfs_logs_proc:dir search;
-
-allow { domain -servicemanager } hwbinder_device:chr_file rw_file_perms;
allow domain ptmx_device:chr_file rw_file_perms;
allow domain random_device:chr_file rw_file_perms;
allow domain proc_random:dir r_dir_perms;
@@ -72,8 +60,9 @@
allow domain init:key search;
-# logd access
-unix_socket_send(domain, logdw, logd)
+# Everyone can send log and read ro.log.file_logger.* properties
+allow domain log_device:chr_file ra_file_perms;
+get_prop(domain, log_prop)
# Directory/link file access for path resolution.
allow domain {
@@ -215,9 +204,6 @@
allow domain apex_mnt_dir:dir { getattr search };
allow domain apex_mnt_dir:lnk_file r_file_perms;
-allow domain self:global_capability_class_set audit_control;
-allow domain self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
-
# globally readable properties
get_prop(domain, arm64_memtag_prop)
get_prop(domain, bootloader_prop)
@@ -227,7 +213,6 @@
get_prop(domain, init_service_status_prop)
get_prop(domain, libc_debug_prop)
get_prop(domain, log_tag_prop)
-get_prop(domain, logd_prop)
get_prop(domain, property_service_version_prop)
allow domain linkerconfig_file:dir search;
@@ -248,6 +233,9 @@
allow domain task_profiles_file:file r_file_perms;
allow domain task_profiles_api_file:file r_file_perms;
+# Allow all processes to connect to PRNG seeder daemon.
+unix_socket_connect(domain, prng_seeder, prng_seeder)
+
# cgroupfs directories can be created, but not files within them.
neverallow domain cgroup:file create;
neverallow domain cgroup_v2:file create;
@@ -338,6 +326,7 @@
# Only the kernel hwrng thread should be able to read from the HW RNG.
neverallow {
domain
+ -prng_seeder # PRNG seeder daemon periodically reseeds itself from HW RNG
-shell # For CTS, restricted to just getattr in shell.te
-ueventd # To create the /dev/hw_random file
} hw_random_device:chr_file *;
@@ -374,16 +363,13 @@
# These partitions are intended to be read-only and must never be
# modified. Doing so would violate important Android security guarantees
# and invalidate dm-verity signatures.
-neverallow {
- domain
- with_asan(`-asan_extract')
-} {
+neverallow domain {
system_file_type
vendor_file_type
exec_type
}:dir_file_class_set { create write setattr relabelfrom append unlink link rename };
-neverallow { domain -kernel with_asan(`-asan_extract') } { system_file_type vendor_file_type exec_type }:dir_file_class_set relabelto;
+neverallow { domain -kernel } { system_file_type vendor_file_type exec_type }:dir_file_class_set relabelto;
# Don't allow mounting on top of /system files or directories
neverallow * exec_type:dir_file_class_set mounton;
@@ -398,31 +384,14 @@
# Ensure that context mount types are not writable, to ensure that
# the write to /system restriction above is not bypassed via context=
# mount to another type.
-neverallow * { contextmount_type -authfs_fuse }:dir_file_class_set
+neverallow * { contextmount_type -authfs_fuse -encryptedstore_file }:dir_file_class_set
{ create relabelfrom relabelto append link rename };
-neverallow domain { contextmount_type -authfs_fuse }:dir_file_class_set { write unlink };
-
-# Do not allow service_manager add for default service labels.
-# Instead domains should use a more specific type such as
-# system_app_service rather than the generic type.
-# New service_types are defined in {,hw,vnd}service.te and new mappings
-# from service name to service_type are defined in {,hw,vnd}service_contexts.
-neverallow * default_android_service:service_manager *;
+neverallow domain { contextmount_type -authfs_fuse -encryptedstore_file }:dir_file_class_set { write unlink };
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
neverallow { domain -init } build_prop:property_service set;
-# Only (hw|vnd|)servicemanager should be able to register with binder as the context manager
-# The service managers are only allowed to access their own device node
-neverallow servicemanager hwbinder_device:chr_file no_rw_file_perms;
-neverallow servicemanager vndbinder_device:chr_file no_rw_file_perms;
-
-# system services cant add vendor services
-neverallow {
- coredomain
-} vendor_service:service_manager add;
-
# Never allow anyone to connect or write to
# the tombstoned intercept socket.
neverallow { domain } tombstoned_intercept_socket:sock_file write;
@@ -450,11 +419,6 @@
# Feature parity with Chromium LSM.
neverallow * { file_type fs_type dev_type }:{ lnk_file fifo_file sock_file } mounton;
-# Nobody should be able to execute su on user builds.
-# On userdebug/eng builds, only shell, and
-# su itself execute su.
-neverallow { domain userdebug_or_eng(`-shell -su') } su_exec:file no_x_file_perms;
-
neverallow { domain -init } proc:{ file dir } mounton;
# Ensure that all types assigned to processes are included
@@ -478,7 +442,6 @@
-init
-vendor_init
-toolbox # TODO(b/141108496) We want to remove toolbox
- with_asan(`-asan_extract')
} system_data_file:file no_w_file_perms;
#
@@ -519,15 +482,6 @@
-shell
} shell_data_file:dir { open search };
-# servicemanager is the only process which handles the
-# service_manager list request
-neverallow * ~{
- servicemanager
- }:service_manager list;
-
-# only service_manager_types can be added to service_manager
-# TODO - rework this: neverallow * ~service_manager_type:service_manager { add find };
-
# Prevent assigning non property types to properties
# TODO - rework this: neverallow * ~property_type:property_service set;
@@ -596,3 +550,6 @@
# These domains must not be crash dumped
neverallow no_crash_dump_domain crash_dump_exec:file no_x_file_perms;
neverallow no_crash_dump_domain crash_dump:process { transition dyntransition };
+
+# Ensure that no one can execute from encrypted storage, which is a writable partition in VM.
+neverallow domain encryptedstore_file:file no_x_file_perms;
diff --git a/microdroid/system/private/encryptedstore.te b/microdroid/system/private/encryptedstore.te
new file mode 100644
index 0000000..5fa2e3a
--- /dev/null
+++ b/microdroid/system/private/encryptedstore.te
@@ -0,0 +1,48 @@
+# encryptedstore is a program that provides (encrypted) storage solution in a VM based on dm-crypt
+
+type encryptedstore, domain, coredomain;
+type encryptedstore_exec, exec_type, file_type, system_file_type;
+
+# encryptedstore is using bootstrap bionic
+use_bootstrap_libs(encryptedstore)
+
+# encryptedstore require access to block device directory to map dm-crypt
+r_dir_file(encryptedstore, block_device)
+
+# encryptedstore accesses /dev/vd* block device file.
+allow encryptedstore vd_device:blk_file rw_file_perms;
+
+# allow encryptedstore to create dm-crypt devices
+allow encryptedstore dm_device:{ chr_file blk_file } rw_file_perms;
+
+# sys_admin is required to access the device-mapper and mount
+allow encryptedstore self:global_capability_class_set sys_admin;
+
+# encryptedstore is forked from microdroid_manager
+allow encryptedstore microdroid_manager:fd use;
+
+# For formatting encrypted storage device
+allow encryptedstore e2fs_exec:file { rx_file_perms };
+allowxperm encryptedstore dm_device:blk_file ioctl {
+ BLKPBSZGET BLKDISCARDZEROES BLKROGET BLKDISCARD
+};
+
+# access /sys/fs/ext4/features - required because encryptedstore runs mkfs.ext4 in its own domain
+allow encryptedstore sysfs_fs_ext4_features:dir search;
+allow encryptedstore sysfs_fs_ext4_features:file r_file_perms;
+
+# encryptedstore to mount on tmpfs bases directory (/mnt/)
+allow encryptedstore tmpfs:dir { add_name create mounton write };
+
+# encryptedstore relabels the labeledfs to encryptedstore_fs, then mounts on the later
+allow encryptedstore labeledfs:filesystem { relabelfrom };
+allow encryptedstore encryptedstore_fs:filesystem { mount unmount relabelto relabelfrom };
+
+# allow encryptedstore to log to the kernel
+allow encryptedstore kmsg_device:chr_file w_file_perms;
+
+# Allow encryptedstore to write kmsg_debug (stdio_to_kmsg).
+allow encryptedstore kmsg_debug_device:chr_file w_file_perms;
+
+# Only microdroid_manager can run encryptedstore
+neverallow { domain -microdroid_manager } encryptedstore:process { transition dyntransition };
diff --git a/microdroid/system/private/file.te b/microdroid/system/private/file.te
index d15f9ba..6f037a3 100644
--- a/microdroid/system/private/file.te
+++ b/microdroid/system/private/file.te
@@ -4,6 +4,7 @@
allow cgroup_rc_file tmpfs:filesystem associate;
allow debugfs_type { debugfs debugfs_tracing debugfs_tracing_debug }:filesystem associate;
allow dev_type tmpfs:filesystem associate;
+allow encryptedstore_file encryptedstore_fs:filesystem associate;
allow extra_apk_file zipfusefs:filesystem associate;
allow file_type labeledfs:filesystem associate;
allow file_type tmpfs:filesystem associate;
@@ -17,3 +18,12 @@
# /dev/selinux/test - used to verify that apex sepolicy is loaded and
# property labeled.
type sepolicy_test_file, file_type;
+
+# /system/bin/mke2fs - used to format encryptedstore block device
+type e2fs_exec, system_file_type, exec_type, file_type;
+
+type encryptedstore_file, file_type;
+type encryptedstore_fs, fs_type, contextmount_type;
+
+# Filesystem entry for for PRNG seeder socket.
+type prng_seeder_socket, file_type, coredomain_socket;
diff --git a/microdroid/system/private/file_contexts b/microdroid/system/private/file_contexts
index 83eceb0..8d9ad85 100644
--- a/microdroid/system/private/file_contexts
+++ b/microdroid/system/private/file_contexts
@@ -34,7 +34,6 @@
/dev(/.*)? u:object_r:device:s0
/dev/ashmem u:object_r:ashmem_device:s0
/dev/ashmem(.*)? u:object_r:ashmem_libcutils_device:s0
-/dev/binder u:object_r:binder_device:s0
/dev/block(/.*)? u:object_r:block_device:s0
/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
/dev/block/loop[0-9]* u:object_r:loop_device:s0
@@ -53,9 +52,8 @@
/dev/fuse u:object_r:fuse_device:s0
/dev/hvc0 u:object_r:serial_device:s0
/dev/hvc1 u:object_r:serial_device:s0
-/dev/hvc2 u:object_r:serial_device:s0
+/dev/hvc2 u:object_r:log_device:s0
/dev/hw_random u:object_r:hw_random_device:s0
-/dev/hwbinder u:object_r:hwbinder_device:s0
/dev/loop-control u:object_r:loop_control_device:s0
/dev/ppp u:object_r:ppp_device:s0
/dev/ptmx u:object_r:ptmx_device:s0
@@ -68,14 +66,14 @@
/dev/rtc[0-9] u:object_r:rtc_device:s0
/dev/socket(/.*)? u:object_r:socket_device:s0
/dev/socket/adbd u:object_r:adbd_socket:s0
-/dev/socket/logd u:object_r:logd_socket:s0
-/dev/socket/logdr u:object_r:logdr_socket:s0
-/dev/socket/logdw u:object_r:logdw_socket:s0
+/dev/socket/prng_seeder u:object_r:prng_seeder_socket:s0
/dev/socket/property_service u:object_r:property_socket:s0
/dev/socket/statsdw u:object_r:statsdw_socket:s0
/dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
/dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
/dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0
+/dev/socket/authfs_service u:object_r:authfs_service_socket:s0
+/dev/socket/vm_payload_service u:object_r:vm_payload_service_socket:s0
/dev/sys/block/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
/dev/sys/fs/by-name/userdata(/.*)? u:object_r:userdata_sysdev:s0
/dev/tty u:object_r:owntty_device:s0
@@ -87,7 +85,6 @@
/dev/uio[0-9]* u:object_r:uio_device:s0
/dev/urandom u:object_r:random_device:s0
/dev/vhost-vsock u:object_r:kvm_device:s0
-/dev/vndbinder u:object_r:vndbinder_device:s0
/dev/vsock u:object_r:vsock_device:s0
/dev/zero u:object_r:zero_device:s0
/dev/__properties__ u:object_r:properties_device:s0
@@ -108,13 +105,11 @@
/system/bin/linkerconfig u:object_r:linkerconfig_exec:s0
/system/bin/bootstrap/linker(64)? u:object_r:system_linker_exec:s0
/system/bin/bootstrap/linkerconfig u:object_r:linkerconfig_exec:s0
-/system/bin/diced.microdroid u:object_r:diced_exec:s0
-/system/bin/servicemanager.microdroid u:object_r:servicemanager_exec:s0
/system/bin/init u:object_r:init_exec:s0
/system/bin/logcat -- u:object_r:logcat_exec:s0
/system/bin/logd u:object_r:logd_exec:s0
/system/bin/sh -- u:object_r:shell_exec:s0
-/system/bin/tombstoned u:object_r:tombstoned_exec:s0
+/system/bin/tombstoned.microdroid u:object_r:tombstoned_exec:s0
/system/bin/toolbox -- u:object_r:toolbox_exec:s0
/system/bin/toybox -- u:object_r:toolbox_exec:s0
/system/bin/zipfuse u:object_r:zipfuse_exec:s0
@@ -123,6 +118,10 @@
/system/bin/apkdmverity u:object_r:apkdmverity_exec:s0
/system/bin/authfs u:object_r:authfs_exec:s0
/system/bin/authfs_service u:object_r:authfs_service_exec:s0
+/system/bin/encryptedstore u:object_r:encryptedstore_exec:s0
+/system/bin/mke2fs u:object_r:e2fs_exec:s0
+/system/bin/kexec_load u:object_r:kexec_exec:s0
+/system/bin/prng_seeder u:object_r:prng_seeder_exec:s0
/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
/system/etc/task_profiles/cgroups_[0-9]+\.json u:object_r:cgroup_desc_api_file:s0
/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
@@ -170,3 +169,7 @@
#############################
# Directory for extra apks
/mnt/extra-apk u:object_r:extra_apk_file:s0
+
+#############################
+# Directory for encrypted storage (persistent across boot)
+/mnt/encryptedstore u:object_r:encryptedstore_file:s0
diff --git a/microdroid/system/private/genfs_contexts b/microdroid/system/private/genfs_contexts
index 254dbe8..ce28471 100644
--- a/microdroid/system/private/genfs_contexts
+++ b/microdroid/system/private/genfs_contexts
@@ -42,7 +42,6 @@
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
-genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
@@ -357,15 +356,8 @@
genfscon securityfs / u:object_r:securityfs:s0
-genfscon binder /binder u:object_r:binder_device:s0
-genfscon binder /hwbinder u:object_r:hwbinder_device:s0
-genfscon binder /vndbinder u:object_r:vndbinder_device:s0
-genfscon binder /binder_logs u:object_r:binderfs_logs:s0
-genfscon binder /binder_logs/proc u:object_r:binderfs_logs_proc:s0
-
genfscon inotifyfs / u:object_r:inotify:s0
genfscon vfat / u:object_r:vfat:s0
-genfscon binder / u:object_r:binderfs:s0
genfscon exfat / u:object_r:exfat:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:fuse:s0
diff --git a/microdroid/system/private/init.te b/microdroid/system/private/init.te
index 708d537..5ad30e5 100644
--- a/microdroid/system/private/init.te
+++ b/microdroid/system/private/init.te
@@ -230,11 +230,9 @@
allow init { fs_type -contextmount_type -fusefs_type -rootfs }:dir { open read setattr search };
allow init {
- binder_device
console_device
devpts
dm_device
- hwbinder_device
kmsg_device
null_device
owntty_device
@@ -435,3 +433,8 @@
allow init fuse:dir { search getattr };
set_prop(init, property_type)
+
+allow init self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_relay };
+
+# PRNG seeder daemon socket is created and listened on by init before forking.
+allow init prng_seeder:unix_stream_socket { create bind listen };
diff --git a/microdroid/system/private/kexec.te b/microdroid/system/private/kexec.te
new file mode 100644
index 0000000..8d40986
--- /dev/null
+++ b/microdroid/system/private/kexec.te
@@ -0,0 +1,15 @@
+# kexec loads a crashdump kernel into memory using the kexec_file_load syscall.
+type kexec, domain, coredomain;
+type kexec_exec, exec_type, file_type, system_file_type;
+
+# allow kexec to write into /dev/kmsg for logging
+allow kexec kmsg_device:chr_file w_file_perms;
+
+# kexec is launched by microdroid_manager with fork/execvp.
+allow kexec microdroid_manager:fd use;
+
+# allow kexec to have SYS_BOOT
+allow kexec self:capability sys_boot;
+
+# allow kexec to write kmsg_debug
+allow kexec kmsg_debug_device:chr_file w_file_perms;
diff --git a/microdroid/system/private/logcat.te b/microdroid/system/private/logcat.te
deleted file mode 100644
index a26cff3..0000000
--- a/microdroid/system/private/logcat.te
+++ /dev/null
@@ -1,19 +0,0 @@
-# logcat in Microdroid runs as a daemon process. It reads logs from logd and
-# emits the logs to the virtual serial console.
-typeattribute logcat coredomain;
-
-# logcat can be executed from init
-init_daemon_domain(logcat)
-
-# logcat can append to the virtual console devices
-allow logcat device:dir r_dir_perms;
-allow logcat serial_device:chr_file ra_file_perms;
-
-# logcat can get logs from logd
-read_logd(logcat)
-
-# Allow logcat to read ro.logd.ready so that it waits until logd is ready to
-# accept commands
-get_prop(logcat, logd_prop)
-
-allow logcat self:global_capability_class_set { sys_nice };
diff --git a/microdroid/system/private/logd.te b/microdroid/system/private/logd.te
deleted file mode 100644
index 46cdb7d..0000000
--- a/microdroid/system/private/logd.te
+++ /dev/null
@@ -1,44 +0,0 @@
-typeattribute logd coredomain;
-
-init_daemon_domain(logd)
-
-allow logd adbd:dir search;
-allow logd adbd:file { getattr open read };
-allow logd device:dir search;
-allow logd init:dir search;
-allow logd init:fd use;
-allow logd init:file { getattr open read };
-allow logd kernel:dir search;
-allow logd kernel:file { getattr open read };
-allow logd kernel:system { syslog_mod syslog_read };
-allow logd linkerconfig_file:dir search;
-allow logd microdroid_manager:dir search;
-allow logd microdroid_manager:file { getattr open read };
-allow logd null_device:chr_file { open read };
-#allow logd proc_kmsg:file read;
-r_dir_file(logd, cgroup)
-r_dir_file(logd, cgroup_v2)
-r_dir_file(logd, proc_kmsg)
-r_dir_file(logd, proc_meminfo)
-allow logd self:fifo_file { read write };
-allow logd self:file { getattr open read };
-allow logd self:global_capability_class_set { setuid setgid setpcap sys_nice audit_control };
-allow logd self:global_capability2_class_set syslog;
-#allow logd self:netlink_audit_socket getopt;
-allow logd self:netlink_audit_socket { create_socket_perms_no_ioctl nlmsg_write };
-allow logd kmsg_device:chr_file { getattr w_file_perms };
-r_dir_file(logd, domain)
-allow logd self:unix_stream_socket { accept getopt setopt shutdown };
-allow logd servicemanager:dir search;
-allow logd servicemanager:file { open read };
-allow logd tombstoned:dir search;
-allow logd tombstoned:file { getattr open read };
-allow logd ueventd:dir search;
-allow logd ueventd:file { getattr open read };
-control_logd(logd)
-read_runtime_log_tags(logd)
-
-# Logd sets defaults if certain properties are empty.
-set_prop(logd, logd_prop)
-
-dontaudit domain runtime_event_log_tags_file:file { map open read };
diff --git a/microdroid/system/private/microdroid_app.te b/microdroid/system/private/microdroid_app.te
index de58326..d26154a 100644
--- a/microdroid/system/private/microdroid_app.te
+++ b/microdroid/system/private/microdroid_app.te
@@ -8,10 +8,3 @@
type microdroid_app, domain, coredomain, microdroid_payload;
type microdroid_app_exec, exec_type, file_type, system_file_type;
-
-# Talk to binder services (for diced)
-binder_use(microdroid_app);
-
-allow microdroid_app dice_node_service:service_manager find;
-binder_call(microdroid_app, diced);
-allow microdroid_app diced:diced { get_attestation_chain derive };
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 21731cc..51372ad 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -6,6 +6,9 @@
# allow domain transition from init
init_daemon_domain(microdroid_manager)
+# Allow microdroid_manager to set boot status
+set_prop(microdroid_manager, boot_status_prop)
+
# microdroid_manager accesses a virtual disk block device to read VM payload
# It needs write access as it updates the instance image
allow microdroid_manager block_device:dir r_dir_perms;
@@ -17,11 +20,20 @@
# microdroid_manager can query AVF flags in the device tree
allow microdroid_manager sysfs_dt_avf:file r_file_perms;
+# Read config from the open-dice driver.
+allow microdroid_manager open_dice_device:chr_file rw_file_perms;
+
+# Block crash dumps to ensure the DICE secrets are not leaked.
+typeattribute microdroid_manager no_crash_dump_domain;
+
# Allow microdroid_manager to do blkflsbuf on instance disk image. The ioctl
# requires sys_admin cap as well.
allowxperm microdroid_manager vd_device:blk_file ioctl BLKFLSBUF;
allow microdroid_manager self:global_capability_class_set sys_admin;
+# Allow microdroid_manager to remove capabilities from it's capability bounding set.
+allow microdroid_manager self:global_capability_class_set setpcap;
+
# Allow microdroid_manager to start payload tasks
domain_auto_trans(microdroid_manager, microdroid_app_exec, microdroid_app)
domain_auto_trans(microdroid_manager, compos_exec, compos)
@@ -30,45 +42,58 @@
domain_auto_trans(microdroid_manager, apkdmverity_exec, apkdmverity)
domain_auto_trans(microdroid_manager, zipfuse_exec, zipfuse)
+# Allow microdroid_manager to start encryptedstore binary
+domain_auto_trans(microdroid_manager, encryptedstore_exec, encryptedstore)
+
+# Microdroid Manager needs read related permission for syncing encrypted storage fs
+allow microdroid_manager encryptedstore_file:dir r_dir_perms;
+
+# Allow microdroid_manager to run kexec to load crashkernel
+domain_auto_trans(microdroid_manager, kexec_exec, kexec)
+
# Let microdroid_manager kernel-log.
allow microdroid_manager kmsg_device:chr_file w_file_perms;
-# Let microdroid_manager read a config file from /mnt/apk (fusefs)
-# TODO(b/188400186) remove the below rule
-userdebug_or_eng(`
- r_dir_file(microdroid_manager, fuse)
-')
-
# Let microdroid_manager to create a vsock connection back to the host VM
allow microdroid_manager self:vsock_socket { create_socket_perms_no_ioctl };
+# Allow microdroid_manager to read the CID of the VM.
+allow microdroid_manager vsock_device:chr_file { ioctl open read };
+
# microdroid_manager is using bootstrap bionic
use_bootstrap_libs(microdroid_manager)
-# microdroid_manager can talk to diced over binder
-binder_use(microdroid_manager)
-binder_call(microdroid_manager, diced)
-allow microdroid_manager { dice_node_service dice_maintenance_service }:service_manager find;
-allow microdroid_manager diced:diced { derive demote_self };
-
# microdroid_manager create /apex/vm-payload-metadata for apexd
# TODO(b/199371341) create a new label for the file so that only microdroid_manager can create it.
allow microdroid_manager apex_mnt_dir:dir w_dir_perms;
allow microdroid_manager apex_mnt_dir:file create_file_perms;
-# Allow microdroid_manager to start the services apexd-vm, apkdmverity,tombstone_transmit & zipfuse
+# Allow microdroid_manager to start various services
set_prop(microdroid_manager, ctl_apexd_vm_prop)
set_prop(microdroid_manager, ctl_apkdmverity_prop)
+set_prop(microdroid_manager, ctl_authfs_prop)
set_prop(microdroid_manager, ctl_seriallogging_prop)
set_prop(microdroid_manager, ctl_tombstone_transmit_prop)
set_prop(microdroid_manager, ctl_zipfuse_prop)
+# Allow microdroid_manager to stop tombstoned
+set_prop(microdroid_manager, ctl_tombstoned_prop)
+
# Allow microdroid_manager to wait for linkerconfig to be ready
get_prop(microdroid_manager, apex_config_prop)
+# Allow microdroid_manager to wait for zipfuse to be ready
+get_prop(microdroid_manager, microdroid_manager_zipfuse_prop)
+
# Allow microdroid_manager to pass the roothash to apkdmverity
set_prop(microdroid_manager, microdroid_manager_roothash_prop)
+# Allow microdroid_manager to set sysprops calculated from the payload config
+set_prop(microdroid_manager, microdroid_config_prop)
+
+# Allow microdroid_manager to set sysprops related to microdroid_lifecycle (ex. init_done)
+set_prop(microdroid_manager, microdroid_lifecycle_prop)
+
# Allow microdroid_manager to shutdown the device when verification fails
set_prop(microdroid_manager, powerctl_prop)
@@ -76,11 +101,47 @@
# that is different from what is recorded in the instance.img file.
allow microdroid_manager proc_bootconfig:file r_file_perms;
+# microdroid_manager needs to read /proc/cmdline to see if crashkernel= parameter is set
+# or not; if set, it executes kexec to load the crashkernel into memory.
+allow microdroid_manager proc_cmdline:file r_file_perms;
+
+# microdroid_manager needs to read /proc/stat and /proc_meminfo to collect CPU & memory usage
+# for creating atoms used in AVF telemetry metrics
+allow microdroid_manager proc_meminfo:file r_file_perms;
+allow microdroid_manager proc_stat:file r_file_perms;
+
+# Allow microdroid_manager to set up zram-backed swap:
+# - Read & Write zram properties in sysfs to set/get zram disksize
+# - Read & Write to zram block device needed for mkswap and swapon
+allow microdroid_manager sysfs_zram:dir { search };
+allow microdroid_manager sysfs_zram:file rw_file_perms;
+allow microdroid_manager ram_device:blk_file rw_file_perms;
+
+# Allow microdroid_manager to read/write failure serial device
+allow microdroid_manager serial_device:chr_file w_file_perms;
+
# Allow microdroid_manager to handle extra_apks
allow microdroid_manager extra_apk_file:dir create_dir_perms;
+# Allow microdroid_manager to write kmsg_debug (stdio_to_kmsg).
+allow microdroid_manager kmsg_debug_device:chr_file w_file_perms;
+
+# Read tombstone_transmit_status_prop to wait for initialization of tombstone_transmit
+get_prop(microdroid_manager, tombstone_transmit_status_prop)
+
# Domains other than microdroid can't write extra_apks
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:file no_w_file_perms;
neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:dir no_w_dir_perms;
+# Only microdroid_payload and a few other critical binaries can be run by microdroid_manager,
+# in their own domains.
neverallow microdroid_manager { file_type fs_type }:file execute_no_trans;
+neverallow microdroid_manager {
+ domain
+ -crash_dump
+ -microdroid_payload
+ -apkdmverity
+ -encryptedstore
+ -zipfuse
+ -kexec
+}:process transition;
diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te
index fea0768..c1974c7 100644
--- a/microdroid/system/private/microdroid_payload.te
+++ b/microdroid/system/private/microdroid_payload.te
@@ -27,11 +27,38 @@
# Write to /dev/kmsg.
allow microdroid_payload kmsg_device:chr_file rw_file_perms;
-# Only microdroid_payload and apk verity binaries can be run by microdroid_manager
-neverallow microdroid_manager { domain -crash_dump -microdroid_payload -apkdmverity -zipfuse }:process transition;
-
-# Allow microdroid_payload to open binder servers via vsock.
-allow microdroid_payload self:vsock_socket { create_socket_perms_no_ioctl listen accept };
+# Allow microdroid_payload to host binder servers via vsock. Listening
+# for connections from the host is permitted, but connecting out to
+# the host is not. Inbound connections are mediated by
+# virtualiationservice which ensures a process can only connect to a
+# VM that it owns.
+allow microdroid_payload self:vsock_socket {
+ create listen accept read getattr write setattr lock append bind
+ getopt setopt shutdown map
+};
# Payload can read extra apks
r_dir_file(microdroid_payload, extra_apk_file)
+
+# Payload can read /proc/meminfo.
+allow microdroid_payload proc_meminfo:file r_file_perms;
+
+# Allow payload to communicate with authfs_service
+unix_socket_connect(microdroid_payload, authfs_service, authfs_service)
+
+# Allow locating the authfs mount directory.
+allow microdroid_payload authfs_data_file:dir search;
+
+# Read and write files authfs-proxied files.
+allow microdroid_payload authfs_fuse:dir rw_dir_perms;
+allow microdroid_payload authfs_fuse:file create_file_perms;
+
+# Allow payload to communicate with microdroid manager
+unix_socket_connect(microdroid_payload, vm_payload_service, microdroid_manager)
+
+# Payload can read, write into encrypted storage directory
+allow microdroid_payload encryptedstore_file:dir create_dir_perms;
+allow microdroid_payload encryptedstore_file:file create_file_perms;
+
+# Never allow microdroid_payload to connect to vsock
+neverallow microdroid_payload self:vsock_socket connect;
diff --git a/microdroid/system/private/net.te b/microdroid/system/private/net.te
index 1b2fd41..8e783cb 100644
--- a/microdroid/system/private/net.te
+++ b/microdroid/system/private/net.te
@@ -2,15 +2,3 @@
type node, node_type;
type netif, netif_type;
type port, port_type;
-
-###
-### Domain with network access
-###
-
-allow netdomain self:tcp_socket create_stream_socket_perms;
-allow netdomain self:{ icmp_socket udp_socket rawip_socket } create_socket_perms;
-
-allow netdomain port_type:tcp_socket name_connect;
-allow netdomain node_type:{ icmp_socket rawip_socket tcp_socket udp_socket } node_bind;
-allow netdomain port_type:udp_socket name_bind;
-allow netdomain port_type:tcp_socket name_bind;
diff --git a/microdroid/system/private/prng_seeder.te b/microdroid/system/private/prng_seeder.te
new file mode 100644
index 0000000..ab4e275
--- /dev/null
+++ b/microdroid/system/private/prng_seeder.te
@@ -0,0 +1,17 @@
+# PRNG seeder daemon
+# Started from early init, maintains a FIPS approved DRBG which it periodically reseeds from
+# /dev/hw_random. When BoringSSL (libcrypto) in other processes needs seeding data for its
+# internal DRBGs it will connect to /dev/socket/prng_seeder and the daemon will write a
+# fixed size block of entropy then disconnect. No other IO is performed.
+type prng_seeder, domain, coredomain;
+
+type prng_seeder_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(prng_seeder)
+
+# prng_seeder is using bootstrap bionic
+use_bootstrap_libs(prng_seeder)
+
+# Socket open and listen are performed by init.
+allow prng_seeder prng_seeder:unix_stream_socket { read write getattr accept };
+allow prng_seeder hw_random_device:chr_file { read open };
+allow prng_seeder kmsg_debug_device:chr_file { w_file_perms getattr ioctl };
diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index 6e795dc..1bbe2a9 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te
@@ -1,3 +1,8 @@
+system_internal_prop(ctl_tombstoned_prop)
+system_restricted_prop(tombstone_transmit_status_prop)
+
+system_restricted_prop(boot_status_prop)
+
# Declare ART properties for CompOS
system_public_prop(dalvik_config_prop)
system_restricted_prop(device_config_runtime_native_prop)
@@ -35,3 +40,16 @@
domain
-init
} apexd_payload_metadata_prop:property_service set;
+
+# Only microdroid_manager and init can set the microdroid_config_prop sysprops
+neverallow {
+ domain
+ -init
+ -microdroid_manager
+} {microdroid_config_prop microdroid_lifecycle_prop}:property_service set;
+
+neverallow {
+ domain
+ -init
+ -microdroid_manager
+} {microdroid_config_prop microdroid_lifecycle_prop}:file no_rw_file_perms;
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index 6f65eff..235ab14 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -1,7 +1,6 @@
# property contexts for microdroid
-# microdroid only uses much fewer properties than normal Android, so every property is listed as
-# an exact entry. The only wildcards are "debug.*", "init.svc_debug_pid.*", "ctl.*", and
-# process-dependent properties like "arm64.memtag.*" and "log.tag.*".
+# microdroid uses far fewer properties than normal Android, so almost
+# every property is listed as an exact entry.
debug. u:object_r:debug_prop:s0 prefix
persist.debug. u:object_r:debug_prop:s0 prefix
@@ -23,8 +22,11 @@
ctl.stop$apexd u:object_r:ctl_apexd_prop:s0
+ctl.stop$tombstoned u:object_r:ctl_tombstoned_prop:s0
+
ctl.start$apexd-vm u:object_r:ctl_apexd_vm_prop:s0
ctl.start$apkdmverity u:object_r:ctl_apkdmverity_prop:s0
+ctl.start$authfs_service u:object_r:ctl_authfs_prop:s0
ctl.start$seriallogging u:object_r:ctl_seriallogging_prop:s0
ctl.start$tombstone_transmit u:object_r:ctl_tombstone_transmit_prop:s0
ctl.start$zipfuse u:object_r:ctl_zipfuse_prop:s0
@@ -38,8 +40,7 @@
service.adb.root u:object_r:shell_prop:s0 exact bool
-ro.logd.kernel u:object_r:logd_prop:s0 exact bool
-logd.ready u:object_r:logd_prop:s0 exact bool
+dev.bootcomplete u:object_r:boot_status_prop:s0 exact bool
ro.config.low_ram u:object_r:build_prop:s0 exact bool
@@ -52,10 +53,7 @@
ro.boottime.init.first_stage u:object_r:boottime_prop:s0 exact int
ro.boottime.init.modules u:object_r:boottime_prop:s0 exact int
ro.boottime.init.selinux u:object_r:boottime_prop:s0 exact int
-ro.boottime.logd u:object_r:boottime_prop:s0 exact int
-ro.boottime.logd-reinit u:object_r:boottime_prop:s0 exact int
ro.boottime.microdroid_manager u:object_r:boottime_prop:s0 exact int
-ro.boottime.servicemanager u:object_r:boottime_prop:s0 exact int
ro.boottime.tombstoned u:object_r:boottime_prop:s0 exact int
ro.boottime.ueventd u:object_r:boottime_prop:s0 exact int
ro.boottime.zipfuse u:object_r:boottime_prop:s0 exact int
@@ -73,10 +71,7 @@
init.svc.apexd-vm u:object_r:init_service_status_private_prop:s0 exact string
init.svc.apkdmverity u:object_r:init_service_status_private_prop:s0 exact string
init.svc.authfs_service u:object_r:init_service_status_private_prop:s0 exact string
-init.svc.logd u:object_r:init_service_status_private_prop:s0 exact string
-init.svc.logd-reinit u:object_r:init_service_status_private_prop:s0 exact string
init.svc.microdroid_manager u:object_r:init_service_status_private_prop:s0 exact string
-init.svc.servicemanager u:object_r:init_service_status_private_prop:s0 exact string
init.svc.ueventd u:object_r:init_service_status_private_prop:s0 exact string
init.svc.zipfuse u:object_r:init_service_status_private_prop:s0 exact string
@@ -89,8 +84,6 @@
ro.boot.first_stage_console u:object_r:bootloader_prop:s0 exact string
ro.boot.force_normal_boot u:object_r:bootloader_prop:s0 exact string
ro.boot.hardware u:object_r:bootloader_prop:s0 exact string
-ro.boot.logd.enabled u:object_r:bootloader_prop:s0 exact bool
-ro.boot.microdroid.app_debuggable u:object_r:bootloader_prop:s0 exact bool
ro.boot.microdroid.debuggable u:object_r:bootloader_prop:s0 exact bool
ro.boot.slot_suffix u:object_r:bootloader_prop:s0 exact string
ro.boot.tombstone_transmit.enabled u:object_r:bootloader_prop:s0 exact bool
@@ -114,6 +107,7 @@
ro.build.version.release u:object_r:build_prop:s0 exact string
ro.build.version.sdk u:object_r:build_prop:s0 exact int
ro.build.version.security_patch u:object_r:build_prop:s0 exact string
+ro.build.version.known_codenames u:object_r:build_prop:s0 exact string
ro.debuggable u:object_r:build_prop:s0 exact bool
ro.product.cpu.abilist u:object_r:build_prop:s0 exact string
ro.adb.secure u:object_r:build_prop:s0 exact bool
@@ -123,6 +117,13 @@
apex_config.done u:object_r:apex_config_prop:s0 exact bool
microdroid_manager.apk_root_hash u:object_r:microdroid_manager_roothash_prop:s0 exact string
+microdroid_manager.apk.mounted u:object_r:microdroid_manager_zipfuse_prop:s0 exact bool
+microdroid_manager.extra_apk.mounted. u:object_r:microdroid_manager_zipfuse_prop:s0 prefix bool
+
+microdroid_manager.authfs.enabled u:object_r:microdroid_config_prop:s0 exact bool
+
+microdroid_manager.config_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
+microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
dev.mnt.blk.root u:object_r:dev_mnt_prop:s0 exact string
dev.mnt.blk.vendor u:object_r:dev_mnt_prop:s0 exact string
@@ -136,6 +137,8 @@
persist.adb.wifi.guid u:object_r:adbd_prop:s0 exact string
+ro.log.file_logger.path u:object_r:log_prop:s0 exact string
+
log.tag u:object_r:log_tag_prop:s0 prefix
persist.log.tag u:object_r:log_tag_prop:s0 prefix
@@ -158,3 +161,9 @@
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0 prefix
apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string
+
+tombstone_transmit.init_done u:object_r:tombstone_transmit_status_prop:s0 exact bool
+
+# tombstone_transmit.start starts tombstone_transmit after creating a directory
+# assigning the same label as ctl.start$tombstone_transmit
+tombstone_transmit.start u:object_r:ctl_tombstone_transmit_prop:s0 exact bool
diff --git a/microdroid/system/private/service_contexts b/microdroid/system/private/service_contexts
deleted file mode 100644
index 9a27306..0000000
--- a/microdroid/system/private/service_contexts
+++ /dev/null
@@ -1,9 +0,0 @@
-android.hardware.security.dice.IDiceDevice/default u:object_r:hal_dice_service:s0
-
-adb u:object_r:adb_service:s0
-android.security.dice.IDiceMaintenance u:object_r:dice_maintenance_service:s0
-android.security.dice.IDiceNode u:object_r:dice_node_service:s0
-apexservice u:object_r:apex_service:s0
-authfs_service u:object_r:authfs_binder_service:s0
-manager u:object_r:service_manager_service:s0
-* u:object_r:default_android_service:s0
diff --git a/microdroid/system/private/servicemanager.te b/microdroid/system/private/servicemanager.te
deleted file mode 100644
index d51c827..0000000
--- a/microdroid/system/private/servicemanager.te
+++ /dev/null
@@ -1,29 +0,0 @@
-typeattribute servicemanager coredomain;
-
-init_daemon_domain(servicemanager)
-
-selinux_check_access(servicemanager)
-
-# Note that we do not use the binder_* macros here.
-# servicemanager is unique in that it only provides
-# name service (aka context manager) for Binder.
-# As such, it only ever receives and transfers other references
-# created by other domains. It never passes its own references
-# or initiates a Binder IPC.
-allow servicemanager self:binder set_context_mgr;
-allow servicemanager {
- domain
- -init
- -vendor_init
-}:binder transfer;
-
-allow servicemanager service_contexts_file:file r_file_perms;
-
-allow servicemanager vendor_service_contexts_file:file r_file_perms;
-
-add_service(servicemanager, service_manager_service)
-
-set_prop(servicemanager, ctl_interface_start_prop)
-
-# servicemanager is using bootstrap bionic
-use_bootstrap_libs(servicemanager)
diff --git a/microdroid/system/private/shell.te b/microdroid/system/private/shell.te
index c93b488..d6c3c0d 100644
--- a/microdroid/system/private/shell.te
+++ b/microdroid/system/private/shell.te
@@ -35,6 +35,7 @@
dontaudit shell sysfs:dir r_dir_perms;
# Test tool tries to read various service status properties.
+get_prop(shell, boot_status_prop)
get_prop(shell, init_service_status_prop)
get_prop(shell, init_service_status_private_prop)
diff --git a/microdroid/system/private/su.te b/microdroid/system/private/su.te
index 1196262..533b328 100644
--- a/microdroid/system/private/su.te
+++ b/microdroid/system/private/su.te
@@ -1,9 +1,4 @@
-userdebug_or_eng(`
- typeattribute su coredomain;
+typeattribute su coredomain;
- domain_auto_trans(shell, su_exec, su)
-
- # su is also permissive to permit setenforce.
- permissive su;
-
-')
+# su is also permissive to permit setenforce.
+permissive su;
diff --git a/microdroid/system/private/tombstone_transmit.te b/microdroid/system/private/tombstone_transmit.te
index 588ebff..4f2b5ab 100644
--- a/microdroid/system/private/tombstone_transmit.te
+++ b/microdroid/system/private/tombstone_transmit.te
@@ -3,6 +3,14 @@
init_daemon_domain(tombstone_transmit)
-r_dir_file(tombstone_transmit, tombstone_data_file)
+# permission required to read the file & remove it from directory
+allow tombstone_transmit tombstone_data_file:dir { r_dir_perms write remove_name };
+allow tombstone_transmit tombstone_data_file:file { r_file_perms unlink };
allow tombstone_transmit self:{ vsock_socket } create_socket_perms_no_ioctl;
+
+# allow tombstone_transmit to notify its initialization
+set_prop(tombstone_transmit, tombstone_transmit_status_prop)
+
+# Only tombstone_transmit can set its status
+neverallow { domain -init -tombstone_transmit } tombstone_transmit_status_prop:property_service set;
diff --git a/microdroid/system/private/zipfuse.te b/microdroid/system/private/zipfuse.te
index 6652e27..0cb6daf 100644
--- a/microdroid/system/private/zipfuse.te
+++ b/microdroid/system/private/zipfuse.te
@@ -36,6 +36,9 @@
# allow zipfuse to log to the kernel
allow zipfuse kmsg_device:chr_file w_file_perms;
+# allow zipfuse to write kmsg_debug (stdio_to_kmsg) inherited from microdroid_manager.
+allow zipfuse kmsg_debug_device:chr_file w_file_perms;
+
# allow zipfuse to handle extra apks
r_dir_file(zipfuse, extra_apk_file)
allow zipfuse extra_apk_file:dir mounton;
@@ -43,6 +46,9 @@
# zipfuse is forked from microdroid_manager
allow zipfuse microdroid_manager:fd use;
+# allow signalling when the mount is ready
+set_prop(zipfuse, microdroid_manager_zipfuse_prop)
+
# Only microdroid_manager can run zipfuse
neverallow { domain -microdroid_manager } zipfuse:process { transition dyntransition };
diff --git a/microdroid/system/public/apexd.te b/microdroid/system/public/apexd.te
index f80c1da..d14da93 100644
--- a/microdroid/system/public/apexd.te
+++ b/microdroid/system/public/apexd.te
@@ -1,5 +1,2 @@
type apexd, domain, coredomain;
type apexd_exec, file_type, exec_type, system_file_type;
-
-binder_use(apexd)
-add_service(apexd, apex_service)
diff --git a/microdroid/system/public/attributes b/microdroid/system/public/attributes
index 00b5f2b..61bf8fb 100644
--- a/microdroid/system/public/attributes
+++ b/microdroid/system/public/attributes
@@ -7,9 +7,6 @@
# in tools/checkfc.c
attribute dev_type;
-# TODO(b/202520796) Remove this attribute once the sc-dev branch stops using it.
-attribute bdev_type;
-
# All types used for processes.
attribute domain;
@@ -123,20 +120,6 @@
attribute vendor_public_property_type;
expandattribute vendor_public_property_type false;
-# services which served by vendor and also using the copy of libbinder on
-# system (for instance via libbinder_ndk). services using a different copy
-# of libbinder currently need their own context manager (e.g.
-# vndservicemanager)
-attribute vendor_service;
-
-# All types used for services managed by servicemanager.
-# On change, update CHECK_SC_ASSERT_ATTRS
-# definition in tools/checkfc.c.
-attribute service_manager_type;
-
-# All domains used for apps with network access.
-attribute netdomain;
-
# All domains used for apps with bluetooth access.
attribute bluetoothdomain;
diff --git a/microdroid/system/public/device.te b/microdroid/system/public/device.te
index f99084c..8c6f777 100644
--- a/microdroid/system/public/device.te
+++ b/microdroid/system/public/device.te
@@ -1,6 +1,5 @@
type ashmem_device, dev_type;
type ashmem_libcutils_device, dev_type;
-type binder_device, dev_type;
type block_device, dev_type;
type console_device, dev_type;
type device, dev_type, fs_type;
@@ -11,7 +10,6 @@
type dmabuf_system_secure_heap_device, dev_type, dmabuf_heap_device_type;
type fuse_device, dev_type;
type hw_random_device, dev_type;
-type hwbinder_device, dev_type;
type kmsg_debug_device, dev_type;
type kmsg_device, dev_type;
type kvm_device, dev_type;
@@ -29,6 +27,7 @@
type random_device, dev_type;
type rtc_device, dev_type;
type serial_device, dev_type;
+type log_device, dev_type;
type socket_device, dev_type;
type tty_device, dev_type;
type tun_device, dev_type;
@@ -36,6 +35,5 @@
type uio_device, dev_type;
type userdata_sysdev, dev_type;
type vd_device, dev_type;
-type vndbinder_device, dev_type;
type vsock_device, dev_type;
type zero_device, dev_type;
diff --git a/microdroid/system/public/file.te b/microdroid/system/public/file.te
index 57be060..fe269d7 100644
--- a/microdroid/system/public/file.te
+++ b/microdroid/system/public/file.te
@@ -5,15 +5,13 @@
type apex_info_file, file_type;
type apex_mnt_dir, file_type;
type authfs_data_file, file_type, data_file_type, core_data_file_type;
+type authfs_service_socket, file_type, coredomain_socket;
type cgroup_desc_api_file, file_type, system_file_type;
type cgroup_desc_file, file_type, system_file_type;
type cgroup_rc_file, file_type;
type extra_apk_file, file_type;
type file_contexts_file, file_type, system_file_type;
type linkerconfig_file, file_type;
-type logd_socket, file_type, coredomain_socket;
-type logdr_socket, file_type, coredomain_socket;
-type logdw_socket, file_type, coredomain_socket;
type nativetest_data_file, file_type, data_file_type, core_data_file_type;
type property_contexts_file, file_type, system_file_type;
type property_socket, file_type, coredomain_socket;
@@ -46,11 +44,9 @@
type vendor_data_file, file_type, data_file_type;
type vendor_file, file_type, vendor_file_type;
type vendor_service_contexts_file, vendor_file_type, file_type;
+type vm_payload_service_socket, file_type, coredomain_socket;
# file system types
-type binderfs, fs_type;
-type binderfs_logs, fs_type;
-type binderfs_logs_proc, fs_type;
type binfmt_miscfs, fs_type;
type cgroup, fs_type;
type cgroup_v2, fs_type;
@@ -93,7 +89,6 @@
type proc_drop_caches, fs_type, proc_type;
type proc_extra_free_kbytes, fs_type, proc_type;
type proc_filesystems, fs_type, proc_type;
-type proc_fs_verity, fs_type, proc_type;
type proc_hostname, fs_type, proc_type;
type proc_hung_task, fs_type, proc_type;
type proc_interrupts, fs_type, proc_type;
diff --git a/microdroid/system/public/hal_dice.te b/microdroid/system/public/hal_dice.te
deleted file mode 100644
index 92222c5..0000000
--- a/microdroid/system/public/hal_dice.te
+++ /dev/null
@@ -1,4 +0,0 @@
-binder_call(hal_dice_client, hal_dice_server)
-
-hal_attribute_service(hal_dice, hal_dice_service)
-binder_call(hal_dice_server, servicemanager)
diff --git a/microdroid/system/public/logcat.te b/microdroid/system/public/logcat.te
deleted file mode 100644
index cf2bb7e..0000000
--- a/microdroid/system/public/logcat.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type logcat, domain;
-type logcat_exec, file_type, exec_type, system_file_type;
diff --git a/microdroid/system/public/logd.te b/microdroid/system/public/logd.te
deleted file mode 100644
index 67f601c..0000000
--- a/microdroid/system/public/logd.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type logd, domain;
-type logd_exec, file_type, exec_type, system_file_type;
diff --git a/microdroid/system/public/property.te b/microdroid/system/public/property.te
index f85ba76..a2c3b77 100644
--- a/microdroid/system/public/property.te
+++ b/microdroid/system/public/property.te
@@ -11,6 +11,7 @@
type ctl_apexd_prop, property_type;
type ctl_apexd_vm_prop, property_type;
type ctl_apkdmverity_prop, property_type;
+type ctl_authfs_prop, property_type;
type ctl_console_prop, property_type;
type ctl_default_prop, property_type;
type ctl_fuse_prop, property_type;
@@ -35,9 +36,12 @@
type init_service_status_prop, property_type;
type init_svc_debug_prop, property_type;
type libc_debug_prop, property_type;
+type log_prop, property_type;
type log_tag_prop, property_type;
-type logd_prop, property_type;
type microdroid_manager_roothash_prop, property_type;
+type microdroid_manager_zipfuse_prop, property_type;
+type microdroid_config_prop, property_type;
+type microdroid_lifecycle_prop, property_type;
type property_service_version_prop, property_type;
type shell_prop, property_type;
type timezone_prop, property_type;
diff --git a/microdroid/system/public/servicemanager.te b/microdroid/system/public/servicemanager.te
deleted file mode 100644
index 41a1096..0000000
--- a/microdroid/system/public/servicemanager.te
+++ /dev/null
@@ -1,2 +0,0 @@
-type servicemanager, domain;
-type servicemanager_exec, file_type, exec_type, system_file_type;
diff --git a/microdroid/system/public/shell.te b/microdroid/system/public/shell.te
index 00c2d0b..0bcb29d 100644
--- a/microdroid/system/public/shell.te
+++ b/microdroid/system/public/shell.te
@@ -2,13 +2,6 @@
type shell, domain;
type shell_exec, system_file_type, exec_type, file_type;
-# Create and use network sockets.
-net_domain(shell)
-
-# logcat
-read_logd(shell)
-control_logd(shell)
-
# Root fs.
allow shell rootfs:dir r_dir_perms;
diff --git a/microdroid/system/public/statsd.te b/microdroid/system/public/statsd.te
index ea8ffa0..0807126 100644
--- a/microdroid/system/public/statsd.te
+++ b/microdroid/system/public/statsd.te
@@ -1,7 +1,6 @@
type statsd, domain;
type statsd_exec, system_file_type, exec_type, file_type;
-binder_use(statsd)
# Allow statsd to scan through /proc/pid for all processes.
r_dir_file(statsd, domain)
@@ -15,10 +14,6 @@
allow statsd system_file:file execute_no_trans;
allow statsd toolbox_exec:file rx_file_perms;
-# Allow logd access.
-read_logd(statsd)
-control_logd(statsd)
-
# Allow 'adb shell cmd' to upload configs and download output.
allow statsd adbd:fd use;
allow statsd adbd:unix_stream_socket { getattr read write };
diff --git a/microdroid/system/public/su.te b/microdroid/system/public/su.te
index aded9ae..5f41e37 100644
--- a/microdroid/system/public/su.te
+++ b/microdroid/system/public/su.te
@@ -2,45 +2,36 @@
# after performing an adb root command.
# All types must be defined regardless of build variant to ensure
-# policy compilation succeeds with userdebug/user combination at boot
+# that adb root works on debuggable VMs even for user builds.
type su, domain;
-# File types must be defined for file_contexts.
-type su_exec, system_file_type, exec_type, file_type;
-
-userdebug_or_eng(`
- # Add su to various domains
- net_domain(su)
-
- dontaudit su self:capability_class_set *;
- dontaudit su self:capability2 *;
- dontaudit su kernel:security *;
- dontaudit su { kernel file_type }:system *;
- dontaudit su self:memprotect *;
- dontaudit su domain:{ process process2 } *;
- dontaudit su domain:fd *;
- dontaudit su domain:dir *;
- dontaudit su domain:lnk_file *;
- dontaudit su domain:{ fifo_file file } *;
- dontaudit su domain:socket_class_set *;
- dontaudit su domain:ipc_class_set *;
- dontaudit su domain:key *;
- dontaudit su fs_type:filesystem *;
- dontaudit su {fs_type dev_type file_type}:dir_file_class_set *;
- dontaudit su node_type:node *;
- dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *;
- dontaudit su netif_type:netif *;
- dontaudit su port_type:socket_class_set *;
- dontaudit su port_type:{ tcp_socket dccp_socket } *;
- dontaudit su domain:peer *;
- dontaudit su domain:binder *;
- dontaudit su property_type:property_service *;
- dontaudit su property_type:file *;
- dontaudit su service_manager_type:service_manager *;
- dontaudit su servicemanager:service_manager list;
- dontaudit su domain:drmservice *;
- dontaudit su unlabeled:filesystem *;
- dontaudit su domain:bpf *;
- dontaudit su unlabeled:vsock_socket *;
- dontaudit su self:perf_event *;
-')
+# Add su to various domains
+dontaudit su self:capability_class_set *;
+dontaudit su self:capability2 *;
+dontaudit su kernel:security *;
+dontaudit su { kernel file_type }:system *;
+dontaudit su self:memprotect *;
+dontaudit su domain:{ process process2 } *;
+dontaudit su domain:fd *;
+dontaudit su domain:dir *;
+dontaudit su domain:lnk_file *;
+dontaudit su domain:{ fifo_file file } *;
+dontaudit su domain:socket_class_set *;
+dontaudit su domain:ipc_class_set *;
+dontaudit su domain:key *;
+dontaudit su fs_type:filesystem *;
+dontaudit su {fs_type dev_type file_type}:dir_file_class_set *;
+dontaudit su node_type:node *;
+dontaudit su node_type:{ tcp_socket udp_socket rawip_socket } *;
+dontaudit su netif_type:netif *;
+dontaudit su port_type:socket_class_set *;
+dontaudit su port_type:{ tcp_socket dccp_socket } *;
+dontaudit su domain:peer *;
+dontaudit su domain:binder *;
+dontaudit su property_type:property_service *;
+dontaudit su property_type:file *;
+dontaudit su domain:drmservice *;
+dontaudit su unlabeled:filesystem *;
+dontaudit su domain:bpf *;
+dontaudit su unlabeled:vsock_socket *;
+dontaudit su self:perf_event *;
diff --git a/microdroid/system/public/te_macros b/microdroid/system/public/te_macros
index 6db0d70..b274417 100644
--- a/microdroid/system/public/te_macros
+++ b/microdroid/system/public/te_macros
@@ -590,41 +590,6 @@
define(`with_dexpreopt', ifelse(target_with_dexpreopt, `true', $1))
#####################################
-# write_logd(domain)
-# Ability to write to android log
-# daemon via sockets
-define(`write_logd', `
-unix_socket_send($1, logdw, logd)
-allow $1 pmsg_device:chr_file w_file_perms;
-')
-
-#####################################
-# read_logd(domain)
-# Ability to run logcat and read from android
-# log daemon via sockets
-define(`read_logd', `
-allow $1 logcat_exec:file rx_file_perms;
-unix_socket_connect($1, logdr, logd)
-')
-
-#####################################
-# read_runtime_log_tags(domain)
-# ability to directly map the runtime event log tags
-define(`read_runtime_log_tags', `
-allow $1 runtime_event_log_tags_file:file r_file_perms;
-')
-
-#####################################
-# control_logd(domain)
-# Ability to control
-# android log daemon via sockets
-define(`control_logd', `
-# Group AID_LOG checked by filesystem & logd
-# to permit control commands
-unix_socket_connect($1, logd, logd)
-')
-
-#####################################
# use_keystore(domain)
# Ability to use keystore.
# Keystore is requires the following permissions
@@ -995,3 +960,11 @@
allow $1 system_bootstrap_lib_file:dir r_dir_perms;
allow $1 system_bootstrap_lib_file:file { execute read open getattr map };
')
+
+######################################
+# use_apex_info(domain)
+# Allow access to apex information
+define(`use_apex_info', `
+ allow $1 apex_mnt_dir:dir r_dir_perms;
+ allow $1 apex_info_file:file r_file_perms;
+')
diff --git a/microdroid/system/public/type.te b/microdroid/system/public/type.te
index b21b2dd..efc1aa3 100644
--- a/microdroid/system/public/type.te
+++ b/microdroid/system/public/type.te
@@ -1,11 +1,3 @@
# Miscellaneous types
-type adb_service, service_manager_type;
-type apex_service, service_manager_type;
-type authfs_binder_service, service_manager_type;
-type default_android_service, service_manager_type;
-type dice_maintenance_service, service_manager_type;
-type dice_node_service, service_manager_type;
-type hal_dice_service, vendor_service, service_manager_type;
-type service_manager_service, service_manager_type;
type system_linker;
type vm_payload_key;
diff --git a/microdroid/vendor/file_contexts b/microdroid/vendor/file_contexts
index 002fb14..533814c 100644
--- a/microdroid/vendor/file_contexts
+++ b/microdroid/vendor/file_contexts
@@ -3,6 +3,3 @@
#
(/.*)? u:object_r:vendor_file:s0
/etc(/.*)? u:object_r:vendor_configs_file:s0
-
-# HAL location
-/bin/hw/android\.hardware\.security\.dice-service\.microdroid u:object_r:hal_dice_default_exec:s0
diff --git a/microdroid/vendor/hal_dice_default.te b/microdroid/vendor/hal_dice_default.te
deleted file mode 100644
index 9fbf90d..0000000
--- a/microdroid/vendor/hal_dice_default.te
+++ /dev/null
@@ -1,14 +0,0 @@
-type hal_dice_default, domain;
-hal_server_domain(hal_dice_default, hal_dice)
-
-# Block crash dumps to ensure the DICE secrets are not leaked.
-typeattribute hal_dice_default no_crash_dump_domain;
-
-type hal_dice_default_exec, exec_type, vendor_file_type, file_type;
-init_daemon_domain(hal_dice_default)
-
-# hal_dice_default is using bootstrap bionic
-use_bootstrap_libs(hal_dice_default)
-
-allow hal_dice_default sysfs_dt_avf:file r_file_perms;
-allow hal_dice_default open_dice_device:chr_file rw_file_perms;
diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.cil
index d916a13..a99b628 100644
--- a/prebuilts/api/33.0/private/compat/32.0/32.0.cil
+++ b/prebuilts/api/33.0/private/compat/32.0/32.0.cil
@@ -1378,7 +1378,6 @@
(typeattributeset build_config_prop_32_0 (build_config_prop))
(typeattributeset build_odm_prop_32_0 (build_odm_prop))
(typeattributeset build_prop_32_0 (build_prop))
-(typeattributeset build_prop_32_0 (userdebug_or_eng_prop))
(typeattributeset build_vendor_prop_32_0 (build_vendor_prop))
(typeattributeset cache_backup_file_32_0 (cache_backup_file))
(typeattributeset cache_block_device_32_0 (cache_block_device))
diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
index 076d642..7294656 100644
--- a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
+++ b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
@@ -60,9 +60,9 @@
mdns_service
nearby_service
persist_wm_debug_prop
- prng_seeder
proc_watermark_boost_factor
proc_watermark_scale_factor
+ prng_seeder
remotelyprovisionedkeypool_service
resources_manager_service
rootdisk_sysdev
diff --git a/prebuilts/api/33.0/private/crosvm.te b/prebuilts/api/33.0/private/crosvm.te
index e47abd7..167ad2f 100644
--- a/prebuilts/api/33.0/private/crosvm.te
+++ b/prebuilts/api/33.0/private/crosvm.te
@@ -66,12 +66,9 @@
# For ACPI
allow crosvm self:netlink_generic_socket create_socket_perms_no_ioctl;
-# crosvm can write files in /data/local/tmp which are usually used for instance.img and logging by
-# compliance tests and demo apps. Write access to instance.img is particularily important because
-# the VM has to initialize the disk image on its first boot. Note that open access is still not
-# granted because the files are expected to be opened by the owner of the VM (apps or shell in case
-# when the vm is created by the `vm` tool) and handed over to crosvm as FD.
-allow crosvm shell_data_file:file write;
+# The console log can also be written to /data/local/tmp. This is not safe as the log then can be
+# visible to the processes which don't own the VM. Therefore, this is a debugging only feature.
+userdebug_or_eng(`allow crosvm shell_data_file:file w_file_perms;')
# Don't allow crosvm to have access to ordinary vendor files that are not for VMs.
full_treble_only(`
diff --git a/prebuilts/api/33.0/private/heapprofd.te b/prebuilts/api/33.0/private/heapprofd.te
index 36d2938..246f936 100644
--- a/prebuilts/api/33.0/private/heapprofd.te
+++ b/prebuilts/api/33.0/private/heapprofd.te
@@ -41,14 +41,11 @@
# executables/libraries/etc to do stack unwinding.
r_dir_file(heapprofd, nativetest_data_file)
r_dir_file(heapprofd, system_file_type)
+r_dir_file(heapprofd, apex_art_data_file)
r_dir_file(heapprofd, apk_data_file)
r_dir_file(heapprofd, dalvikcache_data_file)
r_dir_file(heapprofd, vendor_file_type)
r_dir_file(heapprofd, shell_test_data_file)
-# ART apex files and directory access to the containing /data/misc/apexdata.
-r_dir_file(heapprofd, apex_art_data_file)
-allow heapprofd apex_module_data_file:dir { getattr search };
-
# Some dex files are not world-readable.
# We are still constrained by the SELinux rules above.
allow heapprofd self:global_capability_class_set dac_read_search;
diff --git a/prebuilts/api/33.0/private/kernel.te b/prebuilts/api/33.0/private/kernel.te
index 6775b3b..03ba79f 100644
--- a/prebuilts/api/33.0/private/kernel.te
+++ b/prebuilts/api/33.0/private/kernel.te
@@ -32,6 +32,19 @@
allow kernel kmsg_device:chr_file write;
allow kernel gsid:fd use;
+dontaudit kernel metadata_file:dir search;
+dontaudit kernel ota_metadata_file:dir rw_dir_perms;
+dontaudit kernel sysfs:dir r_dir_perms;
+dontaudit kernel sysfs:file { open read write };
+dontaudit kernel sysfs:chr_file { open read write };
+dontaudit kernel dm_device:chr_file ioctl;
+dontaudit kernel self:capability { sys_admin setgid mknod };
+
+dontaudit kernel dm_user_device:dir { write add_name };
+dontaudit kernel dm_user_device:chr_file { create setattr };
+dontaudit kernel tmpfs:lnk_file read;
+dontaudit kernel tmpfs:blk_file { open read };
+
# Some contexts are changed before the device is flipped into enforcing mode
# during the setup of Apex sepolicy. These denials can be suppressed since
# the permissions should not be allowed after the device is flipped into
diff --git a/prebuilts/api/33.0/private/property_contexts b/prebuilts/api/33.0/private/property_contexts
index ac288f0..3841fd5 100644
--- a/prebuilts/api/33.0/private/property_contexts
+++ b/prebuilts/api/33.0/private/property_contexts
@@ -815,7 +815,7 @@
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
-ro.debuggable u:object_r:userdebug_or_eng_prop:s0 exact bool
+ro.debuggable u:object_r:build_prop:s0 exact bool
ro.treble.enabled u:object_r:build_prop:s0 exact bool
@@ -842,7 +842,7 @@
ro.system.build.version.sdk u:object_r:build_prop:s0 exact int
ro.adb.secure u:object_r:build_prop:s0 exact bool
-ro.secure u:object_r:userdebug_or_eng_prop:s0 exact int
+ro.secure u:object_r:build_prop:s0 exact int
ro.product.system_ext.brand u:object_r:build_prop:s0 exact string
ro.product.system_ext.device u:object_r:build_prop:s0 exact string
diff --git a/prebuilts/api/33.0/private/sdk_sandbox.te b/prebuilts/api/33.0/private/sdk_sandbox.te
index 20d3adf..7ca323f 100644
--- a/prebuilts/api/33.0/private/sdk_sandbox.te
+++ b/prebuilts/api/33.0/private/sdk_sandbox.te
@@ -12,86 +12,20 @@
# Allow finding services. This is different from ephemeral_app policy.
# Adding services manually to the allowlist is preferred hence app_api_service is not used.
+allow sdk_sandbox activity_service:service_manager find;
+allow sdk_sandbox activity_task_service:service_manager find;
+allow sdk_sandbox audio_service:service_manager find;
# Audit the access to signal that we are still investigating whether sdk_sandbox
# should have access to audio_service
# TODO(b/211632068): remove this line
auditallow sdk_sandbox audio_service:service_manager find;
-
-allow sdk_sandbox activity_service:service_manager find;
-allow sdk_sandbox activity_task_service:service_manager find;
-allow sdk_sandbox appops_service:service_manager find;
-allow sdk_sandbox audio_service:service_manager find;
-allow sdk_sandbox audioserver_service:service_manager find;
-allow sdk_sandbox batteryproperties_service:service_manager find;
-allow sdk_sandbox batterystats_service:service_manager find;
-allow sdk_sandbox connectivity_service:service_manager find;
-allow sdk_sandbox connmetrics_service:service_manager find;
-allow sdk_sandbox deviceidle_service:service_manager find;
-allow sdk_sandbox display_service:service_manager find;
-allow sdk_sandbox dropbox_service:service_manager find;
-allow sdk_sandbox font_service:service_manager find;
-allow sdk_sandbox game_service:service_manager find;
-allow sdk_sandbox gpu_service:service_manager find;
-allow sdk_sandbox graphicsstats_service:service_manager find;
-allow sdk_sandbox hardware_properties_service:service_manager find;
allow sdk_sandbox hint_service:service_manager find;
-allow sdk_sandbox imms_service:service_manager find;
-allow sdk_sandbox input_method_service:service_manager find;
-allow sdk_sandbox input_service:service_manager find;
-allow sdk_sandbox IProxyService_service:service_manager find;
-allow sdk_sandbox ipsec_service:service_manager find;
-allow sdk_sandbox launcherapps_service:service_manager find;
-allow sdk_sandbox legacy_permission_service:service_manager find;
-allow sdk_sandbox light_service:service_manager find;
-allow sdk_sandbox locale_service:service_manager find;
-allow sdk_sandbox media_communication_service:service_manager find;
-allow sdk_sandbox mediaextractor_service:service_manager find;
-allow sdk_sandbox mediametrics_service:service_manager find;
-allow sdk_sandbox media_projection_service:service_manager find;
-allow sdk_sandbox media_router_service:service_manager find;
-allow sdk_sandbox mediaserver_service:service_manager find;
-allow sdk_sandbox media_session_service:service_manager find;
-allow sdk_sandbox memtrackproxy_service:service_manager find;
-allow sdk_sandbox midi_service:service_manager find;
-allow sdk_sandbox netpolicy_service:service_manager find;
-allow sdk_sandbox netstats_service:service_manager find;
-allow sdk_sandbox network_management_service:service_manager find;
-allow sdk_sandbox notification_service:service_manager find;
-allow sdk_sandbox package_service:service_manager find;
-allow sdk_sandbox permission_checker_service:service_manager find;
-allow sdk_sandbox permission_service:service_manager find;
-allow sdk_sandbox permissionmgr_service:service_manager find;
-allow sdk_sandbox platform_compat_service:service_manager find;
-allow sdk_sandbox power_service:service_manager find;
-allow sdk_sandbox procstats_service:service_manager find;
-allow sdk_sandbox registry_service:service_manager find;
-allow sdk_sandbox restrictions_service:service_manager find;
-allow sdk_sandbox rttmanager_service:service_manager find;
-allow sdk_sandbox search_service:service_manager find;
-allow sdk_sandbox selection_toolbar_service:service_manager find;
-allow sdk_sandbox sensor_privacy_service:service_manager find;
-allow sdk_sandbox sensorservice_service:service_manager find;
-allow sdk_sandbox servicediscovery_service:service_manager find;
-allow sdk_sandbox settings_service:service_manager find;
-allow sdk_sandbox speech_recognition_service:service_manager find;
-allow sdk_sandbox statusbar_service:service_manager find;
-allow sdk_sandbox storagestats_service:service_manager find;
allow sdk_sandbox surfaceflinger_service:service_manager find;
-allow sdk_sandbox telecom_service:service_manager find;
-allow sdk_sandbox tethering_service:service_manager find;
-allow sdk_sandbox textclassification_service:service_manager find;
-allow sdk_sandbox textservices_service:service_manager find;
-allow sdk_sandbox texttospeech_service:service_manager find;
allow sdk_sandbox thermal_service:service_manager find;
-allow sdk_sandbox translation_service:service_manager find;
-allow sdk_sandbox tv_iapp_service:service_manager find;
-allow sdk_sandbox tv_input_service:service_manager find;
+allow sdk_sandbox trust_service:service_manager find;
allow sdk_sandbox uimode_service:service_manager find;
-allow sdk_sandbox vcn_management_service:service_manager find;
allow sdk_sandbox webviewupdate_service:service_manager find;
-allow sdk_sandbox system_linker_exec:file execute_no_trans;
-
# Write app-specific trace data to the Perfetto traced damon. This requires
# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
perfetto_producer(sdk_sandbox)
@@ -116,7 +50,7 @@
### neverallow rules
###
-neverallow sdk_sandbox { app_data_file privapp_data_file sdk_sandbox_data_file }:file { execute execute_no_trans };
+neverallow sdk_sandbox { app_data_file privapp_data_file }:file { execute execute_no_trans };
# Receive or send uevent messages.
neverallow sdk_sandbox domain:netlink_kobject_uevent_socket *;
diff --git a/prebuilts/api/33.0/private/system_suspend.te b/prebuilts/api/33.0/private/system_suspend.te
index bef7c6d..d924187 100644
--- a/prebuilts/api/33.0/private/system_suspend.te
+++ b/prebuilts/api/33.0/private/system_suspend.te
@@ -29,14 +29,6 @@
allow system_suspend dumpstate:fd use;
allow system_suspend dumpstate:fifo_file write;
-# Allow init to take kernel wakelock and system suspend to
-# remove kenel wakelocks and the capability to access these
-# files
-allow init sysfs_wake_lock:file rw_file_perms;
-allow init self:global_capability2_class_set block_suspend;
-allow system_suspend sysfs_wake_lock:file rw_file_perms;
-allow system_suspend self:global_capability2_class_set block_suspend;
-
neverallow {
domain
-atrace # tracing
diff --git a/prebuilts/api/33.0/private/toolbox.te b/prebuilts/api/33.0/private/toolbox.te
index 1e53d72..a2b958d 100644
--- a/prebuilts/api/33.0/private/toolbox.te
+++ b/prebuilts/api/33.0/private/toolbox.te
@@ -1,7 +1,3 @@
typeattribute toolbox coredomain;
init_daemon_domain(toolbox)
-
-# rm -rf in /data/misc/virtualizationservice
-allow toolbox virtualizationservice_data_file:dir { rmdir rw_dir_perms };
-allow toolbox virtualizationservice_data_file:file { getattr unlink };
diff --git a/prebuilts/api/33.0/private/traced_perf.te b/prebuilts/api/33.0/private/traced_perf.te
index 811bf48..96a7263 100644
--- a/prebuilts/api/33.0/private/traced_perf.te
+++ b/prebuilts/api/33.0/private/traced_perf.te
@@ -28,12 +28,10 @@
# Allow reading files for stack unwinding and symbolization.
r_dir_file(traced_perf, nativetest_data_file)
r_dir_file(traced_perf, system_file_type)
+r_dir_file(traced_perf, apex_art_data_file)
r_dir_file(traced_perf, apk_data_file)
r_dir_file(traced_perf, dalvikcache_data_file)
r_dir_file(traced_perf, vendor_file_type)
-# ART apex files and directory access to the containing /data/misc/apexdata.
-r_dir_file(traced_perf, apex_art_data_file)
-allow traced_perf apex_module_data_file:dir { getattr search };
# Allow to temporarily lift the kptr_restrict setting and build a symbolization
# map reading /proc/kallsyms.
diff --git a/prebuilts/api/33.0/private/untrusted_app.te b/prebuilts/api/33.0/private/untrusted_app.te
index 63b095a..62d458d 100644
--- a/prebuilts/api/33.0/private/untrusted_app.te
+++ b/prebuilts/api/33.0/private/untrusted_app.te
@@ -14,10 +14,3 @@
untrusted_app_domain(untrusted_app)
net_domain(untrusted_app)
bluetooth_domain(untrusted_app)
-
-# Allow webview to access fd shared by sdksandbox for experiments data
-# TODO(b/229249719): Will not be supported in Android U
-allow untrusted_app sdk_sandbox_data_file:fd use;
-allow untrusted_app sdk_sandbox_data_file:file write;
-
-neverallow untrusted_app sdk_sandbox_data_file:file { open create };
diff --git a/prebuilts/api/33.0/private/untrusted_app_25.te b/prebuilts/api/33.0/private/untrusted_app_25.te
index b40fad0..4235d7e 100644
--- a/prebuilts/api/33.0/private/untrusted_app_25.te
+++ b/prebuilts/api/33.0/private/untrusted_app_25.te
@@ -52,6 +52,3 @@
# allow sending RTM_GETNEIGH{TBL} messages.
allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh;
-
-# Allow hidden build props
-get_prop({ untrusted_app_25 userdebug_or_eng(`-untrusted_app_25') }, userdebug_or_eng_prop)
diff --git a/prebuilts/api/33.0/private/untrusted_app_27.te b/prebuilts/api/33.0/private/untrusted_app_27.te
index dd9b4a8..c747af1 100644
--- a/prebuilts/api/33.0/private/untrusted_app_27.te
+++ b/prebuilts/api/33.0/private/untrusted_app_27.te
@@ -40,6 +40,3 @@
# allow sending RTM_GETNEIGH{TBL} messages.
allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh;
-
-# Allow hidden build props
-get_prop({ untrusted_app_27 userdebug_or_eng(`-untrusted_app_27') }, userdebug_or_eng_prop)
diff --git a/prebuilts/api/33.0/private/untrusted_app_29.te b/prebuilts/api/33.0/private/untrusted_app_29.te
index 0cc2bea..6bb2606 100644
--- a/prebuilts/api/33.0/private/untrusted_app_29.te
+++ b/prebuilts/api/33.0/private/untrusted_app_29.te
@@ -18,6 +18,3 @@
# allow sending RTM_GETNEIGH{TBL} messages.
allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
-
-# Allow hidden build props
-get_prop({ untrusted_app_29 userdebug_or_eng(`-untrusted_app_29') }, userdebug_or_eng_prop)
diff --git a/prebuilts/api/33.0/private/untrusted_app_30.te b/prebuilts/api/33.0/private/untrusted_app_30.te
index 7b23be7..e0a71ef 100644
--- a/prebuilts/api/33.0/private/untrusted_app_30.te
+++ b/prebuilts/api/33.0/private/untrusted_app_30.te
@@ -20,6 +20,3 @@
# allow sending RTM_GETNEIGH{TBL} messages.
allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh;
-
-# Allow hidden build props
-get_prop({ untrusted_app_30 userdebug_or_eng(`-untrusted_app_30') }, userdebug_or_eng_prop)
diff --git a/prebuilts/api/33.0/private/untrusted_app_all.te b/prebuilts/api/33.0/private/untrusted_app_all.te
index 26077f3..ceee544 100644
--- a/prebuilts/api/33.0/private/untrusted_app_all.te
+++ b/prebuilts/api/33.0/private/untrusted_app_all.te
@@ -176,7 +176,9 @@
# permission. The protection level of the permission is `signature|development`
# so that it can only be granted to either platform-key signed apps or
# test-only apps having `android:testOnly="true"` in its manifest.
-virtualizationservice_use(untrusted_app_all)
+userdebug_or_eng(`
+ virtualizationservice_use(untrusted_app_all)
+')
with_native_coverage(`
# Allow writing coverage information to /data/misc/trace
diff --git a/prebuilts/api/33.0/private/update_verifier.te b/prebuilts/api/33.0/private/update_verifier.te
index a8cef37..5e1b27b 100644
--- a/prebuilts/api/33.0/private/update_verifier.te
+++ b/prebuilts/api/33.0/private/update_verifier.te
@@ -7,10 +7,3 @@
# Allow to set the OTA related properties e.g. ota.warm_reset.
set_prop(update_verifier, ota_prop)
-
-# allow update_verifier to connect to snapuserd daemon
-allow update_verifier snapuserd_socket:sock_file write;
-allow update_verifier snapuserd:unix_stream_socket connectto;
-
-# virtual a/b properties
-get_prop(update_verifier, virtual_ab_prop)
diff --git a/prebuilts/api/33.0/private/zygote.te b/prebuilts/api/33.0/private/zygote.te
index b1c3d44..41245c2 100644
--- a/prebuilts/api/33.0/private/zygote.te
+++ b/prebuilts/api/33.0/private/zygote.te
@@ -229,10 +229,6 @@
# Allow zygote to read qemu.sf.lcd_density
get_prop(zygote, qemu_sf_lcd_density_prop)
-# Allow zygote to read persist.wm.debug.* to toggle experimental window manager features in
-# preloaded classes
-get_prop(zygote, persist_wm_debug_prop)
-
# Allow zygote to read /apex/apex-info-list.xml
allow zygote apex_info_file:file r_file_perms;
diff --git a/prebuilts/api/33.0/public/domain.te b/prebuilts/api/33.0/public/domain.te
index 46e9456..de529f5 100644
--- a/prebuilts/api/33.0/public/domain.te
+++ b/prebuilts/api/33.0/public/domain.te
@@ -129,7 +129,6 @@
get_prop(domain, socket_hook_prop)
get_prop(domain, surfaceflinger_prop)
get_prop(domain, telephony_status_prop)
-get_prop({domain -untrusted_app_all userdebug_or_eng(`-isolated_app -ephemeral_app') }, userdebug_or_eng_prop)
get_prop(domain, vendor_socket_hook_prop)
get_prop(domain, vndk_prop)
get_prop(domain, vold_status_prop)
@@ -565,7 +564,6 @@
neverallow { domain -init } aac_drc_prop:property_service set;
neverallow { domain -init } build_prop:property_service set;
-neverallow { domain -init } userdebug_or_eng_prop:property_service set;
# Do not allow reading device's serial number from system properties except form
# a few allowed domains.
diff --git a/prebuilts/api/33.0/public/dumpstate.te b/prebuilts/api/33.0/public/dumpstate.te
index 5eb3d27..f1c6d72 100644
--- a/prebuilts/api/33.0/public/dumpstate.te
+++ b/prebuilts/api/33.0/public/dumpstate.te
@@ -113,9 +113,6 @@
sysfs_zram
}:file r_file_perms;
-# Ignore other file access under /sys.
-dontaudit dumpstate sysfs:file r_file_perms;
-
# Other random bits of data we want to collect
no_debugfs_restriction(`
allow dumpstate debugfs:file r_file_perms;
diff --git a/prebuilts/api/33.0/public/init.te b/prebuilts/api/33.0/public/init.te
index ce0d130..8dcdd33 100644
--- a/prebuilts/api/33.0/public/init.te
+++ b/prebuilts/api/33.0/public/init.te
@@ -158,7 +158,6 @@
# Mounting filesystems from block devices.
allow init dev_type:blk_file r_file_perms;
allowxperm init dev_type:blk_file ioctl BLKROSET;
-allowxperm init system_data_root_file:dir ioctl F2FS_IOC_SHUTDOWN;
# Mounting filesystems.
# Only allow relabelto for types used in context= mount options,
diff --git a/prebuilts/api/33.0/public/ioctl_defines b/prebuilts/api/33.0/public/ioctl_defines
index d46e485..0e22670 100644
--- a/prebuilts/api/33.0/public/ioctl_defines
+++ b/prebuilts/api/33.0/public/ioctl_defines
@@ -722,7 +722,6 @@
define(`F2FS_IOC_SET_COMPRESS_OPTION', `0xf516')
define(`F2FS_IOC_DECOMPRESS_FILE', `0xf517')
define(`F2FS_IOC_COMPRESS_FILE', `0xf518')
-define(`F2FS_IOC_SHUTDOWN', `0x587d')
define(`FAT_IOCTL_GET_ATTRIBUTES', `0x80047210')
define(`FAT_IOCTL_GET_VOLUME_ID', `0x80047213')
define(`FAT_IOCTL_SET_ATTRIBUTES', `0x40047211')
diff --git a/prebuilts/api/33.0/public/property.te b/prebuilts/api/33.0/public/property.te
index deb166b..763a80a 100644
--- a/prebuilts/api/33.0/public/property.te
+++ b/prebuilts/api/33.0/public/property.te
@@ -73,7 +73,6 @@
system_restricted_prop(fingerprint_prop)
system_restricted_prop(gwp_asan_prop)
system_restricted_prop(hal_instrumentation_prop)
-system_restricted_prop(userdebug_or_eng_prop)
system_restricted_prop(hypervisor_prop)
system_restricted_prop(init_service_status_prop)
system_restricted_prop(libc_debug_prop)
diff --git a/private/access_vectors b/private/access_vectors
index 6cd8c4e..adb3a61 100644
--- a/private/access_vectors
+++ b/private/access_vectors
@@ -789,3 +789,10 @@
integrity
confidentiality
}
+
+class io_uring
+{
+ override_creds
+ sqpoll
+ cmd
+}
diff --git a/private/adbd.te b/private/adbd.te
index 48fa849..d72d5b1 100644
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -49,6 +49,8 @@
# Create and use network sockets.
net_domain(adbd)
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(adbd, mdnsd, mdnsd)
# Access /dev/usb-ffs/adb/ep0
allow adbd functionfs:dir search;
diff --git a/private/apexd.te b/private/apexd.te
index 040651d..b74d4ee 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -33,9 +33,12 @@
allow apexd apex_rollback_data_file:dir create_dir_perms;
allow apexd apex_rollback_data_file:file create_file_perms;
-# Allow apexd to read directories under /data/misc_de in order to snapshot and
-# restore apex data for all users.
-allow apexd system_data_file:dir r_dir_perms;
+# Allow apexd to read /data/misc_de and the directories under it, in order to
+# snapshot and restore apex data for all users.
+allow apexd {
+ system_userdir_file
+ system_data_file
+}:dir r_dir_perms;
# allow apexd to create loop devices with /dev/loop-control
allow apexd loop_control_device:chr_file rw_file_perms;
@@ -86,7 +89,6 @@
allow apexd apex_info_file:file relabelto;
# apexd needs to update /apex/apex-info-list.xml after non-staged APEX update.
allow apexd apex_info_file:file rw_file_perms;
-allow apexd apex_info_file:file mounton;
# allow apexd to unlink apex files in /data/apex/active
# note that apexd won't be able to unlink files in /data/app-staging/session_XXXX,
@@ -129,6 +131,9 @@
# Allow apexd to stop itself
set_prop(apexd, ctl_apexd_prop)
+# Allow apexd to send control messages to load/unload apex from init
+set_prop(apexd, ctl_apex_load_prop)
+
# Find the vold service, and call into vold to manage FS checkpoints
allow apexd vold_service:service_manager find;
binder_call(apexd, vold)
@@ -204,3 +209,6 @@
# Allow calling derive_classpath to gather BCP information for staged sessions
domain_auto_trans(apexd, derive_classpath_exec, apexd_derive_classpath);
+
+# Allow set apex ready property
+set_prop(apexd, apex_ready_prop)
diff --git a/private/app.te b/private/app.te
index 86180b0..49b8cde 100644
--- a/private/app.te
+++ b/private/app.te
@@ -5,7 +5,7 @@
r_dir_file({
appdomain
-ephemeral_app
- -isolated_app
+ -isolated_app_all
-platform_app
-priv_app
-shell
@@ -18,7 +18,7 @@
auditallow {
appdomain
-ephemeral_app
- -isolated_app
+ -isolated_app_all
-platform_app
-priv_app
-shell
@@ -52,7 +52,11 @@
get_prop(appdomain, device_config_runtime_native_prop)
get_prop(appdomain, device_config_runtime_native_boot_prop)
-userdebug_or_eng(`perfetto_producer({ appdomain })')
+# Allow to read ro.vendor.camera.extensions.enabled
+get_prop(appdomain, camera2_extensions_prop)
+
+# Allow to ro.camerax.extensions.enabled
+get_prop(appdomain, camerax_extensions_prop)
# Prevent apps from causing presubmit failures.
# Apps can cause selinux denials by accessing CE storage
@@ -89,8 +93,9 @@
# Exception for crash_dump to allow for app crash reporting.
# Exception for renderscript binaries (/system/bin/bcc, /system/bin/ld.mc)
# to allow renderscript to create privileged executable files.
+# Exception for virtualizationmanager to allow running VMs as child processes.
neverallow { appdomain -shell userdebug_or_eng(`-su') }
- { domain -appdomain -crash_dump -rs }:process { transition };
+ { domain -appdomain -crash_dump -rs -virtualizationmanager }:process { transition };
neverallow { appdomain -shell userdebug_or_eng(`-su') }
{ domain -appdomain }:process { dyntransition };
@@ -109,6 +114,9 @@
# Allow to read db.log.detailed, db.log.slow_query_threshold*
get_prop(appdomain, sqlite_log_prop)
+# Allow to read system_user_mode_emulation_prop, which is used by UserManager.java
+userdebug_or_eng(`get_prop(appdomain, system_user_mode_emulation_prop)')
+
# Allow font file read by apps.
allow appdomain font_data_file:file r_file_perms;
allow appdomain font_data_file:dir r_dir_perms;
@@ -139,53 +147,53 @@
# Allow access to external storage; we have several visible mount points under /storage
# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } storage_file:dir r_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } storage_file:lnk_file r_file_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } mnt_user_file:dir r_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } mnt_user_file:lnk_file r_file_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } storage_file:dir r_dir_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } storage_file:lnk_file r_file_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } mnt_user_file:dir r_dir_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } mnt_user_file:lnk_file r_file_perms;
# Read/write visible storage
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } { sdcard_type fuse }:dir create_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } { sdcard_type fuse }:file create_file_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } { sdcard_type fuse }:dir create_dir_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } { sdcard_type fuse }:file create_file_perms;
# This should be removed if sdcardfs is modified to alter the secontext for its
# accesses to the underlying FS.
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } media_rw_data_file:dir create_dir_perms;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } media_rw_data_file:file create_file_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } media_rw_data_file:dir create_dir_perms;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } media_rw_data_file:file create_file_perms;
# Allow apps to use the USB Accessory interface.
# http://developer.android.com/guide/topics/connectivity/usb/accessory.html
#
# USB devices are first opened by the system server (USBDeviceManagerService)
# and the file descriptor is passed to the right Activity via binder.
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } usb_device:chr_file { read write getattr ioctl };
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } usbaccessory_device:chr_file { read write getattr };
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } usb_device:chr_file { read write getattr ioctl };
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } usbaccessory_device:chr_file { read write getattr };
#logd access
control_logd({ appdomain -ephemeral_app -sdk_sandbox })
# application inherit logd write socket (urge is to deprecate this long term)
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } keystore:keystore_key { get_state get insert delete exist list sign verify };
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } keystore:keystore2_key { delete use get_info rebind update };
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } keystore:keystore_key { get_state get insert delete exist list sign verify };
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } keystore:keystore2_key { delete use get_info rebind update };
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } keystore_maintenance_service:service_manager find;
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } keystore:keystore2 get_state;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } keystore_maintenance_service:service_manager find;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } keystore:keystore2 get_state;
-use_keystore({ appdomain -isolated_app -ephemeral_app -sdk_sandbox })
+use_keystore({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox })
-use_credstore({ appdomain -isolated_app -ephemeral_app -sdk_sandbox })
+use_credstore({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox })
# For app fuse.
-pdx_client({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, display_client)
-pdx_client({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, display_manager)
-pdx_client({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, display_vsync)
-pdx_client({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, performance_client)
+pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, display_client)
+pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, display_manager)
+pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, display_vsync)
+pdx_client({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, performance_client)
# Apps do not directly open the IPC socket for bufferhubd.
-pdx_use({ appdomain -isolated_app -ephemeral_app -sdk_sandbox }, bufferhub_client)
+pdx_use({ appdomain -isolated_app_all -ephemeral_app -sdk_sandbox }, bufferhub_client)
# Apps receive an open tun fd from the framework for
# device traffic. Do not allow untrusted app to directly open tun_device
-allow { appdomain -isolated_app -ephemeral_app -sdk_sandbox } tun_device:chr_file { read write getattr append ioctl };
-allowxperm { appdomain -isolated_app -ephemeral_app -sdk_sandbox } tun_device:chr_file ioctl TUNGETIFF;
+allow { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } tun_device:chr_file { read write getattr append ioctl };
+allowxperm { appdomain -isolated_app_all -ephemeral_app -sdk_sandbox } tun_device:chr_file ioctl TUNGETIFF;
# WebView and other application-specific JIT compilers
@@ -211,8 +219,8 @@
allow appdomain dalvikcache_data_file:file r_file_perms;
# Read the /sdcard and /mnt/sdcard symlinks
-allow { appdomain -isolated_app -sdk_sandbox } rootfs:lnk_file r_file_perms;
-allow { appdomain -isolated_app -sdk_sandbox } tmpfs:lnk_file r_file_perms;
+allow { appdomain -isolated_app_all -sdk_sandbox } rootfs:lnk_file r_file_perms;
+allow { appdomain -isolated_app_all -sdk_sandbox } tmpfs:lnk_file r_file_perms;
# Search /storage/emulated tmpfs mount.
allow { appdomain -sdk_sandbox } tmpfs:dir r_dir_perms;
@@ -249,11 +257,11 @@
allow appdomain surfaceflinger:unix_stream_socket { read write setopt getattr getopt shutdown };
# App sandbox file accesses.
-allow { appdomain -isolated_app -mlstrustedsubject -sdk_sandbox } { app_data_file privapp_data_file }:dir create_dir_perms;
-allow { appdomain -isolated_app -mlstrustedsubject -sdk_sandbox } { app_data_file privapp_data_file }:file create_file_perms;
+allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox } { app_data_file privapp_data_file }:dir create_dir_perms;
+allow { appdomain -isolated_app_all -mlstrustedsubject -sdk_sandbox } { app_data_file privapp_data_file }:file create_file_perms;
# Access via already open fds is ok even for mlstrustedsubject.
-allow { appdomain -isolated_app -sdk_sandbox } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };
+allow { appdomain -isolated_app_all -sdk_sandbox } { app_data_file privapp_data_file system_app_data_file }:file { getattr map read write };
# Traverse into expanded storage
allow appdomain mnt_expand_file:dir r_dir_perms;
@@ -264,7 +272,7 @@
allow appdomain misc_user_data_file:file r_file_perms;
# TextClassifier
-r_dir_file({ appdomain -isolated_app }, textclassifier_data_file)
+r_dir_file({ appdomain -isolated_app_all }, textclassifier_data_file)
# Access to OEM provided data and apps
allow appdomain oemfs:dir r_dir_perms;
@@ -283,7 +291,7 @@
full_treble_only(`
# For looking up Renderscript vendor drivers
- allow { appdomain -isolated_app } vendor_file:dir { open read };
+ allow { appdomain -isolated_app_all } vendor_file:dir { open read };
')
# Allow apps access to /vendor/overlay
@@ -345,9 +353,15 @@
# Write profiles /data/misc/profiles
allow appdomain user_profile_root_file:dir search;
-allow appdomain user_profile_data_file:dir { search write add_name };
+allow appdomain user_profile_data_file:dir w_dir_perms;
allow appdomain user_profile_data_file:file create_file_perms;
+# Allow writing performance tracing data into the perfetto traced daemon.
+# Needed for java heap graph ART plugin (perfetto_hprof).
+# The perfetto profiling daemon will check for the specific application's
+# opt-in/opt-out.
+perfetto_producer(appdomain)
+
# Send heap dumps to system_server via an already open file descriptor
# % adb shell am set-watch-heap com.android.systemui 1048576
# % adb shell dumpsys procstats --start-testing
@@ -358,9 +372,9 @@
# Grant GPU access to all processes started by Zygote.
# They need that to render the standard UI.
-allow { appdomain -isolated_app } gpu_device:chr_file rw_file_perms;
-allow { appdomain -isolated_app } gpu_device:dir r_dir_perms;
-allow { appdomain -isolated_app } sysfs_gpu:file r_file_perms;
+allow { appdomain -isolated_app_all } gpu_device:chr_file rw_file_perms;
+allow { appdomain -isolated_app_all } gpu_device:dir r_dir_perms;
+allow { appdomain -isolated_app_all } sysfs_gpu:file r_file_perms;
# Use the Binder.
@@ -372,7 +386,7 @@
# Perform binder IPC to ephemeral apps.
binder_call(appdomain, ephemeral_app)
# Perform binder IPC to gpuservice.
-binder_call({ appdomain -isolated_app }, gpuservice)
+binder_call({ appdomain -isolated_app_all }, gpuservice)
# Talk with graphics composer fences
allow appdomain hal_graphics_composer:fd use;
@@ -393,10 +407,10 @@
allow appdomain system_data_file:file { getattr read map };
# Allow read/stat of /data/media files passed by Binder or local socket IPC.
-allow { appdomain -isolated_app -sdk_sandbox } media_rw_data_file:file { read getattr };
+allow { appdomain -isolated_app_all -sdk_sandbox } media_rw_data_file:file { read getattr };
# Read and write /data/data/com.android.providers.telephony files passed over Binder.
-allow { appdomain -isolated_app } radio_data_file:file { read write getattr };
+allow { appdomain -isolated_app_all } radio_data_file:file { read write getattr };
# For art.
allow appdomain dalvikcache_data_file:file execute;
@@ -425,21 +439,21 @@
allowxperm { appdomain -bluetooth } self:{ rawip_socket tcp_socket udp_socket }
ioctl { unpriv_sock_ioctls unpriv_tty_ioctls };
-allow { appdomain -isolated_app } ion_device:chr_file r_file_perms;
-allow { appdomain -isolated_app } dmabuf_system_heap_device:chr_file r_file_perms;
-allow { appdomain -isolated_app } dmabuf_system_secure_heap_device:chr_file r_file_perms;
+allow { appdomain -isolated_app_all } ion_device:chr_file r_file_perms;
+allow { appdomain -isolated_app_all } dmabuf_system_heap_device:chr_file r_file_perms;
+allow { appdomain -isolated_app_all } dmabuf_system_secure_heap_device:chr_file r_file_perms;
# Allow AAudio apps to use shared memory file descriptors from the HAL
-allow { appdomain -isolated_app } hal_audio:fd use;
+allow { appdomain -isolated_app_all } hal_audio:fd use;
# Allow app to access shared memory created by camera HAL1
-allow { appdomain -isolated_app } hal_camera:fd use;
+allow { appdomain -isolated_app_all } hal_camera:fd use;
# Allow apps to access shared memory file descriptor from the tuner HAL
-allow {appdomain -isolated_app} hal_tv_tuner_server:fd use;
+allow {appdomain -isolated_app_all} hal_tv_tuner_server:fd use;
# RenderScript always-passthrough HAL
-allow { appdomain -isolated_app } hal_renderscript_hwservice:hwservice_manager find;
+allow { appdomain -isolated_app_all } hal_renderscript_hwservice:hwservice_manager find;
allow appdomain same_process_hal_file:file { execute read open getattr map };
# TODO: switch to meminfo service
@@ -481,7 +495,7 @@
# from read-only locations.
neverallow {
bluetooth
- isolated_app
+ isolated_app_all
nfc
radio
shared_relro
@@ -495,6 +509,18 @@
-apk_data_file
}:file no_x_file_perms;
-# For now, don't allow apps other than gmscore to access /data/misc_ce/<userid>/checkin
-neverallow { appdomain -gmscore_app } checkin_data_file:dir *;
-neverallow { appdomain -gmscore_app } checkin_data_file:file *;
+# Don't allow apps access to any of the following character devices.
+neverallow appdomain {
+ audio_device
+ camera_device
+ dm_device
+ radio_device
+ rpmsg_device
+}:chr_file { read write };
+
+# Block video device access for all apps except the DeviceAsWebcam Service which
+# needs access to /dev/video* for interfacing with the host
+neverallow {
+ appdomain
+ -device_as_webcam
+} video_device:chr_file { read write };
diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 304f5a2..ea10df5 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -5,6 +5,8 @@
define(`all_untrusted_apps',`{
ephemeral_app
isolated_app
+ isolated_app_all
+ isolated_compute_app
mediaprovider
mediaprovider_app
untrusted_app
@@ -123,10 +125,11 @@
# Apps can read/write an already open vsock (e.g. created by
# virtualizationservice) but nothing more than that (e.g. creating a
# new vsock, etc.)
-neverallow all_untrusted_apps *:vsock_socket ~{ getattr read write };
+neverallow all_untrusted_apps *:vsock_socket ~{ getattr getopt read write };
# Disallow sending RTM_GETLINK messages on netlink sockets.
neverallow all_untrusted_apps domain:netlink_route_socket { bind nlmsg_readpriv };
+neverallow priv_app domain:netlink_route_socket { bind nlmsg_readpriv };
# Disallow sending RTM_GETNEIGH{TBL} messages on netlink sockets.
neverallow {
@@ -254,3 +257,41 @@
# Only privileged apps may find the incident service
neverallow all_untrusted_apps incident_service:service_manager find;
+
+# Do not allow untrusted app to read hidden system proprerties.
+# We do not include in the exclusions other normally untrusted applications such as mediaprovider
+# due to the specific logging use cases.
+# Context: b/193912100
+neverallow {
+ all_untrusted_apps
+ -mediaprovider
+ -mediaprovider_app
+} { userdebug_or_eng_prop }:file read;
+
+# Do not allow untrusted app to access /dev/socket/mdnsd since U. The socket is
+# used to communicate to the mdnsd responder. The mdnsd responder will be
+# replaced by a java implementation which is integrated into the system server.
+# For untrusted apps running with API level 33-, they still have access to
+# /dev/socket/mdnsd for backward compatibility.
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+ -untrusted_app_29
+ -untrusted_app_30
+ -untrusted_app_32
+} mdnsd_socket:sock_file write;
+neverallow {
+ all_untrusted_apps
+ -untrusted_app_25
+ -untrusted_app_27
+ -untrusted_app_29
+ -untrusted_app_30
+ -untrusted_app_32
+} mdnsd:unix_stream_socket connectto;
+
+# Do not allow untrusted apps to use anonymous inodes. At the moment,
+# type transitions are the only way to distinguish between different
+# anon_inode usages like userfaultfd and io_uring. This prevents us from
+# creating a more fine-grained neverallow policy for each anon_inode usage.
+neverallow all_untrusted_apps domain:anon_inode *;
diff --git a/private/app_zygote.te b/private/app_zygote.te
index 8aa288e..6552d63 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -142,18 +142,15 @@
alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
} *;
-# Only allow app_zygote to talk to the logd socket, and
-# su/heapprofd/traced_perf on eng/userdebug. This is because
-# cap_setuid/cap_setgid allow to forge uid/gid in SCM_CREDENTIALS.
-# Think twice before changing.
+# Only allow app_zygote to talk to the logd socket, and su on eng/userdebug.
+# This is because cap_setuid/cap_setgid allow to forge uid/gid in
+# SCM_CREDENTIALS. Think twice before changing.
neverallow app_zygote {
domain
-app_zygote
-logd
-system_server
userdebug_or_eng(`-su')
- userdebug_or_eng(`-heapprofd')
- userdebug_or_eng(`-traced_perf')
}:unix_dgram_socket *;
neverallow app_zygote {
@@ -161,8 +158,6 @@
-app_zygote
-prng_seeder
userdebug_or_eng(`-su')
- userdebug_or_eng(`-heapprofd')
- userdebug_or_eng(`-traced_perf')
}:unix_stream_socket *;
# Never allow ptrace
diff --git a/private/artd.te b/private/artd.te
index 0aa12dc..ef54d8c 100644
--- a/private/artd.te
+++ b/private/artd.te
@@ -1,16 +1,136 @@
-# art service daemon
-type artd, domain;
+# ART service daemon.
+typeattribute artd coredomain;
+typeattribute artd mlstrustedsubject;
type artd_exec, system_file_type, exec_type, file_type;
+type artd_tmpfs, file_type;
# Allow artd to publish a binder service and make binder calls.
binder_use(artd)
add_service(artd, artd_service)
allow artd dumpstate:fifo_file { getattr write };
-typeattribute artd coredomain;
-
init_daemon_domain(artd)
# Allow query ART device config properties
get_prop(artd, device_config_runtime_native_prop)
get_prop(artd, device_config_runtime_native_boot_prop)
+
+# Access to "odsign.verification.success" for deciding whether to deny files in
+# the ART APEX data directory.
+get_prop(artd, odsign_prop)
+
+# Reading an APK opens a ZipArchive, which unpack to tmpfs.
+# Use tmpfs_domain() which will give tmpfs files created by artd their
+# own label, which differs from other labels created by other processes.
+# This allows to distinguish in policy files created by artd vs other
+# processes.
+tmpfs_domain(artd)
+
+# Allow testing userfaultfd support.
+userfaultfd_use(artd)
+
+# Read access to primary dex'es on writable partitions
+# ({/data,/mnt/expand/<volume-uuid>}/app/...).
+# Also allow creating the "oat" directory before restorecon.
+allow artd mnt_expand_file:dir { getattr search };
+allow artd apk_data_file:dir { rw_dir_perms create setattr relabelfrom };
+allow artd apk_data_file:file r_file_perms;
+
+# Read access to vendor APKs ({/vendor,/odm}/{app,priv-app}/...).
+r_dir_file(artd, vendor_app_file)
+
+# Read access to vendor overlay APKs ({/vendor,/odm,/oem}/overlay/...).
+allow artd oemfs:dir { getattr search };
+r_dir_file(artd, vendor_overlay_file)
+
+# Read access to vendor shared libraries ({/vendor,/odm}/framework/...).
+r_dir_file(artd, vendor_framework_file)
+
+# Read/write access to all compilation artifacts generated on device for apps'
+# primary dex'es. (/data/dalvik-cache/..., /data/app/.../oat/..., etc.)
+allow artd dalvikcache_data_file:dir { create_dir_perms relabelto };
+allow artd dalvikcache_data_file:file { create_file_perms relabelto };
+
+# Read access to the ART APEX data directory.
+# Needed for reading the boot image generated on device.
+allow artd apex_module_data_file:dir { getattr search };
+r_dir_file(artd, apex_art_data_file)
+
+# Read access to /apex/apex-info-list.xml
+# Needed for getting APEX versions.
+allow artd apex_info_file:file r_file_perms;
+
+# Allow getting root capabilities to bypass permission checks.
+# - "dac_override" and "dac_read_search" are for
+# - reading secondary dex'es in app data directories (reading primary dex'es
+# doesn't need root capabilities)
+# - managing (CRUD) compilation artifacts in both APK directories for primary
+# dex'es and in app data directories for secondary dex'es
+# - managing (CRUD) profile files for both primary dex'es and secondary dex'es
+# - "fowner" is for adjusting the file permissions of compilation artifacts and
+# profile files based on whether they include user data or not.
+# - "chown" is for transferring the ownership of compilation artifacts and
+# profile files to the system or apps.
+allow artd self:global_capability_class_set { dac_override dac_read_search fowner chown };
+
+# Read/write access to profiles (/data/misc/profiles/{ref,cur}/...). Also allow
+# scanning /data/misc/profiles/cur, for cleaning up obsolete managed files.
+allow artd user_profile_root_file:dir r_dir_perms;
+allow artd user_profile_data_file:dir rw_dir_perms;
+allow artd user_profile_data_file:file create_file_perms;
+
+# Read/write access to secondary dex files, their profiles, and their
+# compilation artifacts
+# ({/data,/mnt/expand/<volume-uuid>}/{user,user_de}/<user-id>/<package-name>/...).
+allow artd app_data_file_type:dir { create_dir_perms relabelfrom relabelto };
+allow artd app_data_file_type:file { create_file_perms relabelfrom relabelto };
+
+# Allow symlinks for secondary dex files. This has be to restricted because
+# symlinks can cause various security issues. We allow "privapp_data_file" just
+# for GMS because so far we only see GMS using symlinks.
+allow artd privapp_data_file:lnk_file { getattr read };
+
+# Read access to SELinux context files, for restorecon.
+allow artd file_contexts_file:file r_file_perms;
+allow artd seapp_contexts_file:file r_file_perms;
+
+# Check validity of SELinux context, for restorecon.
+selinux_check_context(artd)
+
+# Allow scanning /, for cleaning up obsolete managed files.
+allow artd rootfs:dir r_dir_perms;
+
+# Allow scanning /data, for cleaning up obsolete managed files.
+allow artd system_data_root_file:dir r_dir_perms;
+
+# Allow scanning /mnt, for cleaning up obsolete managed files.
+allow artd tmpfs:dir r_dir_perms;
+
+# Allow scanning /mnt/expand, for cleaning up obsolete managed files.
+allow artd mnt_expand_file:dir r_dir_perms;
+
+# Allow scanning {/data,/mnt/expand/<volume-uuid>}/{user,user_de}, for cleaning
+# up obsolete managed files.
+allow artd system_userdir_file:dir r_dir_perms;
+
+# Allow scanning {/data,/mnt/expand/<volume-uuid>}/{user,user_de}/<user-id> and
+# /mnt/expand/<volume-uuid>, for cleaning up obsolete managed files.
+allow artd system_data_file:dir r_dir_perms;
+
+# Never allow running other binaries without a domain transition.
+# The only exception is art_exec. It is allowed to use the artd domain because
+# it is a thin wrapper that executes other binaries on behalf of artd.
+neverallow artd ~{art_exec_exec}:file execute_no_trans;
+allow artd art_exec_exec:file rx_file_perms;
+
+# Allow running other binaries in their own domains.
+domain_auto_trans(artd, profman_exec, profman)
+domain_auto_trans(artd, dex2oat_exec, dex2oat)
+
+# Allow sending sigkill to subprocesses.
+allow artd { profman dex2oat }:process sigkill;
+
+# Allow reading process info (/proc/<pid>/...).
+# This is needed for getting CPU time and wall time spent on subprocesses.
+r_dir_file(artd, profman);
+r_dir_file(artd, dex2oat);
diff --git a/private/atrace.te b/private/atrace.te
index ca0e527..50ab392 100644
--- a/private/atrace.te
+++ b/private/atrace.te
@@ -31,7 +31,6 @@
-dumpstate_service
-incident_service
-installd_service
- -iorapd_service
-lpdump_service
-mdns_service
-netd_service
diff --git a/private/audioserver.te b/private/audioserver.te
index ca29373..7a5e8bc 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -43,6 +43,7 @@
allow audioserver mediametrics_service:service_manager find;
allow audioserver sensor_privacy_service:service_manager find;
allow audioserver soundtrigger_middleware_service:service_manager find;
+allow audioserver audio_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
set_prop(audioserver, bluetooth_a2dp_offload_prop)
diff --git a/private/binderservicedomain.te b/private/binderservicedomain.te
index 7275954..fa9dd7d 100644
--- a/private/binderservicedomain.te
+++ b/private/binderservicedomain.te
@@ -22,3 +22,5 @@
allow binderservicedomain keystore:keystore2_key { delete get_info rebind use };
use_keystore(binderservicedomain)
+# binderservicedomain is using apex_info via libvintf
+use_apex_info(binderservicedomain)
diff --git a/private/bpfdomain.te b/private/bpfdomain.te
index 2be7f88..7c8f5c0 100644
--- a/private/bpfdomain.te
+++ b/private/bpfdomain.te
@@ -12,3 +12,14 @@
neverallow { domain -bpfdomain } *:bpf *;
allow bpfdomain fs_bpf:dir search;
+
+# genfscon doesn't seem to trigger during symlink creation,
+# and thus any created symlinks end up as 'fs_bpf:lnk_type',
+# however this feels like a kernel bug / missing feature,
+# so let's allow all bpffs_type's instead,
+# this will keep things working even if this is fixed.
+allow bpfdomain bpffs_type:lnk_file read;
+
+# Needed for //frameworks/libs/net:
+# common/native/bpf_headers/include/bpf/WaitForProgsLoaded.h
+get_prop(bpfdomain, bpf_progs_loaded_prop)
diff --git a/private/bpfloader.te b/private/bpfloader.te
index 54cc916..6bdc259 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -7,7 +7,8 @@
# These permissions are required to pin ebpf maps & programs.
allow bpfloader bpffs_type:dir { add_name create remove_name search write };
-allow bpfloader bpffs_type:file { create read rename setattr };
+allow bpfloader bpffs_type:file { create getattr read rename setattr };
+allow bpfloader bpffs_type:lnk_file { create getattr read };
allow { bpffs_type -fs_bpf } fs_bpf:filesystem associate;
# Allow bpfloader to create bpf maps and programs.
@@ -17,6 +18,8 @@
allow bpfloader sysfs_fs_fuse_bpf:file r_file_perms;
+allow bpfloader proc_bpf:file w_file_perms;
+
set_prop(bpfloader, bpf_progs_loaded_prop)
allow bpfloader bpfloader_exec:file execute_no_trans;
@@ -25,25 +28,30 @@
### Neverallow rules
###
-# TODO: get rid of init & vendor_init; Note: we don't care about getattr/mounton/search
-neverallow { domain -init -vendor_init } bpffs_type:dir { open read setattr };
+# Note: we don't care about getattr/mounton/search
+neverallow { domain } bpffs_type:dir ~{ add_name create getattr mounton remove_name search write };
neverallow { domain -bpfloader } bpffs_type:dir { add_name create remove_name write };
-neverallow domain bpffs_type:dir ~{ add_name create getattr mounton open read remove_name search setattr write };
-# TODO: get rid of init & vendor_init
-neverallow { domain -bpfloader -init -vendor_init } bpffs_type:file { map open setattr };
-neverallow { domain -bpfloader } bpffs_type:file { create rename };
-neverallow { domain -bpfloader -gpuservice -init -lmkd -mediaprovider_app -netd -netutils_wrapper -system_server -vendor_init } fs_bpf:file read;
-neverallow { domain -bpfloader -init -network_stack -vendor_init } fs_bpf_net_private:file read;
-neverallow { domain -bpfloader -init -network_stack -system_server -vendor_init } fs_bpf_net_shared:file read;
-neverallow { domain -bpfloader -init -netd -network_stack -system_server -vendor_init } fs_bpf_netd_readonly:file read;
-neverallow { domain -bpfloader -init -netd -netutils_wrapper -network_stack -system_server -vendor_init } fs_bpf_netd_shared:file read;
-neverallow { domain -bpfloader -init -network_stack -vendor_init } fs_bpf_tethering:file read;
-neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -network_stack -system_server } { bpffs_type -fs_bpf_vendor }:file write;
-neverallow domain bpffs_type:file ~{ create map open read rename setattr write };
+neverallow { domain } bpffs_type:file ~{ create getattr map open read rename setattr write };
+neverallow { domain -bpfloader } bpffs_type:file { create getattr map open rename setattr };
+neverallow { domain -bpfloader -gpuservice -lmkd -mediaprovider_app -netd -netutils_wrapper -system_server } fs_bpf:file read;
+neverallow { domain -bpfloader } fs_bpf_loader:file read;
+neverallow { domain -bpfloader -network_stack } fs_bpf_net_private:file read;
+neverallow { domain -bpfloader -network_stack -system_server } fs_bpf_net_shared:file read;
+neverallow { domain -bpfloader -netd -network_stack -system_server } fs_bpf_netd_readonly:file read;
+neverallow { domain -bpfloader -netd -netutils_wrapper -network_stack -system_server } fs_bpf_netd_shared:file read;
+neverallow { domain -bpfloader -network_stack } fs_bpf_tethering:file read;
+neverallow { domain -bpfloader -gpuservice -netd -netutils_wrapper -network_stack -system_server } { bpffs_type -fs_bpf_vendor }:file write;
+
+neverallow { domain -bpfloader } bpffs_type:lnk_file ~read;
+neverallow { domain -bpfdomain } bpffs_type:lnk_file read;
neverallow { domain -bpfloader } *:bpf { map_create prog_load };
+# 'fs_bpf_loader' is for internal use of the BpfLoader oneshot boot time process.
+neverallow { domain -bpfloader } fs_bpf_loader:bpf *;
+neverallow { domain -bpfloader } fs_bpf_loader:file *;
+
neverallow {
domain
-bpfloader
@@ -58,13 +66,11 @@
neverallow { domain -bpfloader -gpuservice -lmkd -mediaprovider_app -netd -network_stack -system_server } *:bpf { map_read map_write };
neverallow { domain -bpfloader -init } bpfloader_exec:file { execute execute_no_trans };
-neverallow { coredomain -bpfloader -init } fs_bpf_vendor:file *;
+neverallow { coredomain -bpfloader } fs_bpf_vendor:file *;
neverallow bpfloader *:{ tcp_socket udp_socket rawip_socket } *;
# No domain should be allowed to ptrace bpfloader
neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
-# Currently only bpfloader.rc (which runs as init) can do bpf sysctl setup
-# this should perhaps be moved to the bpfloader binary itself. Allow both.
-neverallow { domain -bpfloader -init } proc_bpf:file write;
+neverallow { domain -bpfloader } proc_bpf:file write;
diff --git a/private/canhalconfigurator.te b/private/canhalconfigurator.te
index 9ba60ac..5673ccd 100644
--- a/private/canhalconfigurator.te
+++ b/private/canhalconfigurator.te
@@ -5,3 +5,6 @@
# This allows the configurator to look up the CAN HAL controller via
# hwservice_manager and communicate with it.
hal_client_domain(canhalconfigurator, hal_can_controller)
+
+binder_use(canhalconfigurator)
+binder_call(hal_can_controller, canhalconfigurator)
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index 321e938..d79d2f8 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -30,6 +30,7 @@
;; mapping file compiles with vendor policies without exported_audio_prop type.
(typeattribute exported_audio_prop_28_0)
+;; mapping information from ToT policy's types to 28.0 policy's types.
(expandtypeattribute (accessibility_service_28_0) true)
(expandtypeattribute (account_service_28_0) true)
(expandtypeattribute (activity_service_28_0) true)
diff --git a/private/compat/28.0/28.0.compat.cil b/private/compat/28.0/28.0.compat.cil
index 2e85b23..783950c 100644
--- a/private/compat/28.0/28.0.compat.cil
+++ b/private/compat/28.0/28.0.compat.cil
@@ -1,3 +1,7 @@
+;; complement CIL file for compatibility between ToT policy and 28.0 vendors.
+;; will be compiled along with other normal policy files, on 28.0 vendors.
+;;
+
(typeattribute vendordomain)
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
(allowx vendordomain dev_type (ioctl blk_file ((range 0x0000 0xffff))))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index e7ddf48..7213f95 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -1,6 +1,6 @@
-;; new_objects - a collection of types that have been introduced that have no
-;; analogue in older policy. Thus, we do not need to map these types to
-;; previous ones. Add here to pass checkapi tests.
+;; new_objects - a collection of types that have been introduced with ToT policy
+;; that have no analogue in 28.0 policy. Thus, we do not need to map
+;; these types to previous ones. Add here to pass checkapi tests.
(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index 0fb0a1c..7315687 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -14,6 +14,7 @@
(type sysfs_mac_address)
(type wificond_service)
+;; mapping information from ToT policy's types to 29.0 policy's types.
(expandtypeattribute (accessibility_service_29_0) true)
(expandtypeattribute (account_service_29_0) true)
(expandtypeattribute (activity_service_29_0) true)
@@ -1577,7 +1578,8 @@
(typeattributeset proc_29_0
( proc
proc_kpageflags
- proc_lowmemorykiller))
+ proc_lowmemorykiller
+ proc_watermark_scale_factor))
(typeattributeset proc_abi_29_0 (proc_abi))
(typeattributeset proc_asound_29_0 (proc_asound))
(typeattributeset proc_bluetooth_writable_29_0 (proc_bluetooth_writable))
diff --git a/private/compat/29.0/29.0.compat.cil b/private/compat/29.0/29.0.compat.cil
index ccd9d1a..0bb2ae8 100644
--- a/private/compat/29.0/29.0.compat.cil
+++ b/private/compat/29.0/29.0.compat.cil
@@ -1,3 +1,7 @@
+;; complement CIL file for compatibility between ToT policy and 29.0 vendors.
+;; will be compiled along with other normal policy files, on 29.0 vendors.
+;;
+
(typeattribute vendordomain)
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
(allow vendordomain self (netlink_route_socket (nlmsg_readpriv)))
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 1079046..e40888d 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -1,6 +1,6 @@
-;; new_objects - a collection of types that have been introduced that have no
-;; analogue in older policy. Thus, we do not need to map these types to
-;; previous ones. Add here to pass checkapi tests.
+;; new_objects - a collection of types that have been introduced with ToT policy
+;; that have no analogue in 29.0 policy. Thus, we do not need to map
+;; these types to previous ones. Add here to pass checkapi tests.
(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 9f40876..83d83ff 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -21,6 +21,7 @@
(typeattribute binder_in_vendor_violators)
+;; mapping information from ToT policy's types to 30.0 policy's types.
(expandtypeattribute (DockObserver_service_30_0) true)
(expandtypeattribute (IProxyService_service_30_0) true)
(expandtypeattribute (accessibility_service_30_0) true)
@@ -1820,7 +1821,8 @@
(typeattributeset privapp_data_file_30_0 (privapp_data_file))
(typeattributeset proc_30_0
( proc
- proc_bootconfig))
+ proc_bootconfig
+ proc_watermark_scale_factor))
(typeattributeset proc_abi_30_0 (proc_abi))
(typeattributeset proc_asound_30_0 (proc_asound))
(typeattributeset proc_bluetooth_writable_30_0 (proc_bluetooth_writable))
diff --git a/private/compat/30.0/30.0.compat.cil b/private/compat/30.0/30.0.compat.cil
index 97c5874..b8bd755 100644
--- a/private/compat/30.0/30.0.compat.cil
+++ b/private/compat/30.0/30.0.compat.cil
@@ -1,3 +1,7 @@
+;; complement CIL file for compatibility between ToT policy and 30.0 vendors.
+;; will be compiled along with other normal policy files, on 30.0 vendors.
+;;
+
(typeattribute vendordomain)
(typeattributeset vendordomain ((and (domain) ((not (coredomain))))))
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index ba0a494..0a3d2e9 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -1,6 +1,6 @@
-;; new_objects - a collection of types that have been introduced that have no
-;; analogue in older policy. Thus, we do not need to map these types to
-;; previous ones. Add here to pass checkapi tests.
+;; new_objects - a collection of types that have been introduced with ToT policy
+;; that have no analogue in 30.0 policy. Thus, we do not need to map
+;; these types to previous ones. Add here to pass checkapi tests.
(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
diff --git a/private/compat/31.0/31.0.cil b/private/compat/31.0/31.0.cil
index ba6944e..b0df314 100644
--- a/private/compat/31.0/31.0.cil
+++ b/private/compat/31.0/31.0.cil
@@ -9,6 +9,7 @@
(type vr_hwc)
(type vr_hwc_exec)
+;; mapping information from ToT policy's types to 31.0 policy's types.
(expandtypeattribute (DockObserver_service_31_0) true)
(expandtypeattribute (IProxyService_service_31_0) true)
(expandtypeattribute (aac_drc_prop_31_0) true)
@@ -1974,6 +1975,7 @@
( proc
proc_bpf
proc_cpu_alignment
+ proc_watermark_scale_factor
))
(typeattributeset proc_abi_31_0 (proc_abi))
(typeattributeset proc_asound_31_0 (proc_asound))
diff --git a/private/compat/31.0/31.0.compat.cil b/private/compat/31.0/31.0.compat.cil
index 628abfc..787c92a 100644
--- a/private/compat/31.0/31.0.compat.cil
+++ b/private/compat/31.0/31.0.compat.cil
@@ -1 +1,3 @@
-;; This file can't be empty.
+;; complement CIL file for compatibility between ToT policy and 31.0 vendors.
+;; will be compiled along with other normal policy files, on 31.0 vendors.
+;;
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 496832e..0e39f3e 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -1,6 +1,6 @@
-;; new_objects - a collection of types that have been introduced that have no
-;; analogue in older policy. Thus, we do not need to map these types to
-;; previous ones. Add here to pass checkapi tests.
+;; new_objects - a collection of types that have been introduced with ToT policy
+;; that have no analogue in 31.0 policy. Thus, we do not need to map
+;; these types to previous ones. Add here to pass checkapi tests.
(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
@@ -39,7 +39,6 @@
tare_service
transformer_service
proc_watermark_boost_factor
- proc_watermark_scale_factor
untrusted_app_30
proc_vendor_sched
sdk_sandbox_service
diff --git a/private/compat/32.0/32.0.cil b/private/compat/32.0/32.0.cil
index d916a13..171f0ad 100644
--- a/private/compat/32.0/32.0.cil
+++ b/private/compat/32.0/32.0.cil
@@ -9,6 +9,7 @@
(type vr_hwc)
(type vr_hwc_exec)
+;; mapping information from ToT policy's types to 32.0 policy's types.
(expandtypeattribute (DockObserver_service_32_0) true)
(expandtypeattribute (IProxyService_service_32_0) true)
(expandtypeattribute (aac_drc_prop_32_0) true)
@@ -1378,7 +1379,6 @@
(typeattributeset build_config_prop_32_0 (build_config_prop))
(typeattributeset build_odm_prop_32_0 (build_odm_prop))
(typeattributeset build_prop_32_0 (build_prop))
-(typeattributeset build_prop_32_0 (userdebug_or_eng_prop))
(typeattributeset build_vendor_prop_32_0 (build_vendor_prop))
(typeattributeset cache_backup_file_32_0 (cache_backup_file))
(typeattributeset cache_block_device_32_0 (cache_block_device))
@@ -1973,7 +1973,10 @@
(typeattributeset print_service_32_0 (print_service))
(typeattributeset priv_app_32_0 (priv_app))
(typeattributeset privapp_data_file_32_0 (privapp_data_file))
-(typeattributeset proc_32_0 (proc proc_bpf proc_cpu_alignment))
+(typeattributeset proc_32_0 (proc))
+(typeattributeset proc_32_0 (proc_bpf))
+(typeattributeset proc_32_0 (proc_cpu_alignment))
+(typeattributeset proc_32_0 (proc_watermark_scale_factor))
(typeattributeset proc_abi_32_0 (proc_abi))
(typeattributeset proc_asound_32_0 (proc_asound))
(typeattributeset proc_bluetooth_writable_32_0 (proc_bluetooth_writable))
diff --git a/private/compat/32.0/32.0.compat.cil b/private/compat/32.0/32.0.compat.cil
index 628abfc..00ac11f 100644
--- a/private/compat/32.0/32.0.compat.cil
+++ b/private/compat/32.0/32.0.compat.cil
@@ -1 +1,3 @@
-;; This file can't be empty.
+;; complement CIL file for compatibility between ToT policy and 32.0 vendors.
+;; will be compiled along with other normal policy files, on 32.0 vendors.
+;;
diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index 076d642..43ce0a1 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -1,6 +1,6 @@
-;; new_objects - a collection of types that have been introduced that have no
-;; analogue in older policy. Thus, we do not need to map these types to
-;; previous ones. Add here to pass checkapi tests.
+;; new_objects - a collection of types that have been introduced with ToT policy
+;; that have no analogue in 32.0 policy. Thus, we do not need to map
+;; these types to previous ones. Add here to pass checkapi tests.
(type new_objects)
(typeattribute new_objects)
(typeattributeset new_objects
@@ -60,9 +60,7 @@
mdns_service
nearby_service
persist_wm_debug_prop
- prng_seeder
proc_watermark_boost_factor
- proc_watermark_scale_factor
remotelyprovisionedkeypool_service
resources_manager_service
rootdisk_sysdev
@@ -74,6 +72,7 @@
sysfs_gpu
sysfs_lru_gen_enabled
system_dlkm_file
+ system_user_mode_emulation_prop
tare_service
tv_iapp_service
untrusted_app_30
diff --git a/private/compat/33.0/33.0.cil b/private/compat/33.0/33.0.cil
new file mode 100644
index 0000000..56da496
--- /dev/null
+++ b/private/compat/33.0/33.0.cil
@@ -0,0 +1,2636 @@
+;; types removed from current policy
+(type iorap_inode2filename)
+(type iorap_inode2filename_exec)
+(type iorap_inode2filename_tmpfs)
+(type iorap_prefetcherd)
+(type iorap_prefetcherd_exec)
+(type iorap_prefetcherd_tmpfs)
+(type iorapd)
+(type iorapd_data_file)
+(type iorapd_exec)
+(type iorapd_service)
+(type iorapd_tmpfs)
+(type lowpan_service)
+(type timezone_service)
+(type tzdatacheck)
+(type tzdatacheck_exec)
+(type wpantund)
+(type wpantund_exec)
+(type wpantund_service)
+(type zoneinfo_data_file)
+
+;; mapping information from ToT policy's types to 33.0 policy's types.
+(expandtypeattribute (DockObserver_service_33_0) true)
+(expandtypeattribute (IProxyService_service_33_0) true)
+(expandtypeattribute (aac_drc_prop_33_0) true)
+(expandtypeattribute (aaudio_config_prop_33_0) true)
+(expandtypeattribute (ab_update_gki_prop_33_0) true)
+(expandtypeattribute (accessibility_service_33_0) true)
+(expandtypeattribute (account_service_33_0) true)
+(expandtypeattribute (activity_service_33_0) true)
+(expandtypeattribute (activity_task_service_33_0) true)
+(expandtypeattribute (adb_data_file_33_0) true)
+(expandtypeattribute (adb_keys_file_33_0) true)
+(expandtypeattribute (adb_service_33_0) true)
+(expandtypeattribute (adbd_33_0) true)
+(expandtypeattribute (adbd_config_prop_33_0) true)
+(expandtypeattribute (adbd_exec_33_0) true)
+(expandtypeattribute (adbd_socket_33_0) true)
+(expandtypeattribute (adservices_manager_service_33_0) true)
+(expandtypeattribute (aidl_lazy_test_server_33_0) true)
+(expandtypeattribute (aidl_lazy_test_server_exec_33_0) true)
+(expandtypeattribute (aidl_lazy_test_service_33_0) true)
+(expandtypeattribute (alarm_service_33_0) true)
+(expandtypeattribute (anr_data_file_33_0) true)
+(expandtypeattribute (apc_service_33_0) true)
+(expandtypeattribute (apex_data_file_33_0) true)
+(expandtypeattribute (apex_info_file_33_0) true)
+(expandtypeattribute (apex_metadata_file_33_0) true)
+(expandtypeattribute (apex_mnt_dir_33_0) true)
+(expandtypeattribute (apex_module_data_file_33_0) true)
+(expandtypeattribute (apex_ota_reserved_file_33_0) true)
+(expandtypeattribute (apex_rollback_data_file_33_0) true)
+(expandtypeattribute (apex_service_33_0) true)
+(expandtypeattribute (apex_system_server_data_file_33_0) true)
+(expandtypeattribute (apexd_33_0) true)
+(expandtypeattribute (apexd_config_prop_33_0) true)
+(expandtypeattribute (apexd_exec_33_0) true)
+(expandtypeattribute (apexd_prop_33_0) true)
+(expandtypeattribute (apexd_select_prop_33_0) true)
+(expandtypeattribute (apk_data_file_33_0) true)
+(expandtypeattribute (apk_private_data_file_33_0) true)
+(expandtypeattribute (apk_private_tmp_file_33_0) true)
+(expandtypeattribute (apk_tmp_file_33_0) true)
+(expandtypeattribute (apk_verity_prop_33_0) true)
+(expandtypeattribute (app_binding_service_33_0) true)
+(expandtypeattribute (app_data_file_33_0) true)
+(expandtypeattribute (app_fuse_file_33_0) true)
+(expandtypeattribute (app_fusefs_33_0) true)
+(expandtypeattribute (app_hibernation_service_33_0) true)
+(expandtypeattribute (app_integrity_service_33_0) true)
+(expandtypeattribute (app_prediction_service_33_0) true)
+(expandtypeattribute (app_search_service_33_0) true)
+(expandtypeattribute (app_zygote_33_0) true)
+(expandtypeattribute (app_zygote_tmpfs_33_0) true)
+(expandtypeattribute (appcompat_data_file_33_0) true)
+(expandtypeattribute (appdomain_tmpfs_33_0) true)
+(expandtypeattribute (appops_service_33_0) true)
+(expandtypeattribute (appwidget_service_33_0) true)
+(expandtypeattribute (arm64_memtag_prop_33_0) true)
+(expandtypeattribute (art_apex_dir_33_0) true)
+(expandtypeattribute (artd_service_33_0) true)
+(expandtypeattribute (asec_apk_file_33_0) true)
+(expandtypeattribute (asec_image_file_33_0) true)
+(expandtypeattribute (asec_public_file_33_0) true)
+(expandtypeattribute (ashmem_device_33_0) true)
+(expandtypeattribute (ashmem_libcutils_device_33_0) true)
+(expandtypeattribute (assetatlas_service_33_0) true)
+(expandtypeattribute (atrace_33_0) true)
+(expandtypeattribute (attestation_verification_service_33_0) true)
+(expandtypeattribute (audio_config_prop_33_0) true)
+(expandtypeattribute (audio_data_file_33_0) true)
+(expandtypeattribute (audio_device_33_0) true)
+(expandtypeattribute (audio_prop_33_0) true)
+(expandtypeattribute (audio_service_33_0) true)
+(expandtypeattribute (audiohal_data_file_33_0) true)
+(expandtypeattribute (audioserver_33_0) true)
+(expandtypeattribute (audioserver_data_file_33_0) true)
+(expandtypeattribute (audioserver_service_33_0) true)
+(expandtypeattribute (audioserver_tmpfs_33_0) true)
+(expandtypeattribute (auth_service_33_0) true)
+(expandtypeattribute (authorization_service_33_0) true)
+(expandtypeattribute (autofill_service_33_0) true)
+(expandtypeattribute (backup_data_file_33_0) true)
+(expandtypeattribute (backup_service_33_0) true)
+(expandtypeattribute (battery_service_33_0) true)
+(expandtypeattribute (batteryproperties_service_33_0) true)
+(expandtypeattribute (batterystats_service_33_0) true)
+(expandtypeattribute (binder_cache_bluetooth_server_prop_33_0) true)
+(expandtypeattribute (binder_cache_system_server_prop_33_0) true)
+(expandtypeattribute (binder_cache_telephony_server_prop_33_0) true)
+(expandtypeattribute (binder_calls_stats_service_33_0) true)
+(expandtypeattribute (binder_device_33_0) true)
+(expandtypeattribute (binderfs_33_0) true)
+(expandtypeattribute (binderfs_features_33_0) true)
+(expandtypeattribute (binderfs_logs_33_0) true)
+(expandtypeattribute (binderfs_logs_proc_33_0) true)
+(expandtypeattribute (binfmt_miscfs_33_0) true)
+(expandtypeattribute (biometric_service_33_0) true)
+(expandtypeattribute (blkid_33_0) true)
+(expandtypeattribute (blkid_untrusted_33_0) true)
+(expandtypeattribute (blob_store_service_33_0) true)
+(expandtypeattribute (block_device_33_0) true)
+(expandtypeattribute (bluetooth_33_0) true)
+(expandtypeattribute (bluetooth_a2dp_offload_prop_33_0) true)
+(expandtypeattribute (bluetooth_audio_hal_prop_33_0) true)
+(expandtypeattribute (bluetooth_config_prop_33_0) true)
+(expandtypeattribute (bluetooth_data_file_33_0) true)
+(expandtypeattribute (bluetooth_efs_file_33_0) true)
+(expandtypeattribute (bluetooth_logs_data_file_33_0) true)
+(expandtypeattribute (bluetooth_manager_service_33_0) true)
+(expandtypeattribute (bluetooth_prop_33_0) true)
+(expandtypeattribute (bluetooth_service_33_0) true)
+(expandtypeattribute (bluetooth_socket_33_0) true)
+(expandtypeattribute (boot_block_device_33_0) true)
+(expandtypeattribute (boot_status_prop_33_0) true)
+(expandtypeattribute (bootanim_33_0) true)
+(expandtypeattribute (bootanim_config_prop_33_0) true)
+(expandtypeattribute (bootanim_exec_33_0) true)
+(expandtypeattribute (bootanim_system_prop_33_0) true)
+(expandtypeattribute (bootchart_data_file_33_0) true)
+(expandtypeattribute (bootloader_boot_reason_prop_33_0) true)
+(expandtypeattribute (bootloader_prop_33_0) true)
+(expandtypeattribute (bootstat_33_0) true)
+(expandtypeattribute (bootstat_data_file_33_0) true)
+(expandtypeattribute (bootstat_exec_33_0) true)
+(expandtypeattribute (boottime_prop_33_0) true)
+(expandtypeattribute (boottime_public_prop_33_0) true)
+(expandtypeattribute (boottrace_data_file_33_0) true)
+(expandtypeattribute (bpf_progs_loaded_prop_33_0) true)
+(expandtypeattribute (bpfloader_33_0) true)
+(expandtypeattribute (bq_config_prop_33_0) true)
+(expandtypeattribute (broadcastradio_service_33_0) true)
+(expandtypeattribute (bufferhubd_33_0) true)
+(expandtypeattribute (bufferhubd_exec_33_0) true)
+(expandtypeattribute (bugreport_service_33_0) true)
+(expandtypeattribute (build_bootimage_prop_33_0) true)
+(expandtypeattribute (build_config_prop_33_0) true)
+(expandtypeattribute (build_odm_prop_33_0) true)
+(expandtypeattribute (build_prop_33_0) true)
+(expandtypeattribute (build_vendor_prop_33_0) true)
+(expandtypeattribute (cache_backup_file_33_0) true)
+(expandtypeattribute (cache_block_device_33_0) true)
+(expandtypeattribute (cache_file_33_0) true)
+(expandtypeattribute (cache_private_backup_file_33_0) true)
+(expandtypeattribute (cache_recovery_file_33_0) true)
+(expandtypeattribute (cacheinfo_service_33_0) true)
+(expandtypeattribute (camera2_extensions_prop_33_0) true)
+(expandtypeattribute (camera_calibration_prop_33_0) true)
+(expandtypeattribute (camera_config_prop_33_0) true)
+(expandtypeattribute (camera_data_file_33_0) true)
+(expandtypeattribute (camera_device_33_0) true)
+(expandtypeattribute (cameraproxy_service_33_0) true)
+(expandtypeattribute (cameraserver_33_0) true)
+(expandtypeattribute (cameraserver_exec_33_0) true)
+(expandtypeattribute (cameraserver_service_33_0) true)
+(expandtypeattribute (cameraserver_tmpfs_33_0) true)
+(expandtypeattribute (camerax_extensions_prop_33_0) true)
+(expandtypeattribute (cgroup_33_0) true)
+(expandtypeattribute (cgroup_desc_api_file_33_0) true)
+(expandtypeattribute (cgroup_desc_file_33_0) true)
+(expandtypeattribute (cgroup_rc_file_33_0) true)
+(expandtypeattribute (cgroup_v2_33_0) true)
+(expandtypeattribute (charger_33_0) true)
+(expandtypeattribute (charger_config_prop_33_0) true)
+(expandtypeattribute (charger_exec_33_0) true)
+(expandtypeattribute (charger_prop_33_0) true)
+(expandtypeattribute (charger_status_prop_33_0) true)
+(expandtypeattribute (charger_vendor_33_0) true)
+(expandtypeattribute (clipboard_service_33_0) true)
+(expandtypeattribute (cloudsearch_service_33_0) true)
+(expandtypeattribute (codec2_config_prop_33_0) true)
+(expandtypeattribute (cold_boot_done_prop_33_0) true)
+(expandtypeattribute (color_display_service_33_0) true)
+(expandtypeattribute (companion_device_service_33_0) true)
+(expandtypeattribute (config_prop_33_0) true)
+(expandtypeattribute (configfs_33_0) true)
+(expandtypeattribute (connectivity_native_service_33_0) true)
+(expandtypeattribute (connectivity_service_33_0) true)
+(expandtypeattribute (connmetrics_service_33_0) true)
+(expandtypeattribute (console_device_33_0) true)
+(expandtypeattribute (consumer_ir_service_33_0) true)
+(expandtypeattribute (content_capture_service_33_0) true)
+(expandtypeattribute (content_service_33_0) true)
+(expandtypeattribute (content_suggestions_service_33_0) true)
+(expandtypeattribute (contexthub_service_33_0) true)
+(expandtypeattribute (coredump_file_33_0) true)
+(expandtypeattribute (country_detector_service_33_0) true)
+(expandtypeattribute (coverage_service_33_0) true)
+(expandtypeattribute (cppreopt_prop_33_0) true)
+(expandtypeattribute (cpu_variant_prop_33_0) true)
+(expandtypeattribute (cpuinfo_service_33_0) true)
+(expandtypeattribute (crash_dump_33_0) true)
+(expandtypeattribute (crash_dump_exec_33_0) true)
+(expandtypeattribute (credstore_33_0) true)
+(expandtypeattribute (credstore_data_file_33_0) true)
+(expandtypeattribute (credstore_exec_33_0) true)
+(expandtypeattribute (credstore_service_33_0) true)
+(expandtypeattribute (crossprofileapps_service_33_0) true)
+(expandtypeattribute (ctl_adbd_prop_33_0) true)
+(expandtypeattribute (ctl_apexd_prop_33_0) true)
+(expandtypeattribute (ctl_bootanim_prop_33_0) true)
+(expandtypeattribute (ctl_bugreport_prop_33_0) true)
+(expandtypeattribute (ctl_console_prop_33_0) true)
+(expandtypeattribute (ctl_default_prop_33_0) true)
+(expandtypeattribute (ctl_dumpstate_prop_33_0) true)
+(expandtypeattribute (ctl_fuse_prop_33_0) true)
+(expandtypeattribute (ctl_gsid_prop_33_0) true)
+(expandtypeattribute (ctl_interface_restart_prop_33_0) true)
+(expandtypeattribute (ctl_interface_start_prop_33_0) true)
+(expandtypeattribute (ctl_interface_stop_prop_33_0) true)
+(expandtypeattribute (ctl_mdnsd_prop_33_0) true)
+(expandtypeattribute (ctl_restart_prop_33_0) true)
+(expandtypeattribute (ctl_rildaemon_prop_33_0) true)
+(expandtypeattribute (ctl_sigstop_prop_33_0) true)
+(expandtypeattribute (ctl_start_prop_33_0) true)
+(expandtypeattribute (ctl_stop_prop_33_0) true)
+(expandtypeattribute (dalvik_config_prop_33_0) true)
+(expandtypeattribute (dalvik_prop_33_0) true)
+(expandtypeattribute (dalvik_runtime_prop_33_0) true)
+(expandtypeattribute (dalvikcache_data_file_33_0) true)
+(expandtypeattribute (dataloader_manager_service_33_0) true)
+(expandtypeattribute (dbinfo_service_33_0) true)
+(expandtypeattribute (dck_prop_33_0) true)
+(expandtypeattribute (debug_prop_33_0) true)
+(expandtypeattribute (debugfs_33_0) true)
+(expandtypeattribute (debugfs_bootreceiver_tracing_33_0) true)
+(expandtypeattribute (debugfs_kprobes_33_0) true)
+(expandtypeattribute (debugfs_mm_events_tracing_33_0) true)
+(expandtypeattribute (debugfs_mmc_33_0) true)
+(expandtypeattribute (debugfs_restriction_prop_33_0) true)
+(expandtypeattribute (debugfs_trace_marker_33_0) true)
+(expandtypeattribute (debugfs_tracing_33_0) true)
+(expandtypeattribute (debugfs_tracing_debug_33_0) true)
+(expandtypeattribute (debugfs_tracing_instances_33_0) true)
+(expandtypeattribute (debugfs_tracing_printk_formats_33_0) true)
+(expandtypeattribute (debugfs_wakeup_sources_33_0) true)
+(expandtypeattribute (debugfs_wifi_tracing_33_0) true)
+(expandtypeattribute (debuggerd_prop_33_0) true)
+(expandtypeattribute (default_android_hwservice_33_0) true)
+(expandtypeattribute (default_android_service_33_0) true)
+(expandtypeattribute (default_android_vndservice_33_0) true)
+(expandtypeattribute (default_prop_33_0) true)
+(expandtypeattribute (dev_cpu_variant_33_0) true)
+(expandtypeattribute (device_33_0) true)
+(expandtypeattribute (device_config_activity_manager_native_boot_prop_33_0) true)
+(expandtypeattribute (device_config_boot_count_prop_33_0) true)
+(expandtypeattribute (device_config_input_native_boot_prop_33_0) true)
+(expandtypeattribute (device_config_media_native_prop_33_0) true)
+(expandtypeattribute (device_config_netd_native_prop_33_0) true)
+(expandtypeattribute (device_config_nnapi_native_prop_33_0) true)
+(expandtypeattribute (device_config_reset_performed_prop_33_0) true)
+(expandtypeattribute (device_config_runtime_native_boot_prop_33_0) true)
+(expandtypeattribute (device_config_runtime_native_prop_33_0) true)
+(expandtypeattribute (device_config_service_33_0) true)
+(expandtypeattribute (device_config_surface_flinger_native_boot_prop_33_0) true)
+(expandtypeattribute (device_identifiers_service_33_0) true)
+(expandtypeattribute (device_logging_prop_33_0) true)
+(expandtypeattribute (device_policy_service_33_0) true)
+(expandtypeattribute (device_state_service_33_0) true)
+(expandtypeattribute (deviceidle_service_33_0) true)
+(expandtypeattribute (devicestoragemonitor_service_33_0) true)
+(expandtypeattribute (devpts_33_0) true)
+(expandtypeattribute (dhcp_33_0) true)
+(expandtypeattribute (dhcp_data_file_33_0) true)
+(expandtypeattribute (dhcp_exec_33_0) true)
+(expandtypeattribute (dhcp_prop_33_0) true)
+(expandtypeattribute (dice_maintenance_service_33_0) true)
+(expandtypeattribute (dice_node_service_33_0) true)
+(expandtypeattribute (diced_33_0) true)
+(expandtypeattribute (diced_exec_33_0) true)
+(expandtypeattribute (diskstats_service_33_0) true)
+(expandtypeattribute (display_service_33_0) true)
+(expandtypeattribute (dm_device_33_0) true)
+(expandtypeattribute (dm_user_device_33_0) true)
+(expandtypeattribute (dmabuf_heap_device_33_0) true)
+(expandtypeattribute (dmabuf_system_heap_device_33_0) true)
+(expandtypeattribute (dmabuf_system_secure_heap_device_33_0) true)
+(expandtypeattribute (dnsmasq_33_0) true)
+(expandtypeattribute (dnsmasq_exec_33_0) true)
+(expandtypeattribute (dnsproxyd_socket_33_0) true)
+(expandtypeattribute (dnsresolver_service_33_0) true)
+(expandtypeattribute (domain_verification_service_33_0) true)
+(expandtypeattribute (dreams_service_33_0) true)
+(expandtypeattribute (drm_data_file_33_0) true)
+(expandtypeattribute (drm_service_config_prop_33_0) true)
+(expandtypeattribute (drmserver_33_0) true)
+(expandtypeattribute (drmserver_exec_33_0) true)
+(expandtypeattribute (drmserver_service_33_0) true)
+(expandtypeattribute (drmserver_socket_33_0) true)
+(expandtypeattribute (dropbox_data_file_33_0) true)
+(expandtypeattribute (dropbox_service_33_0) true)
+(expandtypeattribute (dumpstate_33_0) true)
+(expandtypeattribute (dumpstate_exec_33_0) true)
+(expandtypeattribute (dumpstate_options_prop_33_0) true)
+(expandtypeattribute (dumpstate_prop_33_0) true)
+(expandtypeattribute (dumpstate_service_33_0) true)
+(expandtypeattribute (dumpstate_socket_33_0) true)
+(expandtypeattribute (dynamic_system_prop_33_0) true)
+(expandtypeattribute (e2fs_33_0) true)
+(expandtypeattribute (e2fs_exec_33_0) true)
+(expandtypeattribute (efs_file_33_0) true)
+(expandtypeattribute (emergency_affordance_service_33_0) true)
+(expandtypeattribute (ephemeral_app_33_0) true)
+(expandtypeattribute (ethernet_service_33_0) true)
+(expandtypeattribute (evsmanagerd_33_0) true)
+(expandtypeattribute (evsmanagerd_service_33_0) true)
+(expandtypeattribute (exfat_33_0) true)
+(expandtypeattribute (exported3_system_prop_33_0) true)
+(expandtypeattribute (exported_bluetooth_prop_33_0) true)
+(expandtypeattribute (exported_camera_prop_33_0) true)
+(expandtypeattribute (exported_config_prop_33_0) true)
+(expandtypeattribute (exported_default_prop_33_0) true)
+(expandtypeattribute (exported_dumpstate_prop_33_0) true)
+(expandtypeattribute (exported_overlay_prop_33_0) true)
+(expandtypeattribute (exported_pm_prop_33_0) true)
+(expandtypeattribute (exported_secure_prop_33_0) true)
+(expandtypeattribute (exported_system_prop_33_0) true)
+(expandtypeattribute (external_vibrator_service_33_0) true)
+(expandtypeattribute (extra_free_kbytes_33_0) true)
+(expandtypeattribute (extra_free_kbytes_exec_33_0) true)
+(expandtypeattribute (face_service_33_0) true)
+(expandtypeattribute (face_vendor_data_file_33_0) true)
+(expandtypeattribute (fastbootd_33_0) true)
+(expandtypeattribute (ffs_config_prop_33_0) true)
+(expandtypeattribute (ffs_control_prop_33_0) true)
+(expandtypeattribute (file_contexts_file_33_0) true)
+(expandtypeattribute (file_integrity_service_33_0) true)
+(expandtypeattribute (fingerprint_prop_33_0) true)
+(expandtypeattribute (fingerprint_service_33_0) true)
+(expandtypeattribute (fingerprint_vendor_data_file_33_0) true)
+(expandtypeattribute (fingerprintd_33_0) true)
+(expandtypeattribute (fingerprintd_data_file_33_0) true)
+(expandtypeattribute (fingerprintd_exec_33_0) true)
+(expandtypeattribute (fingerprintd_service_33_0) true)
+(expandtypeattribute (firstboot_prop_33_0) true)
+(expandtypeattribute (flags_health_check_33_0) true)
+(expandtypeattribute (flags_health_check_exec_33_0) true)
+(expandtypeattribute (font_service_33_0) true)
+(expandtypeattribute (framework_watchdog_config_prop_33_0) true)
+(expandtypeattribute (frp_block_device_33_0) true)
+(expandtypeattribute (fs_bpf_33_0) true)
+(expandtypeattribute (fs_bpf_tethering_33_0) true)
+(expandtypeattribute (fs_bpf_vendor_33_0) true)
+(expandtypeattribute (fsck_33_0) true)
+(expandtypeattribute (fsck_exec_33_0) true)
+(expandtypeattribute (fsck_untrusted_33_0) true)
+(expandtypeattribute (fscklogs_33_0) true)
+(expandtypeattribute (functionfs_33_0) true)
+(expandtypeattribute (fuse_33_0) true)
+(expandtypeattribute (fuse_device_33_0) true)
+(expandtypeattribute (fusectlfs_33_0) true)
+(expandtypeattribute (fwk_automotive_display_hwservice_33_0) true)
+(expandtypeattribute (fwk_automotive_display_service_33_0) true)
+(expandtypeattribute (fwk_bufferhub_hwservice_33_0) true)
+(expandtypeattribute (fwk_camera_hwservice_33_0) true)
+(expandtypeattribute (fwk_display_hwservice_33_0) true)
+(expandtypeattribute (fwk_scheduler_hwservice_33_0) true)
+(expandtypeattribute (fwk_sensor_hwservice_33_0) true)
+(expandtypeattribute (fwk_stats_hwservice_33_0) true)
+(expandtypeattribute (fwk_stats_service_33_0) true)
+(expandtypeattribute (fwmarkd_socket_33_0) true)
+(expandtypeattribute (game_mode_intervention_list_file_33_0) true)
+(expandtypeattribute (game_service_33_0) true)
+(expandtypeattribute (gatekeeper_data_file_33_0) true)
+(expandtypeattribute (gatekeeper_service_33_0) true)
+(expandtypeattribute (gatekeeperd_33_0) true)
+(expandtypeattribute (gatekeeperd_exec_33_0) true)
+(expandtypeattribute (gesture_prop_33_0) true)
+(expandtypeattribute (gfxinfo_service_33_0) true)
+(expandtypeattribute (gmscore_app_33_0) true)
+(expandtypeattribute (gnss_device_33_0) true)
+(expandtypeattribute (gnss_time_update_service_33_0) true)
+(expandtypeattribute (gps_control_33_0) true)
+(expandtypeattribute (gpu_device_33_0) true)
+(expandtypeattribute (gpu_service_33_0) true)
+(expandtypeattribute (gpuservice_33_0) true)
+(expandtypeattribute (graphics_config_prop_33_0) true)
+(expandtypeattribute (graphics_device_33_0) true)
+(expandtypeattribute (graphicsstats_service_33_0) true)
+(expandtypeattribute (gsi_data_file_33_0) true)
+(expandtypeattribute (gsi_metadata_file_33_0) true)
+(expandtypeattribute (gsi_public_metadata_file_33_0) true)
+(expandtypeattribute (gwp_asan_prop_33_0) true)
+(expandtypeattribute (hal_atrace_hwservice_33_0) true)
+(expandtypeattribute (hal_audio_hwservice_33_0) true)
+(expandtypeattribute (hal_audio_service_33_0) true)
+(expandtypeattribute (hal_audiocontrol_hwservice_33_0) true)
+(expandtypeattribute (hal_audiocontrol_service_33_0) true)
+(expandtypeattribute (hal_authsecret_hwservice_33_0) true)
+(expandtypeattribute (hal_authsecret_service_33_0) true)
+(expandtypeattribute (hal_bluetooth_hwservice_33_0) true)
+(expandtypeattribute (hal_bootctl_hwservice_33_0) true)
+(expandtypeattribute (hal_broadcastradio_hwservice_33_0) true)
+(expandtypeattribute (hal_camera_hwservice_33_0) true)
+(expandtypeattribute (hal_camera_service_33_0) true)
+(expandtypeattribute (hal_can_bus_hwservice_33_0) true)
+(expandtypeattribute (hal_can_controller_hwservice_33_0) true)
+(expandtypeattribute (hal_cas_hwservice_33_0) true)
+(expandtypeattribute (hal_codec2_hwservice_33_0) true)
+(expandtypeattribute (hal_configstore_ISurfaceFlingerConfigs_33_0) true)
+(expandtypeattribute (hal_confirmationui_hwservice_33_0) true)
+(expandtypeattribute (hal_contexthub_hwservice_33_0) true)
+(expandtypeattribute (hal_contexthub_service_33_0) true)
+(expandtypeattribute (hal_dice_service_33_0) true)
+(expandtypeattribute (hal_drm_hwservice_33_0) true)
+(expandtypeattribute (hal_drm_service_33_0) true)
+(expandtypeattribute (hal_dumpstate_config_prop_33_0) true)
+(expandtypeattribute (hal_dumpstate_hwservice_33_0) true)
+(expandtypeattribute (hal_dumpstate_service_33_0) true)
+(expandtypeattribute (hal_evs_hwservice_33_0) true)
+(expandtypeattribute (hal_evs_service_33_0) true)
+(expandtypeattribute (hal_face_hwservice_33_0) true)
+(expandtypeattribute (hal_face_service_33_0) true)
+(expandtypeattribute (hal_fingerprint_hwservice_33_0) true)
+(expandtypeattribute (hal_fingerprint_service_33_0) true)
+(expandtypeattribute (hal_gatekeeper_hwservice_33_0) true)
+(expandtypeattribute (hal_gnss_hwservice_33_0) true)
+(expandtypeattribute (hal_gnss_service_33_0) true)
+(expandtypeattribute (hal_graphics_allocator_hwservice_33_0) true)
+(expandtypeattribute (hal_graphics_allocator_service_33_0) true)
+(expandtypeattribute (hal_graphics_composer_hwservice_33_0) true)
+(expandtypeattribute (hal_graphics_composer_server_tmpfs_33_0) true)
+(expandtypeattribute (hal_graphics_composer_service_33_0) true)
+(expandtypeattribute (hal_graphics_mapper_hwservice_33_0) true)
+(expandtypeattribute (hal_health_hwservice_33_0) true)
+(expandtypeattribute (hal_health_service_33_0) true)
+(expandtypeattribute (hal_health_storage_hwservice_33_0) true)
+(expandtypeattribute (hal_health_storage_service_33_0) true)
+(expandtypeattribute (hal_identity_service_33_0) true)
+(expandtypeattribute (hal_input_classifier_hwservice_33_0) true)
+(expandtypeattribute (hal_input_processor_service_33_0) true)
+(expandtypeattribute (hal_instrumentation_prop_33_0) true)
+(expandtypeattribute (hal_ir_hwservice_33_0) true)
+(expandtypeattribute (hal_ir_service_33_0) true)
+(expandtypeattribute (hal_keymaster_hwservice_33_0) true)
+(expandtypeattribute (hal_keymint_service_33_0) true)
+(expandtypeattribute (hal_light_hwservice_33_0) true)
+(expandtypeattribute (hal_light_service_33_0) true)
+(expandtypeattribute (hal_lowpan_hwservice_33_0) true)
+(expandtypeattribute (hal_memtrack_hwservice_33_0) true)
+(expandtypeattribute (hal_memtrack_service_33_0) true)
+(expandtypeattribute (hal_neuralnetworks_hwservice_33_0) true)
+(expandtypeattribute (hal_neuralnetworks_service_33_0) true)
+(expandtypeattribute (hal_nfc_hwservice_33_0) true)
+(expandtypeattribute (hal_nfc_service_33_0) true)
+(expandtypeattribute (hal_nlinterceptor_service_33_0) true)
+(expandtypeattribute (hal_oemlock_hwservice_33_0) true)
+(expandtypeattribute (hal_oemlock_service_33_0) true)
+(expandtypeattribute (hal_omx_hwservice_33_0) true)
+(expandtypeattribute (hal_power_hwservice_33_0) true)
+(expandtypeattribute (hal_power_service_33_0) true)
+(expandtypeattribute (hal_power_stats_hwservice_33_0) true)
+(expandtypeattribute (hal_power_stats_service_33_0) true)
+(expandtypeattribute (hal_radio_service_33_0) true)
+(expandtypeattribute (hal_rebootescrow_service_33_0) true)
+(expandtypeattribute (hal_remotelyprovisionedcomponent_service_33_0) true)
+(expandtypeattribute (hal_renderscript_hwservice_33_0) true)
+(expandtypeattribute (hal_secure_element_hwservice_33_0) true)
+(expandtypeattribute (hal_secureclock_service_33_0) true)
+(expandtypeattribute (hal_sensors_hwservice_33_0) true)
+(expandtypeattribute (hal_sensors_service_33_0) true)
+(expandtypeattribute (hal_sharedsecret_service_33_0) true)
+(expandtypeattribute (hal_system_suspend_service_33_0) true)
+(expandtypeattribute (hal_telephony_hwservice_33_0) true)
+(expandtypeattribute (hal_tetheroffload_hwservice_33_0) true)
+(expandtypeattribute (hal_thermal_hwservice_33_0) true)
+(expandtypeattribute (hal_tv_cec_hwservice_33_0) true)
+(expandtypeattribute (hal_tv_input_hwservice_33_0) true)
+(expandtypeattribute (hal_tv_tuner_hwservice_33_0) true)
+(expandtypeattribute (hal_tv_tuner_service_33_0) true)
+(expandtypeattribute (hal_usb_gadget_hwservice_33_0) true)
+(expandtypeattribute (hal_usb_hwservice_33_0) true)
+(expandtypeattribute (hal_usb_service_33_0) true)
+(expandtypeattribute (hal_uwb_service_33_0) true)
+(expandtypeattribute (hal_vehicle_hwservice_33_0) true)
+(expandtypeattribute (hal_vehicle_service_33_0) true)
+(expandtypeattribute (hal_vibrator_hwservice_33_0) true)
+(expandtypeattribute (hal_vibrator_service_33_0) true)
+(expandtypeattribute (hal_vr_hwservice_33_0) true)
+(expandtypeattribute (hal_weaver_hwservice_33_0) true)
+(expandtypeattribute (hal_weaver_service_33_0) true)
+(expandtypeattribute (hal_wifi_hostapd_hwservice_33_0) true)
+(expandtypeattribute (hal_wifi_hostapd_service_33_0) true)
+(expandtypeattribute (hal_wifi_hwservice_33_0) true)
+(expandtypeattribute (hal_wifi_supplicant_hwservice_33_0) true)
+(expandtypeattribute (hal_wifi_supplicant_service_33_0) true)
+(expandtypeattribute (hardware_properties_service_33_0) true)
+(expandtypeattribute (hardware_service_33_0) true)
+(expandtypeattribute (hci_attach_dev_33_0) true)
+(expandtypeattribute (hdmi_config_prop_33_0) true)
+(expandtypeattribute (hdmi_control_service_33_0) true)
+(expandtypeattribute (healthd_33_0) true)
+(expandtypeattribute (heapdump_data_file_33_0) true)
+(expandtypeattribute (heapprofd_33_0) true)
+(expandtypeattribute (heapprofd_enabled_prop_33_0) true)
+(expandtypeattribute (heapprofd_prop_33_0) true)
+(expandtypeattribute (heapprofd_socket_33_0) true)
+(expandtypeattribute (hidl_allocator_hwservice_33_0) true)
+(expandtypeattribute (hidl_base_hwservice_33_0) true)
+(expandtypeattribute (hidl_manager_hwservice_33_0) true)
+(expandtypeattribute (hidl_memory_hwservice_33_0) true)
+(expandtypeattribute (hidl_token_hwservice_33_0) true)
+(expandtypeattribute (hint_service_33_0) true)
+(expandtypeattribute (hw_random_device_33_0) true)
+(expandtypeattribute (hw_timeout_multiplier_prop_33_0) true)
+(expandtypeattribute (hwbinder_device_33_0) true)
+(expandtypeattribute (hwservice_contexts_file_33_0) true)
+(expandtypeattribute (hwservicemanager_33_0) true)
+(expandtypeattribute (hwservicemanager_exec_33_0) true)
+(expandtypeattribute (hwservicemanager_prop_33_0) true)
+(expandtypeattribute (hypervisor_prop_33_0) true)
+(expandtypeattribute (icon_file_33_0) true)
+(expandtypeattribute (idmap_33_0) true)
+(expandtypeattribute (idmap_exec_33_0) true)
+(expandtypeattribute (idmap_service_33_0) true)
+(expandtypeattribute (iio_device_33_0) true)
+(expandtypeattribute (imms_service_33_0) true)
+(expandtypeattribute (incident_33_0) true)
+(expandtypeattribute (incident_data_file_33_0) true)
+(expandtypeattribute (incident_helper_33_0) true)
+(expandtypeattribute (incident_service_33_0) true)
+(expandtypeattribute (incidentd_33_0) true)
+(expandtypeattribute (incremental_control_file_33_0) true)
+(expandtypeattribute (incremental_prop_33_0) true)
+(expandtypeattribute (incremental_service_33_0) true)
+(expandtypeattribute (init_33_0) true)
+(expandtypeattribute (init_exec_33_0) true)
+(expandtypeattribute (init_service_status_prop_33_0) true)
+(expandtypeattribute (init_tmpfs_33_0) true)
+(expandtypeattribute (inotify_33_0) true)
+(expandtypeattribute (input_device_33_0) true)
+(expandtypeattribute (input_method_service_33_0) true)
+(expandtypeattribute (input_service_33_0) true)
+(expandtypeattribute (inputflinger_33_0) true)
+(expandtypeattribute (inputflinger_exec_33_0) true)
+(expandtypeattribute (inputflinger_service_33_0) true)
+(expandtypeattribute (install_data_file_33_0) true)
+(expandtypeattribute (installd_33_0) true)
+(expandtypeattribute (installd_exec_33_0) true)
+(expandtypeattribute (installd_service_33_0) true)
+(expandtypeattribute (ion_device_33_0) true)
+(expandtypeattribute (iorap_inode2filename_33_0) true)
+(expandtypeattribute (iorap_inode2filename_exec_33_0) true)
+(expandtypeattribute (iorap_inode2filename_tmpfs_33_0) true)
+(expandtypeattribute (iorap_prefetcherd_33_0) true)
+(expandtypeattribute (iorap_prefetcherd_exec_33_0) true)
+(expandtypeattribute (iorap_prefetcherd_tmpfs_33_0) true)
+(expandtypeattribute (iorapd_33_0) true)
+(expandtypeattribute (iorapd_data_file_33_0) true)
+(expandtypeattribute (iorapd_exec_33_0) true)
+(expandtypeattribute (iorapd_service_33_0) true)
+(expandtypeattribute (iorapd_tmpfs_33_0) true)
+(expandtypeattribute (ipsec_service_33_0) true)
+(expandtypeattribute (iris_service_33_0) true)
+(expandtypeattribute (iris_vendor_data_file_33_0) true)
+(expandtypeattribute (isolated_app_33_0) true)
+(expandtypeattribute (jobscheduler_service_33_0) true)
+(expandtypeattribute (kernel_33_0) true)
+(expandtypeattribute (keychain_data_file_33_0) true)
+(expandtypeattribute (keychord_device_33_0) true)
+(expandtypeattribute (keyguard_config_prop_33_0) true)
+(expandtypeattribute (keystore2_key_contexts_file_33_0) true)
+(expandtypeattribute (keystore_33_0) true)
+(expandtypeattribute (keystore_compat_hal_service_33_0) true)
+(expandtypeattribute (keystore_data_file_33_0) true)
+(expandtypeattribute (keystore_exec_33_0) true)
+(expandtypeattribute (keystore_maintenance_service_33_0) true)
+(expandtypeattribute (keystore_metrics_service_33_0) true)
+(expandtypeattribute (keystore_service_33_0) true)
+(expandtypeattribute (kmsg_debug_device_33_0) true)
+(expandtypeattribute (kmsg_device_33_0) true)
+(expandtypeattribute (labeledfs_33_0) true)
+(expandtypeattribute (launcherapps_service_33_0) true)
+(expandtypeattribute (legacy_permission_service_33_0) true)
+(expandtypeattribute (legacykeystore_service_33_0) true)
+(expandtypeattribute (libc_debug_prop_33_0) true)
+(expandtypeattribute (light_service_33_0) true)
+(expandtypeattribute (linkerconfig_file_33_0) true)
+(expandtypeattribute (llkd_33_0) true)
+(expandtypeattribute (llkd_exec_33_0) true)
+(expandtypeattribute (llkd_prop_33_0) true)
+(expandtypeattribute (lmkd_33_0) true)
+(expandtypeattribute (lmkd_config_prop_33_0) true)
+(expandtypeattribute (lmkd_exec_33_0) true)
+(expandtypeattribute (lmkd_prop_33_0) true)
+(expandtypeattribute (lmkd_socket_33_0) true)
+(expandtypeattribute (locale_service_33_0) true)
+(expandtypeattribute (location_service_33_0) true)
+(expandtypeattribute (location_time_zone_manager_service_33_0) true)
+(expandtypeattribute (lock_settings_service_33_0) true)
+(expandtypeattribute (log_prop_33_0) true)
+(expandtypeattribute (log_tag_prop_33_0) true)
+(expandtypeattribute (logcat_exec_33_0) true)
+(expandtypeattribute (logd_33_0) true)
+(expandtypeattribute (logd_exec_33_0) true)
+(expandtypeattribute (logd_prop_33_0) true)
+(expandtypeattribute (logd_socket_33_0) true)
+(expandtypeattribute (logdr_socket_33_0) true)
+(expandtypeattribute (logdw_socket_33_0) true)
+(expandtypeattribute (logpersist_33_0) true)
+(expandtypeattribute (logpersistd_logging_prop_33_0) true)
+(expandtypeattribute (loop_control_device_33_0) true)
+(expandtypeattribute (loop_device_33_0) true)
+(expandtypeattribute (looper_stats_service_33_0) true)
+(expandtypeattribute (lowpan_device_33_0) true)
+(expandtypeattribute (lowpan_prop_33_0) true)
+(expandtypeattribute (lowpan_service_33_0) true)
+(expandtypeattribute (lpdump_service_33_0) true)
+(expandtypeattribute (lpdumpd_prop_33_0) true)
+(expandtypeattribute (mac_perms_file_33_0) true)
+(expandtypeattribute (mdns_service_33_0) true)
+(expandtypeattribute (mdns_socket_33_0) true)
+(expandtypeattribute (mdnsd_33_0) true)
+(expandtypeattribute (mdnsd_socket_33_0) true)
+(expandtypeattribute (media_communication_service_33_0) true)
+(expandtypeattribute (media_config_prop_33_0) true)
+(expandtypeattribute (media_data_file_33_0) true)
+(expandtypeattribute (media_metrics_service_33_0) true)
+(expandtypeattribute (media_projection_service_33_0) true)
+(expandtypeattribute (media_router_service_33_0) true)
+(expandtypeattribute (media_rw_data_file_33_0) true)
+(expandtypeattribute (media_session_service_33_0) true)
+(expandtypeattribute (media_variant_prop_33_0) true)
+(expandtypeattribute (mediadrm_config_prop_33_0) true)
+(expandtypeattribute (mediadrmserver_33_0) true)
+(expandtypeattribute (mediadrmserver_exec_33_0) true)
+(expandtypeattribute (mediadrmserver_service_33_0) true)
+(expandtypeattribute (mediaextractor_33_0) true)
+(expandtypeattribute (mediaextractor_exec_33_0) true)
+(expandtypeattribute (mediaextractor_service_33_0) true)
+(expandtypeattribute (mediaextractor_tmpfs_33_0) true)
+(expandtypeattribute (mediametrics_33_0) true)
+(expandtypeattribute (mediametrics_exec_33_0) true)
+(expandtypeattribute (mediametrics_service_33_0) true)
+(expandtypeattribute (mediaprovider_33_0) true)
+(expandtypeattribute (mediaserver_33_0) true)
+(expandtypeattribute (mediaserver_exec_33_0) true)
+(expandtypeattribute (mediaserver_service_33_0) true)
+(expandtypeattribute (mediaserver_tmpfs_33_0) true)
+(expandtypeattribute (mediaswcodec_33_0) true)
+(expandtypeattribute (mediaswcodec_exec_33_0) true)
+(expandtypeattribute (mediatranscoding_33_0) true)
+(expandtypeattribute (mediatranscoding_service_33_0) true)
+(expandtypeattribute (meminfo_service_33_0) true)
+(expandtypeattribute (memtrackproxy_service_33_0) true)
+(expandtypeattribute (metadata_block_device_33_0) true)
+(expandtypeattribute (metadata_bootstat_file_33_0) true)
+(expandtypeattribute (metadata_file_33_0) true)
+(expandtypeattribute (method_trace_data_file_33_0) true)
+(expandtypeattribute (midi_service_33_0) true)
+(expandtypeattribute (mirror_data_file_33_0) true)
+(expandtypeattribute (misc_block_device_33_0) true)
+(expandtypeattribute (misc_logd_file_33_0) true)
+(expandtypeattribute (misc_user_data_file_33_0) true)
+(expandtypeattribute (mm_events_config_prop_33_0) true)
+(expandtypeattribute (mmc_prop_33_0) true)
+(expandtypeattribute (mnt_expand_file_33_0) true)
+(expandtypeattribute (mnt_media_rw_file_33_0) true)
+(expandtypeattribute (mnt_media_rw_stub_file_33_0) true)
+(expandtypeattribute (mnt_pass_through_file_33_0) true)
+(expandtypeattribute (mnt_product_file_33_0) true)
+(expandtypeattribute (mnt_sdcard_file_33_0) true)
+(expandtypeattribute (mnt_user_file_33_0) true)
+(expandtypeattribute (mnt_vendor_file_33_0) true)
+(expandtypeattribute (mock_ota_prop_33_0) true)
+(expandtypeattribute (modprobe_33_0) true)
+(expandtypeattribute (module_sdkextensions_prop_33_0) true)
+(expandtypeattribute (mount_service_33_0) true)
+(expandtypeattribute (mqueue_33_0) true)
+(expandtypeattribute (mtp_33_0) true)
+(expandtypeattribute (mtp_device_33_0) true)
+(expandtypeattribute (mtp_exec_33_0) true)
+(expandtypeattribute (mtpd_socket_33_0) true)
+(expandtypeattribute (music_recognition_service_33_0) true)
+(expandtypeattribute (nativetest_data_file_33_0) true)
+(expandtypeattribute (nearby_service_33_0) true)
+(expandtypeattribute (net_data_file_33_0) true)
+(expandtypeattribute (net_dns_prop_33_0) true)
+(expandtypeattribute (net_radio_prop_33_0) true)
+(expandtypeattribute (netd_33_0) true)
+(expandtypeattribute (netd_exec_33_0) true)
+(expandtypeattribute (netd_listener_service_33_0) true)
+(expandtypeattribute (netd_service_33_0) true)
+(expandtypeattribute (netif_33_0) true)
+(expandtypeattribute (netpolicy_service_33_0) true)
+(expandtypeattribute (netstats_service_33_0) true)
+(expandtypeattribute (netutils_wrapper_33_0) true)
+(expandtypeattribute (netutils_wrapper_exec_33_0) true)
+(expandtypeattribute (network_management_service_33_0) true)
+(expandtypeattribute (network_score_service_33_0) true)
+(expandtypeattribute (network_stack_33_0) true)
+(expandtypeattribute (network_stack_service_33_0) true)
+(expandtypeattribute (network_time_update_service_33_0) true)
+(expandtypeattribute (network_watchlist_data_file_33_0) true)
+(expandtypeattribute (network_watchlist_service_33_0) true)
+(expandtypeattribute (nfc_33_0) true)
+(expandtypeattribute (nfc_data_file_33_0) true)
+(expandtypeattribute (nfc_device_33_0) true)
+(expandtypeattribute (nfc_logs_data_file_33_0) true)
+(expandtypeattribute (nfc_prop_33_0) true)
+(expandtypeattribute (nfc_service_33_0) true)
+(expandtypeattribute (nnapi_ext_deny_product_prop_33_0) true)
+(expandtypeattribute (node_33_0) true)
+(expandtypeattribute (notification_service_33_0) true)
+(expandtypeattribute (null_device_33_0) true)
+(expandtypeattribute (oem_lock_service_33_0) true)
+(expandtypeattribute (oem_unlock_prop_33_0) true)
+(expandtypeattribute (oemfs_33_0) true)
+(expandtypeattribute (ota_data_file_33_0) true)
+(expandtypeattribute (ota_metadata_file_33_0) true)
+(expandtypeattribute (ota_package_file_33_0) true)
+(expandtypeattribute (ota_prop_33_0) true)
+(expandtypeattribute (otadexopt_service_33_0) true)
+(expandtypeattribute (otapreopt_chroot_33_0) true)
+(expandtypeattribute (overlay_prop_33_0) true)
+(expandtypeattribute (overlay_service_33_0) true)
+(expandtypeattribute (overlayfs_file_33_0) true)
+(expandtypeattribute (owntty_device_33_0) true)
+(expandtypeattribute (pac_proxy_service_33_0) true)
+(expandtypeattribute (package_native_service_33_0) true)
+(expandtypeattribute (package_service_33_0) true)
+(expandtypeattribute (packagemanager_config_prop_33_0) true)
+(expandtypeattribute (packages_list_file_33_0) true)
+(expandtypeattribute (pan_result_prop_33_0) true)
+(expandtypeattribute (password_slot_metadata_file_33_0) true)
+(expandtypeattribute (pdx_bufferhub_client_channel_socket_33_0) true)
+(expandtypeattribute (pdx_bufferhub_client_endpoint_socket_33_0) true)
+(expandtypeattribute (pdx_bufferhub_dir_33_0) true)
+(expandtypeattribute (pdx_display_client_channel_socket_33_0) true)
+(expandtypeattribute (pdx_display_client_endpoint_socket_33_0) true)
+(expandtypeattribute (pdx_display_dir_33_0) true)
+(expandtypeattribute (pdx_display_manager_channel_socket_33_0) true)
+(expandtypeattribute (pdx_display_manager_endpoint_socket_33_0) true)
+(expandtypeattribute (pdx_display_screenshot_channel_socket_33_0) true)
+(expandtypeattribute (pdx_display_screenshot_endpoint_socket_33_0) true)
+(expandtypeattribute (pdx_display_vsync_channel_socket_33_0) true)
+(expandtypeattribute (pdx_display_vsync_endpoint_socket_33_0) true)
+(expandtypeattribute (pdx_performance_client_channel_socket_33_0) true)
+(expandtypeattribute (pdx_performance_client_endpoint_socket_33_0) true)
+(expandtypeattribute (pdx_performance_dir_33_0) true)
+(expandtypeattribute (people_service_33_0) true)
+(expandtypeattribute (perfetto_33_0) true)
+(expandtypeattribute (performanced_33_0) true)
+(expandtypeattribute (performanced_exec_33_0) true)
+(expandtypeattribute (permission_checker_service_33_0) true)
+(expandtypeattribute (permission_service_33_0) true)
+(expandtypeattribute (permissionmgr_service_33_0) true)
+(expandtypeattribute (persist_debug_prop_33_0) true)
+(expandtypeattribute (persist_vendor_debug_wifi_prop_33_0) true)
+(expandtypeattribute (persist_wm_debug_prop_33_0) true)
+(expandtypeattribute (persistent_data_block_service_33_0) true)
+(expandtypeattribute (persistent_properties_ready_prop_33_0) true)
+(expandtypeattribute (pinner_service_33_0) true)
+(expandtypeattribute (pipefs_33_0) true)
+(expandtypeattribute (platform_app_33_0) true)
+(expandtypeattribute (platform_compat_service_33_0) true)
+(expandtypeattribute (pmsg_device_33_0) true)
+(expandtypeattribute (port_33_0) true)
+(expandtypeattribute (port_device_33_0) true)
+(expandtypeattribute (postinstall_33_0) true)
+(expandtypeattribute (postinstall_apex_mnt_dir_33_0) true)
+(expandtypeattribute (postinstall_file_33_0) true)
+(expandtypeattribute (postinstall_mnt_dir_33_0) true)
+(expandtypeattribute (power_debug_prop_33_0) true)
+(expandtypeattribute (power_service_33_0) true)
+(expandtypeattribute (powerctl_prop_33_0) true)
+(expandtypeattribute (powerstats_service_33_0) true)
+(expandtypeattribute (ppp_33_0) true)
+(expandtypeattribute (ppp_device_33_0) true)
+(expandtypeattribute (ppp_exec_33_0) true)
+(expandtypeattribute (preloads_data_file_33_0) true)
+(expandtypeattribute (preloads_media_file_33_0) true)
+(expandtypeattribute (prereboot_data_file_33_0) true)
+(expandtypeattribute (print_service_33_0) true)
+(expandtypeattribute (priv_app_33_0) true)
+(expandtypeattribute (privapp_data_file_33_0) true)
+(expandtypeattribute (proc_33_0) true)
+(expandtypeattribute (proc_abi_33_0) true)
+(expandtypeattribute (proc_asound_33_0) true)
+(expandtypeattribute (proc_bluetooth_writable_33_0) true)
+(expandtypeattribute (proc_bootconfig_33_0) true)
+(expandtypeattribute (proc_bpf_33_0) true)
+(expandtypeattribute (proc_buddyinfo_33_0) true)
+(expandtypeattribute (proc_cmdline_33_0) true)
+(expandtypeattribute (proc_cpu_alignment_33_0) true)
+(expandtypeattribute (proc_cpuinfo_33_0) true)
+(expandtypeattribute (proc_dirty_33_0) true)
+(expandtypeattribute (proc_diskstats_33_0) true)
+(expandtypeattribute (proc_drop_caches_33_0) true)
+(expandtypeattribute (proc_extra_free_kbytes_33_0) true)
+(expandtypeattribute (proc_filesystems_33_0) true)
+(expandtypeattribute (proc_fs_verity_33_0) true)
+(expandtypeattribute (proc_hostname_33_0) true)
+(expandtypeattribute (proc_hung_task_33_0) true)
+(expandtypeattribute (proc_interrupts_33_0) true)
+(expandtypeattribute (proc_iomem_33_0) true)
+(expandtypeattribute (proc_kallsyms_33_0) true)
+(expandtypeattribute (proc_keys_33_0) true)
+(expandtypeattribute (proc_kmsg_33_0) true)
+(expandtypeattribute (proc_kpageflags_33_0) true)
+(expandtypeattribute (proc_loadavg_33_0) true)
+(expandtypeattribute (proc_locks_33_0) true)
+(expandtypeattribute (proc_lowmemorykiller_33_0) true)
+(expandtypeattribute (proc_max_map_count_33_0) true)
+(expandtypeattribute (proc_meminfo_33_0) true)
+(expandtypeattribute (proc_min_free_order_shift_33_0) true)
+(expandtypeattribute (proc_misc_33_0) true)
+(expandtypeattribute (proc_modules_33_0) true)
+(expandtypeattribute (proc_mounts_33_0) true)
+(expandtypeattribute (proc_net_33_0) true)
+(expandtypeattribute (proc_net_tcp_udp_33_0) true)
+(expandtypeattribute (proc_overcommit_memory_33_0) true)
+(expandtypeattribute (proc_page_cluster_33_0) true)
+(expandtypeattribute (proc_pagetypeinfo_33_0) true)
+(expandtypeattribute (proc_panic_33_0) true)
+(expandtypeattribute (proc_perf_33_0) true)
+(expandtypeattribute (proc_pid_max_33_0) true)
+(expandtypeattribute (proc_pipe_conf_33_0) true)
+(expandtypeattribute (proc_pressure_cpu_33_0) true)
+(expandtypeattribute (proc_pressure_io_33_0) true)
+(expandtypeattribute (proc_pressure_mem_33_0) true)
+(expandtypeattribute (proc_qtaguid_ctrl_33_0) true)
+(expandtypeattribute (proc_qtaguid_stat_33_0) true)
+(expandtypeattribute (proc_random_33_0) true)
+(expandtypeattribute (proc_sched_33_0) true)
+(expandtypeattribute (proc_security_33_0) true)
+(expandtypeattribute (proc_slabinfo_33_0) true)
+(expandtypeattribute (proc_stat_33_0) true)
+(expandtypeattribute (proc_swaps_33_0) true)
+(expandtypeattribute (proc_sysrq_33_0) true)
+(expandtypeattribute (proc_timer_33_0) true)
+(expandtypeattribute (proc_tty_drivers_33_0) true)
+(expandtypeattribute (proc_uid_concurrent_active_time_33_0) true)
+(expandtypeattribute (proc_uid_concurrent_policy_time_33_0) true)
+(expandtypeattribute (proc_uid_cpupower_33_0) true)
+(expandtypeattribute (proc_uid_cputime_removeuid_33_0) true)
+(expandtypeattribute (proc_uid_cputime_showstat_33_0) true)
+(expandtypeattribute (proc_uid_io_stats_33_0) true)
+(expandtypeattribute (proc_uid_procstat_set_33_0) true)
+(expandtypeattribute (proc_uid_time_in_state_33_0) true)
+(expandtypeattribute (proc_uptime_33_0) true)
+(expandtypeattribute (proc_vendor_sched_33_0) true)
+(expandtypeattribute (proc_version_33_0) true)
+(expandtypeattribute (proc_vmallocinfo_33_0) true)
+(expandtypeattribute (proc_vmstat_33_0) true)
+(expandtypeattribute (proc_watermark_boost_factor_33_0) true)
+(expandtypeattribute (proc_watermark_scale_factor_33_0) true)
+(expandtypeattribute (proc_zoneinfo_33_0) true)
+(expandtypeattribute (processinfo_service_33_0) true)
+(expandtypeattribute (procstats_service_33_0) true)
+(expandtypeattribute (profman_33_0) true)
+(expandtypeattribute (profman_dump_data_file_33_0) true)
+(expandtypeattribute (profman_exec_33_0) true)
+(expandtypeattribute (properties_device_33_0) true)
+(expandtypeattribute (properties_serial_33_0) true)
+(expandtypeattribute (property_contexts_file_33_0) true)
+(expandtypeattribute (property_data_file_33_0) true)
+(expandtypeattribute (property_info_33_0) true)
+(expandtypeattribute (property_service_version_prop_33_0) true)
+(expandtypeattribute (property_socket_33_0) true)
+(expandtypeattribute (provisioned_prop_33_0) true)
+(expandtypeattribute (pstorefs_33_0) true)
+(expandtypeattribute (ptmx_device_33_0) true)
+(expandtypeattribute (qemu_hw_prop_33_0) true)
+(expandtypeattribute (qemu_sf_lcd_density_prop_33_0) true)
+(expandtypeattribute (qtaguid_device_33_0) true)
+(expandtypeattribute (racoon_33_0) true)
+(expandtypeattribute (racoon_exec_33_0) true)
+(expandtypeattribute (racoon_socket_33_0) true)
+(expandtypeattribute (radio_33_0) true)
+(expandtypeattribute (radio_control_prop_33_0) true)
+(expandtypeattribute (radio_core_data_file_33_0) true)
+(expandtypeattribute (radio_data_file_33_0) true)
+(expandtypeattribute (radio_device_33_0) true)
+(expandtypeattribute (radio_prop_33_0) true)
+(expandtypeattribute (radio_service_33_0) true)
+(expandtypeattribute (ram_device_33_0) true)
+(expandtypeattribute (random_device_33_0) true)
+(expandtypeattribute (reboot_readiness_service_33_0) true)
+(expandtypeattribute (rebootescrow_hal_prop_33_0) true)
+(expandtypeattribute (recovery_33_0) true)
+(expandtypeattribute (recovery_block_device_33_0) true)
+(expandtypeattribute (recovery_config_prop_33_0) true)
+(expandtypeattribute (recovery_data_file_33_0) true)
+(expandtypeattribute (recovery_persist_33_0) true)
+(expandtypeattribute (recovery_persist_exec_33_0) true)
+(expandtypeattribute (recovery_refresh_33_0) true)
+(expandtypeattribute (recovery_refresh_exec_33_0) true)
+(expandtypeattribute (recovery_service_33_0) true)
+(expandtypeattribute (recovery_socket_33_0) true)
+(expandtypeattribute (registry_service_33_0) true)
+(expandtypeattribute (remotelyprovisionedkeypool_service_33_0) true)
+(expandtypeattribute (remoteprovisioning_service_33_0) true)
+(expandtypeattribute (resourcecache_data_file_33_0) true)
+(expandtypeattribute (resources_manager_service_33_0) true)
+(expandtypeattribute (restorecon_prop_33_0) true)
+(expandtypeattribute (restrictions_service_33_0) true)
+(expandtypeattribute (retaildemo_prop_33_0) true)
+(expandtypeattribute (rild_debug_socket_33_0) true)
+(expandtypeattribute (rild_socket_33_0) true)
+(expandtypeattribute (ringtone_file_33_0) true)
+(expandtypeattribute (role_service_33_0) true)
+(expandtypeattribute (rollback_service_33_0) true)
+(expandtypeattribute (root_block_device_33_0) true)
+(expandtypeattribute (rootdisk_sysdev_33_0) true)
+(expandtypeattribute (rootfs_33_0) true)
+(expandtypeattribute (rpmsg_device_33_0) true)
+(expandtypeattribute (rs_33_0) true)
+(expandtypeattribute (rs_exec_33_0) true)
+(expandtypeattribute (rss_hwm_reset_33_0) true)
+(expandtypeattribute (rtc_device_33_0) true)
+(expandtypeattribute (rttmanager_service_33_0) true)
+(expandtypeattribute (runas_33_0) true)
+(expandtypeattribute (runas_app_33_0) true)
+(expandtypeattribute (runas_exec_33_0) true)
+(expandtypeattribute (runtime_event_log_tags_file_33_0) true)
+(expandtypeattribute (runtime_service_33_0) true)
+(expandtypeattribute (safemode_prop_33_0) true)
+(expandtypeattribute (same_process_hal_file_33_0) true)
+(expandtypeattribute (samplingprofiler_service_33_0) true)
+(expandtypeattribute (scheduling_policy_service_33_0) true)
+(expandtypeattribute (sdcard_block_device_33_0) true)
+(expandtypeattribute (sdcardd_33_0) true)
+(expandtypeattribute (sdcardd_exec_33_0) true)
+(expandtypeattribute (sdcardfs_33_0) true)
+(expandtypeattribute (sdk_sandbox_service_33_0) true)
+(expandtypeattribute (seapp_contexts_file_33_0) true)
+(expandtypeattribute (search_service_33_0) true)
+(expandtypeattribute (search_ui_service_33_0) true)
+(expandtypeattribute (sec_key_att_app_id_provider_service_33_0) true)
+(expandtypeattribute (secure_element_33_0) true)
+(expandtypeattribute (secure_element_device_33_0) true)
+(expandtypeattribute (secure_element_service_33_0) true)
+(expandtypeattribute (securityfs_33_0) true)
+(expandtypeattribute (selection_toolbar_service_33_0) true)
+(expandtypeattribute (selinuxfs_33_0) true)
+(expandtypeattribute (sendbug_config_prop_33_0) true)
+(expandtypeattribute (sensor_privacy_service_33_0) true)
+(expandtypeattribute (sensors_device_33_0) true)
+(expandtypeattribute (sensorservice_service_33_0) true)
+(expandtypeattribute (sepolicy_file_33_0) true)
+(expandtypeattribute (serial_device_33_0) true)
+(expandtypeattribute (serial_service_33_0) true)
+(expandtypeattribute (serialno_prop_33_0) true)
+(expandtypeattribute (server_configurable_flags_data_file_33_0) true)
+(expandtypeattribute (service_contexts_file_33_0) true)
+(expandtypeattribute (service_manager_service_33_0) true)
+(expandtypeattribute (service_manager_vndservice_33_0) true)
+(expandtypeattribute (servicediscovery_service_33_0) true)
+(expandtypeattribute (servicemanager_33_0) true)
+(expandtypeattribute (servicemanager_exec_33_0) true)
+(expandtypeattribute (settings_service_33_0) true)
+(expandtypeattribute (sgdisk_33_0) true)
+(expandtypeattribute (sgdisk_exec_33_0) true)
+(expandtypeattribute (shared_relro_33_0) true)
+(expandtypeattribute (shared_relro_file_33_0) true)
+(expandtypeattribute (shell_33_0) true)
+(expandtypeattribute (shell_data_file_33_0) true)
+(expandtypeattribute (shell_exec_33_0) true)
+(expandtypeattribute (shell_prop_33_0) true)
+(expandtypeattribute (shell_test_data_file_33_0) true)
+(expandtypeattribute (shm_33_0) true)
+(expandtypeattribute (shortcut_manager_icons_33_0) true)
+(expandtypeattribute (shortcut_service_33_0) true)
+(expandtypeattribute (simpleperf_33_0) true)
+(expandtypeattribute (simpleperf_app_runner_33_0) true)
+(expandtypeattribute (simpleperf_app_runner_exec_33_0) true)
+(expandtypeattribute (slice_service_33_0) true)
+(expandtypeattribute (slideshow_33_0) true)
+(expandtypeattribute (smart_idle_maint_enabled_prop_33_0) true)
+(expandtypeattribute (smartspace_service_33_0) true)
+(expandtypeattribute (snapshotctl_log_data_file_33_0) true)
+(expandtypeattribute (snapuserd_proxy_socket_33_0) true)
+(expandtypeattribute (snapuserd_socket_33_0) true)
+(expandtypeattribute (soc_prop_33_0) true)
+(expandtypeattribute (socket_device_33_0) true)
+(expandtypeattribute (socket_hook_prop_33_0) true)
+(expandtypeattribute (sockfs_33_0) true)
+(expandtypeattribute (sota_prop_33_0) true)
+(expandtypeattribute (soundtrigger_middleware_service_33_0) true)
+(expandtypeattribute (speech_recognition_service_33_0) true)
+(expandtypeattribute (sqlite_log_prop_33_0) true)
+(expandtypeattribute (staged_install_file_33_0) true)
+(expandtypeattribute (staging_data_file_33_0) true)
+(expandtypeattribute (stats_data_file_33_0) true)
+(expandtypeattribute (statsd_33_0) true)
+(expandtypeattribute (statsd_exec_33_0) true)
+(expandtypeattribute (statsdw_socket_33_0) true)
+(expandtypeattribute (statusbar_service_33_0) true)
+(expandtypeattribute (storage_config_prop_33_0) true)
+(expandtypeattribute (storage_file_33_0) true)
+(expandtypeattribute (storage_stub_file_33_0) true)
+(expandtypeattribute (storaged_service_33_0) true)
+(expandtypeattribute (storagemanager_config_prop_33_0) true)
+(expandtypeattribute (storagestats_service_33_0) true)
+(expandtypeattribute (su_33_0) true)
+(expandtypeattribute (su_exec_33_0) true)
+(expandtypeattribute (super_block_device_33_0) true)
+(expandtypeattribute (surfaceflinger_33_0) true)
+(expandtypeattribute (surfaceflinger_color_prop_33_0) true)
+(expandtypeattribute (surfaceflinger_display_prop_33_0) true)
+(expandtypeattribute (surfaceflinger_prop_33_0) true)
+(expandtypeattribute (surfaceflinger_service_33_0) true)
+(expandtypeattribute (surfaceflinger_tmpfs_33_0) true)
+(expandtypeattribute (suspend_prop_33_0) true)
+(expandtypeattribute (swap_block_device_33_0) true)
+(expandtypeattribute (sysfs_33_0) true)
+(expandtypeattribute (sysfs_android_usb_33_0) true)
+(expandtypeattribute (sysfs_batteryinfo_33_0) true)
+(expandtypeattribute (sysfs_bluetooth_writable_33_0) true)
+(expandtypeattribute (sysfs_devfreq_cur_33_0) true)
+(expandtypeattribute (sysfs_devfreq_dir_33_0) true)
+(expandtypeattribute (sysfs_devices_block_33_0) true)
+(expandtypeattribute (sysfs_devices_cs_etm_33_0) true)
+(expandtypeattribute (sysfs_devices_system_cpu_33_0) true)
+(expandtypeattribute (sysfs_dm_33_0) true)
+(expandtypeattribute (sysfs_dm_verity_33_0) true)
+(expandtypeattribute (sysfs_dma_heap_33_0) true)
+(expandtypeattribute (sysfs_dmabuf_stats_33_0) true)
+(expandtypeattribute (sysfs_dt_firmware_android_33_0) true)
+(expandtypeattribute (sysfs_extcon_33_0) true)
+(expandtypeattribute (sysfs_fs_ext4_features_33_0) true)
+(expandtypeattribute (sysfs_fs_f2fs_33_0) true)
+(expandtypeattribute (sysfs_fs_fuse_bpf_33_0) true)
+(expandtypeattribute (sysfs_fs_incfs_features_33_0) true)
+(expandtypeattribute (sysfs_fs_incfs_metrics_33_0) true)
+(expandtypeattribute (sysfs_gpu_33_0) true)
+(expandtypeattribute (sysfs_hwrandom_33_0) true)
+(expandtypeattribute (sysfs_ion_33_0) true)
+(expandtypeattribute (sysfs_ipv4_33_0) true)
+(expandtypeattribute (sysfs_kernel_notes_33_0) true)
+(expandtypeattribute (sysfs_leds_33_0) true)
+(expandtypeattribute (sysfs_loop_33_0) true)
+(expandtypeattribute (sysfs_lowmemorykiller_33_0) true)
+(expandtypeattribute (sysfs_lru_gen_enabled_33_0) true)
+(expandtypeattribute (sysfs_net_33_0) true)
+(expandtypeattribute (sysfs_nfc_power_writable_33_0) true)
+(expandtypeattribute (sysfs_power_33_0) true)
+(expandtypeattribute (sysfs_rtc_33_0) true)
+(expandtypeattribute (sysfs_suspend_stats_33_0) true)
+(expandtypeattribute (sysfs_switch_33_0) true)
+(expandtypeattribute (sysfs_thermal_33_0) true)
+(expandtypeattribute (sysfs_transparent_hugepage_33_0) true)
+(expandtypeattribute (sysfs_uhid_33_0) true)
+(expandtypeattribute (sysfs_uio_33_0) true)
+(expandtypeattribute (sysfs_usb_33_0) true)
+(expandtypeattribute (sysfs_usermodehelper_33_0) true)
+(expandtypeattribute (sysfs_vendor_sched_33_0) true)
+(expandtypeattribute (sysfs_vibrator_33_0) true)
+(expandtypeattribute (sysfs_wake_lock_33_0) true)
+(expandtypeattribute (sysfs_wakeup_33_0) true)
+(expandtypeattribute (sysfs_wakeup_reasons_33_0) true)
+(expandtypeattribute (sysfs_wlan_fwpath_33_0) true)
+(expandtypeattribute (sysfs_zram_33_0) true)
+(expandtypeattribute (sysfs_zram_uevent_33_0) true)
+(expandtypeattribute (system_app_33_0) true)
+(expandtypeattribute (system_app_data_file_33_0) true)
+(expandtypeattribute (system_app_service_33_0) true)
+(expandtypeattribute (system_asan_options_file_33_0) true)
+(expandtypeattribute (system_block_device_33_0) true)
+(expandtypeattribute (system_boot_reason_prop_33_0) true)
+(expandtypeattribute (system_bootstrap_lib_file_33_0) true)
+(expandtypeattribute (system_config_service_33_0) true)
+(expandtypeattribute (system_data_file_33_0) true)
+(expandtypeattribute (system_data_root_file_33_0) true)
+(expandtypeattribute (system_dlkm_file_33_0) true)
+(expandtypeattribute (system_event_log_tags_file_33_0) true)
+(expandtypeattribute (system_file_33_0) true)
+(expandtypeattribute (system_group_file_33_0) true)
+(expandtypeattribute (system_jvmti_agent_prop_33_0) true)
+(expandtypeattribute (system_lib_file_33_0) true)
+(expandtypeattribute (system_linker_config_file_33_0) true)
+(expandtypeattribute (system_linker_exec_33_0) true)
+(expandtypeattribute (system_lmk_prop_33_0) true)
+(expandtypeattribute (system_ndebug_socket_33_0) true)
+(expandtypeattribute (system_net_netd_hwservice_33_0) true)
+(expandtypeattribute (system_passwd_file_33_0) true)
+(expandtypeattribute (system_prop_33_0) true)
+(expandtypeattribute (system_seccomp_policy_file_33_0) true)
+(expandtypeattribute (system_security_cacerts_file_33_0) true)
+(expandtypeattribute (system_server_33_0) true)
+(expandtypeattribute (system_server_dumper_service_33_0) true)
+(expandtypeattribute (system_server_tmpfs_33_0) true)
+(expandtypeattribute (system_suspend_control_internal_service_33_0) true)
+(expandtypeattribute (system_suspend_control_service_33_0) true)
+(expandtypeattribute (system_suspend_hwservice_33_0) true)
+(expandtypeattribute (system_trace_prop_33_0) true)
+(expandtypeattribute (system_unsolzygote_socket_33_0) true)
+(expandtypeattribute (system_update_service_33_0) true)
+(expandtypeattribute (system_wifi_keystore_hwservice_33_0) true)
+(expandtypeattribute (system_wpa_socket_33_0) true)
+(expandtypeattribute (system_zoneinfo_file_33_0) true)
+(expandtypeattribute (systemkeys_data_file_33_0) true)
+(expandtypeattribute (systemsound_config_prop_33_0) true)
+(expandtypeattribute (tare_service_33_0) true)
+(expandtypeattribute (task_profiles_api_file_33_0) true)
+(expandtypeattribute (task_profiles_file_33_0) true)
+(expandtypeattribute (task_service_33_0) true)
+(expandtypeattribute (tcpdump_exec_33_0) true)
+(expandtypeattribute (tee_33_0) true)
+(expandtypeattribute (tee_data_file_33_0) true)
+(expandtypeattribute (tee_device_33_0) true)
+(expandtypeattribute (telecom_service_33_0) true)
+(expandtypeattribute (telephony_config_prop_33_0) true)
+(expandtypeattribute (telephony_status_prop_33_0) true)
+(expandtypeattribute (test_boot_reason_prop_33_0) true)
+(expandtypeattribute (test_harness_prop_33_0) true)
+(expandtypeattribute (testharness_service_33_0) true)
+(expandtypeattribute (tethering_service_33_0) true)
+(expandtypeattribute (textclassification_service_33_0) true)
+(expandtypeattribute (textclassifier_data_file_33_0) true)
+(expandtypeattribute (textservices_service_33_0) true)
+(expandtypeattribute (texttospeech_service_33_0) true)
+(expandtypeattribute (theme_prop_33_0) true)
+(expandtypeattribute (thermal_service_33_0) true)
+(expandtypeattribute (time_prop_33_0) true)
+(expandtypeattribute (timedetector_service_33_0) true)
+(expandtypeattribute (timezone_service_33_0) true)
+(expandtypeattribute (timezonedetector_service_33_0) true)
+(expandtypeattribute (tmpfs_33_0) true)
+(expandtypeattribute (tombstone_config_prop_33_0) true)
+(expandtypeattribute (tombstone_data_file_33_0) true)
+(expandtypeattribute (tombstone_wifi_data_file_33_0) true)
+(expandtypeattribute (tombstoned_33_0) true)
+(expandtypeattribute (tombstoned_crash_socket_33_0) true)
+(expandtypeattribute (tombstoned_exec_33_0) true)
+(expandtypeattribute (tombstoned_intercept_socket_33_0) true)
+(expandtypeattribute (tombstoned_java_trace_socket_33_0) true)
+(expandtypeattribute (toolbox_33_0) true)
+(expandtypeattribute (toolbox_exec_33_0) true)
+(expandtypeattribute (trace_data_file_33_0) true)
+(expandtypeattribute (traced_33_0) true)
+(expandtypeattribute (traced_consumer_socket_33_0) true)
+(expandtypeattribute (traced_enabled_prop_33_0) true)
+(expandtypeattribute (traced_lazy_prop_33_0) true)
+(expandtypeattribute (traced_perf_33_0) true)
+(expandtypeattribute (traced_perf_socket_33_0) true)
+(expandtypeattribute (traced_probes_33_0) true)
+(expandtypeattribute (traced_producer_socket_33_0) true)
+(expandtypeattribute (traced_tmpfs_33_0) true)
+(expandtypeattribute (traceur_app_33_0) true)
+(expandtypeattribute (translation_service_33_0) true)
+(expandtypeattribute (trust_service_33_0) true)
+(expandtypeattribute (tty_device_33_0) true)
+(expandtypeattribute (tun_device_33_0) true)
+(expandtypeattribute (tv_iapp_service_33_0) true)
+(expandtypeattribute (tv_input_service_33_0) true)
+(expandtypeattribute (tv_tuner_resource_mgr_service_33_0) true)
+(expandtypeattribute (tzdatacheck_33_0) true)
+(expandtypeattribute (tzdatacheck_exec_33_0) true)
+(expandtypeattribute (ueventd_33_0) true)
+(expandtypeattribute (ueventd_tmpfs_33_0) true)
+(expandtypeattribute (uhid_device_33_0) true)
+(expandtypeattribute (uimode_service_33_0) true)
+(expandtypeattribute (uio_device_33_0) true)
+(expandtypeattribute (uncrypt_33_0) true)
+(expandtypeattribute (uncrypt_exec_33_0) true)
+(expandtypeattribute (uncrypt_socket_33_0) true)
+(expandtypeattribute (unencrypted_data_file_33_0) true)
+(expandtypeattribute (unlabeled_33_0) true)
+(expandtypeattribute (untrusted_app_25_33_0) true)
+(expandtypeattribute (untrusted_app_27_33_0) true)
+(expandtypeattribute (untrusted_app_29_33_0) true)
+(expandtypeattribute (untrusted_app_30_33_0) true)
+(expandtypeattribute (untrusted_app_33_0) true)
+(expandtypeattribute (update_engine_33_0) true)
+(expandtypeattribute (update_engine_data_file_33_0) true)
+(expandtypeattribute (update_engine_exec_33_0) true)
+(expandtypeattribute (update_engine_log_data_file_33_0) true)
+(expandtypeattribute (update_engine_service_33_0) true)
+(expandtypeattribute (update_engine_stable_service_33_0) true)
+(expandtypeattribute (update_verifier_33_0) true)
+(expandtypeattribute (update_verifier_exec_33_0) true)
+(expandtypeattribute (updatelock_service_33_0) true)
+(expandtypeattribute (uri_grants_service_33_0) true)
+(expandtypeattribute (usagestats_service_33_0) true)
+(expandtypeattribute (usb_config_prop_33_0) true)
+(expandtypeattribute (usb_control_prop_33_0) true)
+(expandtypeattribute (usb_device_33_0) true)
+(expandtypeattribute (usb_prop_33_0) true)
+(expandtypeattribute (usb_serial_device_33_0) true)
+(expandtypeattribute (usb_service_33_0) true)
+(expandtypeattribute (usbaccessory_device_33_0) true)
+(expandtypeattribute (usbd_33_0) true)
+(expandtypeattribute (usbd_exec_33_0) true)
+(expandtypeattribute (usbfs_33_0) true)
+(expandtypeattribute (use_memfd_prop_33_0) true)
+(expandtypeattribute (user_profile_data_file_33_0) true)
+(expandtypeattribute (user_profile_root_file_33_0) true)
+(expandtypeattribute (user_service_33_0) true)
+(expandtypeattribute (userdata_block_device_33_0) true)
+(expandtypeattribute (userdata_sysdev_33_0) true)
+(expandtypeattribute (usermodehelper_33_0) true)
+(expandtypeattribute (userspace_reboot_config_prop_33_0) true)
+(expandtypeattribute (userspace_reboot_exported_prop_33_0) true)
+(expandtypeattribute (userspace_reboot_metadata_file_33_0) true)
+(expandtypeattribute (uwb_service_33_0) true)
+(expandtypeattribute (vcn_management_service_33_0) true)
+(expandtypeattribute (vd_device_33_0) true)
+(expandtypeattribute (vdc_33_0) true)
+(expandtypeattribute (vdc_exec_33_0) true)
+(expandtypeattribute (vehicle_hal_prop_33_0) true)
+(expandtypeattribute (vendor_apex_file_33_0) true)
+(expandtypeattribute (vendor_app_file_33_0) true)
+(expandtypeattribute (vendor_cgroup_desc_file_33_0) true)
+(expandtypeattribute (vendor_configs_file_33_0) true)
+(expandtypeattribute (vendor_data_file_33_0) true)
+(expandtypeattribute (vendor_default_prop_33_0) true)
+(expandtypeattribute (vendor_file_33_0) true)
+(expandtypeattribute (vendor_framework_file_33_0) true)
+(expandtypeattribute (vendor_hal_file_33_0) true)
+(expandtypeattribute (vendor_idc_file_33_0) true)
+(expandtypeattribute (vendor_init_33_0) true)
+(expandtypeattribute (vendor_kernel_modules_33_0) true)
+(expandtypeattribute (vendor_keychars_file_33_0) true)
+(expandtypeattribute (vendor_keylayout_file_33_0) true)
+(expandtypeattribute (vendor_misc_writer_33_0) true)
+(expandtypeattribute (vendor_misc_writer_exec_33_0) true)
+(expandtypeattribute (vendor_modprobe_33_0) true)
+(expandtypeattribute (vendor_overlay_file_33_0) true)
+(expandtypeattribute (vendor_public_framework_file_33_0) true)
+(expandtypeattribute (vendor_public_lib_file_33_0) true)
+(expandtypeattribute (vendor_security_patch_level_prop_33_0) true)
+(expandtypeattribute (vendor_service_contexts_file_33_0) true)
+(expandtypeattribute (vendor_shell_33_0) true)
+(expandtypeattribute (vendor_shell_exec_33_0) true)
+(expandtypeattribute (vendor_socket_hook_prop_33_0) true)
+(expandtypeattribute (vendor_task_profiles_file_33_0) true)
+(expandtypeattribute (vendor_toolbox_exec_33_0) true)
+(expandtypeattribute (vendor_uuid_mapping_config_file_33_0) true)
+(expandtypeattribute (vendor_vm_data_file_33_0) true)
+(expandtypeattribute (vendor_vm_file_33_0) true)
+(expandtypeattribute (vfat_33_0) true)
+(expandtypeattribute (vibrator_manager_service_33_0) true)
+(expandtypeattribute (vibrator_service_33_0) true)
+(expandtypeattribute (video_device_33_0) true)
+(expandtypeattribute (virtual_ab_prop_33_0) true)
+(expandtypeattribute (virtual_device_service_33_0) true)
+(expandtypeattribute (virtual_touchpad_33_0) true)
+(expandtypeattribute (virtual_touchpad_exec_33_0) true)
+(expandtypeattribute (virtual_touchpad_service_33_0) true)
+(expandtypeattribute (virtualization_service_33_0) true)
+(expandtypeattribute (vndbinder_device_33_0) true)
+(expandtypeattribute (vndk_prop_33_0) true)
+(expandtypeattribute (vndk_sp_file_33_0) true)
+(expandtypeattribute (vndservice_contexts_file_33_0) true)
+(expandtypeattribute (vndservicemanager_33_0) true)
+(expandtypeattribute (voiceinteraction_service_33_0) true)
+(expandtypeattribute (vold_33_0) true)
+(expandtypeattribute (vold_config_prop_33_0) true)
+(expandtypeattribute (vold_data_file_33_0) true)
+(expandtypeattribute (vold_device_33_0) true)
+(expandtypeattribute (vold_exec_33_0) true)
+(expandtypeattribute (vold_metadata_file_33_0) true)
+(expandtypeattribute (vold_post_fs_data_prop_33_0) true)
+(expandtypeattribute (vold_prepare_subdirs_33_0) true)
+(expandtypeattribute (vold_prepare_subdirs_exec_33_0) true)
+(expandtypeattribute (vold_prop_33_0) true)
+(expandtypeattribute (vold_service_33_0) true)
+(expandtypeattribute (vold_status_prop_33_0) true)
+(expandtypeattribute (vpn_data_file_33_0) true)
+(expandtypeattribute (vpn_management_service_33_0) true)
+(expandtypeattribute (vr_hwc_service_33_0) true)
+(expandtypeattribute (vr_manager_service_33_0) true)
+(expandtypeattribute (vrflinger_vsync_service_33_0) true)
+(expandtypeattribute (vts_config_prop_33_0) true)
+(expandtypeattribute (vts_status_prop_33_0) true)
+(expandtypeattribute (wallpaper_effects_generation_service_33_0) true)
+(expandtypeattribute (wallpaper_file_33_0) true)
+(expandtypeattribute (wallpaper_service_33_0) true)
+(expandtypeattribute (watchdog_device_33_0) true)
+(expandtypeattribute (watchdog_metadata_file_33_0) true)
+(expandtypeattribute (watchdogd_33_0) true)
+(expandtypeattribute (watchdogd_exec_33_0) true)
+(expandtypeattribute (webview_zygote_33_0) true)
+(expandtypeattribute (webview_zygote_exec_33_0) true)
+(expandtypeattribute (webview_zygote_tmpfs_33_0) true)
+(expandtypeattribute (webviewupdate_service_33_0) true)
+(expandtypeattribute (wifi_config_prop_33_0) true)
+(expandtypeattribute (wifi_data_file_33_0) true)
+(expandtypeattribute (wifi_hal_prop_33_0) true)
+(expandtypeattribute (wifi_key_33_0) true)
+(expandtypeattribute (wifi_log_prop_33_0) true)
+(expandtypeattribute (wifi_prop_33_0) true)
+(expandtypeattribute (wifi_service_33_0) true)
+(expandtypeattribute (wifiaware_service_33_0) true)
+(expandtypeattribute (wificond_33_0) true)
+(expandtypeattribute (wificond_exec_33_0) true)
+(expandtypeattribute (wifinl80211_service_33_0) true)
+(expandtypeattribute (wifip2p_service_33_0) true)
+(expandtypeattribute (wifiscanner_service_33_0) true)
+(expandtypeattribute (window_service_33_0) true)
+(expandtypeattribute (wpa_socket_33_0) true)
+(expandtypeattribute (wpantund_33_0) true)
+(expandtypeattribute (wpantund_exec_33_0) true)
+(expandtypeattribute (wpantund_service_33_0) true)
+(expandtypeattribute (zero_device_33_0) true)
+(expandtypeattribute (zoneinfo_data_file_33_0) true)
+(expandtypeattribute (zram_config_prop_33_0) true)
+(expandtypeattribute (zram_control_prop_33_0) true)
+(expandtypeattribute (zygote_33_0) true)
+(expandtypeattribute (zygote_config_prop_33_0) true)
+(expandtypeattribute (zygote_exec_33_0) true)
+(expandtypeattribute (zygote_socket_33_0) true)
+(expandtypeattribute (zygote_tmpfs_33_0) true)
+(typeattributeset DockObserver_service_33_0 (DockObserver_service))
+(typeattributeset IProxyService_service_33_0 (IProxyService_service))
+(typeattributeset aac_drc_prop_33_0 (aac_drc_prop))
+(typeattributeset aaudio_config_prop_33_0 (aaudio_config_prop))
+(typeattributeset ab_update_gki_prop_33_0 (ab_update_gki_prop))
+(typeattributeset accessibility_service_33_0 (accessibility_service))
+(typeattributeset account_service_33_0 (account_service))
+(typeattributeset activity_service_33_0 (activity_service))
+(typeattributeset activity_task_service_33_0 (activity_task_service))
+(typeattributeset adb_data_file_33_0 (adb_data_file))
+(typeattributeset adb_keys_file_33_0 (adb_keys_file))
+(typeattributeset adb_service_33_0 (adb_service))
+(typeattributeset adbd_33_0 (adbd))
+(typeattributeset adbd_config_prop_33_0 (adbd_config_prop))
+(typeattributeset adbd_exec_33_0 (adbd_exec))
+(typeattributeset adbd_socket_33_0 (adbd_socket))
+(typeattributeset adservices_manager_service_33_0 (adservices_manager_service))
+(typeattributeset aidl_lazy_test_server_33_0 (aidl_lazy_test_server))
+(typeattributeset aidl_lazy_test_server_exec_33_0 (aidl_lazy_test_server_exec))
+(typeattributeset aidl_lazy_test_service_33_0 (aidl_lazy_test_service))
+(typeattributeset alarm_service_33_0 (alarm_service))
+(typeattributeset anr_data_file_33_0 (anr_data_file))
+(typeattributeset apc_service_33_0 (apc_service))
+(typeattributeset apex_data_file_33_0 (apex_data_file))
+(typeattributeset apex_info_file_33_0 (apex_info_file))
+(typeattributeset apex_metadata_file_33_0 (apex_metadata_file))
+(typeattributeset apex_mnt_dir_33_0 (apex_mnt_dir))
+(typeattributeset apex_module_data_file_33_0 (apex_module_data_file))
+(typeattributeset apex_ota_reserved_file_33_0 (apex_ota_reserved_file))
+(typeattributeset apex_rollback_data_file_33_0 (apex_rollback_data_file))
+(typeattributeset apex_service_33_0 (apex_service))
+(typeattributeset apex_system_server_data_file_33_0 (apex_system_server_data_file))
+(typeattributeset apexd_33_0 (apexd))
+(typeattributeset apexd_config_prop_33_0 (apexd_config_prop))
+(typeattributeset apexd_exec_33_0 (apexd_exec))
+(typeattributeset apexd_prop_33_0 (apexd_prop))
+(typeattributeset apexd_select_prop_33_0 (apexd_select_prop))
+(typeattributeset apk_data_file_33_0 (apk_data_file))
+(typeattributeset apk_private_data_file_33_0 (apk_private_data_file))
+(typeattributeset apk_private_tmp_file_33_0 (apk_private_tmp_file))
+(typeattributeset apk_tmp_file_33_0 (apk_tmp_file))
+(typeattributeset apk_verity_prop_33_0 (apk_verity_prop))
+(typeattributeset app_binding_service_33_0 (app_binding_service))
+(typeattributeset app_data_file_33_0 (app_data_file))
+(typeattributeset app_fuse_file_33_0 (app_fuse_file))
+(typeattributeset app_fusefs_33_0 (app_fusefs))
+(typeattributeset app_hibernation_service_33_0 (app_hibernation_service))
+(typeattributeset app_integrity_service_33_0 (app_integrity_service))
+(typeattributeset app_prediction_service_33_0 (app_prediction_service))
+(typeattributeset app_search_service_33_0 (app_search_service))
+(typeattributeset app_zygote_33_0 (app_zygote))
+(typeattributeset app_zygote_tmpfs_33_0 (app_zygote_tmpfs))
+(typeattributeset appcompat_data_file_33_0 (appcompat_data_file))
+(typeattributeset appdomain_tmpfs_33_0 (appdomain_tmpfs))
+(typeattributeset appops_service_33_0 (appops_service))
+(typeattributeset appwidget_service_33_0 (appwidget_service))
+(typeattributeset arm64_memtag_prop_33_0 (arm64_memtag_prop))
+(typeattributeset art_apex_dir_33_0 (art_apex_dir))
+(typeattributeset artd_service_33_0 (artd_service))
+(typeattributeset asec_apk_file_33_0 (asec_apk_file))
+(typeattributeset asec_image_file_33_0 (asec_image_file))
+(typeattributeset asec_public_file_33_0 (asec_public_file))
+(typeattributeset ashmem_device_33_0 (ashmem_device))
+(typeattributeset ashmem_libcutils_device_33_0 (ashmem_libcutils_device))
+(typeattributeset assetatlas_service_33_0 (assetatlas_service))
+(typeattributeset atrace_33_0 (atrace))
+(typeattributeset attestation_verification_service_33_0 (attestation_verification_service))
+(typeattributeset audio_config_prop_33_0 (audio_config_prop))
+(typeattributeset audio_data_file_33_0 (audio_data_file))
+(typeattributeset audio_device_33_0 (audio_device))
+(typeattributeset audio_prop_33_0 (audio_prop))
+(typeattributeset audio_service_33_0 (audio_service))
+(typeattributeset audiohal_data_file_33_0 (audiohal_data_file))
+(typeattributeset audioserver_33_0 (audioserver))
+(typeattributeset audioserver_data_file_33_0 (audioserver_data_file))
+(typeattributeset audioserver_service_33_0 (audioserver_service))
+(typeattributeset audioserver_tmpfs_33_0 (audioserver_tmpfs))
+(typeattributeset auth_service_33_0 (auth_service))
+(typeattributeset authorization_service_33_0 (authorization_service))
+(typeattributeset autofill_service_33_0 (autofill_service))
+(typeattributeset backup_data_file_33_0 (backup_data_file))
+(typeattributeset backup_service_33_0 (backup_service))
+(typeattributeset battery_service_33_0 (battery_service))
+(typeattributeset batteryproperties_service_33_0 (batteryproperties_service))
+(typeattributeset batterystats_service_33_0 (batterystats_service))
+(typeattributeset binder_cache_bluetooth_server_prop_33_0 (binder_cache_bluetooth_server_prop))
+(typeattributeset binder_cache_system_server_prop_33_0 (binder_cache_system_server_prop))
+(typeattributeset binder_cache_telephony_server_prop_33_0 (binder_cache_telephony_server_prop))
+(typeattributeset binder_calls_stats_service_33_0 (binder_calls_stats_service))
+(typeattributeset binder_device_33_0 (binder_device))
+(typeattributeset binderfs_33_0 (binderfs))
+(typeattributeset binderfs_features_33_0 (binderfs_features))
+(typeattributeset binderfs_logs_33_0 (binderfs_logs))
+(typeattributeset binderfs_logs_proc_33_0 (binderfs_logs_proc))
+(typeattributeset binfmt_miscfs_33_0 (binfmt_miscfs))
+(typeattributeset biometric_service_33_0 (biometric_service))
+(typeattributeset blkid_33_0 (blkid))
+(typeattributeset blkid_untrusted_33_0 (blkid_untrusted))
+(typeattributeset blob_store_service_33_0 (blob_store_service))
+(typeattributeset block_device_33_0 (block_device))
+(typeattributeset bluetooth_33_0 (bluetooth))
+(typeattributeset bluetooth_a2dp_offload_prop_33_0 (bluetooth_a2dp_offload_prop))
+(typeattributeset bluetooth_audio_hal_prop_33_0 (bluetooth_audio_hal_prop))
+(typeattributeset bluetooth_config_prop_33_0 (bluetooth_config_prop))
+(typeattributeset bluetooth_data_file_33_0 (bluetooth_data_file))
+(typeattributeset bluetooth_efs_file_33_0 (bluetooth_efs_file))
+(typeattributeset bluetooth_logs_data_file_33_0 (bluetooth_logs_data_file))
+(typeattributeset bluetooth_manager_service_33_0 (bluetooth_manager_service))
+(typeattributeset bluetooth_prop_33_0 (bluetooth_prop))
+(typeattributeset bluetooth_service_33_0 (bluetooth_service))
+(typeattributeset bluetooth_socket_33_0 (bluetooth_socket))
+(typeattributeset boot_block_device_33_0 (boot_block_device))
+(typeattributeset boot_status_prop_33_0 (boot_status_prop))
+(typeattributeset bootanim_33_0 (bootanim))
+(typeattributeset bootanim_config_prop_33_0 (bootanim_config_prop))
+(typeattributeset bootanim_exec_33_0 (bootanim_exec))
+(typeattributeset bootanim_system_prop_33_0 (bootanim_system_prop))
+(typeattributeset bootchart_data_file_33_0 (bootchart_data_file))
+(typeattributeset bootloader_boot_reason_prop_33_0 (bootloader_boot_reason_prop))
+(typeattributeset bootloader_prop_33_0 (bootloader_prop))
+(typeattributeset bootstat_33_0 (bootstat))
+(typeattributeset bootstat_data_file_33_0 (bootstat_data_file))
+(typeattributeset bootstat_exec_33_0 (bootstat_exec))
+(typeattributeset boottime_prop_33_0 (boottime_prop))
+(typeattributeset boottime_public_prop_33_0 (boottime_public_prop))
+(typeattributeset boottrace_data_file_33_0 (boottrace_data_file))
+(typeattributeset bpf_progs_loaded_prop_33_0 (bpf_progs_loaded_prop))
+(typeattributeset bpfloader_33_0 (bpfloader))
+(typeattributeset bq_config_prop_33_0 (bq_config_prop))
+(typeattributeset broadcastradio_service_33_0 (broadcastradio_service))
+(typeattributeset bufferhubd_33_0 (bufferhubd))
+(typeattributeset bufferhubd_exec_33_0 (bufferhubd_exec))
+(typeattributeset bugreport_service_33_0 (bugreport_service))
+(typeattributeset build_bootimage_prop_33_0 (build_bootimage_prop))
+(typeattributeset build_config_prop_33_0 (build_config_prop))
+(typeattributeset build_odm_prop_33_0 (build_odm_prop))
+(typeattributeset build_prop_33_0 (build_prop))
+(typeattributeset build_prop_33_0 (userdebug_or_eng_prop))
+(typeattributeset build_vendor_prop_33_0 (build_vendor_prop))
+(typeattributeset cache_backup_file_33_0 (cache_backup_file))
+(typeattributeset cache_block_device_33_0 (cache_block_device))
+(typeattributeset cache_file_33_0 (cache_file))
+(typeattributeset cache_private_backup_file_33_0 (cache_private_backup_file))
+(typeattributeset cache_recovery_file_33_0 (cache_recovery_file))
+(typeattributeset cacheinfo_service_33_0 (cacheinfo_service))
+(typeattributeset camera2_extensions_prop_33_0 (camera2_extensions_prop))
+(typeattributeset camera_calibration_prop_33_0 (camera_calibration_prop))
+(typeattributeset camera_config_prop_33_0 (camera_config_prop))
+(typeattributeset camera_data_file_33_0 (camera_data_file))
+(typeattributeset camera_device_33_0 (camera_device))
+(typeattributeset cameraproxy_service_33_0 (cameraproxy_service))
+(typeattributeset cameraserver_33_0 (cameraserver))
+(typeattributeset cameraserver_exec_33_0 (cameraserver_exec))
+(typeattributeset cameraserver_service_33_0 (cameraserver_service))
+(typeattributeset cameraserver_tmpfs_33_0 (cameraserver_tmpfs))
+(typeattributeset camerax_extensions_prop_33_0 (camerax_extensions_prop))
+(typeattributeset cgroup_33_0 (cgroup))
+(typeattributeset cgroup_desc_api_file_33_0 (cgroup_desc_api_file))
+(typeattributeset cgroup_desc_file_33_0 (cgroup_desc_file))
+(typeattributeset cgroup_rc_file_33_0 (cgroup_rc_file))
+(typeattributeset cgroup_v2_33_0 (cgroup_v2))
+(typeattributeset charger_33_0 (charger))
+(typeattributeset charger_config_prop_33_0 (charger_config_prop))
+(typeattributeset charger_exec_33_0 (charger_exec))
+(typeattributeset charger_prop_33_0 (charger_prop))
+(typeattributeset charger_status_prop_33_0 (charger_status_prop))
+(typeattributeset charger_vendor_33_0 (charger_vendor))
+(typeattributeset clipboard_service_33_0 (clipboard_service))
+(typeattributeset cloudsearch_service_33_0 (cloudsearch_service))
+(typeattributeset codec2_config_prop_33_0 (codec2_config_prop))
+(typeattributeset cold_boot_done_prop_33_0 (cold_boot_done_prop))
+(typeattributeset color_display_service_33_0 (color_display_service))
+(typeattributeset companion_device_service_33_0 (companion_device_service))
+(typeattributeset config_prop_33_0 (config_prop))
+(typeattributeset configfs_33_0 (configfs))
+(typeattributeset connectivity_native_service_33_0 (connectivity_native_service))
+(typeattributeset connectivity_service_33_0 (connectivity_service))
+(typeattributeset connmetrics_service_33_0 (connmetrics_service))
+(typeattributeset console_device_33_0 (console_device))
+(typeattributeset consumer_ir_service_33_0 (consumer_ir_service))
+(typeattributeset content_capture_service_33_0 (content_capture_service))
+(typeattributeset content_service_33_0 (content_service))
+(typeattributeset content_suggestions_service_33_0 (content_suggestions_service))
+(typeattributeset contexthub_service_33_0 (contexthub_service))
+(typeattributeset coredump_file_33_0 (coredump_file))
+(typeattributeset country_detector_service_33_0 (country_detector_service))
+(typeattributeset coverage_service_33_0 (coverage_service))
+(typeattributeset cppreopt_prop_33_0 (cppreopt_prop))
+(typeattributeset cpu_variant_prop_33_0 (cpu_variant_prop))
+(typeattributeset cpuinfo_service_33_0 (cpuinfo_service))
+(typeattributeset crash_dump_33_0 (crash_dump))
+(typeattributeset crash_dump_exec_33_0 (crash_dump_exec))
+(typeattributeset credstore_33_0 (credstore))
+(typeattributeset credstore_data_file_33_0 (credstore_data_file))
+(typeattributeset credstore_exec_33_0 (credstore_exec))
+(typeattributeset credstore_service_33_0 (credstore_service))
+(typeattributeset crossprofileapps_service_33_0 (crossprofileapps_service))
+(typeattributeset ctl_adbd_prop_33_0 (ctl_adbd_prop))
+(typeattributeset ctl_apexd_prop_33_0 (ctl_apexd_prop))
+(typeattributeset ctl_bootanim_prop_33_0 (ctl_bootanim_prop))
+(typeattributeset ctl_bugreport_prop_33_0 (ctl_bugreport_prop))
+(typeattributeset ctl_console_prop_33_0 (ctl_console_prop))
+(typeattributeset ctl_default_prop_33_0 (ctl_default_prop))
+(typeattributeset ctl_dumpstate_prop_33_0 (ctl_dumpstate_prop))
+(typeattributeset ctl_fuse_prop_33_0 (ctl_fuse_prop))
+(typeattributeset ctl_gsid_prop_33_0 (ctl_gsid_prop))
+(typeattributeset ctl_interface_restart_prop_33_0 (ctl_interface_restart_prop))
+(typeattributeset ctl_interface_start_prop_33_0 (ctl_interface_start_prop))
+(typeattributeset ctl_interface_stop_prop_33_0 (ctl_interface_stop_prop))
+(typeattributeset ctl_mdnsd_prop_33_0 (ctl_mdnsd_prop))
+(typeattributeset ctl_restart_prop_33_0 (ctl_restart_prop))
+(typeattributeset ctl_rildaemon_prop_33_0 (ctl_rildaemon_prop))
+(typeattributeset ctl_sigstop_prop_33_0 (ctl_sigstop_prop))
+(typeattributeset ctl_start_prop_33_0 (ctl_start_prop))
+(typeattributeset ctl_stop_prop_33_0 (ctl_stop_prop))
+(typeattributeset dalvik_config_prop_33_0 (dalvik_config_prop))
+(typeattributeset dalvik_prop_33_0 (dalvik_prop))
+(typeattributeset dalvik_runtime_prop_33_0 (dalvik_runtime_prop))
+(typeattributeset dalvikcache_data_file_33_0 (dalvikcache_data_file))
+(typeattributeset dataloader_manager_service_33_0 (dataloader_manager_service))
+(typeattributeset dbinfo_service_33_0 (dbinfo_service))
+(typeattributeset dck_prop_33_0 (dck_prop))
+(typeattributeset debug_prop_33_0 (debug_prop))
+(typeattributeset debugfs_33_0 (debugfs))
+(typeattributeset debugfs_bootreceiver_tracing_33_0 (debugfs_bootreceiver_tracing))
+(typeattributeset debugfs_kprobes_33_0 (debugfs_kprobes))
+(typeattributeset debugfs_mm_events_tracing_33_0 (debugfs_mm_events_tracing))
+(typeattributeset debugfs_mmc_33_0 (debugfs_mmc))
+(typeattributeset debugfs_restriction_prop_33_0 (debugfs_restriction_prop))
+(typeattributeset debugfs_trace_marker_33_0 (debugfs_trace_marker))
+(typeattributeset debugfs_tracing_33_0 (debugfs_tracing))
+(typeattributeset debugfs_tracing_debug_33_0 (debugfs_tracing_debug))
+(typeattributeset debugfs_tracing_instances_33_0 (debugfs_tracing_instances))
+(typeattributeset debugfs_tracing_printk_formats_33_0 (debugfs_tracing_printk_formats))
+(typeattributeset debugfs_wakeup_sources_33_0 (debugfs_wakeup_sources))
+(typeattributeset debugfs_wifi_tracing_33_0 (debugfs_wifi_tracing))
+(typeattributeset debuggerd_prop_33_0 (debuggerd_prop))
+(typeattributeset default_android_hwservice_33_0 (default_android_hwservice))
+(typeattributeset default_android_service_33_0 (default_android_service))
+(typeattributeset default_android_vndservice_33_0 (default_android_vndservice))
+(typeattributeset default_prop_33_0 (default_prop))
+(typeattributeset dev_cpu_variant_33_0 (dev_cpu_variant))
+(typeattributeset device_33_0 (device))
+(typeattributeset device_config_activity_manager_native_boot_prop_33_0 (device_config_activity_manager_native_boot_prop))
+(typeattributeset device_config_boot_count_prop_33_0 (device_config_boot_count_prop))
+(typeattributeset device_config_input_native_boot_prop_33_0 (device_config_input_native_boot_prop))
+(typeattributeset device_config_media_native_prop_33_0 (device_config_media_native_prop))
+(typeattributeset device_config_netd_native_prop_33_0 (device_config_netd_native_prop))
+(typeattributeset device_config_nnapi_native_prop_33_0 (device_config_nnapi_native_prop))
+(typeattributeset device_config_reset_performed_prop_33_0 (device_config_reset_performed_prop))
+(typeattributeset device_config_runtime_native_boot_prop_33_0 (device_config_runtime_native_boot_prop))
+(typeattributeset device_config_runtime_native_prop_33_0 (device_config_runtime_native_prop))
+(typeattributeset device_config_service_33_0 (device_config_service))
+(typeattributeset device_config_surface_flinger_native_boot_prop_33_0 (device_config_surface_flinger_native_boot_prop))
+(typeattributeset device_identifiers_service_33_0 (device_identifiers_service))
+(typeattributeset device_logging_prop_33_0 (device_logging_prop))
+(typeattributeset device_policy_service_33_0 (device_policy_service))
+(typeattributeset device_state_service_33_0 (device_state_service))
+(typeattributeset deviceidle_service_33_0 (deviceidle_service))
+(typeattributeset devicestoragemonitor_service_33_0 (devicestoragemonitor_service))
+(typeattributeset devpts_33_0 (devpts))
+(typeattributeset dhcp_33_0 (dhcp))
+(typeattributeset dhcp_data_file_33_0 (dhcp_data_file))
+(typeattributeset dhcp_exec_33_0 (dhcp_exec))
+(typeattributeset dhcp_prop_33_0 (dhcp_prop))
+(typeattributeset dice_maintenance_service_33_0 (dice_maintenance_service))
+(typeattributeset dice_node_service_33_0 (dice_node_service))
+(typeattributeset diced_33_0 (diced))
+(typeattributeset diced_exec_33_0 (diced_exec))
+(typeattributeset diskstats_service_33_0 (diskstats_service))
+(typeattributeset display_service_33_0 (display_service))
+(typeattributeset dm_device_33_0 (dm_device))
+(typeattributeset dm_user_device_33_0 (dm_user_device))
+(typeattributeset dmabuf_heap_device_33_0 (dmabuf_heap_device))
+(typeattributeset dmabuf_system_heap_device_33_0 (dmabuf_system_heap_device))
+(typeattributeset dmabuf_system_secure_heap_device_33_0 (dmabuf_system_secure_heap_device))
+(typeattributeset dnsmasq_33_0 (dnsmasq))
+(typeattributeset dnsmasq_exec_33_0 (dnsmasq_exec))
+(typeattributeset dnsproxyd_socket_33_0 (dnsproxyd_socket))
+(typeattributeset dnsresolver_service_33_0 (dnsresolver_service))
+(typeattributeset domain_verification_service_33_0 (domain_verification_service))
+(typeattributeset dreams_service_33_0 (dreams_service))
+(typeattributeset drm_data_file_33_0 (drm_data_file))
+(typeattributeset drm_service_config_prop_33_0 (drm_service_config_prop))
+(typeattributeset drmserver_33_0 (drmserver))
+(typeattributeset drmserver_exec_33_0 (drmserver_exec))
+(typeattributeset drmserver_service_33_0 (drmserver_service))
+(typeattributeset drmserver_socket_33_0 (drmserver_socket))
+(typeattributeset dropbox_data_file_33_0 (dropbox_data_file))
+(typeattributeset dropbox_service_33_0 (dropbox_service))
+(typeattributeset dumpstate_33_0 (dumpstate))
+(typeattributeset dumpstate_exec_33_0 (dumpstate_exec))
+(typeattributeset dumpstate_options_prop_33_0 (dumpstate_options_prop))
+(typeattributeset dumpstate_prop_33_0 (dumpstate_prop))
+(typeattributeset dumpstate_service_33_0 (dumpstate_service))
+(typeattributeset dumpstate_socket_33_0 (dumpstate_socket))
+(typeattributeset dynamic_system_prop_33_0 (dynamic_system_prop))
+(typeattributeset e2fs_33_0 (e2fs))
+(typeattributeset e2fs_exec_33_0 (e2fs_exec))
+(typeattributeset efs_file_33_0 (efs_file))
+(typeattributeset emergency_affordance_service_33_0 (emergency_affordance_service))
+(typeattributeset ephemeral_app_33_0 (ephemeral_app))
+(typeattributeset ethernet_service_33_0 (ethernet_service))
+(typeattributeset evsmanagerd_33_0 (evsmanagerd))
+(typeattributeset evsmanagerd_service_33_0 (evsmanagerd_service))
+(typeattributeset exfat_33_0 (exfat))
+(typeattributeset exported3_system_prop_33_0 (exported3_system_prop))
+(typeattributeset exported_bluetooth_prop_33_0 (exported_bluetooth_prop))
+(typeattributeset exported_camera_prop_33_0 (exported_camera_prop))
+(typeattributeset exported_config_prop_33_0 (exported_config_prop))
+(typeattributeset exported_default_prop_33_0 (exported_default_prop))
+(typeattributeset exported_dumpstate_prop_33_0 (exported_dumpstate_prop))
+(typeattributeset exported_overlay_prop_33_0 (exported_overlay_prop))
+(typeattributeset exported_pm_prop_33_0 (exported_pm_prop))
+(typeattributeset exported_secure_prop_33_0 (exported_secure_prop))
+(typeattributeset exported_system_prop_33_0
+ ( exported_system_prop
+ locale_prop
+ timezone_prop
+))
+(typeattributeset external_vibrator_service_33_0 (external_vibrator_service))
+(typeattributeset extra_free_kbytes_33_0 (extra_free_kbytes))
+(typeattributeset extra_free_kbytes_exec_33_0 (extra_free_kbytes_exec))
+(typeattributeset face_service_33_0 (face_service))
+(typeattributeset face_vendor_data_file_33_0 (face_vendor_data_file))
+(typeattributeset fastbootd_33_0 (fastbootd))
+(typeattributeset ffs_config_prop_33_0 (ffs_config_prop))
+(typeattributeset ffs_control_prop_33_0 (ffs_control_prop))
+(typeattributeset file_contexts_file_33_0 (file_contexts_file))
+(typeattributeset file_integrity_service_33_0 (file_integrity_service))
+(typeattributeset fingerprint_prop_33_0 (fingerprint_prop))
+(typeattributeset fingerprint_service_33_0 (fingerprint_service))
+(typeattributeset fingerprint_vendor_data_file_33_0 (fingerprint_vendor_data_file))
+(typeattributeset fingerprintd_33_0 (fingerprintd))
+(typeattributeset fingerprintd_data_file_33_0 (fingerprintd_data_file))
+(typeattributeset fingerprintd_exec_33_0 (fingerprintd_exec))
+(typeattributeset fingerprintd_service_33_0 (fingerprintd_service))
+(typeattributeset firstboot_prop_33_0 (firstboot_prop))
+(typeattributeset flags_health_check_33_0 (flags_health_check))
+(typeattributeset flags_health_check_exec_33_0 (flags_health_check_exec))
+(typeattributeset font_service_33_0 (font_service))
+(typeattributeset framework_watchdog_config_prop_33_0 (framework_watchdog_config_prop))
+(typeattributeset frp_block_device_33_0 (frp_block_device))
+(typeattributeset fs_bpf_33_0 (fs_bpf))
+(typeattributeset fs_bpf_tethering_33_0 (fs_bpf_tethering))
+(typeattributeset fs_bpf_vendor_33_0 (fs_bpf_vendor))
+(typeattributeset fsck_33_0 (fsck))
+(typeattributeset fsck_exec_33_0 (fsck_exec))
+(typeattributeset fsck_untrusted_33_0 (fsck_untrusted))
+(typeattributeset fscklogs_33_0 (fscklogs))
+(typeattributeset functionfs_33_0 (functionfs))
+(typeattributeset fuse_33_0 (fuse))
+(typeattributeset fuse_device_33_0 (fuse_device))
+(typeattributeset fusectlfs_33_0 (fusectlfs))
+(typeattributeset fwk_automotive_display_hwservice_33_0 (fwk_automotive_display_hwservice))
+(typeattributeset fwk_automotive_display_service_33_0 (fwk_automotive_display_service))
+(typeattributeset fwk_bufferhub_hwservice_33_0 (fwk_bufferhub_hwservice))
+(typeattributeset fwk_camera_hwservice_33_0 (fwk_camera_hwservice))
+(typeattributeset fwk_display_hwservice_33_0 (fwk_display_hwservice))
+(typeattributeset fwk_scheduler_hwservice_33_0 (fwk_scheduler_hwservice))
+(typeattributeset fwk_sensor_hwservice_33_0 (fwk_sensor_hwservice))
+(typeattributeset fwk_stats_hwservice_33_0 (fwk_stats_hwservice))
+(typeattributeset fwk_stats_service_33_0 (fwk_stats_service))
+(typeattributeset fwmarkd_socket_33_0 (fwmarkd_socket))
+(typeattributeset game_mode_intervention_list_file_33_0 (game_mode_intervention_list_file))
+(typeattributeset game_service_33_0 (game_service))
+(typeattributeset gatekeeper_data_file_33_0 (gatekeeper_data_file))
+(typeattributeset gatekeeper_service_33_0 (gatekeeper_service))
+(typeattributeset gatekeeperd_33_0 (gatekeeperd))
+(typeattributeset gatekeeperd_exec_33_0 (gatekeeperd_exec))
+(typeattributeset gesture_prop_33_0 (gesture_prop))
+(typeattributeset gfxinfo_service_33_0 (gfxinfo_service))
+(typeattributeset gmscore_app_33_0 (gmscore_app))
+(typeattributeset gnss_device_33_0 (gnss_device))
+(typeattributeset gnss_time_update_service_33_0 (gnss_time_update_service))
+(typeattributeset gps_control_33_0 (gps_control))
+(typeattributeset gpu_device_33_0 (gpu_device))
+(typeattributeset gpu_service_33_0 (gpu_service))
+(typeattributeset gpuservice_33_0 (gpuservice))
+(typeattributeset graphics_config_prop_33_0 (graphics_config_prop))
+(typeattributeset graphics_device_33_0 (graphics_device))
+(typeattributeset graphicsstats_service_33_0 (graphicsstats_service))
+(typeattributeset gsi_data_file_33_0 (gsi_data_file))
+(typeattributeset gsi_metadata_file_33_0 (gsi_metadata_file))
+(typeattributeset gsi_public_metadata_file_33_0 (gsi_public_metadata_file))
+(typeattributeset gwp_asan_prop_33_0 (gwp_asan_prop))
+(typeattributeset hal_atrace_hwservice_33_0 (hal_atrace_hwservice))
+(typeattributeset hal_audio_hwservice_33_0 (hal_audio_hwservice))
+(typeattributeset hal_audio_service_33_0 (hal_audio_service))
+(typeattributeset hal_audiocontrol_hwservice_33_0 (hal_audiocontrol_hwservice))
+(typeattributeset hal_audiocontrol_service_33_0 (hal_audiocontrol_service))
+(typeattributeset hal_authsecret_hwservice_33_0 (hal_authsecret_hwservice))
+(typeattributeset hal_authsecret_service_33_0 (hal_authsecret_service))
+(typeattributeset hal_bluetooth_hwservice_33_0 (hal_bluetooth_hwservice))
+(typeattributeset hal_bootctl_hwservice_33_0 (hal_bootctl_hwservice))
+(typeattributeset hal_broadcastradio_hwservice_33_0 (hal_broadcastradio_hwservice))
+(typeattributeset hal_camera_hwservice_33_0 (hal_camera_hwservice))
+(typeattributeset hal_camera_service_33_0 (hal_camera_service))
+(typeattributeset hal_can_bus_hwservice_33_0 (hal_can_bus_hwservice))
+(typeattributeset hal_can_controller_hwservice_33_0 (hal_can_controller_hwservice))
+(typeattributeset hal_cas_hwservice_33_0 (hal_cas_hwservice))
+(typeattributeset hal_codec2_hwservice_33_0 (hal_codec2_hwservice))
+(typeattributeset hal_configstore_ISurfaceFlingerConfigs_33_0 (hal_configstore_ISurfaceFlingerConfigs))
+(typeattributeset hal_confirmationui_hwservice_33_0 (hal_confirmationui_hwservice))
+(typeattributeset hal_contexthub_hwservice_33_0 (hal_contexthub_hwservice))
+(typeattributeset hal_contexthub_service_33_0 (hal_contexthub_service))
+(typeattributeset hal_dice_service_33_0 (hal_dice_service))
+(typeattributeset hal_drm_hwservice_33_0 (hal_drm_hwservice))
+(typeattributeset hal_drm_service_33_0 (hal_drm_service))
+(typeattributeset hal_dumpstate_config_prop_33_0 (hal_dumpstate_config_prop))
+(typeattributeset hal_dumpstate_hwservice_33_0 (hal_dumpstate_hwservice))
+(typeattributeset hal_dumpstate_service_33_0 (hal_dumpstate_service))
+(typeattributeset hal_evs_hwservice_33_0 (hal_evs_hwservice))
+(typeattributeset hal_evs_service_33_0 (hal_evs_service))
+(typeattributeset hal_face_hwservice_33_0 (hal_face_hwservice))
+(typeattributeset hal_face_service_33_0 (hal_face_service))
+(typeattributeset hal_fingerprint_hwservice_33_0 (hal_fingerprint_hwservice))
+(typeattributeset hal_fingerprint_service_33_0 (hal_fingerprint_service))
+(typeattributeset hal_gatekeeper_hwservice_33_0 (hal_gatekeeper_hwservice))
+(typeattributeset hal_gnss_hwservice_33_0 (hal_gnss_hwservice))
+(typeattributeset hal_gnss_service_33_0 (hal_gnss_service))
+(typeattributeset hal_graphics_allocator_hwservice_33_0 (hal_graphics_allocator_hwservice))
+(typeattributeset hal_graphics_allocator_service_33_0 (hal_graphics_allocator_service))
+(typeattributeset hal_graphics_composer_hwservice_33_0 (hal_graphics_composer_hwservice))
+(typeattributeset hal_graphics_composer_server_tmpfs_33_0 (hal_graphics_composer_server_tmpfs))
+(typeattributeset hal_graphics_composer_service_33_0 (hal_graphics_composer_service))
+(typeattributeset hal_graphics_mapper_hwservice_33_0 (hal_graphics_mapper_hwservice))
+(typeattributeset hal_health_hwservice_33_0 (hal_health_hwservice))
+(typeattributeset hal_health_service_33_0 (hal_health_service))
+(typeattributeset hal_health_storage_hwservice_33_0 (hal_health_storage_hwservice))
+(typeattributeset hal_health_storage_service_33_0 (hal_health_storage_service))
+(typeattributeset hal_identity_service_33_0 (hal_identity_service))
+(typeattributeset hal_input_classifier_hwservice_33_0 (hal_input_classifier_hwservice))
+(typeattributeset hal_input_processor_service_33_0 (hal_input_processor_service))
+(typeattributeset hal_instrumentation_prop_33_0 (hal_instrumentation_prop))
+(typeattributeset hal_ir_hwservice_33_0 (hal_ir_hwservice))
+(typeattributeset hal_ir_service_33_0 (hal_ir_service))
+(typeattributeset hal_keymaster_hwservice_33_0 (hal_keymaster_hwservice))
+(typeattributeset hal_keymint_service_33_0 (hal_keymint_service))
+(typeattributeset hal_light_hwservice_33_0 (hal_light_hwservice))
+(typeattributeset hal_light_service_33_0 (hal_light_service))
+(typeattributeset hal_lowpan_hwservice_33_0 (hal_lowpan_hwservice))
+(typeattributeset hal_memtrack_hwservice_33_0 (hal_memtrack_hwservice))
+(typeattributeset hal_memtrack_service_33_0 (hal_memtrack_service))
+(typeattributeset hal_neuralnetworks_hwservice_33_0 (hal_neuralnetworks_hwservice))
+(typeattributeset hal_neuralnetworks_service_33_0 (hal_neuralnetworks_service))
+(typeattributeset hal_nfc_hwservice_33_0 (hal_nfc_hwservice))
+(typeattributeset hal_nfc_service_33_0 (hal_nfc_service))
+(typeattributeset hal_nlinterceptor_service_33_0 (hal_nlinterceptor_service))
+(typeattributeset hal_oemlock_hwservice_33_0 (hal_oemlock_hwservice))
+(typeattributeset hal_oemlock_service_33_0 (hal_oemlock_service))
+(typeattributeset hal_omx_hwservice_33_0 (hal_omx_hwservice))
+(typeattributeset hal_power_hwservice_33_0 (hal_power_hwservice))
+(typeattributeset hal_power_service_33_0 (hal_power_service))
+(typeattributeset hal_power_stats_hwservice_33_0 (hal_power_stats_hwservice))
+(typeattributeset hal_power_stats_service_33_0 (hal_power_stats_service))
+(typeattributeset hal_radio_service_33_0 (hal_radio_service))
+(typeattributeset hal_rebootescrow_service_33_0 (hal_rebootescrow_service))
+(typeattributeset hal_remotelyprovisionedcomponent_service_33_0 (hal_remotelyprovisionedcomponent_service))
+(typeattributeset hal_renderscript_hwservice_33_0 (hal_renderscript_hwservice))
+(typeattributeset hal_secure_element_hwservice_33_0 (hal_secure_element_hwservice))
+(typeattributeset hal_secureclock_service_33_0 (hal_secureclock_service))
+(typeattributeset hal_sensors_hwservice_33_0 (hal_sensors_hwservice))
+(typeattributeset hal_sensors_service_33_0 (hal_sensors_service))
+(typeattributeset hal_sharedsecret_service_33_0 (hal_sharedsecret_service))
+(typeattributeset hal_system_suspend_service_33_0 (hal_system_suspend_service))
+(typeattributeset hal_telephony_hwservice_33_0 (hal_telephony_hwservice))
+(typeattributeset hal_tetheroffload_hwservice_33_0 (hal_tetheroffload_hwservice))
+(typeattributeset hal_thermal_hwservice_33_0 (hal_thermal_hwservice))
+(typeattributeset hal_tv_cec_hwservice_33_0 (hal_tv_cec_hwservice))
+(typeattributeset hal_tv_input_hwservice_33_0 (hal_tv_input_hwservice))
+(typeattributeset hal_tv_tuner_hwservice_33_0 (hal_tv_tuner_hwservice))
+(typeattributeset hal_tv_tuner_service_33_0 (hal_tv_tuner_service))
+(typeattributeset hal_usb_gadget_hwservice_33_0 (hal_usb_gadget_hwservice))
+(typeattributeset hal_usb_hwservice_33_0 (hal_usb_hwservice))
+(typeattributeset hal_usb_service_33_0 (hal_usb_service))
+(typeattributeset hal_uwb_service_33_0 (hal_uwb_service))
+(typeattributeset hal_vehicle_hwservice_33_0 (hal_vehicle_hwservice))
+(typeattributeset hal_vehicle_service_33_0 (hal_vehicle_service))
+(typeattributeset hal_vibrator_hwservice_33_0 (hal_vibrator_hwservice))
+(typeattributeset hal_vibrator_service_33_0 (hal_vibrator_service))
+(typeattributeset hal_vr_hwservice_33_0 (hal_vr_hwservice))
+(typeattributeset hal_weaver_hwservice_33_0 (hal_weaver_hwservice))
+(typeattributeset hal_weaver_service_33_0 (hal_weaver_service))
+(typeattributeset hal_wifi_hostapd_hwservice_33_0 (hal_wifi_hostapd_hwservice))
+(typeattributeset hal_wifi_hostapd_service_33_0 (hal_wifi_hostapd_service))
+(typeattributeset hal_wifi_hwservice_33_0 (hal_wifi_hwservice))
+(typeattributeset hal_wifi_supplicant_hwservice_33_0 (hal_wifi_supplicant_hwservice))
+(typeattributeset hal_wifi_supplicant_service_33_0 (hal_wifi_supplicant_service))
+(typeattributeset hardware_properties_service_33_0 (hardware_properties_service))
+(typeattributeset hardware_service_33_0 (hardware_service))
+(typeattributeset hci_attach_dev_33_0 (hci_attach_dev))
+(typeattributeset hdmi_config_prop_33_0 (hdmi_config_prop))
+(typeattributeset hdmi_control_service_33_0 (hdmi_control_service))
+(typeattributeset healthd_33_0 (healthd))
+(typeattributeset heapdump_data_file_33_0 (heapdump_data_file))
+(typeattributeset heapprofd_33_0 (heapprofd))
+(typeattributeset heapprofd_enabled_prop_33_0 (heapprofd_enabled_prop))
+(typeattributeset heapprofd_prop_33_0 (heapprofd_prop))
+(typeattributeset heapprofd_socket_33_0 (heapprofd_socket))
+(typeattributeset hidl_allocator_hwservice_33_0 (hidl_allocator_hwservice))
+(typeattributeset hidl_base_hwservice_33_0 (hidl_base_hwservice))
+(typeattributeset hidl_manager_hwservice_33_0 (hidl_manager_hwservice))
+(typeattributeset hidl_memory_hwservice_33_0 (hidl_memory_hwservice))
+(typeattributeset hidl_token_hwservice_33_0 (hidl_token_hwservice))
+(typeattributeset hint_service_33_0 (hint_service))
+(typeattributeset hw_random_device_33_0 (hw_random_device))
+(typeattributeset hw_timeout_multiplier_prop_33_0 (hw_timeout_multiplier_prop))
+(typeattributeset hwbinder_device_33_0 (hwbinder_device))
+(typeattributeset hwservice_contexts_file_33_0 (hwservice_contexts_file))
+(typeattributeset hwservicemanager_33_0 (hwservicemanager))
+(typeattributeset hwservicemanager_exec_33_0 (hwservicemanager_exec))
+(typeattributeset hwservicemanager_prop_33_0 (hwservicemanager_prop))
+(typeattributeset hypervisor_prop_33_0 (hypervisor_prop))
+(typeattributeset icon_file_33_0 (icon_file))
+(typeattributeset idmap_33_0 (idmap))
+(typeattributeset idmap_exec_33_0 (idmap_exec))
+(typeattributeset idmap_service_33_0 (idmap_service))
+(typeattributeset iio_device_33_0 (iio_device))
+(typeattributeset imms_service_33_0 (imms_service))
+(typeattributeset incident_33_0 (incident))
+(typeattributeset incident_data_file_33_0 (incident_data_file))
+(typeattributeset incident_helper_33_0 (incident_helper))
+(typeattributeset incident_service_33_0 (incident_service))
+(typeattributeset incidentd_33_0 (incidentd))
+(typeattributeset incremental_control_file_33_0 (incremental_control_file))
+(typeattributeset incremental_prop_33_0 (incremental_prop))
+(typeattributeset incremental_service_33_0 (incremental_service))
+(typeattributeset init_33_0 (init))
+(typeattributeset init_exec_33_0 (init_exec))
+(typeattributeset init_service_status_prop_33_0 (init_service_status_prop))
+(typeattributeset init_tmpfs_33_0 (init_tmpfs))
+(typeattributeset inotify_33_0 (inotify))
+(typeattributeset input_device_33_0 (input_device))
+(typeattributeset input_method_service_33_0 (input_method_service))
+(typeattributeset input_service_33_0 (input_service))
+(typeattributeset inputflinger_33_0 (inputflinger))
+(typeattributeset inputflinger_exec_33_0 (inputflinger_exec))
+(typeattributeset inputflinger_service_33_0 (inputflinger_service))
+(typeattributeset install_data_file_33_0 (install_data_file))
+(typeattributeset installd_33_0 (installd))
+(typeattributeset installd_exec_33_0 (installd_exec))
+(typeattributeset installd_service_33_0 (installd_service))
+(typeattributeset ion_device_33_0 (ion_device))
+(typeattributeset iorap_inode2filename_33_0 (iorap_inode2filename))
+(typeattributeset iorap_inode2filename_exec_33_0 (iorap_inode2filename_exec))
+(typeattributeset iorap_inode2filename_tmpfs_33_0 (iorap_inode2filename_tmpfs))
+(typeattributeset iorap_prefetcherd_33_0 (iorap_prefetcherd))
+(typeattributeset iorap_prefetcherd_exec_33_0 (iorap_prefetcherd_exec))
+(typeattributeset iorap_prefetcherd_tmpfs_33_0 (iorap_prefetcherd_tmpfs))
+(typeattributeset iorapd_33_0 (iorapd))
+(typeattributeset iorapd_data_file_33_0 (iorapd_data_file))
+(typeattributeset iorapd_exec_33_0 (iorapd_exec))
+(typeattributeset iorapd_service_33_0 (iorapd_service))
+(typeattributeset iorapd_tmpfs_33_0 (iorapd_tmpfs))
+(typeattributeset ipsec_service_33_0 (ipsec_service))
+(typeattributeset iris_service_33_0 (iris_service))
+(typeattributeset iris_vendor_data_file_33_0 (iris_vendor_data_file))
+(typeattributeset isolated_app_33_0 (isolated_app))
+(typeattributeset jobscheduler_service_33_0 (jobscheduler_service))
+(typeattributeset kernel_33_0 (kernel))
+(typeattributeset keychain_data_file_33_0 (keychain_data_file))
+(typeattributeset keychord_device_33_0 (keychord_device))
+(typeattributeset keyguard_config_prop_33_0 (keyguard_config_prop))
+(typeattributeset keystore2_key_contexts_file_33_0 (keystore2_key_contexts_file))
+(typeattributeset keystore_33_0 (keystore))
+(typeattributeset keystore_compat_hal_service_33_0 (keystore_compat_hal_service))
+(typeattributeset keystore_data_file_33_0 (keystore_data_file))
+(typeattributeset keystore_exec_33_0 (keystore_exec))
+(typeattributeset keystore_maintenance_service_33_0 (keystore_maintenance_service))
+(typeattributeset keystore_metrics_service_33_0 (keystore_metrics_service))
+(typeattributeset keystore_service_33_0 (keystore_service))
+(typeattributeset kmsg_debug_device_33_0 (kmsg_debug_device))
+(typeattributeset kmsg_device_33_0 (kmsg_device))
+(typeattributeset labeledfs_33_0 (labeledfs))
+(typeattributeset launcherapps_service_33_0 (launcherapps_service))
+(typeattributeset legacy_permission_service_33_0 (legacy_permission_service))
+(typeattributeset legacykeystore_service_33_0 (legacykeystore_service))
+(typeattributeset libc_debug_prop_33_0 (libc_debug_prop))
+(typeattributeset light_service_33_0 (light_service))
+(typeattributeset linkerconfig_file_33_0 (linkerconfig_file))
+(typeattributeset llkd_33_0 (llkd))
+(typeattributeset llkd_exec_33_0 (llkd_exec))
+(typeattributeset llkd_prop_33_0 (llkd_prop))
+(typeattributeset lmkd_33_0 (lmkd))
+(typeattributeset lmkd_config_prop_33_0 (lmkd_config_prop))
+(typeattributeset lmkd_exec_33_0 (lmkd_exec))
+(typeattributeset lmkd_prop_33_0 (lmkd_prop))
+(typeattributeset lmkd_socket_33_0 (lmkd_socket))
+(typeattributeset locale_service_33_0 (locale_service))
+(typeattributeset location_service_33_0 (location_service))
+(typeattributeset location_time_zone_manager_service_33_0 (location_time_zone_manager_service))
+(typeattributeset lock_settings_service_33_0 (lock_settings_service))
+(typeattributeset log_prop_33_0 (log_prop))
+(typeattributeset log_tag_prop_33_0 (log_tag_prop))
+(typeattributeset logcat_exec_33_0 (logcat_exec))
+(typeattributeset logd_33_0 (logd))
+(typeattributeset logd_exec_33_0 (logd_exec))
+(typeattributeset logd_prop_33_0 (logd_prop))
+(typeattributeset logd_socket_33_0 (logd_socket))
+(typeattributeset logdr_socket_33_0 (logdr_socket))
+(typeattributeset logdw_socket_33_0 (logdw_socket))
+(typeattributeset logpersist_33_0 (logpersist))
+(typeattributeset logpersistd_logging_prop_33_0 (logpersistd_logging_prop))
+(typeattributeset loop_control_device_33_0 (loop_control_device))
+(typeattributeset loop_device_33_0 (loop_device))
+(typeattributeset looper_stats_service_33_0 (looper_stats_service))
+(typeattributeset lowpan_device_33_0 (lowpan_device))
+(typeattributeset lowpan_prop_33_0 (lowpan_prop))
+(typeattributeset lowpan_service_33_0 (lowpan_service))
+(typeattributeset lpdump_service_33_0 (lpdump_service))
+(typeattributeset lpdumpd_prop_33_0 (lpdumpd_prop))
+(typeattributeset mac_perms_file_33_0 (mac_perms_file))
+(typeattributeset mdns_service_33_0 (mdns_service))
+(typeattributeset mdns_socket_33_0 (mdns_socket))
+(typeattributeset mdnsd_33_0 (mdnsd))
+(typeattributeset mdnsd_socket_33_0 (mdnsd_socket))
+(typeattributeset media_communication_service_33_0 (media_communication_service))
+(typeattributeset media_config_prop_33_0 (media_config_prop))
+(typeattributeset media_data_file_33_0 (media_data_file))
+(typeattributeset media_metrics_service_33_0 (media_metrics_service))
+(typeattributeset media_projection_service_33_0 (media_projection_service))
+(typeattributeset media_router_service_33_0 (media_router_service))
+(typeattributeset media_rw_data_file_33_0 (media_rw_data_file media_userdir_file))
+(typeattributeset media_session_service_33_0 (media_session_service))
+(typeattributeset media_variant_prop_33_0 (media_variant_prop))
+(typeattributeset mediadrm_config_prop_33_0 (mediadrm_config_prop))
+(typeattributeset mediadrmserver_33_0 (mediadrmserver))
+(typeattributeset mediadrmserver_exec_33_0 (mediadrmserver_exec))
+(typeattributeset mediadrmserver_service_33_0 (mediadrmserver_service))
+(typeattributeset mediaextractor_33_0 (mediaextractor))
+(typeattributeset mediaextractor_exec_33_0 (mediaextractor_exec))
+(typeattributeset mediaextractor_service_33_0 (mediaextractor_service))
+(typeattributeset mediaextractor_tmpfs_33_0 (mediaextractor_tmpfs))
+(typeattributeset mediametrics_33_0 (mediametrics))
+(typeattributeset mediametrics_exec_33_0 (mediametrics_exec))
+(typeattributeset mediametrics_service_33_0 (mediametrics_service))
+(typeattributeset mediaprovider_33_0 (mediaprovider))
+(typeattributeset mediaserver_33_0 (mediaserver))
+(typeattributeset mediaserver_exec_33_0 (mediaserver_exec))
+(typeattributeset mediaserver_service_33_0 (mediaserver_service))
+(typeattributeset mediaserver_tmpfs_33_0 (mediaserver_tmpfs))
+(typeattributeset mediaswcodec_33_0 (mediaswcodec))
+(typeattributeset mediaswcodec_exec_33_0 (mediaswcodec_exec))
+(typeattributeset mediatranscoding_33_0 (mediatranscoding))
+(typeattributeset mediatranscoding_service_33_0 (mediatranscoding_service))
+(typeattributeset meminfo_service_33_0 (meminfo_service))
+(typeattributeset memtrackproxy_service_33_0 (memtrackproxy_service))
+(typeattributeset metadata_block_device_33_0 (metadata_block_device))
+(typeattributeset metadata_bootstat_file_33_0 (metadata_bootstat_file))
+(typeattributeset metadata_file_33_0 (metadata_file))
+(typeattributeset method_trace_data_file_33_0 (method_trace_data_file))
+(typeattributeset midi_service_33_0 (midi_service))
+(typeattributeset mirror_data_file_33_0 (mirror_data_file))
+(typeattributeset misc_block_device_33_0 (misc_block_device))
+(typeattributeset misc_logd_file_33_0 (misc_logd_file))
+(typeattributeset misc_user_data_file_33_0 (misc_user_data_file))
+(typeattributeset mm_events_config_prop_33_0 (mm_events_config_prop))
+(typeattributeset mmc_prop_33_0 (mmc_prop))
+(typeattributeset mnt_expand_file_33_0 (mnt_expand_file))
+(typeattributeset mnt_media_rw_file_33_0 (mnt_media_rw_file))
+(typeattributeset mnt_media_rw_stub_file_33_0 (mnt_media_rw_stub_file))
+(typeattributeset mnt_pass_through_file_33_0 (mnt_pass_through_file))
+(typeattributeset mnt_product_file_33_0 (mnt_product_file))
+(typeattributeset mnt_sdcard_file_33_0 (mnt_sdcard_file))
+(typeattributeset mnt_user_file_33_0 (mnt_user_file))
+(typeattributeset mnt_vendor_file_33_0 (mnt_vendor_file))
+(typeattributeset mock_ota_prop_33_0 (mock_ota_prop))
+(typeattributeset modprobe_33_0 (modprobe))
+(typeattributeset module_sdkextensions_prop_33_0 (module_sdkextensions_prop))
+(typeattributeset mount_service_33_0 (mount_service))
+(typeattributeset mqueue_33_0 (mqueue))
+(typeattributeset mtp_33_0 (mtp))
+(typeattributeset mtp_device_33_0 (mtp_device))
+(typeattributeset mtp_exec_33_0 (mtp_exec))
+(typeattributeset mtpd_socket_33_0 (mtpd_socket))
+(typeattributeset music_recognition_service_33_0 (music_recognition_service))
+(typeattributeset nativetest_data_file_33_0 (nativetest_data_file))
+(typeattributeset nearby_service_33_0 (nearby_service))
+(typeattributeset net_data_file_33_0 (net_data_file))
+(typeattributeset net_dns_prop_33_0 (net_dns_prop))
+(typeattributeset net_radio_prop_33_0 (net_radio_prop))
+(typeattributeset netd_33_0 (netd))
+(typeattributeset netd_exec_33_0 (netd_exec))
+(typeattributeset netd_listener_service_33_0 (netd_listener_service))
+(typeattributeset netd_service_33_0 (netd_service))
+(typeattributeset netif_33_0 (netif))
+(typeattributeset netpolicy_service_33_0 (netpolicy_service))
+(typeattributeset netstats_service_33_0 (netstats_service))
+(typeattributeset netutils_wrapper_33_0 (netutils_wrapper))
+(typeattributeset netutils_wrapper_exec_33_0 (netutils_wrapper_exec))
+(typeattributeset network_management_service_33_0 (network_management_service))
+(typeattributeset network_score_service_33_0 (network_score_service))
+(typeattributeset network_stack_33_0 (network_stack))
+(typeattributeset network_stack_service_33_0 (network_stack_service))
+(typeattributeset network_time_update_service_33_0 (network_time_update_service))
+(typeattributeset network_watchlist_data_file_33_0 (network_watchlist_data_file))
+(typeattributeset network_watchlist_service_33_0 (network_watchlist_service))
+(typeattributeset nfc_33_0 (nfc))
+(typeattributeset nfc_data_file_33_0 (nfc_data_file))
+(typeattributeset nfc_device_33_0 (nfc_device))
+(typeattributeset nfc_logs_data_file_33_0 (nfc_logs_data_file))
+(typeattributeset nfc_prop_33_0 (nfc_prop))
+(typeattributeset nfc_service_33_0 (nfc_service))
+(typeattributeset nnapi_ext_deny_product_prop_33_0 (nnapi_ext_deny_product_prop))
+(typeattributeset node_33_0 (node))
+(typeattributeset notification_service_33_0 (notification_service))
+(typeattributeset null_device_33_0 (null_device))
+(typeattributeset oem_lock_service_33_0 (oem_lock_service))
+(typeattributeset oem_unlock_prop_33_0 (oem_unlock_prop))
+(typeattributeset oemfs_33_0 (oemfs))
+(typeattributeset ota_data_file_33_0 (ota_data_file))
+(typeattributeset ota_metadata_file_33_0 (ota_metadata_file))
+(typeattributeset ota_package_file_33_0 (ota_package_file))
+(typeattributeset ota_prop_33_0 (ota_prop))
+(typeattributeset otadexopt_service_33_0 (otadexopt_service))
+(typeattributeset otapreopt_chroot_33_0 (otapreopt_chroot))
+(typeattributeset overlay_prop_33_0 (overlay_prop))
+(typeattributeset overlay_service_33_0 (overlay_service))
+(typeattributeset overlayfs_file_33_0 (overlayfs_file))
+(typeattributeset owntty_device_33_0 (owntty_device))
+(typeattributeset pac_proxy_service_33_0 (pac_proxy_service))
+(typeattributeset package_native_service_33_0 (package_native_service))
+(typeattributeset package_service_33_0 (package_service))
+(typeattributeset packagemanager_config_prop_33_0 (packagemanager_config_prop))
+(typeattributeset packages_list_file_33_0 (packages_list_file))
+(typeattributeset pan_result_prop_33_0 (pan_result_prop))
+(typeattributeset password_slot_metadata_file_33_0 (password_slot_metadata_file))
+(typeattributeset pdx_bufferhub_client_channel_socket_33_0 (pdx_bufferhub_client_channel_socket))
+(typeattributeset pdx_bufferhub_client_endpoint_socket_33_0 (pdx_bufferhub_client_endpoint_socket))
+(typeattributeset pdx_bufferhub_dir_33_0 (pdx_bufferhub_dir))
+(typeattributeset pdx_display_client_channel_socket_33_0 (pdx_display_client_channel_socket))
+(typeattributeset pdx_display_client_endpoint_socket_33_0 (pdx_display_client_endpoint_socket))
+(typeattributeset pdx_display_dir_33_0 (pdx_display_dir))
+(typeattributeset pdx_display_manager_channel_socket_33_0 (pdx_display_manager_channel_socket))
+(typeattributeset pdx_display_manager_endpoint_socket_33_0 (pdx_display_manager_endpoint_socket))
+(typeattributeset pdx_display_screenshot_channel_socket_33_0 (pdx_display_screenshot_channel_socket))
+(typeattributeset pdx_display_screenshot_endpoint_socket_33_0 (pdx_display_screenshot_endpoint_socket))
+(typeattributeset pdx_display_vsync_channel_socket_33_0 (pdx_display_vsync_channel_socket))
+(typeattributeset pdx_display_vsync_endpoint_socket_33_0 (pdx_display_vsync_endpoint_socket))
+(typeattributeset pdx_performance_client_channel_socket_33_0 (pdx_performance_client_channel_socket))
+(typeattributeset pdx_performance_client_endpoint_socket_33_0 (pdx_performance_client_endpoint_socket))
+(typeattributeset pdx_performance_dir_33_0 (pdx_performance_dir))
+(typeattributeset people_service_33_0 (people_service))
+(typeattributeset perfetto_33_0 (perfetto))
+(typeattributeset performanced_33_0 (performanced))
+(typeattributeset performanced_exec_33_0 (performanced_exec))
+(typeattributeset permission_checker_service_33_0 (permission_checker_service))
+(typeattributeset permission_service_33_0 (permission_service))
+(typeattributeset permissionmgr_service_33_0 (permissionmgr_service))
+(typeattributeset persist_debug_prop_33_0 (persist_debug_prop))
+(typeattributeset persist_vendor_debug_wifi_prop_33_0 (persist_vendor_debug_wifi_prop))
+(typeattributeset persist_wm_debug_prop_33_0 (persist_wm_debug_prop))
+(typeattributeset persistent_data_block_service_33_0 (persistent_data_block_service))
+(typeattributeset persistent_properties_ready_prop_33_0 (persistent_properties_ready_prop))
+(typeattributeset pinner_service_33_0 (pinner_service))
+(typeattributeset pipefs_33_0 (pipefs))
+(typeattributeset platform_app_33_0 (platform_app))
+(typeattributeset platform_compat_service_33_0 (platform_compat_service))
+(typeattributeset pmsg_device_33_0 (pmsg_device))
+(typeattributeset port_33_0 (port))
+(typeattributeset port_device_33_0 (port_device))
+(typeattributeset postinstall_33_0 (postinstall))
+(typeattributeset postinstall_apex_mnt_dir_33_0 (postinstall_apex_mnt_dir))
+(typeattributeset postinstall_file_33_0 (postinstall_file))
+(typeattributeset postinstall_mnt_dir_33_0 (postinstall_mnt_dir))
+(typeattributeset power_debug_prop_33_0 (power_debug_prop))
+(typeattributeset power_service_33_0 (power_service))
+(typeattributeset powerctl_prop_33_0 (powerctl_prop))
+(typeattributeset powerstats_service_33_0 (powerstats_service))
+(typeattributeset ppp_33_0 (ppp))
+(typeattributeset ppp_device_33_0 (ppp_device))
+(typeattributeset ppp_exec_33_0 (ppp_exec))
+(typeattributeset preloads_data_file_33_0 (preloads_data_file))
+(typeattributeset preloads_media_file_33_0 (preloads_media_file))
+(typeattributeset prereboot_data_file_33_0 (prereboot_data_file))
+(typeattributeset print_service_33_0 (print_service))
+(typeattributeset priv_app_33_0 (priv_app))
+(typeattributeset privapp_data_file_33_0 (privapp_data_file))
+(typeattributeset proc_33_0 (proc))
+(typeattributeset proc_abi_33_0 (proc_abi))
+(typeattributeset proc_asound_33_0 (proc_asound))
+(typeattributeset proc_bluetooth_writable_33_0 (proc_bluetooth_writable))
+(typeattributeset proc_bootconfig_33_0 (proc_bootconfig))
+(typeattributeset proc_bpf_33_0 (proc_bpf))
+(typeattributeset proc_buddyinfo_33_0 (proc_buddyinfo))
+(typeattributeset proc_cmdline_33_0 (proc_cmdline))
+(typeattributeset proc_cpu_alignment_33_0 (proc_cpu_alignment))
+(typeattributeset proc_cpuinfo_33_0 (proc_cpuinfo))
+(typeattributeset proc_dirty_33_0 (proc_dirty))
+(typeattributeset proc_diskstats_33_0 (proc_diskstats))
+(typeattributeset proc_drop_caches_33_0 (proc_drop_caches))
+(typeattributeset proc_extra_free_kbytes_33_0 (proc_extra_free_kbytes))
+(typeattributeset proc_filesystems_33_0 (proc_filesystems))
+(typeattributeset proc_fs_verity_33_0 (proc))
+(typeattributeset proc_hostname_33_0 (proc_hostname))
+(typeattributeset proc_hung_task_33_0 (proc_hung_task))
+(typeattributeset proc_interrupts_33_0 (proc_interrupts))
+(typeattributeset proc_iomem_33_0 (proc_iomem))
+(typeattributeset proc_kallsyms_33_0 (proc_kallsyms))
+(typeattributeset proc_keys_33_0 (proc_keys))
+(typeattributeset proc_kmsg_33_0 (proc_kmsg))
+(typeattributeset proc_kpageflags_33_0 (proc_kpageflags))
+(typeattributeset proc_loadavg_33_0 (proc_loadavg))
+(typeattributeset proc_locks_33_0 (proc_locks))
+(typeattributeset proc_lowmemorykiller_33_0 (proc_lowmemorykiller))
+(typeattributeset proc_max_map_count_33_0 (proc_max_map_count))
+(typeattributeset proc_meminfo_33_0 (proc_meminfo))
+(typeattributeset proc_min_free_order_shift_33_0 (proc_min_free_order_shift))
+(typeattributeset proc_misc_33_0 (proc_misc))
+(typeattributeset proc_modules_33_0 (proc_modules))
+(typeattributeset proc_mounts_33_0 (proc_mounts))
+(typeattributeset proc_net_33_0 (proc_net))
+(typeattributeset proc_net_tcp_udp_33_0 (proc_net_tcp_udp))
+(typeattributeset proc_overcommit_memory_33_0 (proc_overcommit_memory))
+(typeattributeset proc_page_cluster_33_0 (proc_page_cluster))
+(typeattributeset proc_pagetypeinfo_33_0 (proc_pagetypeinfo))
+(typeattributeset proc_panic_33_0 (proc_panic))
+(typeattributeset proc_perf_33_0 (proc_perf))
+(typeattributeset proc_pid_max_33_0 (proc_pid_max))
+(typeattributeset proc_pipe_conf_33_0 (proc_pipe_conf))
+(typeattributeset proc_pressure_cpu_33_0 (proc_pressure_cpu))
+(typeattributeset proc_pressure_io_33_0 (proc_pressure_io))
+(typeattributeset proc_pressure_mem_33_0 (proc_pressure_mem))
+(typeattributeset proc_qtaguid_ctrl_33_0 (proc_qtaguid_ctrl))
+(typeattributeset proc_qtaguid_stat_33_0 (proc_qtaguid_stat))
+(typeattributeset proc_random_33_0 (proc_random))
+(typeattributeset proc_sched_33_0 (proc_sched))
+(typeattributeset proc_security_33_0 (proc_security))
+(typeattributeset proc_slabinfo_33_0 (proc_slabinfo))
+(typeattributeset proc_stat_33_0 (proc_stat))
+(typeattributeset proc_swaps_33_0 (proc_swaps))
+(typeattributeset proc_sysrq_33_0 (proc_sysrq))
+(typeattributeset proc_timer_33_0 (proc_timer))
+(typeattributeset proc_tty_drivers_33_0 (proc_tty_drivers))
+(typeattributeset proc_uid_concurrent_active_time_33_0 (proc_uid_concurrent_active_time))
+(typeattributeset proc_uid_concurrent_policy_time_33_0 (proc_uid_concurrent_policy_time))
+(typeattributeset proc_uid_cpupower_33_0 (proc_uid_cpupower))
+(typeattributeset proc_uid_cputime_removeuid_33_0 (proc_uid_cputime_removeuid))
+(typeattributeset proc_uid_cputime_showstat_33_0 (proc_uid_cputime_showstat))
+(typeattributeset proc_uid_io_stats_33_0 (proc_uid_io_stats))
+(typeattributeset proc_uid_procstat_set_33_0 (proc_uid_procstat_set))
+(typeattributeset proc_uid_time_in_state_33_0 (proc_uid_time_in_state))
+(typeattributeset proc_uptime_33_0 (proc_uptime))
+(typeattributeset proc_vendor_sched_33_0 (proc_vendor_sched))
+(typeattributeset proc_version_33_0 (proc_version))
+(typeattributeset proc_vmallocinfo_33_0 (proc_vmallocinfo))
+(typeattributeset proc_vmstat_33_0 (proc_vmstat))
+(typeattributeset proc_watermark_boost_factor_33_0 (proc_watermark_boost_factor))
+(typeattributeset proc_watermark_scale_factor_33_0 (proc_watermark_scale_factor))
+(typeattributeset proc_zoneinfo_33_0 (proc_zoneinfo))
+(typeattributeset processinfo_service_33_0 (processinfo_service))
+(typeattributeset procstats_service_33_0 (procstats_service))
+(typeattributeset profman_33_0 (profman))
+(typeattributeset profman_dump_data_file_33_0 (profman_dump_data_file))
+(typeattributeset profman_exec_33_0 (profman_exec))
+(typeattributeset properties_device_33_0 (properties_device))
+(typeattributeset properties_serial_33_0 (properties_serial))
+(typeattributeset property_contexts_file_33_0 (property_contexts_file))
+(typeattributeset property_data_file_33_0 (property_data_file))
+(typeattributeset property_info_33_0 (property_info))
+(typeattributeset property_service_version_prop_33_0 (property_service_version_prop))
+(typeattributeset property_socket_33_0 (property_socket))
+(typeattributeset provisioned_prop_33_0 (provisioned_prop))
+(typeattributeset pstorefs_33_0 (pstorefs))
+(typeattributeset ptmx_device_33_0 (ptmx_device))
+(typeattributeset qemu_hw_prop_33_0 (qemu_hw_prop))
+(typeattributeset qemu_sf_lcd_density_prop_33_0 (qemu_sf_lcd_density_prop))
+(typeattributeset qtaguid_device_33_0 (qtaguid_device))
+(typeattributeset racoon_33_0 (racoon))
+(typeattributeset racoon_exec_33_0 (racoon_exec))
+(typeattributeset racoon_socket_33_0 (racoon_socket))
+(typeattributeset radio_33_0 (radio))
+(typeattributeset radio_control_prop_33_0 (radio_control_prop))
+(typeattributeset radio_core_data_file_33_0 (radio_core_data_file))
+(typeattributeset radio_data_file_33_0 (radio_data_file))
+(typeattributeset radio_device_33_0 (radio_device))
+(typeattributeset radio_prop_33_0 (radio_prop))
+(typeattributeset radio_service_33_0 (radio_service))
+(typeattributeset ram_device_33_0 (ram_device))
+(typeattributeset random_device_33_0 (random_device))
+(typeattributeset reboot_readiness_service_33_0 (reboot_readiness_service))
+(typeattributeset rebootescrow_hal_prop_33_0 (rebootescrow_hal_prop))
+(typeattributeset recovery_33_0 (recovery))
+(typeattributeset recovery_block_device_33_0 (recovery_block_device))
+(typeattributeset recovery_config_prop_33_0 (recovery_config_prop))
+(typeattributeset recovery_data_file_33_0 (recovery_data_file))
+(typeattributeset recovery_persist_33_0 (recovery_persist))
+(typeattributeset recovery_persist_exec_33_0 (recovery_persist_exec))
+(typeattributeset recovery_refresh_33_0 (recovery_refresh))
+(typeattributeset recovery_refresh_exec_33_0 (recovery_refresh_exec))
+(typeattributeset recovery_service_33_0 (recovery_service))
+(typeattributeset recovery_socket_33_0 (recovery_socket))
+(typeattributeset registry_service_33_0 (registry_service))
+(typeattributeset remotelyprovisionedkeypool_service_33_0 (remotelyprovisionedkeypool_service))
+(typeattributeset remoteprovisioning_service_33_0 (remoteprovisioning_service))
+(typeattributeset resourcecache_data_file_33_0 (resourcecache_data_file))
+(typeattributeset resources_manager_service_33_0 (resources_manager_service))
+(typeattributeset restorecon_prop_33_0 (restorecon_prop))
+(typeattributeset restrictions_service_33_0 (restrictions_service))
+(typeattributeset retaildemo_prop_33_0 (retaildemo_prop))
+(typeattributeset rild_debug_socket_33_0 (rild_debug_socket))
+(typeattributeset rild_socket_33_0 (rild_socket))
+(typeattributeset ringtone_file_33_0 (ringtone_file))
+(typeattributeset role_service_33_0 (role_service))
+(typeattributeset rollback_service_33_0 (rollback_service))
+(typeattributeset root_block_device_33_0 (root_block_device))
+(typeattributeset rootdisk_sysdev_33_0 (rootdisk_sysdev))
+(typeattributeset rootfs_33_0 (rootfs))
+(typeattributeset rpmsg_device_33_0 (rpmsg_device))
+(typeattributeset rs_33_0 (rs))
+(typeattributeset rs_exec_33_0 (rs_exec))
+(typeattributeset rss_hwm_reset_33_0 (rss_hwm_reset))
+(typeattributeset rtc_device_33_0 (rtc_device))
+(typeattributeset rttmanager_service_33_0 (rttmanager_service))
+(typeattributeset runas_33_0 (runas))
+(typeattributeset runas_app_33_0 (runas_app))
+(typeattributeset runas_exec_33_0 (runas_exec))
+(typeattributeset runtime_event_log_tags_file_33_0 (runtime_event_log_tags_file))
+(typeattributeset runtime_service_33_0 (runtime_service))
+(typeattributeset safemode_prop_33_0 (safemode_prop))
+(typeattributeset same_process_hal_file_33_0 (same_process_hal_file))
+(typeattributeset samplingprofiler_service_33_0 (samplingprofiler_service))
+(typeattributeset scheduling_policy_service_33_0 (scheduling_policy_service))
+(typeattributeset sdcard_block_device_33_0 (sdcard_block_device))
+(typeattributeset sdcardd_33_0 (sdcardd))
+(typeattributeset sdcardd_exec_33_0 (sdcardd_exec))
+(typeattributeset sdcardfs_33_0 (sdcardfs))
+(typeattributeset sdk_sandbox_service_33_0 (sdk_sandbox_service))
+(typeattributeset seapp_contexts_file_33_0 (seapp_contexts_file))
+(typeattributeset search_service_33_0 (search_service))
+(typeattributeset search_ui_service_33_0 (search_ui_service))
+(typeattributeset sec_key_att_app_id_provider_service_33_0 (sec_key_att_app_id_provider_service))
+(typeattributeset secure_element_33_0 (secure_element))
+(typeattributeset secure_element_device_33_0 (secure_element_device))
+(typeattributeset secure_element_service_33_0 (secure_element_service))
+(typeattributeset securityfs_33_0 (securityfs))
+(typeattributeset selection_toolbar_service_33_0 (selection_toolbar_service))
+(typeattributeset selinuxfs_33_0 (selinuxfs))
+(typeattributeset sendbug_config_prop_33_0 (sendbug_config_prop))
+(typeattributeset sensor_privacy_service_33_0 (sensor_privacy_service))
+(typeattributeset sensors_device_33_0 (sensors_device))
+(typeattributeset sensorservice_service_33_0 (sensorservice_service))
+(typeattributeset sepolicy_file_33_0 (sepolicy_file))
+(typeattributeset serial_device_33_0 (serial_device))
+(typeattributeset serial_service_33_0 (serial_service))
+(typeattributeset serialno_prop_33_0 (serialno_prop))
+(typeattributeset server_configurable_flags_data_file_33_0 (server_configurable_flags_data_file))
+(typeattributeset service_contexts_file_33_0 (service_contexts_file))
+(typeattributeset service_manager_service_33_0 (service_manager_service))
+(typeattributeset service_manager_vndservice_33_0 (service_manager_vndservice))
+(typeattributeset servicediscovery_service_33_0 (servicediscovery_service))
+(typeattributeset servicemanager_33_0 (servicemanager))
+(typeattributeset servicemanager_exec_33_0 (servicemanager_exec))
+(typeattributeset settings_service_33_0 (settings_service))
+(typeattributeset sgdisk_33_0 (sgdisk))
+(typeattributeset sgdisk_exec_33_0 (sgdisk_exec))
+(typeattributeset shared_relro_33_0 (shared_relro))
+(typeattributeset shared_relro_file_33_0 (shared_relro_file))
+(typeattributeset shell_33_0 (shell))
+(typeattributeset shell_data_file_33_0 (shell_data_file))
+(typeattributeset shell_exec_33_0 (shell_exec))
+(typeattributeset shell_prop_33_0 (shell_prop))
+(typeattributeset shell_test_data_file_33_0 (shell_test_data_file))
+(typeattributeset shm_33_0 (shm))
+(typeattributeset shortcut_manager_icons_33_0 (shortcut_manager_icons))
+(typeattributeset shortcut_service_33_0 (shortcut_service))
+(typeattributeset simpleperf_33_0 (simpleperf))
+(typeattributeset simpleperf_app_runner_33_0 (simpleperf_app_runner))
+(typeattributeset simpleperf_app_runner_exec_33_0 (simpleperf_app_runner_exec))
+(typeattributeset slice_service_33_0 (slice_service))
+(typeattributeset slideshow_33_0 (slideshow))
+(typeattributeset smart_idle_maint_enabled_prop_33_0 (smart_idle_maint_enabled_prop))
+(typeattributeset smartspace_service_33_0 (smartspace_service))
+(typeattributeset snapshotctl_log_data_file_33_0 (snapshotctl_log_data_file))
+(typeattributeset snapuserd_proxy_socket_33_0 (snapuserd_proxy_socket))
+(typeattributeset snapuserd_socket_33_0 (snapuserd_socket))
+(typeattributeset soc_prop_33_0 (soc_prop))
+(typeattributeset socket_device_33_0 (socket_device))
+(typeattributeset socket_hook_prop_33_0 (socket_hook_prop))
+(typeattributeset sockfs_33_0 (sockfs))
+(typeattributeset sota_prop_33_0 (sota_prop))
+(typeattributeset soundtrigger_middleware_service_33_0 (soundtrigger_middleware_service))
+(typeattributeset speech_recognition_service_33_0 (speech_recognition_service))
+(typeattributeset sqlite_log_prop_33_0 (sqlite_log_prop))
+(typeattributeset staged_install_file_33_0 (staged_install_file))
+(typeattributeset staging_data_file_33_0 (staging_data_file))
+(typeattributeset stats_data_file_33_0 (stats_data_file))
+(typeattributeset statsd_33_0 (statsd))
+(typeattributeset statsd_exec_33_0 (statsd_exec))
+(typeattributeset statsdw_socket_33_0 (statsdw_socket))
+(typeattributeset statusbar_service_33_0 (statusbar_service))
+(typeattributeset storage_config_prop_33_0 (storage_config_prop))
+(typeattributeset storage_file_33_0 (storage_file))
+(typeattributeset storage_stub_file_33_0 (storage_stub_file))
+(typeattributeset storaged_service_33_0 (storaged_service))
+(typeattributeset storagemanager_config_prop_33_0 (storagemanager_config_prop))
+(typeattributeset storagestats_service_33_0 (storagestats_service))
+(typeattributeset su_33_0 (su))
+(typeattributeset su_exec_33_0 (su_exec))
+(typeattributeset super_block_device_33_0 (super_block_device))
+(typeattributeset surfaceflinger_33_0 (surfaceflinger))
+(typeattributeset surfaceflinger_color_prop_33_0 (surfaceflinger_color_prop))
+(typeattributeset surfaceflinger_display_prop_33_0 (surfaceflinger_display_prop))
+(typeattributeset surfaceflinger_prop_33_0 (surfaceflinger_prop))
+(typeattributeset surfaceflinger_service_33_0 (surfaceflinger_service))
+(typeattributeset surfaceflinger_tmpfs_33_0 (surfaceflinger_tmpfs))
+(typeattributeset suspend_prop_33_0 (suspend_prop))
+(typeattributeset swap_block_device_33_0 (swap_block_device))
+(typeattributeset sysfs_33_0 (sysfs))
+(typeattributeset sysfs_android_usb_33_0 (sysfs_android_usb))
+(typeattributeset sysfs_batteryinfo_33_0 (sysfs_batteryinfo))
+(typeattributeset sysfs_bluetooth_writable_33_0 (sysfs_bluetooth_writable))
+(typeattributeset sysfs_devfreq_cur_33_0 (sysfs_devfreq_cur))
+(typeattributeset sysfs_devfreq_dir_33_0 (sysfs_devfreq_dir))
+(typeattributeset sysfs_devices_block_33_0 (sysfs_devices_block))
+(typeattributeset sysfs_devices_cs_etm_33_0 (sysfs_devices_cs_etm))
+(typeattributeset sysfs_devices_system_cpu_33_0 (sysfs_devices_system_cpu))
+(typeattributeset sysfs_dm_33_0 (sysfs_dm))
+(typeattributeset sysfs_dm_verity_33_0 (sysfs_dm_verity))
+(typeattributeset sysfs_dma_heap_33_0 (sysfs_dma_heap))
+(typeattributeset sysfs_dmabuf_stats_33_0 (sysfs_dmabuf_stats))
+(typeattributeset sysfs_dt_firmware_android_33_0 (sysfs_dt_firmware_android))
+(typeattributeset sysfs_extcon_33_0 (sysfs_extcon))
+(typeattributeset sysfs_fs_ext4_features_33_0 (sysfs_fs_ext4_features))
+(typeattributeset sysfs_fs_f2fs_33_0 (sysfs_fs_f2fs))
+(typeattributeset sysfs_fs_fuse_bpf_33_0 (sysfs_fs_fuse_bpf))
+(typeattributeset sysfs_fs_incfs_features_33_0 (sysfs_fs_incfs_features))
+(typeattributeset sysfs_fs_incfs_metrics_33_0 (sysfs_fs_incfs_metrics))
+(typeattributeset sysfs_gpu_33_0 (sysfs_gpu))
+(typeattributeset sysfs_hwrandom_33_0 (sysfs_hwrandom))
+(typeattributeset sysfs_ion_33_0 (sysfs_ion))
+(typeattributeset sysfs_ipv4_33_0 (sysfs_ipv4))
+(typeattributeset sysfs_kernel_notes_33_0 (sysfs_kernel_notes))
+(typeattributeset sysfs_leds_33_0 (sysfs_leds))
+(typeattributeset sysfs_loop_33_0 (sysfs_loop))
+(typeattributeset sysfs_lowmemorykiller_33_0 (sysfs_lowmemorykiller))
+(typeattributeset sysfs_lru_gen_enabled_33_0 (sysfs_lru_gen_enabled))
+(typeattributeset sysfs_net_33_0 (sysfs_net))
+(typeattributeset sysfs_nfc_power_writable_33_0 (sysfs_nfc_power_writable))
+(typeattributeset sysfs_power_33_0 (sysfs_power))
+(typeattributeset sysfs_rtc_33_0 (sysfs_rtc))
+(typeattributeset sysfs_suspend_stats_33_0 (sysfs_suspend_stats))
+(typeattributeset sysfs_switch_33_0 (sysfs_switch))
+(typeattributeset sysfs_thermal_33_0 (sysfs_thermal))
+(typeattributeset sysfs_transparent_hugepage_33_0 (sysfs_transparent_hugepage))
+(typeattributeset sysfs_uhid_33_0 (sysfs_uhid))
+(typeattributeset sysfs_uio_33_0 (sysfs_uio))
+(typeattributeset sysfs_usb_33_0 (sysfs_usb))
+(typeattributeset sysfs_usermodehelper_33_0 (sysfs_usermodehelper))
+(typeattributeset sysfs_vendor_sched_33_0 (sysfs_vendor_sched))
+(typeattributeset sysfs_vibrator_33_0 (sysfs_vibrator))
+(typeattributeset sysfs_wake_lock_33_0 (sysfs_wake_lock))
+(typeattributeset sysfs_wakeup_33_0 (sysfs_wakeup))
+(typeattributeset sysfs_wakeup_reasons_33_0 (sysfs_wakeup_reasons))
+(typeattributeset sysfs_wlan_fwpath_33_0 (sysfs_wlan_fwpath))
+(typeattributeset sysfs_zram_33_0 (sysfs_zram))
+(typeattributeset sysfs_zram_uevent_33_0 (sysfs_zram_uevent))
+(typeattributeset system_app_33_0 (system_app))
+(typeattributeset system_app_data_file_33_0 (system_app_data_file))
+(typeattributeset system_app_service_33_0 (system_app_service))
+(typeattributeset system_asan_options_file_33_0 (system_asan_options_file))
+(typeattributeset system_block_device_33_0 (system_block_device))
+(typeattributeset system_boot_reason_prop_33_0 (system_boot_reason_prop))
+(typeattributeset system_bootstrap_lib_file_33_0 (system_bootstrap_lib_file))
+(typeattributeset system_config_service_33_0 (system_config_service))
+(typeattributeset system_data_file_33_0 (system_data_file system_userdir_file))
+(typeattributeset system_data_root_file_33_0 (system_data_root_file))
+(typeattributeset system_dlkm_file_33_0 (system_dlkm_file))
+(typeattributeset system_event_log_tags_file_33_0 (system_event_log_tags_file))
+(typeattributeset system_file_33_0 (system_file))
+(typeattributeset system_group_file_33_0 (system_group_file))
+(typeattributeset system_jvmti_agent_prop_33_0 (system_jvmti_agent_prop))
+(typeattributeset system_lib_file_33_0 (system_lib_file))
+(typeattributeset system_linker_config_file_33_0 (system_linker_config_file))
+(typeattributeset system_linker_exec_33_0 (system_linker_exec))
+(typeattributeset system_lmk_prop_33_0 (system_lmk_prop))
+(typeattributeset system_ndebug_socket_33_0 (system_ndebug_socket))
+(typeattributeset system_net_netd_hwservice_33_0 (system_net_netd_hwservice))
+(typeattributeset system_passwd_file_33_0 (system_passwd_file))
+(typeattributeset system_prop_33_0 (system_prop))
+(typeattributeset system_seccomp_policy_file_33_0 (system_seccomp_policy_file))
+(typeattributeset system_security_cacerts_file_33_0 (system_security_cacerts_file))
+(typeattributeset system_server_33_0 (system_server))
+(typeattributeset system_server_dumper_service_33_0 (system_server_dumper_service))
+(typeattributeset system_server_tmpfs_33_0 (system_server_tmpfs))
+(typeattributeset system_suspend_control_internal_service_33_0 (system_suspend_control_internal_service))
+(typeattributeset system_suspend_control_service_33_0 (system_suspend_control_service))
+(typeattributeset system_suspend_hwservice_33_0 (system_suspend_hwservice))
+(typeattributeset system_trace_prop_33_0 (system_trace_prop))
+(typeattributeset system_unsolzygote_socket_33_0 (system_unsolzygote_socket))
+(typeattributeset system_update_service_33_0 (system_update_service))
+(typeattributeset system_wifi_keystore_hwservice_33_0 (system_wifi_keystore_hwservice))
+(typeattributeset system_wpa_socket_33_0 (system_wpa_socket))
+(typeattributeset system_zoneinfo_file_33_0 (system_zoneinfo_file))
+(typeattributeset systemkeys_data_file_33_0 (systemkeys_data_file))
+(typeattributeset systemsound_config_prop_33_0 (systemsound_config_prop))
+(typeattributeset tare_service_33_0 (tare_service))
+(typeattributeset task_profiles_api_file_33_0 (task_profiles_api_file))
+(typeattributeset task_profiles_file_33_0 (task_profiles_file))
+(typeattributeset task_service_33_0 (task_service))
+(typeattributeset tcpdump_exec_33_0 (tcpdump_exec))
+(typeattributeset tee_33_0 (tee))
+(typeattributeset tee_data_file_33_0 (tee_data_file))
+(typeattributeset tee_device_33_0 (tee_device))
+(typeattributeset telecom_service_33_0 (telecom_service))
+(typeattributeset telephony_config_prop_33_0 (telephony_config_prop))
+(typeattributeset telephony_status_prop_33_0 (telephony_status_prop))
+(typeattributeset test_boot_reason_prop_33_0 (test_boot_reason_prop))
+(typeattributeset test_harness_prop_33_0 (test_harness_prop))
+(typeattributeset testharness_service_33_0 (testharness_service))
+(typeattributeset tethering_service_33_0 (tethering_service))
+(typeattributeset textclassification_service_33_0 (textclassification_service))
+(typeattributeset textclassifier_data_file_33_0 (textclassifier_data_file))
+(typeattributeset textservices_service_33_0 (textservices_service))
+(typeattributeset texttospeech_service_33_0 (texttospeech_service))
+(typeattributeset theme_prop_33_0 (theme_prop))
+(typeattributeset thermal_service_33_0 (thermal_service))
+(typeattributeset time_prop_33_0 (time_prop))
+(typeattributeset timedetector_service_33_0 (timedetector_service))
+(typeattributeset timezone_service_33_0 (timezone_service))
+(typeattributeset timezonedetector_service_33_0 (timezonedetector_service))
+(typeattributeset tmpfs_33_0 (tmpfs))
+(typeattributeset tombstone_config_prop_33_0 (tombstone_config_prop))
+(typeattributeset tombstone_data_file_33_0 (tombstone_data_file))
+(typeattributeset tombstone_wifi_data_file_33_0 (tombstone_wifi_data_file))
+(typeattributeset tombstoned_33_0 (tombstoned))
+(typeattributeset tombstoned_crash_socket_33_0 (tombstoned_crash_socket))
+(typeattributeset tombstoned_exec_33_0 (tombstoned_exec))
+(typeattributeset tombstoned_intercept_socket_33_0 (tombstoned_intercept_socket))
+(typeattributeset tombstoned_java_trace_socket_33_0 (tombstoned_java_trace_socket))
+(typeattributeset toolbox_33_0 (toolbox))
+(typeattributeset toolbox_exec_33_0 (toolbox_exec))
+(typeattributeset trace_data_file_33_0 (trace_data_file))
+(typeattributeset traced_33_0 (traced))
+(typeattributeset traced_consumer_socket_33_0 (traced_consumer_socket))
+(typeattributeset traced_enabled_prop_33_0 (traced_enabled_prop))
+(typeattributeset traced_lazy_prop_33_0 (traced_lazy_prop))
+(typeattributeset traced_perf_33_0 (traced_perf))
+(typeattributeset traced_perf_socket_33_0 (traced_perf_socket))
+(typeattributeset traced_probes_33_0 (traced_probes))
+(typeattributeset traced_producer_socket_33_0 (traced_producer_socket))
+(typeattributeset traced_tmpfs_33_0 (traced_tmpfs))
+(typeattributeset traceur_app_33_0 (traceur_app))
+(typeattributeset translation_service_33_0 (translation_service))
+(typeattributeset trust_service_33_0 (trust_service))
+(typeattributeset tty_device_33_0 (tty_device))
+(typeattributeset tun_device_33_0 (tun_device))
+(typeattributeset tv_iapp_service_33_0 (tv_iapp_service))
+(typeattributeset tv_input_service_33_0 (tv_input_service))
+(typeattributeset tv_tuner_resource_mgr_service_33_0 (tv_tuner_resource_mgr_service))
+(typeattributeset tzdatacheck_33_0 (tzdatacheck))
+(typeattributeset tzdatacheck_exec_33_0 (tzdatacheck_exec))
+(typeattributeset ueventd_33_0 (ueventd))
+(typeattributeset ueventd_tmpfs_33_0 (ueventd_tmpfs))
+(typeattributeset uhid_device_33_0 (uhid_device))
+(typeattributeset uimode_service_33_0 (uimode_service))
+(typeattributeset uio_device_33_0 (uio_device))
+(typeattributeset uncrypt_33_0 (uncrypt))
+(typeattributeset uncrypt_exec_33_0 (uncrypt_exec))
+(typeattributeset uncrypt_socket_33_0 (uncrypt_socket))
+(typeattributeset unencrypted_data_file_33_0 (unencrypted_data_file))
+(typeattributeset unlabeled_33_0 (unlabeled))
+(typeattributeset untrusted_app_25_33_0 (untrusted_app_25))
+(typeattributeset untrusted_app_27_33_0 (untrusted_app_27))
+(typeattributeset untrusted_app_29_33_0 (untrusted_app_29))
+(typeattributeset untrusted_app_30_33_0 (untrusted_app_30))
+(typeattributeset untrusted_app_33_0
+ ( untrusted_app
+ untrusted_app_32
+))
+(typeattributeset update_engine_33_0 (update_engine))
+(typeattributeset update_engine_data_file_33_0 (update_engine_data_file))
+(typeattributeset update_engine_exec_33_0 (update_engine_exec))
+(typeattributeset update_engine_log_data_file_33_0 (update_engine_log_data_file))
+(typeattributeset update_engine_service_33_0 (update_engine_service))
+(typeattributeset update_engine_stable_service_33_0 (update_engine_stable_service))
+(typeattributeset update_verifier_33_0 (update_verifier))
+(typeattributeset update_verifier_exec_33_0 (update_verifier_exec))
+(typeattributeset updatelock_service_33_0 (updatelock_service))
+(typeattributeset uri_grants_service_33_0 (uri_grants_service))
+(typeattributeset usagestats_service_33_0 (usagestats_service))
+(typeattributeset usb_config_prop_33_0 (usb_config_prop))
+(typeattributeset usb_control_prop_33_0 (usb_control_prop))
+(typeattributeset usb_device_33_0 (usb_device))
+(typeattributeset usb_prop_33_0 (usb_prop))
+(typeattributeset usb_serial_device_33_0 (usb_serial_device))
+(typeattributeset usb_service_33_0 (usb_service))
+(typeattributeset usbaccessory_device_33_0 (usbaccessory_device))
+(typeattributeset usbd_33_0 (usbd))
+(typeattributeset usbd_exec_33_0 (usbd_exec))
+(typeattributeset usbfs_33_0 (usbfs))
+(typeattributeset use_memfd_prop_33_0 (use_memfd_prop))
+(typeattributeset user_profile_data_file_33_0 (user_profile_data_file))
+(typeattributeset user_profile_root_file_33_0 (user_profile_root_file))
+(typeattributeset user_service_33_0 (user_service))
+(typeattributeset userdata_block_device_33_0 (userdata_block_device))
+(typeattributeset userdata_sysdev_33_0 (userdata_sysdev))
+(typeattributeset usermodehelper_33_0 (usermodehelper))
+(typeattributeset userspace_reboot_config_prop_33_0 (userspace_reboot_config_prop))
+(typeattributeset userspace_reboot_exported_prop_33_0 (userspace_reboot_exported_prop))
+(typeattributeset userspace_reboot_metadata_file_33_0 (userspace_reboot_metadata_file))
+(typeattributeset uwb_service_33_0 (uwb_service))
+(typeattributeset vcn_management_service_33_0 (vcn_management_service))
+(typeattributeset vd_device_33_0 (vd_device))
+(typeattributeset vdc_33_0 (vdc))
+(typeattributeset vdc_exec_33_0 (vdc_exec))
+(typeattributeset vehicle_hal_prop_33_0 (vehicle_hal_prop))
+(typeattributeset vendor_apex_file_33_0 (vendor_apex_file))
+(typeattributeset vendor_app_file_33_0 (vendor_app_file))
+(typeattributeset vendor_cgroup_desc_file_33_0 (vendor_cgroup_desc_file))
+(typeattributeset vendor_configs_file_33_0 (vendor_configs_file))
+(typeattributeset vendor_data_file_33_0 (vendor_data_file vendor_userdir_file))
+(typeattributeset vendor_default_prop_33_0 (vendor_default_prop))
+(typeattributeset vendor_file_33_0 (vendor_file))
+(typeattributeset vendor_framework_file_33_0 (vendor_framework_file))
+(typeattributeset vendor_hal_file_33_0 (vendor_hal_file))
+(typeattributeset vendor_idc_file_33_0 (vendor_idc_file))
+(typeattributeset vendor_init_33_0 (vendor_init))
+(typeattributeset vendor_kernel_modules_33_0 (vendor_kernel_modules))
+(typeattributeset vendor_keychars_file_33_0 (vendor_keychars_file))
+(typeattributeset vendor_keylayout_file_33_0 (vendor_keylayout_file))
+(typeattributeset vendor_misc_writer_33_0 (vendor_misc_writer))
+(typeattributeset vendor_misc_writer_exec_33_0 (vendor_misc_writer_exec))
+(typeattributeset vendor_modprobe_33_0 (vendor_modprobe))
+(typeattributeset vendor_overlay_file_33_0 (vendor_overlay_file))
+(typeattributeset vendor_public_framework_file_33_0 (vendor_public_framework_file))
+(typeattributeset vendor_public_lib_file_33_0 (vendor_public_lib_file))
+(typeattributeset vendor_security_patch_level_prop_33_0 (vendor_security_patch_level_prop))
+(typeattributeset vendor_service_contexts_file_33_0 (vendor_service_contexts_file))
+(typeattributeset vendor_shell_33_0 (vendor_shell))
+(typeattributeset vendor_shell_exec_33_0 (vendor_shell_exec))
+(typeattributeset vendor_socket_hook_prop_33_0 (vendor_socket_hook_prop))
+(typeattributeset vendor_task_profiles_file_33_0 (vendor_task_profiles_file))
+(typeattributeset vendor_toolbox_exec_33_0 (vendor_toolbox_exec))
+(typeattributeset vendor_uuid_mapping_config_file_33_0 (vendor_uuid_mapping_config_file))
+(typeattributeset vendor_vm_data_file_33_0 (vendor_vm_data_file))
+(typeattributeset vendor_vm_file_33_0 (vendor_vm_file))
+(typeattributeset vfat_33_0 (vfat))
+(typeattributeset vibrator_manager_service_33_0 (vibrator_manager_service))
+(typeattributeset vibrator_service_33_0 (vibrator_service))
+(typeattributeset video_device_33_0 (video_device))
+(typeattributeset virtual_ab_prop_33_0 (virtual_ab_prop))
+(typeattributeset virtual_device_service_33_0 (virtual_device_service))
+(typeattributeset virtual_touchpad_33_0 (virtual_touchpad))
+(typeattributeset virtual_touchpad_exec_33_0 (virtual_touchpad_exec))
+(typeattributeset virtual_touchpad_service_33_0 (virtual_touchpad_service))
+(typeattributeset virtualization_service_33_0 (virtualization_service))
+(typeattributeset vndbinder_device_33_0 (vndbinder_device))
+(typeattributeset vndk_prop_33_0 (vndk_prop))
+(typeattributeset vndk_sp_file_33_0 (vndk_sp_file))
+(typeattributeset vndservice_contexts_file_33_0 (vndservice_contexts_file))
+(typeattributeset vndservicemanager_33_0 (vndservicemanager))
+(typeattributeset voiceinteraction_service_33_0 (voiceinteraction_service))
+(typeattributeset vold_33_0 (vold))
+(typeattributeset vold_config_prop_33_0 (vold_config_prop))
+(typeattributeset vold_data_file_33_0 (vold_data_file))
+(typeattributeset vold_device_33_0 (vold_device))
+(typeattributeset vold_exec_33_0 (vold_exec))
+(typeattributeset vold_metadata_file_33_0 (vold_metadata_file))
+(typeattributeset vold_post_fs_data_prop_33_0 (vold_post_fs_data_prop))
+(typeattributeset vold_prepare_subdirs_33_0 (vold_prepare_subdirs))
+(typeattributeset vold_prepare_subdirs_exec_33_0 (vold_prepare_subdirs_exec))
+(typeattributeset vold_prop_33_0 (vold_prop))
+(typeattributeset vold_service_33_0 (vold_service))
+(typeattributeset vold_status_prop_33_0 (vold_status_prop))
+(typeattributeset vpn_data_file_33_0 (vpn_data_file))
+(typeattributeset vpn_management_service_33_0 (vpn_management_service))
+(typeattributeset vr_hwc_service_33_0 (vr_hwc_service))
+(typeattributeset vr_manager_service_33_0 (vr_manager_service))
+(typeattributeset vrflinger_vsync_service_33_0 (vrflinger_vsync_service))
+(typeattributeset vts_config_prop_33_0 (vts_config_prop))
+(typeattributeset vts_status_prop_33_0 (vts_status_prop))
+(typeattributeset wallpaper_effects_generation_service_33_0 (wallpaper_effects_generation_service))
+(typeattributeset wallpaper_file_33_0 (wallpaper_file))
+(typeattributeset wallpaper_service_33_0 (wallpaper_service))
+(typeattributeset watchdog_device_33_0 (watchdog_device))
+(typeattributeset watchdog_metadata_file_33_0 (watchdog_metadata_file))
+(typeattributeset watchdogd_33_0 (watchdogd))
+(typeattributeset watchdogd_exec_33_0 (watchdogd_exec))
+(typeattributeset webview_zygote_33_0 (webview_zygote))
+(typeattributeset webview_zygote_exec_33_0 (webview_zygote_exec))
+(typeattributeset webview_zygote_tmpfs_33_0 (webview_zygote_tmpfs))
+(typeattributeset webviewupdate_service_33_0 (webviewupdate_service))
+(typeattributeset wifi_config_prop_33_0 (wifi_config_prop))
+(typeattributeset wifi_data_file_33_0 (wifi_data_file))
+(typeattributeset wifi_hal_prop_33_0 (wifi_hal_prop))
+(typeattributeset wifi_key_33_0 (wifi_key))
+(typeattributeset wifi_log_prop_33_0 (wifi_log_prop))
+(typeattributeset wifi_prop_33_0 (wifi_prop))
+(typeattributeset wifi_service_33_0 (wifi_service))
+(typeattributeset wifiaware_service_33_0 (wifiaware_service))
+(typeattributeset wificond_33_0 (wificond))
+(typeattributeset wificond_exec_33_0 (wificond_exec))
+(typeattributeset wifinl80211_service_33_0 (wifinl80211_service))
+(typeattributeset wifip2p_service_33_0 (wifip2p_service))
+(typeattributeset wifiscanner_service_33_0 (wifiscanner_service))
+(typeattributeset window_service_33_0 (window_service))
+(typeattributeset wpa_socket_33_0 (wpa_socket))
+(typeattributeset wpantund_33_0 (wpantund))
+(typeattributeset wpantund_exec_33_0 (wpantund_exec))
+(typeattributeset wpantund_service_33_0 (wpantund_service))
+(typeattributeset zero_device_33_0 (zero_device))
+(typeattributeset zoneinfo_data_file_33_0 (zoneinfo_data_file))
+(typeattributeset zram_config_prop_33_0 (zram_config_prop))
+(typeattributeset zram_control_prop_33_0 (zram_control_prop))
+(typeattributeset zygote_33_0 (zygote))
+(typeattributeset zygote_config_prop_33_0 (zygote_config_prop))
+(typeattributeset zygote_exec_33_0 (zygote_exec))
+(typeattributeset zygote_socket_33_0 (zygote_socket))
+(typeattributeset zygote_tmpfs_33_0 (zygote_tmpfs))
diff --git a/private/compat/33.0/33.0.compat.cil b/private/compat/33.0/33.0.compat.cil
new file mode 100644
index 0000000..53ee8ff
--- /dev/null
+++ b/private/compat/33.0/33.0.compat.cil
@@ -0,0 +1,3 @@
+;; complement CIL file for compatibility between ToT policy and 33.0 vendors.
+;; will be compiled along with other normal policy files, on 33.0 vendors.
+;;
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
new file mode 100644
index 0000000..30a7e35
--- /dev/null
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -0,0 +1,63 @@
+;; new_objects - a collection of types that have been introduced with ToT policy
+;; that have no analogue in 33.0 policy. Thus, we do not need to map
+;; these types to previous ones. Add here to pass checkapi tests.
+(type new_objects)
+(typeattribute new_objects)
+(typeattributeset new_objects
+ ( new_objects
+ adaptive_haptics_prop
+ apex_ready_prop
+ artd
+ bt_device
+ build_attestation_prop
+ credential_service
+ device_as_webcam
+ device_config_camera_native_prop
+ device_config_memory_safety_native_boot_prop
+ device_config_memory_safety_native_prop
+ device_config_vendor_system_native_prop
+ devicelock_service
+ fwk_altitude_service
+ fwk_camera_service
+ fwk_sensor_service
+ grammatical_inflection_service
+ hal_bluetooth_service
+ hal_bootctl_service
+ hal_cas_service
+ hal_remoteaccess_service
+ hal_secure_element_service
+ hal_tetheroffload_service
+ hal_thermal_service
+ hal_usb_gadget_service
+ hal_tv_input_service
+ hal_tv_hdmi_cec_service
+ hal_tv_hdmi_connection_service
+ hal_tv_hdmi_earc_service
+ hal_wifi_service
+ healthconnect_service
+ hypervisor_restricted_prop
+ isolated_compute_app
+ keystore_config_prop
+ ntfs
+ ondevicepersonalization_system_service
+ permissive_mte_prop
+ prng_seeder
+ recovery_usb_config_prop
+ remote_provisioning_service
+ rkpdapp
+ servicemanager_prop
+ system_net_netd_service
+ timezone_metadata_prop
+ tuner_config_prop
+ tuner_server_ctl_prop
+ usb_uvc_enabled_prop
+ virtual_face_hal_prop
+ virtual_fingerprint_hal_prop
+ hal_gatekeeper_service
+ hal_broadcastradio_service
+ hal_confirmationui_service
+ hal_fastboot_service
+ hal_can_controller_service
+ zoned_block_device
+ future_pm_prop
+ ))
diff --git a/private/compos_verify.te b/private/compos_verify.te
index 0a281f8..5b3615e 100644
--- a/private/compos_verify.te
+++ b/private/compos_verify.te
@@ -6,9 +6,10 @@
binder_use(compos_verify);
virtualizationservice_use(compos_verify);
-# Access instance image files
+# Read instance image & write VM logs
allow compos_verify apex_module_data_file:dir search;
-r_dir_file(compos_verify, apex_compos_data_file)
+allow compos_verify apex_compos_data_file:dir rw_dir_perms;
+allow compos_verify apex_compos_data_file:file { rw_file_perms create };
# Read CompOS info & signature files
allow compos_verify apex_art_data_file:dir search;
diff --git a/private/coredomain.te b/private/coredomain.te
index e4c9a52..96ce488 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -1,3 +1,4 @@
+get_prop(coredomain, apex_ready_prop)
get_prop(coredomain, boot_status_prop)
get_prop(coredomain, camera_config_prop)
get_prop(coredomain, dalvik_config_prop)
@@ -50,6 +51,7 @@
neverallow {
coredomain
-appdomain
+ -artd
-dex2oat
-dexoptanalyzer
-idmap
@@ -67,6 +69,7 @@
neverallow {
coredomain
-appdomain
+ -artd
-dex2oat
-dexoptanalyzer
-idmap
@@ -75,6 +78,7 @@
-heapprofd
userdebug_or_eng(`-profcollectd')
-postinstall_dexopt
+ -profman
-rs # spawned by appdomain, so carryover the exception above
userdebug_or_eng(`-simpleperf_boot')
-system_server
@@ -88,11 +92,12 @@
neverallow {
coredomain
-appdomain
+ -artd
+ -dex2oat
+ -dexoptanalyzer
-idmap
-init
-installd
- -iorap_inode2filename
- -iorap_prefetcherd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
@@ -108,11 +113,12 @@
neverallow {
coredomain
-appdomain
+ -artd
+ -dex2oat
+ -dexoptanalyzer
-idmap
-init
-installd
- -iorap_inode2filename
- -iorap_prefetcherd
-postinstall_dexopt
-rs # spawned by appdomain, so carryover the exception above
-system_server
diff --git a/private/crash_dump.te b/private/crash_dump.te
index 82ca403..bc6020e 100644
--- a/private/crash_dump.te
+++ b/private/crash_dump.te
@@ -20,7 +20,6 @@
-vold
}:process { ptrace signal sigchld sigstop sigkill };
-# TODO(b/186868271): Remove the keystore exception soon-ish (maybe by May 14, 2021?)
userdebug_or_eng(`
allow crash_dump {
apexd
@@ -31,13 +30,16 @@
}:process { ptrace signal sigchld sigstop sigkill };
')
+# Read ART APEX data directory
+allow crash_dump apex_art_data_file:dir { getattr search };
+allow crash_dump apex_art_data_file:file r_file_perms;
+
###
### neverallow assertions
###
-# ptrace neverallow assertions are spread throughout the other policy
-# files, so we avoid adding redundant assertions here
-
+# sigchld not explicitly forbidden since it's part of the
+# domain-transition-on-exec macros, and is by itself not sensitive
neverallow crash_dump {
apexd
userdebug_or_eng(`-apexd')
@@ -55,11 +57,7 @@
vendor_init
vold
userdebug_or_eng(`-vold')
-}:process { signal sigstop sigkill };
+}:process { ptrace signal sigstop sigkill };
neverallow crash_dump self:process ptrace;
neverallow crash_dump gpu_device:chr_file *;
-
-# Read ART APEX data directory
-allow crash_dump apex_art_data_file:dir { getattr search };
-allow crash_dump apex_art_data_file:file r_file_perms;
diff --git a/private/credstore.te b/private/credstore.te
index c410d76..434808f 100644
--- a/private/credstore.te
+++ b/private/credstore.te
@@ -10,3 +10,8 @@
# credstore needs to get keys from the remotely provisioned pool
allow credstore remotelyprovisionedkeypool_service:service_manager find;
+allow credstore keystore:keystore2 get_attestation_key;
+
+# credstore needs to get keys from the RKPD
+get_prop(credstore, remote_prov_prop)
+allow credstore remote_provisioning_service:service_manager find;
diff --git a/private/crosvm.te b/private/crosvm.te
index e47abd7..aae8323 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -10,17 +10,14 @@
neverallow { domain -crosvm -ueventd } kvm_device:chr_file ~getattr;
neverallowxperm { domain -crosvm } kvm_device:chr_file ioctl ~{ KVM_CHECK_EXTENSION };
-# Let crosvm mlock VM memory and page tables.
-allow crosvm self:capability ipc_lock;
-
# Let crosvm create temporary files.
tmpfs_domain(crosvm)
# Let crosvm receive file descriptors from VirtualizationService.
-allow crosvm virtualizationservice:fd use;
+allow crosvm virtualizationmanager:fd use;
-# Allow sending VirtualizationService the failure reason from the VM via pipe.
-allow crosvm virtualizationservice:fifo_file write;
+# Allow sending VirtualizationService the failure reason and console/log from the VM via pipe.
+allow crosvm virtualizationmanager:fifo_file write;
# Let crosvm read the composite disk images (virtualizationservice_data_file), APEXes
# (staging_data_file), APKs (apk_data_file and shell_data_file where the latter is for test apks in
@@ -31,6 +28,7 @@
staging_data_file
apk_data_file
app_data_file
+ privapp_data_file
apex_compos_data_file
shell_data_file
}:file { getattr read ioctl lock };
@@ -38,6 +36,49 @@
# Allow searching the directory where the composite disk images are.
allow crosvm virtualizationservice_data_file:dir search;
+# Allow crosvm to mlock guest memory.
+allow crosvm self:capability ipc_lock;
+
+# Let crosvm access its control socket as created by VS.
+# read, write, getattr: listener socket polling
+# accept: listener socket accepting new connection
+# Note that the open permission is not given as the socket is passed by FD.
+allow crosvm virtualizationmanager:unix_stream_socket { accept read write getattr getopt };
+
+# Let crosvm open test artifacts under /data/local/tmp with file path. (e.g. custom pvmfw.img)
+userdebug_or_eng(`
+ allow crosvm shell_data_file:dir search;
+ allow crosvm shell_data_file:file open;
+')
+
+# The instance image and the composite image should be writable as well because they could represent
+# mutable disks.
+allow crosvm {
+ virtualizationservice_data_file
+ app_data_file
+ privapp_data_file
+ apex_compos_data_file
+}:file write;
+
+# Allow crosvm to pipe console log to shell or app which could be the owner of a VM.
+allow crosvm adbd:fd use;
+allow crosvm adbd:unix_stream_socket { read write };
+
+# crosvm tries to use netlink sockets as part its APCI implementation, but we don't need it for AVF (b/228077254)
+dontaudit crosvm self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+# crosvm can write files in /data/local/tmp which are usually used for instance.img and logging by
+# compliance tests and demo apps. Write access to instance.img is particularily important because
+# the VM has to initialize the disk image on its first boot. Note that open access is still not
+# granted because the files are expected to be opened by the owner of the VM (apps or shell in case
+# when the vm is created by the `vm` tool) and handed over to crosvm as FD.
+allow crosvm shell_data_file:file write;
+
+# crosvm tries to read serial device, including the write-only pipe from virtualizationmanager (to
+# forward console/log to the host logcat).
+# crosvm only needs write permission, so dontaudit read
+dontaudit crosvm virtualizationmanager:fifo_file read;
+
# Don't allow crosvm to open files that it doesn't own.
# This is important because a malicious application could try to start a VM with a composite disk
# image referring by name to files which it doesn't have permission to open, trying to get crosvm to
@@ -48,31 +89,10 @@
staging_data_file
apk_data_file
app_data_file
+ privapp_data_file
userdebug_or_eng(`-shell_data_file')
}:file open;
-# The instance image and the composite image should be writable as well because they could represent
-# mutable disks.
-allow crosvm {
- virtualizationservice_data_file
- app_data_file
- apex_compos_data_file
-}:file write;
-
-# Allow crosvm to pipe console log to shell or app which could be the owner of a VM.
-allow crosvm adbd:fd use;
-allow crosvm adbd:unix_stream_socket { read write };
-
-# For ACPI
-allow crosvm self:netlink_generic_socket create_socket_perms_no_ioctl;
-
-# crosvm can write files in /data/local/tmp which are usually used for instance.img and logging by
-# compliance tests and demo apps. Write access to instance.img is particularily important because
-# the VM has to initialize the disk image on its first boot. Note that open access is still not
-# granted because the files are expected to be opened by the owner of the VM (apps or shell in case
-# when the vm is created by the `vm` tool) and handed over to crosvm as FD.
-allow crosvm shell_data_file:file write;
-
# Don't allow crosvm to have access to ordinary vendor files that are not for VMs.
full_treble_only(`
neverallow crosvm {
@@ -87,19 +107,20 @@
}:file *;
')
-# app_data_file and shell_data_file is the only app_data_file_type that is
-# allowed for crosvm to read. Note that the use of app_data_file is allowed
-# only for the instance disk image. This is enforced inside the
-# virtualizationservice by checking the file context of all disk image files.
+# Only allow crosvm to read app data files for clients that can start
+# VMs. Note that the use of app data files is further restricted
+# inside the virtualizationservice by checking the label of all disk
+# image files.
neverallow crosvm {
app_data_file_type
-app_data_file
+ -privapp_data_file
-shell_data_file
}:file read;
-# Only virtualizationservice can run crosvm
+# Only virtualizationmanager can run crosvm
neverallow {
domain
-crosvm
- -virtualizationservice
+ -virtualizationmanager
} crosvm_exec:file no_x_file_perms;
diff --git a/private/derive_sdk.te b/private/derive_sdk.te
index 1f60e34..f46c614 100644
--- a/private/derive_sdk.te
+++ b/private/derive_sdk.te
@@ -10,3 +10,11 @@
# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
set_prop(derive_sdk, module_sdkextensions_prop)
neverallow { domain -init -derive_sdk } module_sdkextensions_prop:property_service set;
+
+# Allow derive_sdk to write data back to dumpstate when forked from dumpstate.
+# The shell_data_file permissions are needed when a bugreport is taken:
+# dumpstate will redirect its stdout to a temporary shell_data_file:file, and
+# this makes derive_sdk append to that file.
+allow derive_sdk dumpstate:fd use;
+allow derive_sdk dumpstate:unix_stream_socket { read write };
+allow derive_sdk shell_data_file:file { getattr append read write };
diff --git a/private/device_as_webcam.te b/private/device_as_webcam.te
new file mode 100644
index 0000000..98c91c2
--- /dev/null
+++ b/private/device_as_webcam.te
@@ -0,0 +1,21 @@
+# Domain for DeviceAsWebcam Service
+type device_as_webcam, domain, coredomain, mlstrustedsubject;
+
+app_domain(device_as_webcam)
+
+allow device_as_webcam system_app_data_file:dir create_dir_perms;
+allow device_as_webcam system_app_data_file:file create_file_perms;
+
+allow device_as_webcam { app_api_service cameraserver_service }:service_manager find;
+
+# Allow DeviceAsWebcam Service needs to access ro.usb.uvc.enabled property to
+# enale/disable itself
+get_prop(device_as_webcam, usb_uvc_enabled_prop)
+
+# need to access /dev to list all devices
+allow device_as_webcam device:dir r_dir_perms;
+
+# UVC nodes are mounted as V4L2 nodes (/dev/video*) on the device. These need to
+# be accessed by the DeviceAsWebcam Service.
+allow device_as_webcam video_device:dir r_dir_perms;
+allow device_as_webcam video_device:chr_file rw_file_perms;
diff --git a/private/dex2oat.te b/private/dex2oat.te
index e7cdd5f..ea9ab9c 100644
--- a/private/dex2oat.te
+++ b/private/dex2oat.te
@@ -10,12 +10,13 @@
# Access /vendor/framework
allow dex2oat vendor_framework_file:dir { getattr search };
allow dex2oat vendor_framework_file:file { getattr open read map };
+# Access /vendor/overlay
+r_dir_file(dex2oat, vendor_overlay_file);
allow dex2oat tmpfs:file { read getattr map };
r_dir_file(dex2oat, dalvikcache_data_file)
allow dex2oat dalvikcache_data_file:file write;
-allow dex2oat installd:fd use;
# Acquire advisory lock on /system/framework/arm/*
allow dex2oat system_file:file lock;
@@ -38,12 +39,8 @@
# Allow dex2oat to find files and directories under /data/misc/apexdata/com.android.runtime.
allow dex2oat apex_module_data_file:dir search;
-# Allow dex2oat to use file descriptors passed from odrefresh.
-allow dex2oat odrefresh:fd use;
-
-# Allow dex2oat to use devpts and file descriptors passed from odsign
+# Allow dex2oat to use devpts passed from odsign.
allow dex2oat odsign_devpts:chr_file { read write };
-allow dex2oat odsign:fd use;
# Allow dex2oat to write to file descriptors from odrefresh for files
# in the staging area.
@@ -61,6 +58,12 @@
# Allow dex2oat to read /apex/apex-info-list.xml
allow dex2oat apex_info_file:file r_file_perms;
+# Allow dex2oat to use file descriptors passed from privileged programs.
+allow dex2oat { artd installd odrefresh odsign }:fd use;
+
+# Allow dex2oat to read the /proc filesystem for CPU features, etc.
+allow dex2oat proc_filesystems:file r_file_perms;
+
##################
# A/B OTA Dexopt #
##################
diff --git a/private/dexoptanalyzer.te b/private/dexoptanalyzer.te
index 8eb1d29..ca715c1 100644
--- a/private/dexoptanalyzer.te
+++ b/private/dexoptanalyzer.te
@@ -45,6 +45,10 @@
# package manager.
allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map };
+# dexoptanalyzer checks the DM files next to dex files. We don't need this check
+# for secondary dex files, but it's not harmful. Just deny it and ignore it.
+dontaudit dexoptanalyzer { privapp_data_file app_data_file }:dir search;
+
# Allow testing /data/user/0 which symlinks to /data/data
allow dexoptanalyzer system_data_file:lnk_file { getattr };
diff --git a/private/domain.te b/private/domain.te
index bcb9d52..4ad7298 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -2,7 +2,9 @@
# This occurs when the process crashes.
# We do not apply this to the su domain to avoid interfering with
# tests (b/114136122)
-domain_auto_trans({ domain userdebug_or_eng(`-su') }, crash_dump_exec, crash_dump);
+# We exempt crosvm because parts of its memory are inaccessible to the
+# kernel. TODO(b/238324526): Remove this.
+domain_auto_trans({ domain userdebug_or_eng(`-su') -crosvm }, crash_dump_exec, crash_dump);
allow domain crash_dump:process sigchld;
# Allow every process to check the heapprofd.enable properties to determine
@@ -10,44 +12,49 @@
# heap profiling, as initialization will fail if it does not have the
# necessary SELinux permissions.
get_prop(domain, heapprofd_prop);
-# Allow heap profiling on debug builds.
-userdebug_or_eng(`can_profile_heap({
- domain
- -bpfloader
- -init
- -kernel
- -keystore
- -llkd
- -logd
- -logpersist
- -recovery
- -recovery_persist
- -recovery_refresh
- -ueventd
- -vendor_init
- -vold
-})')
-# As above, allow perf profiling most processes on debug builds.
-# zygote is excluded as system-wide profiling could end up with it
-# (unexpectedly) holding an open fd across a fork.
-userdebug_or_eng(`can_profile_perf({
+# See private/crash_dump.te
+define(`dumpable_domain',`{
domain
+ -apexd
-bpfloader
+ -crash_dump
+ -crosvm # TODO(b/236672526): Remove exception for crosvm
+ -diced
-init
-kernel
-keystore
-llkd
-logd
+ -ueventd
+ -vendor_init
+ -vold
+}')
+
+# Allow heap profiling by heapprofd.
+# Zygotes are excluded due to potential issues with holding open file
+# descriptors or other state across forks. Other exclusions conflict with
+# neverallows, and are not considered important to profile.
+can_profile_heap({
+ dumpable_domain
+ -app_zygote
+ -hal_configstore
-logpersist
-recovery
-recovery_persist
-recovery_refresh
- -ueventd
- -vendor_init
- -vold
+ -webview_zygote
-zygote
-})')
+})
+
+# Allow profiling using perf_event_open by traced_perf.
+can_profile_perf({
+ dumpable_domain
+ -app_zygote
+ -hal_configstore
+ -webview_zygote
+ -zygote
+})
# Everyone can access the IncFS list of features.
r_dir_file(domain, sysfs_fs_incfs_features);
@@ -77,6 +84,12 @@
# Read access to bq configuration values
get_prop(domain, bq_config_prop);
+# Allow all domains to check whether MTE is set to permissive mode.
+get_prop(domain, permissive_mte_prop);
+
+get_prop(domain, device_config_memory_safety_native_boot_prop);
+get_prop(domain, device_config_memory_safety_native_prop);
+
# For now, everyone can access core property files
# Device specific properties are not granted by default
not_compatible_property(`
@@ -96,6 +109,48 @@
get_prop({domain -coredomain -appdomain}, vendor_default_prop)
')
+# Public readable properties
+get_prop(domain, aaudio_config_prop)
+get_prop(domain, apexd_select_prop)
+get_prop(domain, arm64_memtag_prop)
+get_prop(domain, bluetooth_config_prop)
+get_prop(domain, bootloader_prop)
+get_prop(domain, build_odm_prop)
+get_prop(domain, build_prop)
+get_prop(domain, build_vendor_prop)
+get_prop(domain, debug_prop)
+get_prop(domain, exported_config_prop)
+get_prop(domain, exported_default_prop)
+get_prop(domain, exported_dumpstate_prop)
+get_prop(domain, exported_secure_prop)
+get_prop(domain, exported_system_prop)
+get_prop(domain, fingerprint_prop)
+get_prop(domain, framework_status_prop)
+get_prop(domain, gwp_asan_prop)
+get_prop(domain, hal_instrumentation_prop)
+get_prop(domain, hw_timeout_multiplier_prop)
+get_prop(domain, init_service_status_prop)
+get_prop(domain, libc_debug_prop)
+get_prop(domain, locale_prop)
+get_prop(domain, logd_prop)
+get_prop(domain, mediadrm_config_prop)
+get_prop(domain, property_service_version_prop)
+get_prop(domain, soc_prop)
+get_prop(domain, socket_hook_prop)
+get_prop(domain, surfaceflinger_prop)
+get_prop(domain, telephony_status_prop)
+get_prop(domain, timezone_prop)
+get_prop({domain -untrusted_app_all -isolated_app_all -ephemeral_app }, userdebug_or_eng_prop)
+get_prop(domain, vendor_socket_hook_prop)
+get_prop(domain, vndk_prop)
+get_prop(domain, vold_status_prop)
+get_prop(domain, vts_config_prop)
+
+# Binder cache properties are world-readable
+get_prop(domain, binder_cache_bluetooth_server_prop)
+get_prop(domain, binder_cache_system_server_prop)
+get_prop(domain, binder_cache_telephony_server_prop)
+
# Allow access to fsverity keyring.
allow domain kernel:key search;
# Allow access to keys in the fsverity keyring that were installed at boot.
@@ -112,6 +167,10 @@
# Allow all processes to check for the existence of the boringssl_self_test_marker files.
allow domain boringssl_self_test_marker:dir search;
+# Allow all processes to read the file_logger property that liblog uses to check if file_logger
+# should be used.
+get_prop(domain, log_file_logger_prop)
+
# Allow all processes to connect to PRNG seeder daemon.
unix_socket_connect(domain, prng_seeder, prng_seeder)
@@ -172,6 +231,7 @@
neverallow {
domain
-appdomain
+ -artd # compile secondary dex files
-installd # creation of sandbox
} { privapp_data_file app_data_file }:dir_file_class_set { create unlink };
@@ -182,10 +242,9 @@
-adbd
-appdomain
-app_zygote
+ -artd # compile secondary dex files
-dexoptanalyzer
-installd
- -iorap_inode2filename
- -iorap_prefetcherd
-profman
-rs # spawned by appdomain, so carryover the exception above
-runas
@@ -199,6 +258,7 @@
neverallow {
domain
-appdomain
+ -artd # compile secondary dex files
-installd
-rs # spawned by appdomain, so carryover the exception above
} { privapp_data_file app_data_file }:dir ~r_dir_perms;
@@ -207,19 +267,21 @@
domain
-appdomain
-app_zygote
+ -artd # compile secondary dex files
-installd
- -iorap_prefetcherd
-rs # spawned by appdomain, so carryover the exception above
} { privapp_data_file app_data_file }:file_class_set open;
neverallow {
domain
-appdomain
+ -artd # compile secondary dex files
-installd # creation of sandbox
} { privapp_data_file app_data_file }:dir_file_class_set { create unlink };
neverallow {
domain
+ -artd # compile secondary dex files
-installd
} { privapp_data_file app_data_file }:dir_file_class_set { relabelfrom relabelto };
@@ -233,9 +295,8 @@
-system_server
-apexd
-installd
- -iorap_inode2filename
-priv_app
- -virtualizationservice
+ -virtualizationmanager
} staging_data_file:dir *;
neverallow {
domain
@@ -246,10 +307,9 @@
-adbd
-kernel
-installd
- -iorap_inode2filename
-priv_app
-shell
- -virtualizationservice
+ -virtualizationmanager
-crosvm
} staging_data_file:file *;
neverallow { domain -init -system_server -installd} staging_data_file:dir no_w_dir_perms;
@@ -276,7 +336,6 @@
domain
-appdomain
with_asan(`-asan_extract')
- -iorap_prefetcherd
-shell
userdebug_or_eng(`-su')
-system_server_startup # for memfd backed executable regions
@@ -312,6 +371,7 @@
-cppreopts
-dex2oat
-otapreopt_slot
+ -artd
} dalvikcache_data_file:file no_w_file_perms;
neverallow {
@@ -323,6 +383,7 @@
-dex2oat
-zygote
-otapreopt_slot
+ -artd
} dalvikcache_data_file:dir no_w_dir_perms;
# Only authorized processes should be writing to /data/misc/apexdata/com.android.art as it
@@ -370,6 +431,7 @@
# a Unix group or change the permissions of a file.
define(`dac_override_allowed', `{
apexd
+ artd
dnsmasq
dumpstate
init
@@ -397,8 +459,6 @@
# this list should be a superset of the one above.
neverallow ~{
dac_override_allowed
- iorap_inode2filename
- iorap_prefetcherd
traced_perf
traced_probes
heapprofd
@@ -478,8 +538,6 @@
-heapprofd
userdebug_or_eng(`-profcollectd')
-init
- -iorap_inode2filename
- -iorap_prefetcherd
-kernel
userdebug_or_eng(`-simpleperf_boot')
-traced_perf
@@ -503,9 +561,9 @@
userdebug_or_eng(`-su') # communications with su are permitted only on userdebug or eng builds
-init
-tombstoned # linker to tombstoned
- userdebug_or_eng(`-heapprofd')
- userdebug_or_eng(`-traced')
- userdebug_or_eng(`-traced_perf')
+ -heapprofd
+ -traced
+ -traced_perf
});
')
@@ -518,8 +576,6 @@
-crash_dump
-crosvm # loads vendor-specific disk images
-init # starts vendor executables
- -iorap_inode2filename
- -iorap_prefetcherd
-kernel # loads /vendor/firmware
-heapprofd
userdebug_or_eng(`-profcollectd')
@@ -602,14 +658,18 @@
# Restrict write access to etm sysfs interface.
neverallow { domain -ueventd -vendor_init } sysfs_devices_cs_etm:file no_w_file_perms;
-# Restrict write access to shell owned files. The /data/local/tmp directory is
+# Restrict direct access to shell owned files. The /data/local/tmp directory is
# untrustworthy, and non-allowed domains should not be trusting any content in
# those directories. We allow shell files to be passed around by file
# descriptor, but not directly opened.
+# artd doesn't need to access /data/local/tmp, but it needs to access
+# /data/{user,user_de}/<user-id>/com.android.shell/... for compiling secondary
+# dex files.
neverallow {
domain
-adbd
-appdomain
+ -artd
-dumpstate
-installd
userdebug_or_eng(`-uncrypt')
@@ -617,21 +677,71 @@
userdebug_or_eng(`-crosvm')
} shell_data_file:file open;
+# In addition to the symlink reading restrictions above, restrict
+# write access to shell owned directories. The /data/local/tmp
+# directory is untrustworthy, and non-allowed domains should
+# not be trusting any content in those directories.
+# artd doesn't need to access /data/local/tmp, but it needs to access
+# /data/{user,user_de}/<user-id>/com.android.shell/... for compiling secondary
+# dex files.
+neverallow {
+ domain
+ -adbd
+ -artd
+ -dumpstate
+ -installd
+ -init
+ -shell
+ -vold
+} shell_data_file:dir no_w_dir_perms;
+
+neverallow {
+ domain
+ -adbd
+ -appdomain
+ -artd
+ -dumpstate
+ -init
+ -installd
+ -simpleperf_app_runner
+ -system_server # why?
+ userdebug_or_eng(`-uncrypt')
+} shell_data_file:dir open;
+
+neverallow {
+ domain
+ -adbd
+ -appdomain
+ -artd
+ -dumpstate
+ -init
+ -installd
+ -simpleperf_app_runner
+ -system_server # why?
+ userdebug_or_eng(`-uncrypt')
+ userdebug_or_eng(`-crosvm')
+} shell_data_file:dir search;
+
# respect system_app sandboxes
neverallow {
domain
-appdomain
+ -artd # compile secondary dex files
-system_server #populate com.android.providers.settings/databases/settings.db.
-installd # creation of app sandbox
- -iorap_inode2filename
-traced_probes # resolve inodes for i/o tracing.
# only needs open and read, the rest is neverallow in
# traced_probes.te.
} system_app_data_file:dir_file_class_set { create unlink open };
neverallow {
- isolated_app
+ isolated_app_all
ephemeral_app
priv_app
sdk_sandbox
untrusted_app_all
} system_app_data_file:dir_file_class_set { create unlink open };
+
+neverallow { domain -init } mtectrl:process { dyntransition transition };
+
+# For now, don't allow processes other than gmscore to access /data/misc_ce/<userid>/checkin
+neverallow { domain -gmscore_app -init -vold_prepare_subdirs } checkin_data_file:{dir file} *;
\ No newline at end of file
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 149d389..fe442b3 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -30,6 +30,9 @@
# Allow dumpstate to make binder calls to incidentd
binder_call(dumpstate, incidentd)
+# Kill incident in case of a timeout
+allow dumpstate incident:process { signal sigkill };
+
# Allow dumpstate to make binder calls to storaged service
binder_call(dumpstate, storaged)
@@ -123,3 +126,6 @@
# system_dlkm_file for /system_dlkm partition
allow dumpstate system_dlkm_file:dir getattr;
+
+# Allow dumpstate to execute derive_sdk in its own domain
+domain_auto_trans(dumpstate, derive_sdk_exec, derive_sdk)
diff --git a/private/ephemeral_app.te b/private/ephemeral_app.te
index 3b916e2..9f2b1d5 100644
--- a/private/ephemeral_app.te
+++ b/private/ephemeral_app.te
@@ -45,14 +45,6 @@
allow ephemeral_app radio_service:service_manager find;
allow ephemeral_app ephemeral_app_api_service:service_manager find;
-# Write app-specific trace data to the Perfetto traced damon. This requires
-# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-perfetto_producer(ephemeral_app)
-
-# Allow profiling if the app opts in by being marked profileable/debuggable.
-can_profile_heap(ephemeral_app)
-can_profile_perf(ephemeral_app)
-
# allow ephemeral apps to use UDP sockets provided by the system server but not
# modify them other than to connect
allow ephemeral_app system_server:udp_socket {
diff --git a/private/extra_free_kbytes.te b/private/extra_free_kbytes.te
index af3088b..d210884 100644
--- a/private/extra_free_kbytes.te
+++ b/private/extra_free_kbytes.te
@@ -1,3 +1,6 @@
typeattribute extra_free_kbytes coredomain;
init_daemon_domain(extra_free_kbytes)
+
+# Only extra_free_kbytes script is allowed to store these properties
+set_prop(extra_free_kbytes, init_storage_prop)
diff --git a/private/fastbootd.te b/private/fastbootd.te
index 2c65281..7dc1741 100644
--- a/private/fastbootd.te
+++ b/private/fastbootd.te
@@ -45,4 +45,12 @@
# Needed for reading boot properties.
allow fastbootd proc_bootconfig:file r_file_perms;
+ # Let this domain use the hal fastboot service
+ binder_use(fastbootd)
+ hal_client_domain(fastbootd, hal_fastboot)
')
+
+# This capability allows fastbootd to circumvent memlock rlimits while using
+# io_uring. An Alternative would be to up the memlock rlimit for the fastbootd service.
+allow fastbootd self:capability ipc_lock;
+io_uring_use(fastbootd)
diff --git a/private/file.te b/private/file.te
index c5837f9..539e63e 100644
--- a/private/file.te
+++ b/private/file.te
@@ -7,6 +7,7 @@
type fs_bpf_net_shared, fs_type, bpffs_type;
type fs_bpf_netd_readonly, fs_type, bpffs_type;
type fs_bpf_netd_shared, fs_type, bpffs_type;
+type fs_bpf_loader, fs_type, bpffs_type;
# /data/misc/storaged
type storaged_data_file, file_type, data_file_type, core_data_file_type;
@@ -90,7 +91,9 @@
type odsign_metrics_file, file_type, data_file_type, core_data_file_type;
# /data/misc/virtualizationservice
-type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type;
+# The type needs to be mlstrustedobject to allow for being accessed from
+# virtualizationmanager, which runs at a more constrained MLS level.
+type virtualizationservice_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/system/environ
type environ_system_data_file, file_type, data_file_type, core_data_file_type;
@@ -99,7 +102,9 @@
type bootanim_data_file, file_type, data_file_type, core_data_file_type;
# /dev/kvm
-type kvm_device, dev_type;
+# The type needs to be mlstrustedobject to allow for being accessed from
+# crosvm, which runs at a more constrained MLS level.
+type kvm_device, dev_type, mlstrustedobject;
# /apex/com.android.virt/bin/fd_server
type fd_server_exec, system_file_type, exec_type, file_type;
@@ -116,7 +121,15 @@
# property labeled.
type sepolicy_test_file, file_type;
+# /apex/com.android.art/bin/art_exec
+# This executable does not have its own domain because it is executed in the caller's domain. For
+# example, it is executed in the `artd` domain when artd calls it.
+type art_exec_exec, system_file_type, exec_type, file_type;
+
# Filesystem entry for for PRNG seeder socket. Processes require
# write permission on this to connect, and needs to be mlstrustedobject
# in to satisfy MLS constraints for trusted domains.
type prng_seeder_socket, file_type, coredomain_socket, mlstrustedobject;
+
+# /sys/firmware/devicetree/base/avf
+type sysfs_dt_avf, fs_type, sysfs_type;
diff --git a/private/file_contexts b/private/file_contexts
index 65baa5d..4c3f108 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -79,6 +79,7 @@
/dev/audio.* u:object_r:audio_device:s0
/dev/binder u:object_r:binder_device:s0
/dev/block(/.*)? u:object_r:block_device:s0
+/dev/block/by-name/zoned_device u:object_r:zoned_block_device:s0
/dev/block/dm-[0-9]+ u:object_r:dm_device:s0
/dev/block/loop[0-9]* u:object_r:loop_device:s0
/dev/block/vd[a-z][0-9]* u:object_r:vd_device:s0
@@ -223,13 +224,13 @@
/system/bin/boringssl_self_test(32|64) u:object_r:boringssl_self_test_exec:s0
/system/bin/prng_seeder u:object_r:prng_seeder_exec:s0
/system/bin/charger u:object_r:charger_exec:s0
-/system/bin/canhalconfigurator u:object_r:canhalconfigurator_exec:s0
/system/bin/e2fsdroid u:object_r:e2fs_exec:s0
/system/bin/mke2fs u:object_r:e2fs_exec:s0
/system/bin/e2fsck -- u:object_r:fsck_exec:s0
/system/bin/extra_free_kbytes\.sh u:object_r:extra_free_kbytes_exec:s0
/system/bin/fsck\.exfat -- u:object_r:fsck_exec:s0
/system/bin/fsck\.f2fs -- u:object_r:fsck_exec:s0
+/system/bin/ntfsfix -- u:object_r:fsck_exec:s0
/system/bin/init u:object_r:init_exec:s0
# TODO(/123600489): merge mini-keyctl into toybox
/system/bin/mini-keyctl -- u:object_r:toolbox_exec:s0
@@ -270,6 +271,8 @@
/system/bin/audioserver u:object_r:audioserver_exec:s0
/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0
/system/bin/mediaserver u:object_r:mediaserver_exec:s0
+/system/bin/mediaserver32 u:object_r:mediaserver_exec:s0
+/system/bin/mediaserver64 u:object_r:mediaserver_exec:s0
/system/bin/mediametrics u:object_r:mediametrics_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
/system/bin/mediaextractor u:object_r:mediaextractor_exec:s0
@@ -325,24 +328,18 @@
/system/bin/preloads_copy\.sh u:object_r:preloads_copy_exec:s0
/system/bin/preopt2cachename u:object_r:preopt2cachename_exec:s0
/system/bin/viewcompiler u:object_r:viewcompiler_exec:s0
-/system/bin/iorapd u:object_r:iorapd_exec:s0
-/system/bin/iorap\.inode2filename u:object_r:iorap_inode2filename_exec:s0
-/system/bin/iorap\.prefetcherd u:object_r:iorap_prefetcherd_exec:s0
/system/bin/sgdisk u:object_r:sgdisk_exec:s0
/system/bin/blkid u:object_r:blkid_exec:s0
-/system/bin/tzdatacheck u:object_r:tzdatacheck_exec:s0
/system/bin/flags_health_check -- u:object_r:flags_health_check_exec:s0
-/system/bin/idmap u:object_r:idmap_exec:s0
/system/bin/idmap2(d)? u:object_r:idmap_exec:s0
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/profcollectd u:object_r:profcollectd_exec:s0
/system/bin/profcollectctl u:object_r:profcollectd_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
-/system/bin/wpantund u:object_r:wpantund_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
-/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:system_suspend_exec:s0
+/system/bin/hw/android\.system\.suspend-service u:object_r:system_suspend_exec:s0
/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
/system/etc/task_profiles/cgroups_[0-9]+\.json u:object_r:cgroup_desc_api_file:s0
/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
@@ -375,8 +372,7 @@
/system/bin/gsid u:object_r:gsid_exec:s0
/system/bin/simpleperf u:object_r:simpleperf_exec:s0
/system/bin/simpleperf_app_runner u:object_r:simpleperf_app_runner_exec:s0
-/system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0
-/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
+/system/bin/migrate_legacy_obb_data u:object_r:migrate_legacy_obb_data_exec:s0
/system/bin/snapuserd u:object_r:snapuserd_exec:s0
/system/bin/odsign u:object_r:odsign_exec:s0
/system/bin/vehicle_binding_util u:object_r:vehicle_binding_util_exec:s0
@@ -447,13 +443,14 @@
/odm/etc/selinux/precompiled_sepolicy u:object_r:sepolicy_file:s0
/odm/etc/selinux/precompiled_sepolicy\.plat_and_mapping\.sha256 u:object_r:sepolicy_file:s0
-/(odm|vendor/odm)/etc/selinux/odm_sepolicy\.cil u:object_r:sepolicy_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_sepolicy\.cil u:object_r:sepolicy_file:s0
/(odm|vendor/odm)/etc/selinux/odm_file_contexts u:object_r:file_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_seapp_contexts u:object_r:seapp_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_property_contexts u:object_r:property_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_service_contexts u:object_r:vendor_service_contexts_file:s0
/(odm|vendor/odm)/etc/selinux/odm_hwservice_contexts u:object_r:hwservice_contexts_file:s0
-/(odm|vendor/odm)/etc/selinux/odm_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
-/(odm|vendor/odm)/etc/selinux/odm_mac_permissions\.xml u:object_r:mac_perms_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_keystore2_key_contexts u:object_r:keystore2_key_contexts_file:s0
+/(odm|vendor/odm)/etc/selinux/odm_mac_permissions\.xml u:object_r:mac_perms_file:s0
#############################
# Product files
@@ -495,6 +492,9 @@
/(system_ext|system/system_ext)/bin/hidl_lazy_test_server u:object_r:hidl_lazy_test_server_exec:s0
/(system_ext|system/system_ext)/bin/hidl_lazy_cb_test_server u:object_r:hidl_lazy_test_server_exec:s0
+/(system_ext|system/system_ext)/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
+/(system_ext|system/system_ext)/bin/canhalconfigurator(-aidl)? u:object_r:canhalconfigurator_exec:s0
+
/(system_ext|system/system_ext)/lib(64)?(/.*)? u:object_r:system_lib_file:s0
#############################
@@ -565,7 +565,8 @@
/data/local/tmp(/.*)? u:object_r:shell_data_file:s0
/data/local/tmp/ltp(/.*)? u:object_r:nativetest_data_file:s0
/data/local/traces(/.*)? u:object_r:trace_data_file:s0
-/data/media(/.*)? u:object_r:media_rw_data_file:s0
+/data/media u:object_r:media_userdir_file:s0
+/data/media/.* u:object_r:media_rw_data_file:s0
/data/mediadrm(/.*)? u:object_r:media_data_file:s0
/data/nativetest(/.*)? u:object_r:nativetest_data_file:s0
/data/nativetest64(/.*)? u:object_r:nativetest_data_file:s0
@@ -582,6 +583,12 @@
/data/rollback/\d+/[^/]+/.*\.apk u:object_r:apk_data_file:s0
/data/rollback/\d+/[^/]+/.*\.apex u:object_r:staging_data_file:s0
/data/fonts/files(/.*)? u:object_r:font_data_file:s0
+/data/misc_ce u:object_r:system_userdir_file:s0
+/data/misc_de u:object_r:system_userdir_file:s0
+/data/system_ce u:object_r:system_userdir_file:s0
+/data/system_de u:object_r:system_userdir_file:s0
+/data/user u:object_r:system_userdir_file:s0
+/data/user_de u:object_r:system_userdir_file:s0
# Misc data
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
@@ -651,9 +658,7 @@
/data/misc_ce/[0-9]+/wifi(/.*)? u:object_r:wifi_data_file:s0
/data/misc/wifi/sockets(/.*)? u:object_r:wpa_socket:s0
/data/misc/wifi/sockets/wpa_ctrl.* u:object_r:system_wpa_socket:s0
-/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
-/data/misc/iorapd(/.*)? u:object_r:iorapd_data_file:s0
/data/misc/update_engine(/.*)? u:object_r:update_engine_data_file:s0
/data/misc/update_engine_log(/.*)? u:object_r:update_engine_log_data_file:s0
/data/system/dropbox(/.*)? u:object_r:dropbox_data_file:s0
@@ -667,8 +672,10 @@
/data/misc/profiles/ref(/.*)? u:object_r:user_profile_data_file:s0
/data/misc/profman(/.*)? u:object_r:profman_dump_data_file:s0
/data/vendor(/.*)? u:object_r:vendor_data_file:s0
-/data/vendor_ce(/.*)? u:object_r:vendor_data_file:s0
-/data/vendor_de(/.*)? u:object_r:vendor_data_file:s0
+/data/vendor_ce u:object_r:vendor_userdir_file:s0
+/data/vendor_ce/.* u:object_r:vendor_data_file:s0
+/data/vendor_de u:object_r:vendor_userdir_file:s0
+/data/vendor_de/.* u:object_r:vendor_data_file:s0
# storaged proto files
/data/misc_de/[0-9]+/storaged(/.*)? u:object_r:storaged_data_file:s0
@@ -727,8 +734,17 @@
#############################
# Expanded data files
#
-/mnt/expand(/.*)? u:object_r:mnt_expand_file:s0
-/mnt/expand/[^/]+(/.*)? u:object_r:system_data_file:s0
+/mnt/expand u:object_r:mnt_expand_file:s0
+# CAREFUL: the two system_data_file patterns below can't be replaced with one
+# pattern "/mnt/expand/[^/]+(/.*)?", since SELinux would prioritize that over
+# "/mnt/expand/[^/]+/user". This is because when a path is matched by two
+# patterns that contain regex meta-characters, SELinux just chooses the longer
+# pattern (or the later pattern if the patterns are the same length), rather
+# than the pattern containing fewer regex meta-characters. Splitting the
+# pattern into "/mnt/expand/[^/]+" and "/mnt/expand/[^/]+/.*" works around this
+# problem, except for 1-character filenames which we aren't using.
+/mnt/expand/[^/]+ u:object_r:system_data_file:s0
+/mnt/expand/[^/]+/.* u:object_r:system_data_file:s0
/mnt/expand/[^/]+/app(/.*)? u:object_r:apk_data_file:s0
/mnt/expand/[^/]+/app/[^/]+/oat(/.*)? u:object_r:dalvikcache_data_file:s0
# /mnt/expand/..../app/[randomStringA]/[packageName]-[randomStringB]/base.apk layout
@@ -736,8 +752,13 @@
/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp(/.*)? u:object_r:apk_tmp_file:s0
/mnt/expand/[^/]+/app/vmdl[^/]+\.tmp/oat(/.*)? u:object_r:dalvikcache_data_file:s0
/mnt/expand/[^/]+/local/tmp(/.*)? u:object_r:shell_data_file:s0
-/mnt/expand/[^/]+/media(/.*)? u:object_r:media_rw_data_file:s0
+/mnt/expand/[^/]+/media u:object_r:media_userdir_file:s0
+/mnt/expand/[^/]+/media/.* u:object_r:media_rw_data_file:s0
/mnt/expand/[^/]+/misc/vold(/.*)? u:object_r:vold_data_file:s0
+/mnt/expand/[^/]+/misc_ce u:object_r:system_userdir_file:s0
+/mnt/expand/[^/]+/misc_de u:object_r:system_userdir_file:s0
+/mnt/expand/[^/]+/user u:object_r:system_userdir_file:s0
+/mnt/expand/[^/]+/user_de u:object_r:system_userdir_file:s0
# coredump directory for userdebug/eng devices
/cores(/.*)? u:object_r:coredump_file:s0
@@ -762,9 +783,6 @@
/data/misc_de/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
/data/misc_ce/[0-9]+/vold(/.*)? u:object_r:vold_data_file:s0
-# iorapd per-user data
-/data/misc_ce/[0-9]+/iorapd(/.*)? u:object_r:iorapd_data_file:s0
-
# Backup service persistent per-user bookkeeping
/data/system_ce/[0-9]+/backup(/.*)? u:object_r:backup_data_file:s0
# Backup service temporary per-user data for inter-change with apps
diff --git a/private/flags_health_check.te b/private/flags_health_check.te
index 58275ff..cc4a5ca 100644
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@@ -26,6 +26,10 @@
set_prop(flags_health_check, device_config_vendor_system_native_prop)
set_prop(flags_health_check, device_config_vendor_system_native_boot_prop)
set_prop(flags_health_check, device_config_virtualization_framework_native_prop)
+set_prop(flags_health_check, device_config_memory_safety_native_boot_prop)
+set_prop(flags_health_check, device_config_memory_safety_native_prop)
+set_prop(flags_health_check, device_config_remote_key_provisioning_native_prop)
+set_prop(flags_health_check, device_config_camera_native_prop)
# system property device_config_boot_count_prop is used for deciding when to perform server
# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
diff --git a/private/fsverity_init.te b/private/fsverity_init.te
index e069233..2e5089c 100644
--- a/private/fsverity_init.te
+++ b/private/fsverity_init.te
@@ -11,9 +11,6 @@
allow fsverity_init kernel:key { view search write setattr };
allow fsverity_init fsverity_init:key { view search write };
-# Allow init to write to /proc/sys/fs/verity/require_signatures
-allow fsverity_init proc_fs_verity:file w_file_perms;
-
# Read the on-device signing certificate, to be able to add it to the keyring
allow fsverity_init odsign:fd use;
allow fsverity_init odsign_data_file:file { getattr read };
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 6578470..77e3954 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -43,7 +43,6 @@
genfscon proc /sys/fs/protected_hardlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/protected_symlinks u:object_r:proc_security:s0
genfscon proc /sys/fs/suid_dumpable u:object_r:proc_security:s0
-genfscon proc /sys/fs/verity/require_signatures u:object_r:proc_fs_verity:s0
genfscon proc /sys/kernel/bpf_ u:object_r:proc_bpf:s0
genfscon proc /sys/kernel/core_pattern u:object_r:usermodehelper:s0
genfscon proc /sys/kernel/core_pipe_limit u:object_r:usermodehelper:s0
@@ -146,6 +145,7 @@
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /firmware/devicetree/base/avf u:object_r:sysfs_dt_avf:s0
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
@@ -385,6 +385,7 @@
genfscon vfat / u:object_r:vfat:s0
genfscon binder / u:object_r:binderfs:s0
genfscon exfat / u:object_r:exfat:s0
+genfscon ntfs / u:object_r:ntfs:s0
genfscon debugfs / u:object_r:debugfs:s0
genfscon fuse / u:object_r:fuse:s0
genfscon configfs / u:object_r:configfs:s0
@@ -394,7 +395,9 @@
genfscon functionfs / u:object_r:functionfs:s0
genfscon usbfs / u:object_r:usbfs:s0
genfscon binfmt_misc / u:object_r:binfmt_miscfs:s0
+
genfscon bpf / u:object_r:fs_bpf:s0
+genfscon bpf /loader u:object_r:fs_bpf_loader:s0
genfscon bpf /net_private u:object_r:fs_bpf_net_private:s0
genfscon bpf /net_shared u:object_r:fs_bpf_net_shared:s0
genfscon bpf /netd_readonly u:object_r:fs_bpf_netd_readonly:s0
diff --git a/private/gpuservice.te b/private/gpuservice.te
index 76a2370..8388e89 100644
--- a/private/gpuservice.te
+++ b/private/gpuservice.te
@@ -59,9 +59,6 @@
# Needed for enabling bpf programs and accessing bpf maps (read-only and read/write).
allow gpuservice bpfloader:bpf { map_read map_write prog_run };
-# Needed for getting a prop to ensure bpf programs loaded.
-get_prop(gpuservice, bpf_progs_loaded_prop)
-
add_service(gpuservice, gpu_service)
# Only uncomment below line when in development
diff --git a/private/heapprofd.te b/private/heapprofd.te
index 36d2938..1b41823 100644
--- a/private/heapprofd.te
+++ b/private/heapprofd.te
@@ -1,14 +1,4 @@
# Android heap profiling daemon. go/heapprofd.
-#
-# On user builds, this daemon is responsible for receiving the initial
-# profiling configuration, finding matching target processes (if profiling by
-# process name), and sending the activation signal to them (+ setting system
-# properties for new processes to start profiling from startup). When profiling
-# is triggered in a process, it spawns a private heapprofd subprocess (in its
-# own SELinux domain), which will exclusively handle profiling of its parent.
-#
-# On debug builds, this central daemon performs profiling for all target
-# processes (which talk directly to this daemon).
type heapprofd_exec, exec_type, file_type, system_file_type;
type heapprofd_tmpfs, file_type;
@@ -56,23 +46,28 @@
# For checking profileability.
allow heapprofd packages_list_file:file r_file_perms;
-# This is going to happen on user but is benign because central heapprofd
-# does not actually need these permission.
-# If the dac_read_search capability check is rejected, the kernel then tries
-# to perform a dac_override capability check, so we need to dontaudit that
-# as well.
-dontaudit heapprofd self:global_capability_class_set { dac_read_search dac_override };
-
+# Never allow profiling privileged or otherwise incompatible domains.
+# Corresponding allow-rule is in private/domain.te.
never_profile_heap(`{
+ apexd
+ app_zygote
bpfloader
+ diced
+ hal_configstore
init
kernel
keystore
llkd
logd
+ logpersist
+ recovery
+ recovery_persist
+ recovery_refresh
ueventd
vendor_init
vold
+ webview_zygote
+ zygote
}')
full_treble_only(`
diff --git a/private/hwservicemanager.te b/private/hwservicemanager.te
index e1fde43..ecc8a40 100644
--- a/private/hwservicemanager.te
+++ b/private/hwservicemanager.te
@@ -7,3 +7,9 @@
set_prop(hwservicemanager, ctl_interface_start_prop)
set_prop(hwservicemanager, hwservicemanager_prop)
+
+# hwservicemanager is using bootstrap bionic
+use_bootstrap_libs(hwservicemanager)
+
+# hwservicemanager is using apex_info via libvintf
+use_apex_info(hwservicemanager)
diff --git a/private/incidentd.te b/private/incidentd.te
index c1314a8..e86b3bf 100644
--- a/private/incidentd.te
+++ b/private/incidentd.te
@@ -193,6 +193,9 @@
get_prop(incidentd, last_boot_reason_prop);
')
+# Allow incident to read the build properties for attestation feature
+get_prop(incidentd, build_attestation_prop);
+
###
### neverallow rules
###
diff --git a/private/init.te b/private/init.te
index 17e25f8..72dedd2 100644
--- a/private/init.te
+++ b/private/init.te
@@ -11,8 +11,10 @@
recovery_only(`
# Files in recovery image are labeled as rootfs.
domain_trans(init, rootfs, adbd)
+ domain_trans(init, rootfs, hal_bootctl_server)
domain_trans(init, rootfs, charger)
domain_trans(init, rootfs, fastbootd)
+ domain_trans(init, rootfs, hal_fastboot_server)
domain_trans(init, rootfs, hal_health_server)
domain_trans(init, rootfs, recovery)
domain_trans(init, rootfs, linkerconfig)
@@ -93,9 +95,6 @@
# Only init can write normal ro.boot. properties
neverallow { domain -init } bootloader_prop:property_service set;
-# Only init can write ro.boot.hypervisor properties
-neverallow { domain -init } hypervisor_prop:property_service set;
-
# Only init can write hal.instrumentation.enable
neverallow { domain -init } hal_instrumentation_prop:property_service set;
diff --git a/private/installd.te b/private/installd.te
index 538641d..7615c92 100644
--- a/private/installd.te
+++ b/private/installd.te
@@ -45,9 +45,12 @@
# Allow installd to delete files in /data/staging
allow installd staging_data_file:file unlink;
-allow installd staging_data_file:dir { open read remove_name rmdir search write };
+allow installd staging_data_file:dir { open read remove_name rmdir search write getattr };
-allow installd { dex2oat dexoptanalyzer }:process { sigkill signal };
+allow installd { dex2oat dexoptanalyzer }:process signal;
+
+# installd kills subprocesses if they time out.
+allow installd { dex2oat dexoptanalyzer profman }:process sigkill;
# Allow installd manage dirs in /data/misc_ce/0/sdksandbox
allow installd sdk_sandbox_system_data_file:dir { create_dir_perms relabelfrom };
diff --git a/private/iorap_inode2filename.te b/private/iorap_inode2filename.te
deleted file mode 100644
index 5acb262..0000000
--- a/private/iorap_inode2filename.te
+++ /dev/null
@@ -1,11 +0,0 @@
-typeattribute iorap_inode2filename coredomain;
-
-# Grant access to open most of the files under /
-allow iorap_inode2filename { apex_module_data_file apex_art_data_file }:dir r_dir_perms;
-allow iorap_inode2filename apex_data_file:file { getattr };
-allow iorap_inode2filename dalvikcache_data_file:dir { getattr open read search };
-allow iorap_inode2filename dalvikcache_data_file:file { getattr };
-allow iorap_inode2filename dex2oat_exec:lnk_file { getattr open read };
-allow iorap_inode2filename dexoptanalyzer_exec:file { getattr };
-allow iorap_inode2filename storaged_data_file:dir { getattr open read search };
-allow iorap_inode2filename storaged_data_file:file { getattr };
diff --git a/private/iorap_prefecherd.te b/private/iorap_prefecherd.te
deleted file mode 100644
index 9ddb512..0000000
--- a/private/iorap_prefecherd.te
+++ /dev/null
@@ -1,4 +0,0 @@
-typeattribute iorap_prefetcherd coredomain;
-
-init_daemon_domain(iorap_prefetcherd)
-tmpfs_domain(iorap_prefetcherd)
diff --git a/private/iorapd.te b/private/iorapd.te
deleted file mode 100644
index 73acec9..0000000
--- a/private/iorapd.te
+++ /dev/null
@@ -1,10 +0,0 @@
-typeattribute iorapd coredomain;
-
-init_daemon_domain(iorapd)
-tmpfs_domain(iorapd)
-
-domain_auto_trans(iorapd, iorap_prefetcherd_exec, iorap_prefetcherd)
-domain_auto_trans(iorapd, iorap_inode2filename_exec, iorap_inode2filename)
-
-# Allow iorapd to access the runtime native boot feature flag properties.
-get_prop(iorapd, device_config_runtime_native_boot_prop)
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 828ffb1..9d0fd73 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -1,36 +1,24 @@
###
-### Services with isolatedProcess=true in their manifest.
+### isolated_apps.
###
-### This file defines the rules for isolated apps. An "isolated
-### app" is an APP with UID between AID_ISOLATED_START (99000)
-### and AID_ISOLATED_END (99999).
+### This file defines the rules for isolated apps that does not wish to use
+### service managers and does not require extra computational resources.
###
typeattribute isolated_app coredomain;
app_domain(isolated_app)
+isolated_app_domain(isolated_app)
-# Access already open app data files received over Binder or local socket IPC.
-allow isolated_app { app_data_file privapp_data_file sdk_sandbox_data_file}:file { append read write getattr lock map };
+allow isolated_app webviewupdate_service:service_manager find;
# Allow access to network sockets received over IPC. New socket creation is not
# permitted.
allow isolated_app { ephemeral_app priv_app untrusted_app_all }:{ tcp_socket udp_socket } { rw_socket_perms_no_ioctl };
-allow isolated_app activity_service:service_manager find;
-allow isolated_app display_service:service_manager find;
-allow isolated_app webviewupdate_service:service_manager find;
-
-# Google Breakpad (crash reporter for Chrome) relies on ptrace
-# functionality. Without the ability to ptrace, the crash reporter
-# tool is broken.
-# b/20150694
-# https://code.google.com/p/chromium/issues/detail?id=475270
-allow isolated_app self:process ptrace;
-
# b/32896414: Allow accessing sdcard file descriptors passed to isolated_apps
# by other processes. Open should never be allowed, and is blocked by
-# neverallow rules below.
+# neverallow rules in isolated_app_all attribute.
# media_rw_data_file is included for sdcardfs, and can be removed if sdcardfs
# is modified to change the secontext when accessing the lower filesystem.
allow isolated_app { sdcard_type fuse media_rw_data_file }:file { read write append getattr lock map };
@@ -46,108 +34,3 @@
allow isolated_app webview_zygote:unix_dgram_socket write;
# Read system properties managed by webview_zygote.
allow isolated_app webview_zygote_tmpfs:file read;
-
-# Inherit FDs from the app_zygote.
-allow isolated_app app_zygote:fd use;
-# Notify app_zygote of child death.
-allow isolated_app app_zygote:process sigchld;
-# Inherit logd write socket.
-allow isolated_app app_zygote:unix_dgram_socket write;
-
-# TODO (b/63631799) fix this access
-# suppress denials to /data/local/tmp
-dontaudit isolated_app shell_data_file:dir search;
-
-# Write app-specific trace data to the Perfetto traced damon. This requires
-# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-perfetto_producer(isolated_app)
-
-# Allow profiling if the main app has been marked as profileable or
-# debuggable.
-can_profile_heap(isolated_app)
-can_profile_perf(isolated_app)
-
-#####
-##### Neverallow
-#####
-
-# Isolated apps should not directly open app data files themselves.
-neverallow isolated_app { app_data_file privapp_data_file sdk_sandbox_data_file}:file open;
-
-# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
-# TODO: are there situations where isolated_apps write to this file?
-# TODO: should we tighten these restrictions further?
-neverallow isolated_app anr_data_file:file ~{ open append };
-neverallow isolated_app anr_data_file:dir ~search;
-
-# Isolated apps must not be permitted to use HwBinder
-neverallow isolated_app hwbinder_device:chr_file *;
-neverallow isolated_app *:hwservice_manager *;
-
-# Isolated apps must not be permitted to use VndBinder
-neverallow isolated_app vndbinder_device:chr_file *;
-
-# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
-# except the find actions for services allowlisted below.
-neverallow isolated_app *:service_manager ~find;
-
-# b/17487348
-# Isolated apps can only access three services,
-# activity_service, display_service, webviewupdate_service.
-neverallow isolated_app {
- service_manager_type
- -activity_service
- -display_service
- -webviewupdate_service
-}:service_manager find;
-
-# Isolated apps shouldn't be able to access the driver directly.
-neverallow isolated_app gpu_device:chr_file { rw_file_perms execute };
-
-# Do not allow isolated_app access to /cache
-neverallow isolated_app cache_file:dir ~{ r_dir_perms };
-neverallow isolated_app cache_file:file ~{ read getattr };
-
-# Do not allow isolated_app to access external storage, except for files passed
-# via file descriptors (b/32896414).
-neverallow isolated_app { storage_file mnt_user_file sdcard_type fuse }:dir ~getattr;
-neverallow isolated_app { storage_file mnt_user_file }:file_class_set *;
-neverallow isolated_app { sdcard_type fuse }:{ devfile_class_set lnk_file sock_file fifo_file } *;
-neverallow isolated_app { sdcard_type fuse }:file ~{ read write append getattr lock map };
-
-# Do not allow USB access
-neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
-
-# Restrict the webview_zygote control socket.
-neverallow isolated_app webview_zygote:sock_file write;
-
-# Limit the /sys files which isolated_app can access. This is important
-# for controlling isolated_app attack surface.
-neverallow isolated_app {
- sysfs_type
- -sysfs_devices_system_cpu
- -sysfs_transparent_hugepage
- -sysfs_usb # TODO: check with audio team if needed for isolated_app (b/28417852)
- -sysfs_fs_incfs_features
-}:file no_rw_file_perms;
-
-# No creation of sockets families other than AF_UNIX sockets.
-# List taken from system/sepolicy/public/global_macros - socket_class_set
-# excluding unix_stream_socket and unix_dgram_socket.
-# Many of these are socket families which have never and will never
-# be compiled into the Android kernel.
-neverallow isolated_app { self ephemeral_app priv_app sdk_sandbox untrusted_app_all }:{
- socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket
- key_socket appletalk_socket netlink_route_socket
- netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket
- netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket
- netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
- netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
- netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket
- netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket
- netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket
- rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
- bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
- ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
- qipcrtr_socket smc_socket xdp_socket
-} create;
diff --git a/private/isolated_app_all.te b/private/isolated_app_all.te
new file mode 100644
index 0000000..bb9da6c
--- /dev/null
+++ b/private/isolated_app_all.te
@@ -0,0 +1,120 @@
+###
+### isolated_app_all.
+###
+### Services with isolatedProcess=true in their manifest.
+###
+### This file defines the rules shared by all isolated apps. An "isolated
+### app" is an APP with UID between AID_ISOLATED_START (99000)
+### and AID_ISOLATED_END (99999).
+###
+
+# Access already open app data files received over Binder or local socket IPC.
+allow isolated_app_all { app_data_file privapp_data_file sdk_sandbox_data_file}:file { append read write getattr lock map };
+
+allow isolated_app_all activity_service:service_manager find;
+allow isolated_app_all display_service:service_manager find;
+
+# Google Breakpad (crash reporter for Chrome) relies on ptrace
+# functionality. Without the ability to ptrace, the crash reporter
+# tool is broken.
+# b/20150694
+# https://code.google.com/p/chromium/issues/detail?id=475270
+allow isolated_app_all self:process ptrace;
+
+# Inherit FDs from the app_zygote.
+allow isolated_app_all app_zygote:fd use;
+# Notify app_zygote of child death.
+allow isolated_app_all app_zygote:process sigchld;
+# Inherit logd write socket.
+allow isolated_app_all app_zygote:unix_dgram_socket write;
+
+# TODO (b/63631799) fix this access
+# suppress denials to /data/local/tmp
+dontaudit isolated_app_all shell_data_file:dir search;
+
+#####
+##### Neverallow
+#####
+
+# Isolated apps should not directly open app data files themselves.
+neverallow isolated_app_all { app_data_file privapp_data_file sdk_sandbox_data_file}:file open;
+
+# Only allow appending to /data/anr/traces.txt (b/27853304, b/18340553)
+# TODO: are there situations where isolated_apps write to this file?
+# TODO: should we tighten these restrictions further?
+neverallow isolated_app_all anr_data_file:file ~{ open append };
+neverallow isolated_app_all anr_data_file:dir ~search;
+
+# Isolated apps must not be permitted to use HwBinder
+neverallow { isolated_app_all -isolated_compute_app } hwbinder_device:chr_file *;
+neverallow { isolated_app_all -isolated_compute_app } *:hwservice_manager *;
+
+# Isolated apps must not be permitted to use VndBinder
+neverallow isolated_app_all vndbinder_device:chr_file *;
+
+# Isolated apps must not be permitted to perform actions on Binder and VndBinder service_manager
+# except the find actions for services allowlisted below.
+neverallow { isolated_app_all -isolated_compute_app } *:service_manager ~find;
+
+# b/17487348
+# Isolated apps can only access three services,
+# activity_service, display_service, webviewupdate_service.
+neverallow { isolated_app_all -isolated_compute_app } {
+ service_manager_type
+ -activity_service
+ -display_service
+ -webviewupdate_service
+}:service_manager find;
+
+# Isolated apps shouldn't be able to access the driver directly.
+neverallow isolated_app_all gpu_device:chr_file { rw_file_perms execute };
+
+# Do not allow isolated_apps access to /cache
+neverallow isolated_app_all cache_file:dir ~{ r_dir_perms };
+neverallow isolated_app_all cache_file:file ~{ read getattr };
+
+# Do not allow isolated_app_all to access external storage, except for files passed
+# via file descriptors (b/32896414).
+neverallow isolated_app_all { storage_file mnt_user_file sdcard_type fuse }:dir ~getattr;
+neverallow isolated_app_all { storage_file mnt_user_file }:file_class_set *;
+neverallow isolated_app_all { sdcard_type fuse }:{ devfile_class_set lnk_file sock_file fifo_file } *;
+neverallow isolated_app_all { sdcard_type fuse }:file ~{ read write append getattr lock map };
+
+# Do not allow USB access
+neverallow isolated_app_all { usb_device usbaccessory_device }:chr_file *;
+
+# Restrict the webview_zygote control socket.
+neverallow isolated_app_all webview_zygote:sock_file write;
+
+# Limit the /sys files which isolated_app_all can access. This is important
+# for controlling isolated_app_all attack surface.
+# TODO (b/266555480): The permission should be guarded by compliance test.
+# Remove the negation for member domains when refactorization is done.
+neverallow { isolated_app_all -isolated_compute_app } {
+ sysfs_type
+ -sysfs_devices_system_cpu
+ -sysfs_transparent_hugepage
+ -sysfs_usb # TODO: check with audio team if needed for isolated_apps (b/28417852)
+ -sysfs_fs_incfs_features
+}:file no_rw_file_perms;
+
+# No creation of sockets families other than AF_UNIX sockets.
+# List taken from system/sepolicy/public/global_macros - socket_class_set
+# excluding unix_stream_socket and unix_dgram_socket.
+# Many of these are socket families which have never and will never
+# be compiled into the Android kernel.
+neverallow isolated_app_all { self ephemeral_app priv_app sdk_sandbox untrusted_app_all }:{
+ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket
+ key_socket appletalk_socket netlink_route_socket
+ netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket
+ netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket
+ netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket
+ netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
+ netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket
+ netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket
+ netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket
+ rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
+ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
+ ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
+ qipcrtr_socket smc_socket xdp_socket
+} create;
diff --git a/private/isolated_compute_app.te b/private/isolated_compute_app.te
new file mode 100644
index 0000000..536261f
--- /dev/null
+++ b/private/isolated_compute_app.te
@@ -0,0 +1,43 @@
+###
+### isolated_compute_apps.
+###
+### This file defines the rules for isolated apps that requires the permission
+### to gather data with service manager and require computational resources to
+### improve the performance to process data under a sandbox. This
+### isolated_compute_app restricts data egress to protect the privacy.
+###
+### TODO(b/266923392): Clean rules for isolated_compute_app characteristics
+###
+type isolated_compute_app, domain;
+
+typeattribute isolated_compute_app coredomain;
+
+app_domain(isolated_compute_app)
+isolated_app_domain(isolated_compute_app)
+
+allow isolated_compute_app audioserver_service:service_manager find;
+allow isolated_compute_app cameraserver_service:service_manager find;
+allow isolated_compute_app content_capture_service:service_manager find;
+allow isolated_compute_app device_state_service:service_manager find;
+allow isolated_compute_app speech_recognition_service:service_manager find;
+
+# Enable access to hardware services for camera functionalilites
+hal_client_domain(isolated_compute_app, hal_allocator)
+hwbinder_use(isolated_compute_app)
+
+#####
+##### Neverallow
+#####
+
+# Do not allow isolated_compute_app to access hardware service except for the
+# ones necessary for camera service.
+# TODO (b/266555480): The permission should be guarded by compliance test.
+# Remove the negation for member domains when refactorization is done.
+# neverallow isolated_compute_app {
+# hwservice_manager_type
+# -hal_graphics_allocator_hwservice
+# -hal_graphics_mapper_hwservice
+# -hidl_allocator_hwservice
+# -hidl_manager_hwservice
+# -hidl_memory_hwservice
+# }:hwservice_manager *;
diff --git a/private/kernel.te b/private/kernel.te
index 6775b3b..03ba79f 100644
--- a/private/kernel.te
+++ b/private/kernel.te
@@ -32,6 +32,19 @@
allow kernel kmsg_device:chr_file write;
allow kernel gsid:fd use;
+dontaudit kernel metadata_file:dir search;
+dontaudit kernel ota_metadata_file:dir rw_dir_perms;
+dontaudit kernel sysfs:dir r_dir_perms;
+dontaudit kernel sysfs:file { open read write };
+dontaudit kernel sysfs:chr_file { open read write };
+dontaudit kernel dm_device:chr_file ioctl;
+dontaudit kernel self:capability { sys_admin setgid mknod };
+
+dontaudit kernel dm_user_device:dir { write add_name };
+dontaudit kernel dm_user_device:chr_file { create setattr };
+dontaudit kernel tmpfs:lnk_file read;
+dontaudit kernel tmpfs:blk_file { open read };
+
# Some contexts are changed before the device is flipped into enforcing mode
# during the setup of Apex sepolicy. These denials can be suppressed since
# the permissions should not be allowed after the device is flipped into
diff --git a/private/keystore.te b/private/keystore.te
index 78c0198..cd2ef76 100644
--- a/private/keystore.te
+++ b/private/keystore.te
@@ -20,12 +20,16 @@
# Allow keystore to check if the system is rkp only.
get_prop(keystore, remote_prov_prop)
+# Allow keystore to check rkpd feature flags
+get_prop(keystore, device_config_remote_key_provisioning_native_prop)
+
# Allow keystore to write to statsd.
unix_socket_send(keystore, statsdw, statsd)
# Keystore need access to the keystore_key context files to load the keystore key backend.
allow keystore keystore2_key_contexts_file:file r_file_perms;
+# Allow keystore to listen to changing boot levels
get_prop(keystore, keystore_listen_prop)
# Keystore needs to transfer binder references to vold so that it
@@ -36,3 +40,6 @@
# system property, an exception is added for init as well.
set_prop(keystore, keystore_crash_prop)
neverallow { domain -keystore -init } keystore_crash_prop:property_service set;
+
+# keystore is using apex_info via libvintf
+use_apex_info(keystore)
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index a9a52bb..dc6882b 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -12,6 +12,7 @@
allow mediaprovider_app fuse_device:chr_file { read write ioctl getattr };
# Allow MediaProvider to read/write media_rw_data_file files and dirs
+allow mediaprovider_app media_userdir_file:dir r_dir_perms;
allow mediaprovider_app media_rw_data_file:file create_file_perms;
allow mediaprovider_app media_rw_data_file:dir create_dir_perms;
diff --git a/private/mediaserver.te b/private/mediaserver.te
index 6fe460c..aaf49f6 100644
--- a/private/mediaserver.te
+++ b/private/mediaserver.te
@@ -18,3 +18,8 @@
# Allow mediaserver to start media.transcoding service via ctl.start.
set_prop(mediaserver, ctl_mediatranscoding_prop);
+
+# Needed for stats callback registration to statsd.
+allow mediaserver stats_service:service_manager find;
+allow mediaserver statsmanager_service:service_manager find;
+binder_call(mediaserver, statsd)
diff --git a/private/mediatuner.te b/private/mediatuner.te
index 413d2e5..bfb264e 100644
--- a/private/mediatuner.te
+++ b/private/mediatuner.te
@@ -17,6 +17,9 @@
allow mediatuner package_native_service:service_manager find;
binder_call(mediatuner, system_server)
+# Read ro.tuner.lazyhal
+get_prop(mediatuner, tuner_config_prop)
+
###
### neverallow rules
###
diff --git a/private/mlstrustedsubject.te b/private/mlstrustedsubject.te
index 22482d9..67bd113 100644
--- a/private/mlstrustedsubject.te
+++ b/private/mlstrustedsubject.te
@@ -6,23 +6,20 @@
neverallow {
mlstrustedsubject
+ -artd # compile secondary dex files
-installd
- -iorap_prefetcherd
- -iorap_inode2filename
} { app_data_file privapp_data_file }:file ~{ read write map getattr ioctl lock append };
neverallow {
mlstrustedsubject
+ -artd # compile secondary dex files
-installd
- -iorap_prefetcherd
- -iorap_inode2filename
} { app_data_file privapp_data_file }:dir ~{ read getattr search };
neverallow {
mlstrustedsubject
+ -artd # compile secondary dex files
-installd
- -iorap_prefetcherd
- -iorap_inode2filename
-system_server
-adbd
-runas
diff --git a/private/mtectrl.te b/private/mtectrl.te
index 436dcae..e0418bc 100644
--- a/private/mtectrl.te
+++ b/private/mtectrl.te
@@ -4,7 +4,18 @@
init_daemon_domain(mtectrl)
+# to set the sys prop to match the bootloader message state.
+set_prop(mtectrl, arm64_memtag_prop)
+
# mtectrl communicates the request to the bootloader via the misc partition.
-allow mtectrl misc_block_device:blk_file w_file_perms;
+# needs to write to update the request in misc partition, and read to sync
+# back to the property.
+allow mtectrl misc_block_device:blk_file rw_file_perms;
allow mtectrl block_device:dir r_dir_perms;
read_fstab(mtectrl)
+
+# bootloader_message tries to find the fstab in the device config path first,
+# but because we've already booted up we can use the ro.boot properties instead,
+# so we can just ignore the SELinux denial.
+dontaudit mtectrl sysfs_dt_firmware_android:dir search;
+dontaudit mtectrl vendor_property_type:file read;
diff --git a/private/net.te b/private/net.te
index 9e15f41..07e4271 100644
--- a/private/net.te
+++ b/private/net.te
@@ -12,6 +12,7 @@
netdomain
-ephemeral_app
-mediaprovider
+ -priv_app
-sdk_sandbox
-untrusted_app_all
} self:netlink_route_socket { bind nlmsg_readpriv nlmsg_getneigh };
diff --git a/private/netd.te b/private/netd.te
index 4aa288b..ae43e47 100644
--- a/private/netd.te
+++ b/private/netd.te
@@ -23,7 +23,6 @@
set_prop(netd, netd_stable_secret_prop)
get_prop(netd, adbd_config_prop)
-get_prop(netd, bpf_progs_loaded_prop)
get_prop(netd, hwservicemanager_prop)
get_prop(netd, device_config_netd_native_prop)
diff --git a/private/network_stack.te b/private/network_stack.te
index 3cdf884..dfee019 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -75,44 +75,27 @@
# This place is as good as any for these rules,
# and it is probably the most appropriate because
# network_stack itself is entirely mainline code.
-#
-# Unfortunately init/vendor_init have all sorts of extra privs
# T+: Only the bpfloader and the network_stack should ever touch 'fs_bpf_net_private' programs/maps.
-neverallow { domain -bpfloader -init -network_stack -vendor_init } fs_bpf_net_private:dir ~getattr;
-neverallow { domain -bpfloader -init -network_stack -vendor_init } fs_bpf_net_private:file *;
-
-neverallow { domain -bpfloader -network_stack } fs_bpf_net_private:dir ~{ getattr open read search setattr };
-neverallow { domain -bpfloader -network_stack } fs_bpf_net_private:file ~{ map open read setattr };
+neverallow { domain -bpfloader -network_stack } fs_bpf_net_private:dir ~getattr;
+neverallow { domain -bpfloader -network_stack } fs_bpf_net_private:file *;
# T+: Only the bpfloader, network_stack and system_server should ever touch 'fs_bpf_net_shared' programs/maps.
-neverallow { domain -bpfloader -init -network_stack -system_server -vendor_init } fs_bpf_net_shared:dir ~getattr;
-neverallow { domain -bpfloader -init -network_stack -system_server -vendor_init } fs_bpf_net_shared:file *;
-
-neverallow { domain -bpfloader -network_stack -system_server } fs_bpf_net_shared:dir ~{ getattr open read search setattr };
-neverallow { domain -bpfloader -network_stack -system_server } fs_bpf_net_shared:file ~{ map open read setattr };
+neverallow { domain -bpfloader -network_stack -system_server } fs_bpf_net_shared:dir ~getattr;
+neverallow { domain -bpfloader -network_stack -system_server } fs_bpf_net_shared:file *;
# T+: Only the bpfloader, netd, network_stack and system_server should ever touch 'fs_bpf_netd_readonly' programs/maps.
# netd's access should be readonly
-neverallow { domain -bpfloader -init -netd -network_stack -system_server -vendor_init } fs_bpf_netd_readonly:dir ~getattr;
-neverallow { domain -bpfloader -init -netd -network_stack -system_server -vendor_init } fs_bpf_netd_readonly:file *;
+neverallow { domain -bpfloader -netd -network_stack -system_server } fs_bpf_netd_readonly:dir ~getattr;
+neverallow { domain -bpfloader -netd -network_stack -system_server } fs_bpf_netd_readonly:file *;
neverallow netd fs_bpf_netd_readonly:file write;
-neverallow { domain -bpfloader -netd -network_stack -system_server } fs_bpf_netd_readonly:dir ~{ getattr open read search setattr };
-neverallow { domain -bpfloader -netd -network_stack -system_server } fs_bpf_netd_readonly:file ~{ map open read setattr };
-
# T+: Only the bpfloader, netd, netutils_wrapper, network_stack and system_server should ever touch 'fs_bpf_netd_shared' programs/maps.
# netutils_wrapper requires access to be able to run iptables and only needs readonly access
-neverallow { domain -bpfloader -init -netd -netutils_wrapper -network_stack -system_server -vendor_init } fs_bpf_netd_shared:dir ~getattr;
-neverallow { domain -bpfloader -init -netd -netutils_wrapper -network_stack -system_server -vendor_init } fs_bpf_netd_shared:file *;
+neverallow { domain -bpfloader -netd -netutils_wrapper -network_stack -system_server } fs_bpf_netd_shared:dir ~getattr;
+neverallow { domain -bpfloader -netd -netutils_wrapper -network_stack -system_server } fs_bpf_netd_shared:file *;
neverallow netutils_wrapper fs_bpf_netd_shared:file write;
-neverallow { domain -bpfloader -netd -netutils_wrapper -network_stack -system_server } fs_bpf_netd_shared:dir ~{ getattr open read search setattr };
-neverallow { domain -bpfloader -netd -netutils_wrapper -network_stack -system_server } fs_bpf_netd_shared:file ~{ map open read setattr };
-
# S+: Only the bpfloader and the network_stack should ever touch 'fs_bpf_tethering' programs/maps.
-neverallow { domain -bpfloader -init -network_stack -vendor_init } fs_bpf_tethering:dir ~getattr;
-neverallow { domain -bpfloader -init -network_stack -vendor_init } fs_bpf_tethering:file *;
-
-neverallow { domain -bpfloader -network_stack } fs_bpf_tethering:dir ~{ getattr open read search setattr };
-neverallow { domain -bpfloader -network_stack } fs_bpf_tethering:file ~{ map open read setattr };
+neverallow { domain -bpfloader -network_stack } fs_bpf_tethering:dir ~getattr;
+neverallow { domain -bpfloader -network_stack } fs_bpf_tethering:file *;
diff --git a/private/perfetto.te b/private/perfetto.te
index 5897aed..45fa60b 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -110,20 +110,19 @@
data_file_type
-system_data_file
-system_data_root_file
+ -media_userdir_file
+ -system_userdir_file
+ -vendor_userdir_file
# TODO(b/72998741) Remove exemption. Further restricted in a subsequent
# neverallow. Currently only getattr and search are allowed.
-vendor_data_file
- -zoneinfo_data_file
-perfetto_traces_data_file
-perfetto_configs_data_file
with_native_coverage(`-method_trace_data_file')
}:dir *;
neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
-neverallow perfetto zoneinfo_data_file:dir ~r_dir_perms;
-neverallow perfetto { data_file_type -zoneinfo_data_file -perfetto_traces_data_file }:lnk_file *;
neverallow perfetto {
data_file_type
- -zoneinfo_data_file
-perfetto_traces_data_file
-perfetto_configs_data_file
with_native_coverage(`-method_trace_data_file')
diff --git a/private/platform_app.te b/private/platform_app.te
index b40f6b9..5d16d85 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -73,7 +73,6 @@
allow platform_app persistent_data_block_service:service_manager find;
allow platform_app radio_service:service_manager find;
allow platform_app thermal_service:service_manager find;
-allow platform_app timezone_service:service_manager find;
allow platform_app app_api_service:service_manager find;
allow platform_app system_api_service:service_manager find;
allow platform_app vr_manager_service:service_manager find;
@@ -116,9 +115,6 @@
# suppress denials caused by debugfs_tracing
dontaudit platform_app debugfs_tracing:file rw_file_perms;
-# Allow platform apps to act as Perfetto producers.
-perfetto_producer(platform_app)
-
# Allow platform apps to create VMs
virtualizationservice_use(platform_app)
diff --git a/private/priv_app.te b/private/priv_app.te
index 9d7a0f6..cfd8721 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -126,20 +126,12 @@
read_runtime_log_tags(priv_app)
-# Write app-specific trace data to the Perfetto traced damon. This requires
-# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-perfetto_producer(priv_app)
-
# Allow priv_apps to request and collect incident reports.
# (Also requires DUMP and PACKAGE_USAGE_STATS permissions)
allow priv_app incident_service:service_manager find;
binder_call(priv_app, incidentd)
allow priv_app incidentd:fifo_file { read write };
-# Allow profiling if the app opts in by being marked profileable/debuggable.
-can_profile_heap(priv_app)
-can_profile_perf(priv_app)
-
# Allow priv_apps to check whether Dynamic System Update is enabled
get_prop(priv_app, dynamic_system_prop)
@@ -190,6 +182,11 @@
# Required for Phonesky to be able to read staged files under /data/app-staging.
allow priv_app staging_data_file:dir r_dir_perms;
+# Allow com.android.vending to access files under vendor/apex as well as system apex files.
+# This is required for com.android.vending to handle APEXes for e.g. delta patch optimization.
+allow priv_app vendor_apex_file:dir r_dir_perms;
+allow priv_app vendor_apex_file:file r_file_perms;
+
# allow priv app to access the system app data files for ContentProvider case.
allow priv_app system_app_data_file:file { read getattr };
@@ -201,6 +198,11 @@
# created by things like renderscript or via other mechanisms.
allow priv_app app_exec_data_file:file { r_file_perms execute unlink };
+# Allow privileged apps to create a VM. Note that access is still
+# guarded with the `android.permission.MANAGE_VIRTUAL_MACHINE`
+# permission.
+virtualizationservice_use(priv_app)
+
###
### neverallow rules
###
diff --git a/private/profman.te b/private/profman.te
index f61d05e..390f83e 100644
--- a/private/profman.te
+++ b/private/profman.te
@@ -1 +1,12 @@
typeattribute profman coredomain;
+
+# Allow profman to read APKs and profile files next to them by FDs passed from
+# other programs. In addition, allow profman to acquire flocks on those files.
+allow profman {
+ system_file
+ apk_data_file
+ vendor_app_file
+}:file { getattr read map lock };
+
+# Allow profman to use file descriptors passed from privileged programs.
+allow profman { artd installd }:fd use;
diff --git a/private/property.te b/private/property.te
index 41a4c2f..4f806d4 100644
--- a/private/property.te
+++ b/private/property.te
@@ -5,6 +5,7 @@
system_internal_prop(device_config_lmkd_native_prop)
system_internal_prop(device_config_mglru_native_prop)
system_internal_prop(device_config_profcollect_native_boot_prop)
+system_internal_prop(device_config_remote_key_provisioning_native_prop)
system_internal_prop(device_config_statsd_native_prop)
system_internal_prop(device_config_statsd_native_boot_prop)
system_internal_prop(device_config_storage_native_boot_prop)
@@ -18,6 +19,7 @@
system_internal_prop(gsid_prop)
system_internal_prop(init_perf_lsm_hooks_prop)
system_internal_prop(init_service_status_private_prop)
+system_internal_prop(init_storage_prop)
system_internal_prop(init_svc_debug_prop)
system_internal_prop(keystore_crash_prop)
system_internal_prop(keystore_listen_prop)
@@ -37,7 +39,9 @@
system_internal_prop(setupwizard_prop)
system_internal_prop(snapuserd_prop)
system_internal_prop(system_adbd_prop)
+system_internal_prop(timezone_metadata_prop)
system_internal_prop(traced_perf_enabled_prop)
+system_internal_prop(tuner_server_ctl_prop)
system_internal_prop(userspace_reboot_log_prop)
system_internal_prop(userspace_reboot_test_prop)
system_internal_prop(verity_status_prop)
@@ -45,10 +49,11 @@
system_internal_prop(ctl_mediatranscoding_prop)
system_internal_prop(ctl_odsign_prop)
system_internal_prop(virtualizationservice_prop)
+system_internal_prop(ctl_apex_load_prop)
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
-system_restricted_prop(system_user_mode_emulation_prop)
+system_restricted_prop(log_file_logger_prop)
###
### Neverallow rules
@@ -121,7 +126,6 @@
-restorecon_prop
-shell_prop
-system_prop
- -system_user_mode_emulation_prop
-usb_prop
-vold_prop
}:file no_rw_file_perms;
@@ -150,6 +154,12 @@
neverallow {
domain
-init
+ -extra_free_kbytes
+} init_storage_prop:property_service set;
+
+neverallow {
+ domain
+ -init
} init_svc_debug_prop:property_service set;
neverallow {
@@ -422,6 +432,8 @@
-init
-shell
-system_app
+ -system_server
+ -mtectrl
} {
arm64_memtag_prop
gwp_asan_prop
@@ -616,7 +628,7 @@
neverallow domain system_and_vendor_property_type:{file property_service} *;
neverallow {
- # Only init and the remote provisioner can set the ro.remote_provisioning.* props
+ # Only init and the remote provisioner can set the remote_provisioning props
domain
-init
-remote_prov_app
@@ -630,6 +642,34 @@
} rollback_test_prop:property_service set;
neverallow {
+ domain
+ -init
+ -apexd
+} ctl_apex_load_prop:property_service set;
+
+neverallow {
+ domain
+ -coredomain
+ -init
+ -dumpstate
+ -apexd
+} ctl_apex_load_prop:file no_rw_file_perms;
+
+neverallow {
+ domain
+ -init
+ -apexd
+} apex_ready_prop:property_service set;
+
+neverallow {
+ domain
+ -coredomain
+ -dumpstate
+ -apexd
+ -vendor_init
+} apex_ready_prop:file no_rw_file_perms;
+
+neverallow {
# Only allow init and profcollectd to access profcollectd_node_id_prop
domain
-init
@@ -637,3 +677,20 @@
-profcollectd
} profcollectd_node_id_prop:file r_file_perms;
+neverallow {
+ domain
+ -init
+} log_file_logger_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -vendor_init
+} usb_uvc_enabled_prop:property_service set;
+
+# Disallow non system apps from reading ro.usb.uvc.enabled
+neverallow {
+ appdomain
+ -system_app
+ -device_as_webcam
+} usb_uvc_enabled_prop:file no_rw_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index ac288f0..a343a82 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -43,6 +43,7 @@
log. u:object_r:log_prop:s0
log.tag u:object_r:log_tag_prop:s0
log.tag.WifiHAL u:object_r:wifi_log_prop:s0
+ro.log.file_logger.path u:object_r:log_file_logger_prop:s0 exact string
security.perf_harden u:object_r:shell_prop:s0
persist.simpleperf.profile_app_uid u:object_r:shell_prop:s0
persist.simpleperf.profile_app_expiration_time u:object_r:shell_prop:s0
@@ -162,6 +163,8 @@
ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0
ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
+ctl.apex_load$ u:object_r:ctl_apex_load_prop:s0
+ctl.apex_unload$ u:object_r:ctl_apex_load_prop:s0
# Restrict access to starting/stopping adbd
ctl.start$adbd u:object_r:ctl_adbd_prop:s0
@@ -218,6 +221,9 @@
# heapprofd properties
heapprofd. u:object_r:heapprofd_prop:s0
+# servicemanager properties
+servicemanager.ready u:object_r:servicemanager_prop:s0 exact bool
+
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
@@ -241,6 +247,7 @@
device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0
persist.device_config.activity_manager_native_boot. u:object_r:device_config_activity_manager_native_boot_prop:s0
persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
+persist.device_config.camera_native. u:object_r:device_config_camera_native_prop:s0
persist.device_config.configuration. u:object_r:device_config_configuration_prop:s0
persist.device_config.connectivity. u:object_r:device_config_connectivity_prop:s0
persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
@@ -249,6 +256,7 @@
persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
persist.device_config.nnapi_native. u:object_r:device_config_nnapi_native_prop:s0
persist.device_config.profcollect_native_boot. u:object_r:device_config_profcollect_native_boot_prop:s0
+persist.device_config.remote_key_provisioning_native. u:object_r:device_config_remote_key_provisioning_native_prop:s0
persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0
persist.device_config.statsd_native. u:object_r:device_config_statsd_native_prop:s0
@@ -260,6 +268,8 @@
persist.device_config.vendor_system_native_boot. u:object_r:device_config_vendor_system_native_boot_prop:s0
persist.device_config.virtualization_framework_native. u:object_r:device_config_virtualization_framework_native_prop:s0
persist.device_config.window_manager_native_boot. u:object_r:device_config_window_manager_native_boot_prop:s0
+persist.device_config.memory_safety_native_boot. u:object_r:device_config_memory_safety_native_boot_prop:s0
+persist.device_config.memory_safety_native. u:object_r:device_config_memory_safety_native_prop:s0
# F2FS smart idle maint prop
persist.device_config.storage_native_boot.smart_idle_maint_enabled u:object_r:smart_idle_maint_enabled_prop:s0 exact bool
@@ -274,12 +284,17 @@
persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
apexd. u:object_r:apexd_prop:s0
+apexd.config. u:object_r:apexd_config_prop:s0
apexd.config.dm_delete.timeout u:object_r:apexd_config_prop:s0 exact uint
apexd.config.dm_create.timeout u:object_r:apexd_config_prop:s0 exact uint
+apexd.config.loop_wait.attempts u:object_r:apexd_config_prop:s0 exact uint
persist.apexd. u:object_r:apexd_prop:s0
persist.vendor.apex. u:object_r:apexd_select_prop:s0
ro.boot.vendor.apex. u:object_r:apexd_select_prop:s0
+# Property that indicates if an apex is ready: apex.<apex-name>.ready
+apex. u:object_r:apex_ready_prop:s0 prefix bool
+
bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0 exact bool
gsid. u:object_r:gsid_prop:s0
@@ -308,6 +323,8 @@
ro.virtual_ab.compression.xor.enabled u:object_r:virtual_ab_prop:s0 exact bool
ro.virtual_ab.userspace.snapshots.enabled u:object_r:virtual_ab_prop:s0 exact bool
ro.virtual_ab.io_uring.enabled u:object_r:virtual_ab_prop:s0 exact bool
+ro.virtual_ab.compression.threads u:object_r:virtual_ab_prop:s0 exact bool
+ro.virtual_ab.batch_writes u:object_r:virtual_ab_prop:s0 exact bool
snapuserd.ready u:object_r:snapuserd_prop:s0 exact bool
snapuserd.proxy_ready u:object_r:snapuserd_prop:s0 exact bool
snapuserd.test.dm.snapshots u:object_r:snapuserd_prop:s0 exact bool
@@ -358,6 +375,9 @@
# Boolean property used in AudioService to configure whether
# spatializer functionality should be initialized
ro.audio.spatializer_enabled u:object_r:audio_config_prop:s0 exact bool
+# Boolean property used in AudioService to configure whether
+# to enable head tracking for spatial audio
+ro.audio.headtracking_enabled u:object_r:audio_config_prop:s0 exact bool
persist.config.calibration_fac u:object_r:camera_calibration_prop:s0 exact string
@@ -455,7 +475,6 @@
dalvik.vm.restore-dex2oat-cpu-set u:object_r:dalvik_config_prop:s0 exact string
dalvik.vm.restore-dex2oat-threads u:object_r:dalvik_config_prop:s0 exact int
dalvik.vm.usejit u:object_r:dalvik_config_prop:s0 exact bool
-dalvik.vm.usejitprofiles u:object_r:dalvik_config_prop:s0 exact bool
dalvik.vm.zygote.max-boot-retry u:object_r:dalvik_config_prop:s0 exact int
persist.sys.dalvik.vm.lib.2 u:object_r:dalvik_runtime_prop:s0 exact string
@@ -476,13 +495,18 @@
media.stagefright.thumbnail.prefer_hw_codecs u:object_r:media_config_prop:s0 exact bool
persist.sys.media.avsync u:object_r:media_config_prop:s0 exact bool
-persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
-persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
-persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
-persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
-persist.bluetooth.btsnoopdefaultmode u:object_r:bluetooth_prop:s0 exact enum empty disabled filtered full
-persist.bluetooth.btsnooplogmode u:object_r:bluetooth_prop:s0 exact enum empty disabled filtered full
-persist.bluetooth.factoryreset u:object_r:bluetooth_prop:s0 exact bool
+persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
+persist.bluetooth.a2dp_offload.disabled u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
+persist.bluetooth.bluetooth_audio_hal.disabled u:object_r:bluetooth_audio_hal_prop:s0 exact bool
+persist.bluetooth.btsnoopenable u:object_r:exported_bluetooth_prop:s0 exact bool
+persist.bluetooth.btsnoopdefaultmode u:object_r:bluetooth_prop:s0 exact enum empty disabled filtered full
+persist.bluetooth.btsnooplogmode u:object_r:bluetooth_prop:s0 exact enum empty disabled filtered full
+persist.bluetooth.snooplogfilter.headers.enabled u:object_r:bluetooth_prop:s0 exact bool
+persist.bluetooth.snooplogfilter.profiles.a2dp.enabled u:object_r:bluetooth_prop:s0 exact bool
+persist.bluetooth.snooplogfilter.profiles.map u:object_r:bluetooth_prop:s0 exact enum empty disabled fullfilter header magic
+persist.bluetooth.snooplogfilter.profiles.pbap u:object_r:bluetooth_prop:s0 exact enum empty disabled fullfilter header magic
+persist.bluetooth.snooplogfilter.profiles.rfcomm.enabled u:object_r:bluetooth_prop:s0 exact bool
+persist.bluetooth.factoryreset u:object_r:bluetooth_prop:s0 exact bool
bluetooth.hardware.power.operating_voltage_mv u:object_r:bluetooth_config_prop:s0 exact int
bluetooth.hardware.power.idle_cur_ma u:object_r:bluetooth_config_prop:s0 exact int
@@ -493,6 +517,8 @@
bluetooth.framework.adapter_address_validation u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.core.gap.le.privacy.enabled u:object_r:bluetooth_config_prop:s0 exact bool
+bluetooth.core.gap.le.conn.min.limit u:object_r:bluetooth_config_prop:s0 exact int
+bluetooth.core.gap.le.conn.only_init_1m_phy.enabled u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.device.default_name u:object_r:bluetooth_config_prop:s0 exact string
bluetooth.device.class_of_device u:object_r:bluetooth_config_prop:s0 exact string
@@ -526,6 +552,36 @@
bluetooth.profile.sap.server.enabled u:object_r:bluetooth_config_prop:s0 exact bool
bluetooth.profile.vcp.controller.enabled u:object_r:bluetooth_config_prop:s0 exact bool
+bluetooth.core.acl.link_supervision_timeout u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.classic.page_scan_type u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.classic.page_scan_interval u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.classic.page_scan_window u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.classic.inq_scan_type u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.classic.inq_scan_interval u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.classic.inq_scan_window u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.classic.page_timeout u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.classic.sniff_max_intervals u:object_r:bluetooth_config_prop:s0 exact string
+bluetooth.core.classic.sniff_min_intervals u:object_r:bluetooth_config_prop:s0 exact string
+bluetooth.core.classic.sniff_attempts u:object_r:bluetooth_config_prop:s0 exact string
+bluetooth.core.classic.sniff_timeouts u:object_r:bluetooth_config_prop:s0 exact string
+
+bluetooth.core.le.min_connection_interval u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.max_connection_interval u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.connection_latency u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.connection_supervision_timeout u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.direct_connection_timeout u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.connection_scan_interval_fast u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.connection_scan_window_fast u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.connection_scan_window_2m_fast u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.connection_scan_window_coded_fast u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.connection_scan_interval_slow u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.connection_scan_window_slow u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.inquiry_scan_interval u:object_r:bluetooth_config_prop:s0 exact uint
+bluetooth.core.le.inquiry_scan_window u:object_r:bluetooth_config_prop:s0 exact uint
+
+bluetooth.core.le.vendor_capabilities.enabled u:object_r:bluetooth_config_prop:s0 exact bool
+bluetooth.sco.disable_enhanced_connection u:object_r:bluetooth_config_prop:s0 exact bool
+
persist.nfc.debug_enabled u:object_r:nfc_prop:s0 exact bool
persist.radio.multisim.config u:object_r:radio_control_prop:s0 exact string
@@ -543,21 +599,32 @@
ro.hdmi.cec.source.send_standby_on_sleep u:object_r:hdmi_config_prop:s0 exact enum to_tv broadcast none
ro.hdmi.cec.source.playback_device_action_on_routing_control u:object_r:hdmi_config_prop:s0 exact enum none wake_up_only wake_up_and_send_active_source
-pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.cmdline u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
-pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
-pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.install-fast u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.install-bulk u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.install-bulk-secondary u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.install-bulk-downgraded u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.install-bulk-secondary-downgraded u:object_r:exported_pm_prop:s0 exact string
-pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.bg-dexopt.concurrency u:object_r:exported_pm_prop:s0 exact int
+pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.first-boot.concurrency u:object_r:exported_pm_prop:s0 exact int
+pm.dexopt.boot-after-ota u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.boot-after-ota.concurrency u:object_r:exported_pm_prop:s0 exact int
+pm.dexopt.boot-after-mainline-update u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.boot-after-mainline-update.concurrency u:object_r:exported_pm_prop:s0 exact int
+
+pm.dexopt.post-boot u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.cmdline u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install-fast u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install-bulk u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install-bulk-secondary u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install-bulk-downgraded u:object_r:exported_pm_prop:s0 exact string
+pm.dexopt.install-bulk-secondary-downgraded u:object_r:exported_pm_prop:s0 exact string
+
+pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
+
+pm.dexopt.disable_bg_dexopt u:object_r:exported_pm_prop:s0 exact bool
+pm.dexopt.downgrade_after_inactive_days u:object_r:exported_pm_prop:s0 exact int
+
+pm.dexopt. u:object_r:future_pm_prop:s0 prefix
ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
@@ -599,6 +666,11 @@
external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
external_storage.cross_user.enabled u:object_r:storage_config_prop:s0 exact bool
ro.fuse.bpf.enabled u:object_r:storage_config_prop:s0 exact bool
+ro.fuse.bpf.is_running u:object_r:vold_status_prop:s0 exact bool
+
+# hypervisor.*: configured by the vendor to advertise capabilities of their
+# hypervisor to virtualizationservice.
+hypervisor.memory_reclaim.supported u:object_r:hypervisor_restricted_prop:s0 exact bool
ro.config.per_app_memcg u:object_r:lmkd_config_prop:s0 exact bool
ro.lmk.critical u:object_r:lmkd_config_prop:s0 exact int
@@ -636,6 +708,10 @@
ro.rebootescrow.device u:object_r:rebootescrow_hal_prop:s0 exact string
+ro.recovery.usb.vid u:object_r:recovery_usb_config_prop:s0 exact string
+ro.recovery.usb.adb.pid u:object_r:recovery_usb_config_prop:s0 exact string
+ro.recovery.usb.fastboot.pid u:object_r:recovery_usb_config_prop:s0 exact string
+
ro.storage_manager.enabled u:object_r:storagemanager_config_prop:s0 exact bool
ro.storage_manager.show_opt_in u:object_r:storagemanager_config_prop:s0 exact bool
@@ -664,6 +740,7 @@
sys.usb.config. u:object_r:usb_prop:s0
sys.usb.ffs.aio_compat u:object_r:ffs_config_prop:s0 exact bool
+sys.usb.ffs.io_uring_enabled u:object_r:ffs_config_prop:s0 exact bool
sys.usb.ffs.max_read u:object_r:ffs_config_prop:s0 exact int
sys.usb.ffs.max_write u:object_r:ffs_config_prop:s0 exact int
@@ -745,8 +822,26 @@
net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
-persist.sys.locale u:object_r:exported_system_prop:s0 exact string
-persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
+# Settings system properties containing mutable "global" device settings.
+#
+# These can't be Android settings because they are also read by low-level
+# binaries that don't have access to "real" SettingsProvider settings. This
+# will usually be because of when they execute, e.g. during boot when Android
+# services are not yet running, and/or because they are needed by binaries that
+# are not "Android aware", i.e. they have light integration with the Android
+# platform via the low-level system properties lib. Processes like shell may
+# modify these for testing purposes, but doing so is generally discouraged;
+# updates to these props will generally require intents to be sent to
+# long-running Android apps so they can update cached data and their UI state.
+persist.sys.locale u:object_r:locale_prop:s0 exact string
+persist.sys.timezone u:object_r:timezone_prop:s0 exact string
+
+# Time zone metadata system properties. Holds information associated with the
+# device's time zone and will therefore be written to at the same time. Unlike
+# timezone_prop props, these do not need to be read by other processes.
+persist.sys.timezone_confidence u:object_r:timezone_metadata_prop:s0 exact uint
+
+persist.sys.mte.permissive u:object_r:permissive_mte_prop:s0 exact string
persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
ro.arch u:object_r:build_prop:s0 exact string
@@ -759,6 +854,7 @@
ro.boot.bootloader u:object_r:bootloader_prop:s0 exact string
ro.boot.boottime u:object_r:bootloader_prop:s0 exact string
ro.boot.console u:object_r:bootloader_prop:s0 exact string
+ro.boot.ddr_size u:object_r:bootloader_prop:s0 exact string
ro.boot.hardware u:object_r:bootloader_prop:s0 exact string
ro.boot.hardware.color u:object_r:bootloader_prop:s0 exact string
ro.boot.hardware.sku u:object_r:bootloader_prop:s0 exact string
@@ -815,7 +911,8 @@
ro.actionable_compatible_property.enabled u:object_r:build_prop:s0 exact bool
-ro.debuggable u:object_r:userdebug_or_eng_prop:s0 exact bool
+ro.debuggable u:object_r:userdebug_or_eng_prop:s0 exact bool
+ro.force.debuggable u:object_r:build_prop:s0 exact bool
ro.treble.enabled u:object_r:build_prop:s0 exact bool
@@ -976,6 +1073,11 @@
ro.product.vendor_dlkm.model u:object_r:build_vendor_prop:s0 exact string
ro.product.vendor_dlkm.name u:object_r:build_vendor_prop:s0 exact string
+# build props for attestation feature are set by property_service
+ro.product.brand_for_attestation u:object_r:build_attestation_prop:s0 exact string
+ro.product.model_for_attestation u:object_r:build_attestation_prop:s0 exact string
+ro.product.name_for_attestation u:object_r:build_attestation_prop:s0 exact string
+
# GRF property for the first api level of the vendor partition
ro.board.first_api_level u:object_r:build_vendor_prop:s0 exact int
ro.board.api_level u:object_r:build_vendor_prop:s0 exact int
@@ -1069,6 +1171,7 @@
ro.hardware.consumerir u:object_r:exported_default_prop:s0 exact string
ro.hardware.context_hub u:object_r:exported_default_prop:s0 exact string
ro.hardware.egl u:object_r:exported_default_prop:s0 exact string
+ro.hardware.egl_legacy u:object_r:graphics_config_prop:s0 exact string
ro.hardware.fingerprint u:object_r:exported_default_prop:s0 exact string
ro.hardware.flp u:object_r:exported_default_prop:s0 exact string
ro.hardware.gatekeeper u:object_r:exported_default_prop:s0 exact string
@@ -1108,6 +1211,9 @@
ro.kernel.qemu. u:object_r:exported_default_prop:s0
ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
+# This property is used by init to store the original value or /proc/sys/vm/watermark_scale_factor
+ro.kernel.watermark_scale_factor u:object_r:init_storage_prop:s0 exact int
+
ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
ro.product.vndk.version u:object_r:vndk_prop:s0 exact string
@@ -1179,6 +1285,7 @@
ro.surface_flinger.color_space_agnostic_dataspace u:object_r:surfaceflinger_prop:s0 exact int
ro.surface_flinger.refresh_rate_switching u:object_r:surfaceflinger_prop:s0 exact bool
ro.surface_flinger.update_device_product_info_on_hotplug_reconnect u:object_r:surfaceflinger_prop:s0 exact bool
+ro.surface_flinger.enable_adpf_cpu_hint u:object_r:surfaceflinger_prop:s0 exact bool
ro.surface_flinger.enable_frame_rate_override u:object_r:surfaceflinger_prop:s0 exact bool
ro.surface_flinger.enable_layer_caching u:object_r:surfaceflinger_prop:s0 exact bool
ro.surface_flinger.display_update_imminent_timeout_ms u:object_r:surfaceflinger_prop:s0 exact int
@@ -1251,6 +1358,9 @@
# Graphics related properties
ro.opengles.version u:object_r:graphics_config_prop:s0 exact int
+ro.egl.blobcache.multifile u:object_r:graphics_config_prop:s0 exact bool
+ro.egl.blobcache.multifile_limit u:object_r:graphics_config_prop:s0 exact int
+
ro.gfx.driver.0 u:object_r:graphics_config_prop:s0 exact string
ro.gfx.driver.1 u:object_r:graphics_config_prop:s0 exact string
ro.gfx.angle.supported u:object_r:graphics_config_prop:s0 exact bool
@@ -1276,12 +1386,21 @@
remote_provisioning.strongbox.rkp_only u:object_r:remote_prov_prop:s0 exact bool
remote_provisioning.tee.rkp_only u:object_r:remote_prov_prop:s0 exact bool
+# Hostname for the remote provisioning server a device should communicate with
+remote_provisioning.hostname u:object_r:remote_prov_prop:s0 exact string
+
+# Indicates the system should use rkpd instead of RemoteProvisioner
+remote_provisioning.enable_rkpd u:object_r:remote_prov_prop:s0 exact bool
+
# Broadcast boot stages, which keystore listens to
keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int
# Property that tracks keystore crash counts during a boot cycle.
keystore.crash_count u:object_r:keystore_crash_prop:s0 exact int
+# Configure the means by which we protect the L0 key from the future
+ro.keystore.boot_level_key.strategy u:object_r:keystore_config_prop:s0 exact string
+
partition.system.verified u:object_r:verity_status_prop:s0 exact string
partition.system_ext.verified u:object_r:verity_status_prop:s0 exact string
partition.product.verified u:object_r:verity_status_prop:s0 exact string
@@ -1348,5 +1467,58 @@
# virtualization service properties
virtualizationservice.state.last_cid u:object_r:virtualizationservice_prop:s0 exact uint
+# properties for the virtual Face HAL
+persist.vendor.face.virtual.type u:object_r:virtual_face_hal_prop:s0 exact string
+persist.vendor.face.virtual.strength u:object_r:virtual_face_hal_prop:s0 exact string
+persist.vendor.face.virtual.enrollments u:object_r:virtual_face_hal_prop:s0 exact string
+persist.vendor.face.virtual.features u:object_r:virtual_face_hal_prop:s0 exact string
+vendor.face.virtual.enrollment_hit u:object_r:virtual_face_hal_prop:s0 exact int
+vendor.face.virtual.operation_start_enroll_latency u:object_r:virtual_face_hal_prop:s0 exact int
+vendor.face.virtual.next_enrollment u:object_r:virtual_face_hal_prop:s0 exact string
+vendor.face.virtual.authenticator_id u:object_r:virtual_face_hal_prop:s0 exact int
+vendor.face.virtual.challenge u:object_r:virtual_face_hal_prop:s0 exact int
+vendor.face.virtual.lockout u:object_r:virtual_face_hal_prop:s0 exact bool
+vendor.face.virtual.operation_authenticate_fails u:object_r:virtual_face_hal_prop:s0 exact bool
+vendor.face.virtual.operation_detect_interaction_fails u:object_r:virtual_face_hal_prop:s0 exact bool
+vendor.face.virtual.operation_enroll_fails u:object_r:virtual_face_hal_prop:s0 exact bool
+vendor.face.virtual.operation_authenticate_latency u:object_r:virtual_face_hal_prop:s0 exact int
+vendor.face.virtual.operation_detect_interaction_latency u:object_r:virtual_face_hal_prop:s0 exact int
+vendor.face.virtual.operation_authenticate_duration u:object_r:virtual_face_hal_prop:s0 exact int
+
+# properties for the virtual Fingerprint HAL
+persist.vendor.fingerprint.virtual.type u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+persist.vendor.fingerprint.virtual.enrollments u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+persist.vendor.fingerprint.virtual.lockout u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.authenticator_id u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.sensor_location u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+persist.vendor.fingerprint.virtual.sensor_id u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.sensor_strength u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.max_enrollments u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.navigation_guesture u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.detect_interaction u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.udfps.display_touch u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.udfps.control_illumination u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.lockout_enable u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+persist.vendor.fingerprint.virtual.lockout_timed_threshold u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.lockout_timed_duration u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+persist.vendor.fingerprint.virtual.lockout_permanent_threshold u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+vendor.fingerprint.virtual.enrollment_hit u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+vendor.fingerprint.virtual.next_enrollment u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+vendor.fingerprint.virtual.challenge u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+vendor.fingerprint.virtual.operation_authenticate_fails u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+vendor.fingerprint.virtual.operation_detect_interaction_fails u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+vendor.fingerprint.virtual.operation_enroll_fails u:object_r:virtual_fingerprint_hal_prop:s0 exact bool
+vendor.fingerprint.virtual.operation_authenticate_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+vendor.fingerprint.virtual.operation_detect_interaction_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+vendor.fingerprint.virtual.operation_enroll_latency u:object_r:virtual_fingerprint_hal_prop:s0 exact string
+vendor.fingerprint.virtual.operation_authenticate_duration u:object_r:virtual_fingerprint_hal_prop:s0 exact int
+
+# properties for tuner
+ro.tuner.lazyhal u:object_r:tuner_config_prop:s0 exact bool
+tuner.server.enable u:object_r:tuner_server_ctl_prop:s0 exact bool
+
# Adaptive haptics settings property
vibrator.adaptive_haptics.enabled u:object_r:adaptive_haptics_prop:s0 exact string
+
+# UVC Gadget property
+ro.usb.uvc.enabled u:object_r:usb_uvc_enabled_prop:s0 exact bool
diff --git a/private/remote_prov_app.te b/private/remote_prov_app.te
index f49eb63..d5f8e3f 100644
--- a/private/remote_prov_app.te
+++ b/private/remote_prov_app.te
@@ -8,6 +8,9 @@
# The app needs access to properly build a DeviceInfo package for the verifying server
get_prop(remote_prov_app, vendor_security_patch_level_prop)
+# if rkpd is enabled, remote provisioner is a noop
+get_prop(remote_prov_app, device_config_remote_key_provisioning_native_prop)
+
allow remote_prov_app {
app_api_service
mediametrics_service
diff --git a/private/rkpd.te b/private/rkpd.te
new file mode 100644
index 0000000..45e3e8d
--- /dev/null
+++ b/private/rkpd.te
@@ -0,0 +1,15 @@
+# Policies for Remote Key Provisioning Daemon (rkpd)
+type rkpd, domain;
+type rkpd_exec, system_file_type, exec_type, file_type;
+
+typeattribute rkpd coredomain;
+
+binder_use(rkpd)
+binder_service(rkpd)
+
+init_daemon_domain(rkpd)
+
+add_service(rkpd, rkpd_registrar_service)
+add_service(rkpd, rkpd_refresh_service)
+
+get_prop(rkpd, device_config_remote_key_provisioning_native_prop)
diff --git a/private/rkpd_app.te b/private/rkpd_app.te
new file mode 100644
index 0000000..2d25540
--- /dev/null
+++ b/private/rkpd_app.te
@@ -0,0 +1,26 @@
+###
+### A domain for sandboxing the remote key provisioning daemon
+### app that is shipped via mainline.
+###
+typeattribute rkpdapp coredomain;
+
+app_domain(rkpdapp)
+net_domain(rkpdapp)
+
+# RKPD needs to be able to call the remote provisioning HALs
+hal_client_domain(rkpdapp, hal_keymint)
+
+# Grant access to certain system properties related to RKP
+get_prop(rkpdapp, device_config_remote_key_provisioning_native_prop)
+get_prop(rkpdapp, remote_prov_prop)
+
+# Grant access to the normal services that are available to all apps
+allow rkpdapp app_api_service:service_manager find;
+
+# Grant access to media.metrics service, needed for widevine. This
+# access is granted to all other apps already (e.g. untrusted_app_all).
+allow rkpdapp mediametrics_service:service_manager find;
+
+# Grant access to statsd
+allow rkpdapp statsmanager_service:service_manager find;
+binder_call(rkpdapp, statsd)
diff --git a/private/runas_app.te b/private/runas_app.te
index c1b354a..a5f47f4 100644
--- a/private/runas_app.te
+++ b/private/runas_app.te
@@ -14,7 +14,7 @@
r_dir_file(runas_app, untrusted_app_all)
# Allow lldb/ndk-gdb/simpleperf to ptrace attach to debuggable app processes.
-allow runas_app untrusted_app_all:process { ptrace signal sigstop };
+allow runas_app untrusted_app_all:process { ptrace sigkill signal sigstop };
allow runas_app untrusted_app_all:unix_stream_socket connectto;
# Allow executing system image simpleperf without a domain transition.
diff --git a/private/sdk_sandbox.te b/private/sdk_sandbox.te
index 20d3adf..cfcf2a4 100644
--- a/private/sdk_sandbox.te
+++ b/private/sdk_sandbox.te
@@ -10,12 +10,134 @@
net_domain(sdk_sandbox)
app_domain(sdk_sandbox)
+# TODO(b/252967582): remove this rule if it generates too much logs traffic.
+auditallow sdk_sandbox {
+ property_type
+ # remove expected properties to reduce noise.
+ -servicemanager_prop
+ -hwservicemanager_prop
+ -use_memfd_prop
+ -binder_cache_system_server_prop
+ -graphics_config_prop
+ -persist_wm_debug_prop
+ -aaudio_config_prop
+ -adbd_config_prop
+ -apex_ready_prop
+ -apexd_select_prop
+ -arm64_memtag_prop
+ -audio_prop
+ -binder_cache_bluetooth_server_prop
+ -binder_cache_telephony_server_prop
+ -bluetooth_config_prop
+ -boot_status_prop
+ -bootloader_prop
+ -bq_config_prop
+ -build_odm_prop
+ -build_prop
+ -build_vendor_prop
+ -camera2_extensions_prop
+ -camera_calibration_prop
+ -camera_config_prop
+ -camerax_extensions_prop
+ -codec2_config_prop
+ -config_prop
+ -cppreopt_prop
+ -dalvik_config_prop
+ -dalvik_prop
+ -dalvik_runtime_prop
+ -dck_prop
+ -debug_prop
+ -debuggerd_prop
+ -default_prop
+ -device_config_memory_safety_native_boot_prop
+ -device_config_memory_safety_native_prop
+ -device_config_nnapi_native_prop
+ -device_config_runtime_native_boot_prop
+ -device_config_runtime_native_prop
+ -dhcp_prop
+ -dumpstate_prop
+ -exported3_system_prop
+ -exported_config_prop
+ -exported_default_prop
+ -exported_dumpstate_prop
+ -exported_pm_prop
+ -exported_system_prop
+ -ffs_config_prop
+ -fingerprint_prop
+ -framework_status_prop
+ -gwp_asan_prop
+ -hal_instrumentation_prop
+ -hdmi_config_prop
+ -heapprofd_prop
+ -hw_timeout_multiplier_prop
+ -init_service_status_private_prop
+ -init_service_status_prop
+ -libc_debug_prop
+ -lmkd_config_prop
+ -locale_prop
+ -localization_prop
+ -log_file_logger_prop
+ -log_prop
+ -log_tag_prop
+ -logd_prop
+ -media_config_prop
+ -media_variant_prop
+ -mediadrm_config_prop
+ -module_sdkextensions_prop
+ -net_radio_prop
+ -nfc_prop
+ -nnapi_ext_deny_product_prop
+ -ota_prop
+ -packagemanager_config_prop
+ -pan_result_prop
+ -permissive_mte_prop
+ -persist_debug_prop
+ -pm_prop
+ -powerctl_prop
+ -property_service_version_prop
+ -radio_control_prop
+ -radio_prop
+ -restorecon_prop
+ -rollback_test_prop
+ -sendbug_config_prop
+ -setupwizard_prop
+ -shell_prop
+ -soc_prop
+ -socket_hook_prop
+ -sqlite_log_prop
+ -storagemanager_config_prop
+ -surfaceflinger_color_prop
+ -surfaceflinger_prop
+ -system_prop
+ -system_user_mode_emulation_prop
+ -systemsound_config_prop
+ -telephony_config_prop
+ -telephony_status_prop
+ -test_harness_prop
+ -timezone_prop
+ -usb_config_prop
+ -usb_control_prop
+ -usb_prop
+ -userdebug_or_eng_prop
+ -userspace_reboot_config_prop
+ -userspace_reboot_exported_prop
+ -userspace_reboot_log_prop
+ -userspace_reboot_test_prop
+ -vendor_socket_hook_prop
+ -vndk_prop
+ -vold_config_prop
+ -vold_prop
+ -vold_status_prop
+ -vts_config_prop
+ -vts_status_prop
+ -wifi_log_prop
+ -zygote_config_prop
+ -zygote_wrap_prop
+ -init_service_status_prop
+}:file { getattr open read map };
+
# Allow finding services. This is different from ephemeral_app policy.
# Adding services manually to the allowlist is preferred hence app_api_service is not used.
-# Audit the access to signal that we are still investigating whether sdk_sandbox
-# should have access to audio_service
-# TODO(b/211632068): remove this line
-auditallow sdk_sandbox audio_service:service_manager find;
allow sdk_sandbox activity_service:service_manager find;
allow sdk_sandbox activity_task_service:service_manager find;
@@ -92,13 +214,9 @@
allow sdk_sandbox system_linker_exec:file execute_no_trans;
-# Write app-specific trace data to the Perfetto traced damon. This requires
-# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-perfetto_producer(sdk_sandbox)
-
-# Allow profiling if the app opts in by being marked profileable/debuggable.
-can_profile_heap(sdk_sandbox)
-can_profile_perf(sdk_sandbox)
+# Required to read CTS tests data from the shell_data_file location.
+allow sdk_sandbox shell_data_file:file r_file_perms;
+allow sdk_sandbox shell_data_file:dir r_dir_perms;
# allow sdk sandbox to use UDP sockets provided by the system server but not
# modify them other than to connect
diff --git a/private/seapp_contexts b/private/seapp_contexts
index b26d977..878d50e 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -11,6 +11,7 @@
# isPrivApp (boolean)
# minTargetSdkVersion (unsigned integer)
# fromRunAs (boolean)
+# isIsolatedComputeApp (boolean)
#
# All specified input selectors in an entry must match (i.e. logical AND).
# An unspecified string or boolean selector with no default will match any
@@ -40,6 +41,11 @@
# it has a default value of 0.
# fromRunAs=true means the process being labeled is started by run-as. Default
# is false.
+# isIsolatedComputeApp=true means the process re-uses an isolated Uid but not
+# restricted to run in an isolated_app domain. Processes match this selector will
+# be mapped to isolated_compute_app by default. It is expected to be used together
+# with user=_isolated. This selector should not be used unless it is intended
+# to provide isolated processes with relaxed security restrictions.
#
# Precedence: entries are compared using the following rules, in the order shown
# (see external/selinux/libselinux/src/android/android_platform.c,
@@ -57,6 +63,7 @@
# minTargetSdkVersion= integer. Note that minTargetSdkVersion=
# defaults to 0 if unspecified.
# (8) fromRunAs=true before fromRunAs=false.
+# (9) isIsolatedComputeApp=true before isIsolatedComputeApp=false
# (A fixed selector is more specific than a prefix, i.e. ending in *, and a
# longer prefix is more specific than a shorter prefix.)
# Apps are checked against entries in precedence order until the first match,
@@ -122,9 +129,12 @@
# neverallow non-isolated uids into isolated_app domain
# and vice versa
-neverallow user=_isolated domain=((?!isolated_app).)*
+neverallow user=_isolated isIsolatedComputeApp=false domain=((?!isolated_app).)*
neverallow user=((?!_isolated).)* domain=isolated_app
+# neverallow isolatedComputeApp into domains other than isolated_compute_app
+neverallow user=_isolated isIsolatedComputeApp=true domain=((?!isolated_compute_app).)*
+
# uid shell should always be in shell domain, however non-shell
# uid's can be in shell domain
neverallow user=shell domain=((?!shell).)*
@@ -144,6 +154,7 @@
user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
user=_app isPrivApp=true name=com.android.remoteprovisioner domain=remote_prov_app type=app_data_file levelFrom=all
user=system seinfo=platform domain=system_app type=system_app_data_file
+user=system seinfo=platform isPrivApp=true name=com.android.DeviceAsWebcam domain=device_as_webcam type=system_app_data_file levelFrom=all
user=bluetooth seinfo=bluetooth domain=bluetooth type=bluetooth_data_file
user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
user=nfc seinfo=platform domain=nfc type=nfc_data_file
@@ -153,6 +164,7 @@
user=shell seinfo=platform domain=shell name=com.android.shell type=shell_data_file
user=webview_zygote seinfo=webview_zygote domain=webview_zygote
user=_isolated domain=isolated_app levelFrom=user
+user=_isolated isIsolatedComputeApp=true domain=isolated_compute_app levelFrom=user
user=_sdksandbox domain=sdk_sandbox type=sdk_sandbox_data_file levelFrom=all
user=_app seinfo=app_zygote domain=app_zygote levelFrom=user
user=_app seinfo=media domain=mediaprovider type=app_data_file levelFrom=user
@@ -164,11 +176,14 @@
user=_app isPrivApp=true name=com.google.android.providers.media.module domain=mediaprovider_app type=privapp_data_file levelFrom=all
user=_app seinfo=platform isPrivApp=true name=com.android.permissioncontroller domain=permissioncontroller_app type=privapp_data_file levelFrom=all
user=_app isPrivApp=true name=com.android.vzwomatrigger domain=vzwomatrigger_app type=privapp_data_file levelFrom=all
+user=_app isPrivApp=true name=com.android.rkpdapp domain=rkpdapp type=privapp_data_file levelFrom=user
+user=_app isPrivApp=true name=com.google.android.rkpdapp domain=rkpdapp type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms.* domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gms:* domain=gmscore_app type=privapp_data_file levelFrom=user
user=_app isPrivApp=true name=com.google.android.gsf domain=gmscore_app type=privapp_data_file levelFrom=user
-user=_app minTargetSdkVersion=32 domain=untrusted_app type=app_data_file levelFrom=all
+user=_app minTargetSdkVersion=34 domain=untrusted_app type=app_data_file levelFrom=all
+user=_app minTargetSdkVersion=32 domain=untrusted_app_32 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=30 domain=untrusted_app_30 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=29 domain=untrusted_app_29 type=app_data_file levelFrom=all
user=_app minTargetSdkVersion=28 domain=untrusted_app_27 type=app_data_file levelFrom=all
@@ -176,4 +191,3 @@
user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all
user=_app fromRunAs=true domain=runas_app levelFrom=user
-
diff --git a/private/security_classes b/private/security_classes
index 0d3cc80..99f947f 100644
--- a/private/security_classes
+++ b/private/security_classes
@@ -142,6 +142,8 @@
class perf_event
+class io_uring
+
# Introduced in https://github.com/torvalds/linux/commit/59438b46471ae6cdfb761afc8c9beaf1e428a331
class lockdown
diff --git a/private/service.te b/private/service.te
index 1f407a6..8059bfb 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,7 +1,8 @@
type ambient_context_service, app_api_service, system_server_service, service_manager_type;
type attention_service, system_server_service, service_manager_type;
+type bg_install_control_service, system_server_service, service_manager_type;
type compos_service, service_manager_type;
-type communal_service, app_api_service, system_server_service, service_manager_type;
+type communal_service, app_api_service, system_server_service, service_manager_type;
type dynamic_system_service, system_api_service, system_server_service, service_manager_type;
type gsi_service, service_manager_type;
type incidentcompanion_service, app_api_service, system_api_service, system_server_service, service_manager_type;
@@ -10,6 +11,8 @@
type mediatuner_service, app_api_service, service_manager_type;
type profcollectd_service, service_manager_type;
type resolver_service, system_server_service, service_manager_type;
+type rkpd_registrar_service, service_manager_type;
+type rkpd_refresh_service, service_manager_type;
type safety_center_service, app_api_service, system_api_service, system_server_service, service_manager_type;
type stats_service, service_manager_type;
type statsbootstrap_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 72fa166..6af5eab 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -1,20 +1,44 @@
+android.frameworks.cameraservice.service.ICameraService/default u:object_r:fwk_camera_service:s0
+android.frameworks.location.altitude.IAltitudeService/default u:object_r:fwk_altitude_service:s0
+android.frameworks.stats.IStats/default u:object_r:fwk_stats_service:s0
+android.frameworks.sensorservice.ISensorManager/default u:object_r:fwk_sensor_service:s0
android.hardware.audio.core.IConfig/default u:object_r:hal_audio_service:s0
+# 'default' IModule is equivalent to 'primary' in HIDL
android.hardware.audio.core.IModule/default u:object_r:hal_audio_service:s0
+android.hardware.audio.core.IModule/a2dp u:object_r:hal_audio_service:s0
+android.hardware.audio.core.IModule/bluetooth u:object_r:hal_audio_service:s0
+android.hardware.audio.core.IModule/hearing_aid u:object_r:hal_audio_service:s0
+android.hardware.audio.core.IModule/msd u:object_r:hal_audio_service:s0
+android.hardware.audio.core.IModule/r_submix u:object_r:hal_audio_service:s0
+android.hardware.audio.core.IModule/stub u:object_r:hal_audio_service:s0
+android.hardware.audio.core.IModule/usb u:object_r:hal_audio_service:s0
+android.hardware.audio.effect.IFactory/default u:object_r:hal_audio_service:s0
+android.hardware.audio.sounddose.ISoundDoseFactory/default u:object_r:hal_audio_service:s0
android.hardware.authsecret.IAuthSecret/default u:object_r:hal_authsecret_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/0 u:object_r:hal_evs_service:s0
+android.hardware.boot.IBootControl/default u:object_r:hal_bootctl_service:s0
+android.hardware.automotive.can.ICanController/default u:object_r:hal_can_controller_service:s0
android.hardware.automotive.evs.IEvsEnumerator/hw/1 u:object_r:hal_evs_service:s0
-android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.automotive.audiocontrol.IAudioControl/default u:object_r:hal_audiocontrol_service:s0
+android.hardware.automotive.remoteaccess.IRemoteAccess/default u:object_r:hal_remoteaccess_service:s0
+android.hardware.automotive.vehicle.IVehicle/default u:object_r:hal_vehicle_service:s0
android.hardware.biometrics.face.IFace/default u:object_r:hal_face_service:s0
android.hardware.biometrics.fingerprint.IFingerprint/default u:object_r:hal_fingerprint_service:s0
+android.hardware.biometrics.fingerprint.IFingerprint/virtual u:object_r:hal_fingerprint_service:s0
+android.hardware.bluetooth.IBluetoothHci/default u:object_r:hal_bluetooth_service:s0
android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default u:object_r:hal_audio_service:s0
+android.hardware.broadcastradio.IBroadcastRadio/amfm u:object_r:hal_broadcastradio_service:s0
+android.hardware.broadcastradio.IBroadcastRadio/dab u:object_r:hal_broadcastradio_service:s0
# The instance here is internal/0 following naming convention for ICameraProvider.
# It advertises internal camera devices.
android.hardware.camera.provider.ICameraProvider/internal/0 u:object_r:hal_camera_service:s0
+android.hardware.cas.IMediaCasService/default u:object_r:hal_cas_service:s0
+android.hardware.confirmationui.IConfirmationUI/default u:object_r:hal_confirmationui_service:s0
android.hardware.contexthub.IContextHub/default u:object_r:hal_contexthub_service:s0
android.hardware.drm.IDrmFactory/clearkey u:object_r:hal_drm_service:s0
android.hardware.drm.ICryptoFactory/clearkey u:object_r:hal_drm_service:s0
android.hardware.dumpstate.IDumpstateDevice/default u:object_r:hal_dumpstate_service:s0
+android.hardware.fastboot.IFastboot/default u:object_r:hal_fastboot_service:s0
android.hardware.gnss.IGnss/default u:object_r:hal_gnss_service:s0
android.hardware.graphics.allocator.IAllocator/default u:object_r:hal_graphics_allocator_service:s0
android.hardware.graphics.composer3.IComposer/default u:object_r:hal_graphics_composer_service:s0
@@ -34,6 +58,10 @@
android.hardware.radio.data.IRadioData/slot1 u:object_r:hal_radio_service:s0
android.hardware.radio.data.IRadioData/slot2 u:object_r:hal_radio_service:s0
android.hardware.radio.data.IRadioData/slot3 u:object_r:hal_radio_service:s0
+android.hardware.radio.ims.IRadioIms/slot1 u:object_r:hal_radio_service:s0
+android.hardware.radio.ims.IRadioIms/slot2 u:object_r:hal_radio_service:s0
+android.hardware.radio.ims.IRadioIms/slot3 u:object_r:hal_radio_service:s0
+android.hardware.radio.ims.media.IImsMedia/default u:object_r:hal_radio_service:s0
android.hardware.radio.messaging.IRadioMessaging/slot1 u:object_r:hal_radio_service:s0
android.hardware.radio.messaging.IRadioMessaging/slot2 u:object_r:hal_radio_service:s0
android.hardware.radio.messaging.IRadioMessaging/slot3 u:object_r:hal_radio_service:s0
@@ -43,9 +71,15 @@
android.hardware.radio.network.IRadioNetwork/slot1 u:object_r:hal_radio_service:s0
android.hardware.radio.network.IRadioNetwork/slot2 u:object_r:hal_radio_service:s0
android.hardware.radio.network.IRadioNetwork/slot3 u:object_r:hal_radio_service:s0
+android.hardware.radio.satellite.IRadioSatellite/slot1 u:object_r:hal_radio_service:s0
+android.hardware.radio.satellite.IRadioSatellite/slot2 u:object_r:hal_radio_service:s0
+android.hardware.radio.satellite.IRadioSatellite/slot3 u:object_r:hal_radio_service:s0
android.hardware.radio.sim.IRadioSim/slot1 u:object_r:hal_radio_service:s0
android.hardware.radio.sim.IRadioSim/slot2 u:object_r:hal_radio_service:s0
android.hardware.radio.sim.IRadioSim/slot3 u:object_r:hal_radio_service:s0
+android.hardware.radio.sap.ISap/slot1 u:object_r:hal_radio_service:s0
+android.hardware.radio.sap.ISap/slot2 u:object_r:hal_radio_service:s0
+android.hardware.radio.sap.ISap/slot3 u:object_r:hal_radio_service:s0
android.hardware.radio.voice.IRadioVoice/slot1 u:object_r:hal_radio_service:s0
android.hardware.radio.voice.IRadioVoice/slot2 u:object_r:hal_radio_service:s0
android.hardware.radio.voice.IRadioVoice/slot3 u:object_r:hal_radio_service:s0
@@ -53,21 +87,36 @@
android.hardware.security.dice.IDiceDevice/default u:object_r:hal_dice_service:s0
android.hardware.security.keymint.IKeyMintDevice/default u:object_r:hal_keymint_service:s0
android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
+android.hardware.gatekeeper.IGatekeeper/default u:object_r:hal_gatekeeper_service:s0
android.hardware.security.secureclock.ISecureClock/default u:object_r:hal_secureclock_service:s0
android.hardware.security.sharedsecret.ISharedSecret/default u:object_r:hal_sharedsecret_service:s0
android.hardware.sensors.ISensors/default u:object_r:hal_sensors_service:s0
android.hardware.soundtrigger3.ISoundTriggerHw/default u:object_r:hal_audio_service:s0
+android.hardware.tetheroffload.IOffload/default u:object_r:hal_tetheroffload_service:s0
+android.hardware.thermal.IThermal/default u:object_r:hal_thermal_service:s0
+android.hardware.tv.hdmi.cec.IHdmiCec/default u:object_r:hal_tv_hdmi_cec_service:s0
+android.hardware.tv.hdmi.connection.IHdmiConnection/default u:object_r:hal_tv_hdmi_connection_service:s0
+android.hardware.tv.hdmi.earc.IEArc/default u:object_r:hal_tv_hdmi_earc_service:s0
android.hardware.tv.tuner.ITuner/default u:object_r:hal_tv_tuner_service:s0
+android.hardware.tv.input.ITvInput/default u:object_r:hal_tv_input_service:s0
android.hardware.usb.IUsb/default u:object_r:hal_usb_service:s0
+android.hardware.usb.gadget.IUsbGadget/default u:object_r:hal_usb_gadget_service:s0
android.hardware.uwb.IUwb/default u:object_r:hal_uwb_service:s0
android.hardware.vibrator.IVibrator/default u:object_r:hal_vibrator_service:s0
android.hardware.vibrator.IVibratorManager/default u:object_r:hal_vibrator_service:s0
android.hardware.weaver.IWeaver/default u:object_r:hal_weaver_service:s0
+android.hardware.wifi.IWifi/default u:object_r:hal_wifi_service:s0
android.hardware.wifi.hostapd.IHostapd/default u:object_r:hal_wifi_hostapd_service:s0
android.hardware.wifi.supplicant.ISupplicant/default u:object_r:hal_wifi_supplicant_service:s0
-android.frameworks.stats.IStats/default u:object_r:fwk_stats_service:s0
android.se.omapi.ISecureElementService/default u:object_r:secure_element_service:s0
+android.hardware.secure_element.ISecureElement/eSE1 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/eSE2 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/eSE3 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/SIM1 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/SIM2 u:object_r:hal_secure_element_service:s0
+android.hardware.secure_element.ISecureElement/SIM3 u:object_r:hal_secure_element_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
+android.system.net.netd.INetd/default u:object_r:system_net_netd_service:s0
android.system.suspend.ISystemSuspend/default u:object_r:hal_system_suspend_service:s0
accessibility u:object_r:accessibility_service:s0
@@ -117,6 +166,7 @@
audio u:object_r:audio_service:s0
auth u:object_r:auth_service:s0
autofill u:object_r:autofill_service:s0
+background_install_control u:object_r:bg_install_control_service:s0
backup u:object_r:backup_service:s0
batteryproperties u:object_r:batteryproperties_service:s0
batterystats u:object_r:batterystats_service:s0
@@ -135,6 +185,7 @@
com.android.net.IProxyService u:object_r:IProxyService_service:s0
companiondevice u:object_r:companion_device_service:s0
communal u:object_r:communal_service:s0
+credential u:object_r:credential_service:s0
platform_compat u:object_r:platform_compat_service:s0
platform_compat_native u:object_r:platform_compat_service:s0
connectivity u:object_r:connectivity_service:s0
@@ -155,6 +206,7 @@
device_policy u:object_r:device_policy_service:s0
device_identifiers u:object_r:device_identifiers_service:s0
deviceidle u:object_r:deviceidle_service:s0
+device_lock u:object_r:devicelock_service:s0
device_state u:object_r:device_state_service:s0
devicestoragemonitor u:object_r:devicestoragemonitor_service:s0
diskstats u:object_r:diskstats_service:s0
@@ -174,7 +226,6 @@
emergency_affordance u:object_r:emergency_affordance_service:s0
euicc_card_controller u:object_r:radio_service:s0
external_vibrator_service u:object_r:external_vibrator_service:s0
-lowpan u:object_r:lowpan_service:s0
ethernet u:object_r:ethernet_service:s0
face u:object_r:face_service:s0
file_integrity u:object_r:file_integrity_service:s0
@@ -184,11 +235,13 @@
game u:object_r:game_service:s0
gfxinfo u:object_r:gfxinfo_service:s0
gnss_time_update_service u:object_r:gnss_time_update_service:s0
+grammatical_inflection u:object_r:grammatical_inflection_service:s0
graphicsstats u:object_r:graphicsstats_service:s0
gpu u:object_r:gpu_service:s0
hardware u:object_r:hardware_service:s0
hardware_properties u:object_r:hardware_properties_service:s0
hdmi_control u:object_r:hdmi_control_service:s0
+healthconnect u:object_r:healthconnect_service:s0
ions u:object_r:radio_service:s0
idmap u:object_r:idmap_service:s0
incident u:object_r:incident_service:s0
@@ -197,7 +250,6 @@
input_method u:object_r:input_method_service:s0
input u:object_r:input_service:s0
installd u:object_r:installd_service:s0
-iorapd u:object_r:iorapd_service:s0
iphonesubinfo_msim u:object_r:radio_service:s0
iphonesubinfo2 u:object_r:radio_service:s0
iphonesubinfo u:object_r:radio_service:s0
@@ -261,6 +313,7 @@
nfc u:object_r:nfc_service:s0
notification u:object_r:notification_service:s0
oem_lock u:object_r:oem_lock_service:s0
+ondevicepersonalization_system_service u:object_r:ondevicepersonalization_system_service:s0
otadexopt u:object_r:otadexopt_service:s0
overlay u:object_r:overlay_service:s0
pac_proxy u:object_r:pac_proxy_service:s0
@@ -289,9 +342,12 @@
rcs u:object_r:radio_service:s0
reboot_readiness u:object_r:reboot_readiness_service:s0
recovery u:object_r:recovery_service:s0
+remote_provisioning u:object_r:remote_provisioning_service:s0
resolver u:object_r:resolver_service:s0
resources u:object_r:resources_manager_service:s0
restrictions u:object_r:restrictions_service:s0
+rkpd.registrar u:object_r:rkpd_registrar_service:s0
+rkpd.refresh u:object_r:rkpd_refresh_service:s0
role u:object_r:role_service:s0
rollback u:object_r:rollback_service:s0
rttmanager u:object_r:rttmanager_service:s0
@@ -348,7 +404,6 @@
texttospeech u:object_r:texttospeech_service:s0
time_detector u:object_r:timedetector_service:s0
time_zone_detector u:object_r:timezonedetector_service:s0
-timezone u:object_r:timezone_service:s0
thermalservice u:object_r:thermal_service:s0
tracing.proxy u:object_r:tracingproxy_service:s0
translation u:object_r:translation_service:s0
diff --git a/private/servicemanager.te b/private/servicemanager.te
index 6294452..5a69a43 100644
--- a/private/servicemanager.te
+++ b/private/servicemanager.te
@@ -5,3 +5,10 @@
read_runtime_log_tags(servicemanager)
set_prop(servicemanager, ctl_interface_start_prop)
+set_prop(servicemanager, servicemanager_prop)
+
+# servicemanager is using bootstrap bionic
+use_bootstrap_libs(servicemanager)
+
+# servicemanager is using apex_info via libvintf
+use_apex_info(servicemanager)
diff --git a/private/shell.te b/private/shell.te
index c20e612..02105a9 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -121,6 +121,9 @@
allow shell profcollectd:binder call;
')
+# Allow shell to run remount command.
+allow shell remount_exec:file rx_file_perms;
+
# Allow shell to call perf_event_open for profiling other shell processes, but
# not the whole system.
allow shell self:perf_event { open read write kernel };
@@ -181,6 +184,9 @@
get_prop(shell, last_boot_reason_prop)
get_prop(shell, system_boot_reason_prop)
+# Allow shell to execute the remote key provisioning factory tool
+binder_call(shell, hal_keymint)
+
# Allow reading the outcome of perf_event_open LSM support test for CTS.
get_prop(shell, init_perf_lsm_hooks_prop)
diff --git a/private/snapuserd.te b/private/snapuserd.te
index 2e2c473..797a6c2 100644
--- a/private/snapuserd.te
+++ b/private/snapuserd.te
@@ -8,8 +8,6 @@
allow snapuserd kmsg_device:chr_file rw_file_perms;
-allow snapuserd self:capability ipc_lock;
-
# Allow snapuserd to reach block devices in /dev/block.
allow snapuserd block_device:dir search;
@@ -53,3 +51,13 @@
-snapuserd
-init
} snapuserd_prop:property_service set;
+
+# Allow to read/write/create OTA metadata files
+allow snapuserd metadata_file:dir search;
+allow snapuserd ota_metadata_file:dir rw_dir_perms;
+allow snapuserd ota_metadata_file:file create_file_perms;
+
+# This capability allows snapuserd to circumvent memlock rlimits while using
+# io_uring. An Alternative would be to up the memlock rlimit for the snapuserd service.
+allow snapuserd self:capability ipc_lock;
+io_uring_use(snapuserd)
diff --git a/private/stats.te b/private/stats.te
index db29072..89b9488 100644
--- a/private/stats.te
+++ b/private/stats.te
@@ -45,8 +45,10 @@
-incidentd
-keystore
-mediametrics
+ -mediaserver
-platform_app
-priv_app
+ -rkpdapp
-shell
-stats
-statsd
diff --git a/private/su.te b/private/su.te
index 587f449..cc00e10 100644
--- a/private/su.te
+++ b/private/su.te
@@ -19,6 +19,9 @@
# Put the perfetto command into its domain so it is the same on user, userdebug and eng.
domain_auto_trans(su, perfetto_exec, perfetto)
+ # Put the virtmgr command into its domain.
+ domain_auto_trans(su, virtualizationmanager_exec, virtualizationmanager)
+
# su is also permissive to permit setenforce.
permissive su;
@@ -27,4 +30,6 @@
# Do not audit accesses to keystore2 namespace for the su domain.
dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
+ # Allow root to set MTE permissive mode.
+ set_prop(su, permissive_mte_prop);
')
diff --git a/private/surfaceflinger.te b/private/surfaceflinger.te
index bb16f20..91e9aba 100644
--- a/private/surfaceflinger.te
+++ b/private/surfaceflinger.te
@@ -49,6 +49,9 @@
allow surfaceflinger video_device:dir r_dir_perms;
allow surfaceflinger video_device:chr_file rw_file_perms;
+# Access the secure heap.
+allow surfaceflinger dmabuf_system_secure_heap_device:chr_file r_file_perms;
+
# Create and use netlink kobject uevent sockets.
allow surfaceflinger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
@@ -58,7 +61,9 @@
set_prop(surfaceflinger, exported_system_prop)
set_prop(surfaceflinger, exported3_system_prop)
set_prop(surfaceflinger, ctl_bootanim_prop)
+set_prop(surfaceflinger, locale_prop)
set_prop(surfaceflinger, surfaceflinger_display_prop)
+set_prop(surfaceflinger, timezone_prop)
# Get properties.
get_prop(surfaceflinger, qemu_sf_lcd_density_prop)
@@ -130,6 +135,9 @@
# Allow to use files supplied by hal_evs
allow surfaceflinger hal_evs:fd use;
+# Allow to use release fence fds supplied by hal_camera
+allow surfaceflinger hal_camera:fd use;
+
# Allow pushing jank event atoms to statsd
userdebug_or_eng(`
unix_socket_send(surfaceflinger, statsdw, statsd)
diff --git a/private/system_app.te b/private/system_app.te
index 76e5f7d..e2bec30 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -45,8 +45,10 @@
set_prop(system_app, exported_system_prop)
set_prop(system_app, exported3_system_prop)
set_prop(system_app, gesture_prop)
+set_prop(system_app, locale_prop)
set_prop(system_app, logd_prop)
set_prop(system_app, net_radio_prop)
+set_prop(system_app, timezone_prop)
set_prop(system_app, usb_control_prop)
set_prop(system_app, usb_prop)
set_prop(system_app, log_tag_prop)
@@ -88,7 +90,6 @@
-dnsresolver_service
-dumpstate_service
-installd_service
- -iorapd_service
-lpdump_service
-mdns_service
-netd_service
@@ -104,7 +105,6 @@
dnsresolver_service
dumpstate_service
installd_service
- iorapd_service
mdns_service
netd_service
virtual_touchpad_service
@@ -114,6 +114,9 @@
# suppress denials caused by debugfs_tracing
dontaudit system_app debugfs_tracing:file rw_file_perms;
+# Ignore access to zram when Debug.getMemInfo is called.
+dontaudit system_app sysfs_zram:dir search;
+
allow system_app keystore:keystore_key {
get_state
get
@@ -174,8 +177,8 @@
# Settings app reads ro.oem_unlock_supported
get_prop(system_app, oem_unlock_prop)
-# Allow system apps to act as Perfetto producers.
-perfetto_producer(system_app)
+# Settings app reads ro.usb.uvc.enabled
+get_prop(system_app, usb_uvc_enabled_prop)
###
### Neverallow rules
diff --git a/private/system_server.te b/private/system_server.te
index 6d3bc78..4e5b2e8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -5,6 +5,7 @@
typeattribute system_server coredomain;
typeattribute system_server mlstrustedsubject;
+typeattribute system_server remote_provisioning_service_server;
typeattribute system_server scheduler_service_server;
typeattribute system_server sensor_service_server;
typeattribute system_server stats_service_server;
@@ -282,6 +283,7 @@
# Perform Binder IPC.
binder_use(system_server)
binder_call(system_server, appdomain)
+binder_call(system_server, artd)
binder_call(system_server, binderservicedomain)
binder_call(system_server, composd)
binder_call(system_server, dumpstate)
@@ -291,7 +293,6 @@
binder_call(system_server, idmap)
binder_call(system_server, installd)
binder_call(system_server, incidentd)
-binder_call(system_server, iorapd)
binder_call(system_server, netd)
userdebug_or_eng(`binder_call(system_server, profcollectd)')
binder_call(system_server, statsd)
@@ -300,7 +301,6 @@
binder_call(system_server, vold)
binder_call(system_server, logd)
binder_call(system_server, wificond)
-binder_call(system_server, wpantund)
binder_service(system_server)
# Use HALs
@@ -331,6 +331,9 @@
hal_client_domain(system_server, hal_tetheroffload)
hal_client_domain(system_server, hal_thermal)
hal_client_domain(system_server, hal_tv_cec)
+hal_client_domain(system_server, hal_tv_hdmi_cec)
+hal_client_domain(system_server, hal_tv_hdmi_connection)
+hal_client_domain(system_server, hal_tv_hdmi_earc)
hal_client_domain(system_server, hal_tv_input)
hal_client_domain(system_server, hal_usb)
hal_client_domain(system_server, hal_usb_gadget)
@@ -418,7 +421,9 @@
allow system_server mediadrmserver:tcp_socket rw_socket_perms;
allow system_server mediadrmserver:udp_socket rw_socket_perms;
-userdebug_or_eng(`perfetto_producer({ system_server })')
+# Write trace data to the Perfetto traced daemon. This requires connecting to
+# its producer socket and obtaining a (per-process) tmpfs fd.
+perfetto_producer(system_server)
# Get file context
allow system_server file_contexts_file:file r_file_perms;
@@ -491,6 +496,10 @@
allow system_server keychain_data_file:file create_file_perms;
allow system_server keychain_data_file:lnk_file create_file_perms;
+# Read the user parent directories like /data/user. Don't allow write access,
+# as vold is responsible for creating and deleting the subdirectories.
+allow system_server system_userdir_file:dir r_dir_perms;
+
# Manage /data/app.
allow system_server apk_data_file:dir create_dir_perms;
allow system_server apk_data_file:{ file lnk_file } { create_file_perms link };
@@ -600,12 +609,9 @@
allow system_server textclassifier_data_file:dir create_dir_perms;
allow system_server textclassifier_data_file:file create_file_perms;
-# Access /data/tombstones.
-allow system_server tombstone_data_file:dir r_dir_perms;
-allow system_server tombstone_data_file:file r_file_perms;
-
-# Allow write access to be able to truncate tombstones.
-allow system_server tombstone_data_file:file write;
+# Manage /data/tombstones.
+allow system_server tombstone_data_file:dir rw_dir_perms;
+allow system_server tombstone_data_file:file create_file_perms;
# Manage /data/misc/vpn.
allow system_server vpn_data_file:dir create_dir_perms;
@@ -615,10 +621,6 @@
allow system_server wifi_data_file:dir create_dir_perms;
allow system_server wifi_data_file:file create_file_perms;
-# Manage /data/misc/zoneinfo.
-allow system_server zoneinfo_data_file:dir create_dir_perms;
-allow system_server zoneinfo_data_file:file create_file_perms;
-
# Manage /data/app-staging.
allow system_server staging_data_file:dir create_dir_perms;
allow system_server staging_data_file:file create_file_perms;
@@ -695,6 +697,7 @@
# Property Service write
set_prop(system_server, system_prop)
set_prop(system_server, bootanim_system_prop)
+set_prop(system_server, bluetooth_prop)
set_prop(system_server, exported_system_prop)
set_prop(system_server, exported3_system_prop)
set_prop(system_server, safemode_prop)
@@ -721,6 +724,9 @@
set_prop(system_server, provisioned_prop)
set_prop(system_server, retaildemo_prop)
set_prop(system_server, dmesgd_start_prop)
+set_prop(system_server, locale_prop)
+set_prop(system_server, timezone_metadata_prop)
+set_prop(system_server, timezone_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
userdebug_or_eng(`set_prop(system_server, system_user_mode_emulation_prop)')
@@ -741,6 +747,7 @@
set_prop(system_server, device_config_runtime_native_prop)
set_prop(system_server, device_config_lmkd_native_prop)
set_prop(system_server, device_config_media_native_prop)
+set_prop(system_server, device_config_camera_native_prop)
set_prop(system_server, device_config_mglru_native_prop)
set_prop(system_server, device_config_profcollect_native_boot_prop)
set_prop(system_server, device_config_statsd_native_prop)
@@ -755,7 +762,11 @@
set_prop(system_server, device_config_vendor_system_native_prop)
set_prop(system_server, device_config_vendor_system_native_boot_prop)
set_prop(system_server, device_config_virtualization_framework_native_prop)
+set_prop(system_server, device_config_memory_safety_native_boot_prop)
+set_prop(system_server, device_config_memory_safety_native_prop)
+set_prop(system_server, device_config_remote_key_provisioning_native_prop)
set_prop(system_server, smart_idle_maint_enabled_prop)
+set_prop(system_server, arm64_memtag_prop)
# Allow query ART device config properties
get_prop(system_server, device_config_runtime_native_boot_prop)
@@ -822,6 +833,11 @@
# Read persist.wm.debug. properties
get_prop(system_server, persist_wm_debug_prop)
+# Read ro.tuner.lazyhal
+get_prop(system_server, tuner_config_prop)
+# Write tuner.server.enable
+set_prop(system_server, tuner_server_ctl_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
@@ -861,8 +877,8 @@
# Read and delete files under /dev/fscklogs.
r_dir_file(system_server, fscklogs)
-allow system_server fscklogs:dir { write remove_name };
-allow system_server fscklogs:file unlink;
+allow system_server fscklogs:dir { write remove_name add_name };
+allow system_server fscklogs:file rename;
# logd access, system_server inherit logd write socket
# (urge is to deprecate this long term)
@@ -888,6 +904,7 @@
allow system_server sysfs_zram:file rw_file_perms;
add_service(system_server, system_server_service);
+allow system_server artd_service:service_manager find;
allow system_server audioserver_service:service_manager find;
allow system_server authorization_service:service_manager find;
allow system_server batteryproperties_service:service_manager find;
@@ -905,7 +922,6 @@
allow system_server incident_service:service_manager find;
allow system_server incremental_service:service_manager find;
allow system_server installd_service:service_manager find;
-allow system_server iorapd_service:service_manager find;
allow system_server keystore_maintenance_service:service_manager find;
allow system_server keystore_metrics_service:service_manager find;
allow system_server keystore_service:service_manager find;
@@ -1074,10 +1090,11 @@
# Allow invoking tools like "timeout"
allow system_server toolbox_exec:file rx_file_perms;
-# Allow system process to setup and measure fs-verity
-allowxperm system_server apk_data_file:file ioctl {
- FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY
-};
+# Allow system process to setup fs-verity
+allowxperm system_server { apk_data_file system_data_file apex_system_server_data_file }:file ioctl FS_IOC_ENABLE_VERITY;
+
+# Allow system process to measure fs-verity for apps, apps being installed and system files
+allowxperm system_server { apk_data_file apk_tmp_file system_file }:file ioctl FS_IOC_MEASURE_VERITY;
# Postinstall
#
@@ -1170,8 +1187,9 @@
# System server may dump profile data for debuggable apps in the /data/misc/profman.
# As such it needs to be able create files but it should never read from them.
+# It also needs to stat the directory to check if it has the right permissions.
allow system_server profman_dump_data_file:file { create getattr setattr w_file_perms};
-allow system_server profman_dump_data_file:dir w_dir_perms;
+allow system_server profman_dump_data_file:dir rw_dir_perms;
# On userdebug build we may profile system server. Allow it to write and create its own profile.
userdebug_or_eng(`
@@ -1207,8 +1225,8 @@
# Font files are written by system server
allow system_server font_data_file:file create_file_perms;
allow system_server font_data_file:dir create_dir_perms;
-# Allow system process to setup fs-verity for font files
-allowxperm system_server font_data_file:file ioctl FS_IOC_ENABLE_VERITY;
+# Allow system process to setup and measure fs-verity for font files
+allowxperm system_server font_data_file:file ioctl { FS_IOC_ENABLE_VERITY FS_IOC_MEASURE_VERITY };
# Read qemu.hw.mainkeys property
get_prop(system_server, qemu_hw_prop)
@@ -1282,6 +1300,7 @@
device_config_runtime_native_prop
device_config_media_native_prop
device_config_mglru_native_prop
+ device_config_remote_key_provisioning_native_prop
device_config_storage_native_boot_prop
device_config_surface_flinger_native_boot_prop
device_config_sys_traced_prop
@@ -1289,6 +1308,13 @@
device_config_window_manager_native_boot_prop
}:property_service set;
+# Only allow system_server and init to set tuner_server_ctl_prop
+neverallow {
+ domain
+ -system_server
+ -init
+} tuner_server_ctl_prop:property_service set;
+
# system_server should never be executing dex2oat. This is either
# a bug (for example, bug 16317188), or represents an attempt by
# system server to dynamically load a dex file, something we do not
@@ -1422,6 +1448,8 @@
# Read/Write /proc/pressure/memory
allow system_server proc_pressure_mem:file rw_file_perms;
+# Read /proc/pressure/cpu and /proc/pressure/io
+allow system_server { proc_pressure_cpu proc_pressure_io }:file r_file_perms;
# dexoptanalyzer is currently used only for secondary dex files which
# system_server should never access.
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index fcd4fe7..069bb10 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -7,27 +7,27 @@
; Apps, except isolated apps, are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
-; typeattribute { appdomain -isolated_app } hal_allocator_client;
+; typeattribute { appdomain -isolated_app_all } hal_allocator_client;
; typeattribute hal_allocator_client halclientdomain;
-(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app))))))
+(typeattributeset hal_allocator_client ((and (appdomain) ((not (isolated_app_all))))))
(typeattributeset halclientdomain (hal_allocator_client))
; Apps, except isolated apps, are clients of OMX-related services
; Unfortunately, we can't currently express this in module policy language:
-(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app))))))
+(typeattributeset hal_omx_client ((and (appdomain) ((not (isolated_app_all))))))
; Apps, except isolated apps, are clients of Codec2-related services
; Unfortunately, we can't currently express this in module policy language:
-(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app))))))
+(typeattributeset hal_codec2_client ((and (appdomain) ((not (isolated_app_all))))))
; Apps, except isolated apps and SDK sandboxes, are clients of Drm-related services
; Unfortunately, we can't currently express this in module policy language:
-(typeattributeset hal_drm_client ((and (appdomain) ((not (or (isolated_app) (sdk_sandbox)))))))
+(typeattributeset hal_drm_client ((and (appdomain) ((not (or (isolated_app_all) (sdk_sandbox)))))))
; Apps, except isolated apps, are clients of Configstore HAL
; Unfortunately, we can't currently express this in module policy language:
-; typeattribute { appdomain -isolated_app } hal_configstore_client;
-(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app))))))
+; typeattribute { appdomain -isolated_app_all } hal_configstore_client;
+(typeattributeset hal_configstore_client ((and (appdomain) ((not (isolated_app_all))))))
; Apps, except isolated apps, are clients of Graphics Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
@@ -36,8 +36,8 @@
; Apps, except isolated apps, are clients of Cas HAL
; Unfortunately, we can't currently express this in module policy language:
-; typeattribute { appdomain -isolated_app } hal_cas_client;
-(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app))))))
+; typeattribute { appdomain -isolated_app_all } hal_cas_client;
+(typeattributeset hal_cas_client ((and (appdomain) ((not (isolated_app_all))))))
; Domains hosting Camera HAL implementations are clients of Allocator HAL
; Unfortunately, we can't currently express this in module policy language:
@@ -46,8 +46,8 @@
; Apps, except isolated apps, are clients of Neuralnetworks HAL
; Unfortunately, we can't currently express this in module policy language:
-; typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
-(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))
+; typeattribute { appdomain -isolated_app_all } hal_neuralnetworks_client;
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app_all))))))
; TODO(b/112056006): move these to mapping files when/if we implement 'versioned' attributes.
; Rename untrusted_app_visible_* to untrusted_app_visible_*_violators.
diff --git a/private/toolbox.te b/private/toolbox.te
index 1e53d72..5878997 100644
--- a/private/toolbox.te
+++ b/private/toolbox.te
@@ -5,3 +5,8 @@
# rm -rf in /data/misc/virtualizationservice
allow toolbox virtualizationservice_data_file:dir { rmdir rw_dir_perms };
allow toolbox virtualizationservice_data_file:file { getattr unlink };
+
+# If we can't remove these directories we try to chmod them. That
+# doesn't work, but it doesn't matter as virtualizationservice itself
+# will delete them when it starts. See b/235338094#comment39
+dontaudit toolbox virtualizationservice_data_file:dir setattr;
diff --git a/private/traced.te b/private/traced.te
index a6e200e..3029094 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -1,7 +1,4 @@
# Perfetto user-space tracing daemon (unprivileged)
-
-# type traced is defined under /public (because iorapd rules
-# under public/ need to refer to it).
type traced_exec, system_file_type, exec_type, file_type;
# Allow init to exec the daemon.
@@ -41,11 +38,6 @@
binder_use(traced);
binder_call(traced, system_server);
-# Allow iorapd to pass memfd descriptors to traced, so traced can directly
-# write into the shmem buffer file without doing roundtrips over IPC.
-allow traced iorapd:fd use;
-allow traced iorapd_tmpfs:file { read write };
-
# Allow traced to use shared memory supplied by producers. Typically, traced
# (i.e. the tracing service) creates the shared memory used for data transfer
# from the producer. This rule allows an alternative scheme, where the producer
@@ -95,18 +87,17 @@
-perfetto_traces_bugreport_data_file
-system_data_file
-system_data_root_file
+ -media_userdir_file
+ -system_userdir_file
+ -vendor_userdir_file
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
# subsequent neverallow. Currently only getattr and search are allowed.
-vendor_data_file
- -zoneinfo_data_file
with_native_coverage(`-method_trace_data_file')
}:dir *;
neverallow traced { system_data_file }:dir ~{ getattr search };
-neverallow traced zoneinfo_data_file:dir ~r_dir_perms;
-neverallow traced { data_file_type -zoneinfo_data_file }:lnk_file *;
neverallow traced {
data_file_type
- -zoneinfo_data_file
-perfetto_traces_data_file
-perfetto_traces_bugreport_data_file
-trace_data_file
diff --git a/private/traced_perf.te b/private/traced_perf.te
index 811bf48..080b6fe 100644
--- a/private/traced_perf.te
+++ b/private/traced_perf.te
@@ -60,9 +60,14 @@
# Never allow access to app data files
neverallow traced_perf { app_data_file privapp_data_file system_app_data_file }:file *;
-# Never allow profiling highly privileged processes.
+# Never allow profiling privileged or otherwise incompatible domains.
+# Corresponding allow-rule is in private/domain.te.
never_profile_perf(`{
+ apexd
+ app_zygote
bpfloader
+ diced
+ hal_configstore
init
kernel
keystore
@@ -71,4 +76,6 @@
ueventd
vendor_init
vold
+ webview_zygote
+ zygote
}')
diff --git a/private/traced_probes.te b/private/traced_probes.te
index 66d5ac4..5cc271c 100644
--- a/private/traced_probes.te
+++ b/private/traced_probes.te
@@ -83,6 +83,7 @@
proc_meminfo
proc_vmstat
proc_stat
+ proc_buddyinfo
}:file r_file_perms;
# Allow access to read /sys/class/devfreq/ and /$DEVICE/cur_freq files
@@ -126,6 +127,9 @@
-dalvikcache_data_file
-system_data_file
-system_data_root_file
+ -media_userdir_file
+ -system_userdir_file
+ -vendor_userdir_file
-system_app_data_file
-backup_data_file
-bootstat_data_file
@@ -136,15 +140,11 @@
# TODO(b/72998741) Remove vendor_data_file exemption. Further restricted in a
# subsequent neverallow. Currently only getattr and search are allowed.
-vendor_data_file
- -zoneinfo_data_file
with_native_coverage(`-method_trace_data_file')
}:dir *;
neverallow traced_probes system_data_file:dir ~{ getattr userdebug_or_eng(`open read') search };
-neverallow traced_probes zoneinfo_data_file:dir ~r_dir_perms;
-neverallow traced_probes { data_file_type -zoneinfo_data_file }:lnk_file *;
neverallow traced_probes {
data_file_type
- -zoneinfo_data_file
-packages_list_file
with_native_coverage(`-method_trace_data_file')
-game_mode_intervention_list_file
diff --git a/private/tzdatacheck.te b/private/tzdatacheck.te
deleted file mode 100644
index 502735c..0000000
--- a/private/tzdatacheck.te
+++ /dev/null
@@ -1,3 +0,0 @@
-typeattribute tzdatacheck coredomain;
-
-init_daemon_domain(tzdatacheck)
diff --git a/private/untrusted_app.te b/private/untrusted_app.te
index 63b095a..d0f9b24 100644
--- a/private/untrusted_app.te
+++ b/private/untrusted_app.te
@@ -2,7 +2,7 @@
### Untrusted apps.
###
### This file defines the rules for untrusted apps running with
-### targetSdkVersion >= 32.
+### targetSdkVersion >= 34.
###
### See public/untrusted_app.te for more information about which apps are
### placed in this selinux domain.
diff --git a/private/untrusted_app_25.te b/private/untrusted_app_25.te
index b40fad0..2c0391f 100644
--- a/private/untrusted_app_25.te
+++ b/private/untrusted_app_25.te
@@ -53,5 +53,9 @@
allow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_25 self:netlink_route_socket nlmsg_getneigh;
-# Allow hidden build props
-get_prop({ untrusted_app_25 userdebug_or_eng(`-untrusted_app_25') }, userdebug_or_eng_prop)
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(untrusted_app_25, mdnsd, mdnsd)
+userdebug_or_eng(`
+ auditallow untrusted_app_25 mdnsd_socket:sock_file write;
+ auditallow untrusted_app_25 mdnsd:unix_stream_socket connectto;
+')
diff --git a/private/untrusted_app_27.te b/private/untrusted_app_27.te
index dd9b4a8..163803a 100644
--- a/private/untrusted_app_27.te
+++ b/private/untrusted_app_27.te
@@ -41,5 +41,9 @@
allow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_27 self:netlink_route_socket nlmsg_getneigh;
-# Allow hidden build props
-get_prop({ untrusted_app_27 userdebug_or_eng(`-untrusted_app_27') }, userdebug_or_eng_prop)
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(untrusted_app_27, mdnsd, mdnsd)
+userdebug_or_eng(`
+ auditallow untrusted_app_27 mdnsd_socket:sock_file write;
+ auditallow untrusted_app_27 mdnsd:unix_stream_socket connectto;
+')
diff --git a/private/untrusted_app_29.te b/private/untrusted_app_29.te
index 0cc2bea..758ed23 100644
--- a/private/untrusted_app_29.te
+++ b/private/untrusted_app_29.te
@@ -19,5 +19,9 @@
allow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_29 self:netlink_route_socket nlmsg_getneigh;
-# Allow hidden build props
-get_prop({ untrusted_app_29 userdebug_or_eng(`-untrusted_app_29') }, userdebug_or_eng_prop)
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(untrusted_app_29, mdnsd, mdnsd)
+userdebug_or_eng(`
+ auditallow untrusted_app_29 mdnsd_socket:sock_file write;
+ auditallow untrusted_app_29 mdnsd:unix_stream_socket connectto;
+')
diff --git a/private/untrusted_app_30.te b/private/untrusted_app_30.te
index 7b23be7..830106d 100644
--- a/private/untrusted_app_30.te
+++ b/private/untrusted_app_30.te
@@ -21,5 +21,9 @@
allow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh;
auditallow untrusted_app_30 self:netlink_route_socket nlmsg_getneigh;
-# Allow hidden build props
-get_prop({ untrusted_app_30 userdebug_or_eng(`-untrusted_app_30') }, userdebug_or_eng_prop)
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(untrusted_app_30, mdnsd, mdnsd)
+userdebug_or_eng(`
+ auditallow untrusted_app_30 mdnsd_socket:sock_file write;
+ auditallow untrusted_app_30 mdnsd:unix_stream_socket connectto;
+')
diff --git a/private/untrusted_app_32.te b/private/untrusted_app_32.te
new file mode 100644
index 0000000..643c122
--- /dev/null
+++ b/private/untrusted_app_32.te
@@ -0,0 +1,30 @@
+###
+### Untrusted apps.
+###
+### This file defines the rules for untrusted apps running with
+### 31 < targetSdkVersion <= 33.
+###
+### See public/untrusted_app.te for more information about which apps are
+### placed in this selinux domain.
+###
+
+typeattribute untrusted_app_32 coredomain;
+
+app_domain(untrusted_app_32)
+untrusted_app_domain(untrusted_app_32)
+net_domain(untrusted_app_32)
+bluetooth_domain(untrusted_app_32)
+
+# Allow webview to access fd shared by sdksandbox for experiments data
+# TODO(b/229249719): Will not be supported in Android U
+allow untrusted_app_32 sdk_sandbox_data_file:fd use;
+allow untrusted_app_32 sdk_sandbox_data_file:file write;
+
+neverallow untrusted_app_32 sdk_sandbox_data_file:file { open create };
+
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(untrusted_app_32, mdnsd, mdnsd)
+userdebug_or_eng(`
+ auditallow untrusted_app_32 mdnsd_socket:sock_file write;
+ auditallow untrusted_app_32 mdnsd:unix_stream_socket connectto;
+')
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index 26077f3..f666cc8 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@@ -129,14 +129,6 @@
allow untrusted_app_all vendor_app_file:file { r_file_perms execute };
allow untrusted_app_all vendor_app_file:lnk_file { open getattr read };
-# Write app-specific trace data to the Perfetto traced damon. This requires
-# connecting to its producer socket and obtaining a (per-process) tmpfs fd.
-perfetto_producer(untrusted_app_all)
-
-# Allow profiling if the app opts in by being marked profileable/debuggable.
-can_profile_heap(untrusted_app_all)
-can_profile_perf(untrusted_app_all)
-
# allow untrusted apps to use UDP sockets provided by the system server but not
# modify them other than to connect
allow untrusted_app_all system_server:udp_socket {
@@ -153,9 +145,12 @@
# These have been disallowed since Android O.
# For P, we assume that apps are safely handling the denial.
-dontaudit untrusted_app_all proc_stat:file read;
-dontaudit untrusted_app_all proc_vmstat:file read;
-dontaudit untrusted_app_all proc_uptime:file read;
+dontaudit untrusted_app_all {
+ proc_stat
+ proc_uptime
+ proc_vmstat
+ proc_zoneinfo
+}:file read;
# Allow the allocation and use of ptys
# Used by: https://play.google.com/store/apps/details?id=jackpal.androidterm
@@ -171,11 +166,13 @@
allow untrusted_app_all self:lockdown integrity;
')
-# Allow running a VM for test/demo purposes. Note that access the service is
-# still guarded with the `android.permission.MANAGE_VIRTUAL_MACHINE`
-# permission. The protection level of the permission is `signature|development`
-# so that it can only be granted to either platform-key signed apps or
-# test-only apps having `android:testOnly="true"` in its manifest.
+# Allow running a VM for test/demo purposes. Note that access to the
+# service is still guarded with the
+# `android.permission.MANAGE_VIRTUAL_MACHINE` permission. The
+# protection level of the permission is
+# `signature|privileged|development` so that it can only be granted to
+# either platform-key signed apps, privileged apps, or test-only apps
+# having `android:testOnly="true"` in their manifest.
virtualizationservice_use(untrusted_app_all)
with_native_coverage(`
diff --git a/private/update_engine.te b/private/update_engine.te
index c3f575f..8d6341c 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -30,3 +30,7 @@
# capex decompression
allow update_engine apex_service:service_manager find;
binder_call(update_engine, apexd)
+
+# let this domain use the hal service
+binder_use(update_engine)
+hal_client_domain(update_engine, hal_bootctl)
diff --git a/private/vendor_init.te b/private/vendor_init.te
index 70b3ef9..acbd84e 100644
--- a/private/vendor_init.te
+++ b/private/vendor_init.te
@@ -12,6 +12,9 @@
# Let vendor_init react to AVF device config changes
get_prop(vendor_init, device_config_virtualization_framework_native_prop)
+# Let vendor_init use apex.<name>.ready to start services from vendor APEX
+get_prop(vendor_init, apex_ready_prop)
+
# chown/chmod on devices, e.g. /dev/ttyHS0
allow vendor_init {
dev_type
diff --git a/private/virtualizationmanager.te b/private/virtualizationmanager.te
new file mode 100644
index 0000000..946c783
--- /dev/null
+++ b/private/virtualizationmanager.te
@@ -0,0 +1,81 @@
+# Domain for a child process that manages virtual machines on behalf of its parent.
+
+type virtualizationmanager, domain, coredomain;
+type virtualizationmanager_exec, system_file_type, exec_type, file_type;
+
+# Allow virtualizationmanager to communicate use, read and write over the adb connection.
+allow virtualizationmanager adbd:fd use;
+allow virtualizationmanager adbd:unix_stream_socket { read write };
+
+# Let the virtualizationmanager domain use Binder.
+binder_use(virtualizationmanager)
+
+# Let virtualizationmanager find and communicate with virtualizationservice.
+allow virtualizationmanager virtualization_service:service_manager find;
+binder_call(virtualizationmanager, virtualizationservice)
+
+# Allow calling into the system server to find native services. "permission_service" to check
+# permissions, and "package_native" for staged apex info.
+binder_call(virtualizationmanager, system_server)
+allow virtualizationmanager { package_native_service permission_service }:service_manager find;
+
+# When virtualizationmanager execs a file with the crosvm_exec label, run it in the crosvm domain.
+domain_auto_trans(virtualizationmanager, crosvm_exec, crosvm)
+
+# Let virtualizationmanager kill crosvm.
+allow virtualizationmanager crosvm:process sigkill;
+
+# Let virtualizationmanager create files inside virtualizationservice's temporary directories.
+allow virtualizationmanager virtualizationservice_data_file:dir rw_dir_perms;
+allow virtualizationmanager virtualizationservice_data_file:{ file sock_file } create_file_perms;
+
+# Let virtualizationmanager read and write files from its various clients, but not open them
+# directly as they must be passed over Binder by the client.
+allow virtualizationmanager apk_data_file:file { getattr read };
+
+# Write access is needed for mutable partitions like instance.img
+allow virtualizationmanager {
+ app_data_file
+ apex_compos_data_file
+ privapp_data_file
+}:file { getattr read write };
+
+# shell_data_file is used for automated tests and manual debugging.
+allow virtualizationmanager shell_data_file:file { getattr read write };
+
+# Allow virtualizationmanager to read apex-info-list.xml and access the APEX files listed there.
+allow virtualizationmanager apex_info_file:file r_file_perms;
+allow virtualizationmanager apex_data_file:dir search;
+allow virtualizationmanager staging_data_file:file r_file_perms;
+allow virtualizationmanager staging_data_file:dir search;
+
+# Run derive_classpath in our domain
+allow virtualizationmanager derive_classpath_exec:file rx_file_perms;
+allow virtualizationmanager apex_mnt_dir:dir r_dir_perms;
+# Ignore harmless denials on /proc/self/fd
+dontaudit virtualizationmanager self:dir write;
+
+# Let virtualizationmanager to accept vsock connection from the guest VMs
+allow virtualizationmanager self:vsock_socket { create_socket_perms_no_ioctl listen accept };
+
+# Allow virtualizationmanager to inspect all hypervisor capabilities.
+get_prop(virtualizationmanager, hypervisor_prop)
+get_prop(virtualizationmanager, hypervisor_restricted_prop)
+
+# Allow virtualizationmanager service to talk to tombstoned to push guest ramdumps
+unix_socket_connect(virtualizationmanager, tombstoned_crash, tombstoned)
+
+# Append ramdumps to tombstone files passed as fds from tombstoned
+allow virtualizationmanager tombstone_data_file:file { append getattr };
+allow virtualizationmanager tombstoned:fd use;
+
+# Allow virtualizationservice to read AVF debug policy
+allow virtualizationmanager sysfs_dt_avf:dir search;
+allow virtualizationmanager sysfs_dt_avf:file { open read };
+
+# Allow reading files under /proc/[crosvm pid]/, for collecting CPU & memory usage inside VM.
+r_dir_file(virtualizationmanager, crosvm);
+
+# For debug purposes we try to get the canonical path from /proc/self/fd/N. That triggers
+# a harmless denial for CompOS log files, so ignore that.
+dontaudit virtualizationmanager apex_module_data_file:dir search;
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index c369a90..561e778 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -1,72 +1,49 @@
type virtualizationservice, domain, coredomain;
type virtualizationservice_exec, system_file_type, exec_type, file_type;
+# The domain needs to be a 'mlstrustedsubject' to change the memlock rlimit of
+# the virtualizationmanager domain running at a more constrained MLS level.
+typeattribute virtualizationservice mlstrustedsubject;
+
# When init runs a file labelled with virtualizationservice_exec, run it in the
# virtualizationservice domain.
init_daemon_domain(virtualizationservice)
# Let the virtualizationservice domain use Binder.
binder_use(virtualizationservice)
-# ... and host a binder service
-binder_service(virtualizationservice)
-
-# Allow calling into the system server so that it can check permissions.
-binder_call(virtualizationservice, system_server)
-allow virtualizationservice permission_service:service_manager find;
-# Allow virtualizationservice to access "package_native" service for staged apex info.
-allow virtualizationservice package_native_service:service_manager find;
# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
add_service(virtualizationservice, virtualization_service)
-# When virtualizationservice execs a file with the crosvm_exec label, run it in the crosvm domain.
-domain_auto_trans(virtualizationservice, crosvm_exec, crosvm)
+# Allow calling into the system server to find "permission_service".
+binder_call(virtualizationservice, system_server)
+allow virtualizationservice permission_service:service_manager find;
-# Let virtualizationservice kill crosvm.
-allow virtualizationservice crosvm:process sigkill;
+# Let virtualizationservice remove memlock rlimit of virtualizationmanager. This is necessary
+# to mlock VM memory and page tables.
+allow virtualizationservice self:capability sys_resource;
+allow virtualizationservice virtualizationmanager:process setrlimit;
-# Let virtualizationservice access its data directory.
-allow virtualizationservice virtualizationservice_data_file:file create_file_perms;
+# Let virtualizationservice set the owner of a VM's temporary directory.
+allow virtualizationservice self:capability chown;
+
+# Let virtualizationservice create and delete temporary directories of VMs. To remove old
+# directories, it needs the permission to unlink the files created by virtualizationmanager.
allow virtualizationservice virtualizationservice_data_file:dir create_dir_perms;
+allow virtualizationservice virtualizationservice_data_file:{ file sock_file } unlink;
# Allow to use fd (e.g. /dev/pts/0) inherited from adbd so that we can redirect output from
# crosvm to the console
allow virtualizationservice adbd:fd use;
allow virtualizationservice adbd:unix_stream_socket { read write };
-# Let virtualizationservice read and write files from its various clients, but not open them
-# directly as they must be passed over Binder by the client.
-allow virtualizationservice apk_data_file:file { getattr read };
-# Write access is needed for mutable partitions like instance.img
-allow virtualizationservice {
- app_data_file
- apex_compos_data_file
-}:file { getattr read write };
-
-# shell_data_file is used for automated tests and manual debugging.
-allow virtualizationservice shell_data_file:file { getattr read write };
-
-# Allow virtualizationservice to read apex-info-list.xml and access the APEX files listed there.
-allow virtualizationservice apex_info_file:file r_file_perms;
-allow virtualizationservice apex_data_file:dir search;
-allow virtualizationservice staging_data_file:file r_file_perms;
-allow virtualizationservice staging_data_file:dir search;
-
-# Run derive_classpath in our domain
-allow virtualizationservice derive_classpath_exec:file rx_file_perms;
-allow virtualizationservice apex_mnt_dir:dir r_dir_perms;
-# Ignore harmless denials on /proc/self/fd
-dontaudit virtualizationservice self:dir write;
-
-# Let virtualizationservice to accept vsock connection from the guest VMs
+# Let virtualizationservice to accept vsock connection from the guest VMs to singleton services
+# such as the guest tombstone server.
allow virtualizationservice self:vsock_socket { create_socket_perms_no_ioctl listen accept };
# Allow virtualizationservice to read/write its own sysprop. Only the process can do so.
set_prop(virtualizationservice, virtualizationservice_prop)
-# Allow virtualizationservice to inspect hypervisor capabilities.
-get_prop(virtualizationservice, hypervisor_prop)
-
# Allow writing stats to statsd
unix_socket_send(virtualizationservice, statsdw, statsd)
@@ -82,3 +59,16 @@
-init
-virtualizationservice
} virtualizationservice_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -virtualizationmanager
+ -virtualizationservice
+} virtualizationservice_data_file:file { open create };
+
+neverallow virtualizationservice {
+ domain
+ -virtualizationmanager
+ -virtualizationservice
+}:process setrlimit;
diff --git a/private/vold.te b/private/vold.te
index cb7b1bc..40c1a57 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -66,3 +66,31 @@
-apexd
-gsid
} vold_service:service_manager find;
+
+# Allow vold to create and delete per-user directories like /data/user/$userId.
+allow vold {
+ media_userdir_file
+ system_userdir_file
+ vendor_userdir_file
+}:dir {
+ add_name
+ remove_name
+ write
+};
+
+# Only vold should create (and delete) per-user directories like
+# /data/user/$userId. This is very important, as these directories need to be
+# encrypted with per-user keys, which only vold can do. Encryption can only be
+# set up on empty directories, so creation and encryption must happen together.
+neverallow {
+ domain
+ -vold
+} {
+ media_userdir_file
+ system_userdir_file
+ vendor_userdir_file
+}:dir {
+ add_name
+ remove_name
+ write
+};
diff --git a/private/wpantund.te b/private/wpantund.te
deleted file mode 100644
index e91662c..0000000
--- a/private/wpantund.te
+++ /dev/null
@@ -1,3 +0,0 @@
-typeattribute wpantund coredomain;
-
-init_daemon_domain(wpantund)
diff --git a/private/zygote.te b/private/zygote.te
index b1c3d44..9c47468 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -36,6 +36,9 @@
allow zygote system_data_file:dir r_dir_perms;
allow zygote system_data_file:file r_file_perms;
+# Get attributes of /mnt/expand, needed by cacheNonBootClasspathClassLoaders.
+allow zygote mnt_expand_file:dir getattr;
+
# Write to /data/dalvik-cache.
allow zygote dalvikcache_data_file:dir create_dir_perms;
allow zygote dalvikcache_data_file:file create_file_perms;
@@ -59,45 +62,53 @@
allow zygote apex_art_data_file:dir { getattr search };
allow zygote apex_art_data_file:file { r_file_perms execute };
-# Bind mount on /data/data and mounted volumes
-allow zygote { system_data_file mnt_expand_file }:dir mounton;
+# Mount tmpfs over various directories containing per-app directories, to hide
+# them for app data isolation. Also traverse these directories (via
+# /data_mirror) to find the allowlisted per-app directories to bind-mount in.
+allow zygote {
+ # /data/user{,_de}, /mnt/expand/$volume/user{,_de}
+ system_userdir_file
+ # /data/data
+ system_data_file
+ # /data/misc/profiles/cur
+ user_profile_root_file
+ # /data/misc/profiles/ref
+ user_profile_data_file
+ # /storage/emulated/$userId/Android/{data,obb}
+ media_rw_data_file
+}:dir { mounton search };
-# Relabel /data/user /data/user_de /data/data and /data/misc_{ce,de}/<user-id>/sdksandbox
-allow zygote tmpfs:{ dir lnk_file } relabelfrom;
-allow zygote system_data_file:{ dir lnk_file } relabelto;
-allow zygote sdk_sandbox_system_data_file:dir { search relabelto };
+# Traverse /data_mirror to get to the above directories while their normal paths
+# are hidden, in order to bind-mount allowlisted per-app directories.
+allow zygote mirror_data_file:dir search;
-# Zygote opens /mnt/expand to mount CE DE storage on each vol
-allow zygote mnt_expand_file:dir { open read search relabelto };
+# List /mnt/expand to find all /mnt/expand/$volume/user{,_de} directories that
+# need to be hidden by app data isolation, and traverse /mnt/expand to get to
+# any allowlisted per-app directories within these directories.
+allow zygote mnt_expand_file:dir { open read search };
-# Bind mount subdirectories on /data/misc/profiles/cur and /data/misc/profiles/ref
-allow zygote { user_profile_root_file user_profile_data_file }:dir { mounton search };
+# Get the inode number of app CE data directories to find them by inode number
+# when CE storage is locked. Needed for app data isolation.
+allow zygote app_data_file_type:dir getattr;
-# Create and bind dirs on /data/data
+# Create dirs in the app data isolation tmpfs mounts and bind mount on them.
allow zygote tmpfs:dir { create_dir_perms mounton };
-# Goes into media directory and bind mount obb directory
-allow zygote media_rw_data_file:dir { getattr search };
+# Create the '/data/user/0 => /data/data' symlink in the /data/user tmpfs mount
+# when setting up app data isolation.
+allow zygote tmpfs:lnk_file create;
-# Bind mount on top of existing mounted obb and data directory
-allow zygote media_rw_data_file:dir { mounton };
+# Relabel dirs and symlinks in the app and sdk sandbox data isolation tmpfs mounts to their
+# standard labels. Note: it seems that not all dirs are actually relabeled yet,
+# but it works anyway since all domains can search tmpfs:dir.
+allow zygote tmpfs:{ dir lnk_file } relabelfrom;
+allow zygote system_userdir_file:dir relabelto;
+allow zygote system_data_file:{ dir lnk_file } relabelto;
+allow zygote sdk_sandbox_system_data_file:dir { getattr relabelto search };
# Read if sdcardfs is supported
allow zygote proc_filesystems:file r_file_perms;
-# Create symlink for /data/user/0
-allow zygote tmpfs:lnk_file create;
-
-allow zygote mirror_data_file:dir r_dir_perms;
-
-# Get inode of directories for app data isolation
-allow zygote {
- app_data_file_type
- system_data_file
- mnt_expand_file
- sdk_sandbox_system_data_file
-}:dir getattr;
-
# Allow zygote to create JIT memory.
allow zygote self:process execmem;
allow zygote zygote_tmpfs:file execute;
@@ -184,6 +195,9 @@
allow zygote same_process_hal_file:file { execute read open getattr map };
+# Allow zygote to read build properties for attestation feature
+get_prop(zygote, build_attestation_prop)
+
# Allow the zygote to access storage properties to check if sdcardfs is enabled.
get_prop(zygote, storage_config_prop);
diff --git a/public/app.te b/public/app.te
index de3d0ca..da59f32 100644
--- a/public/app.te
+++ b/public/app.te
@@ -21,16 +21,6 @@
# Block device access.
neverallow appdomain dev_type:blk_file { read write };
-# Access to any of the following character devices.
-neverallow appdomain {
- audio_device
- camera_device
- dm_device
- radio_device
- rpmsg_device
- video_device
-}:chr_file { read write };
-
# Note: Try expanding list of app domains in the future.
neverallow { untrusted_app isolated_app shell } graphics_device:chr_file { read write };
@@ -233,9 +223,3 @@
{ open read write append execute execute_no_trans map };
neverallow appdomain system_bootstrap_lib_file:dir
{ open read getattr search };
-
-# Allow to read ro.vendor.camera.extensions.enabled
-get_prop(appdomain, camera2_extensions_prop)
-
-# Allow to ro.camerax.extensions.enabled
-get_prop(appdomain, camerax_extensions_prop)
diff --git a/public/artd.te b/public/artd.te
new file mode 100644
index 0000000..0731adc
--- /dev/null
+++ b/public/artd.te
@@ -0,0 +1,2 @@
+# ART service daemon.
+type artd, domain;
diff --git a/public/attributes b/public/attributes
index 742264a..4897be5 100644
--- a/public/attributes
+++ b/public/attributes
@@ -7,9 +7,6 @@
# in tools/checkfc.c
attribute dev_type;
-# TODO(b/202520796) Remove this attribute once the sc-dev branch stops using it.
-attribute bdev_type;
-
# Attribute for all bpf filesystem subtypes.
attribute bpffs_type;
@@ -74,9 +71,6 @@
# All types used for sysfs files.
attribute sysfs_type;
-# TODO(b/202520796) Remove this attribute once the sc-dev branch stops using it.
-attribute sysfs_block_type;
-
# All types use for debugfs files.
attribute debugfs_type;
@@ -173,12 +167,6 @@
# services which are explicitly disallowed for untrusted apps to access
attribute protected_service;
-# services which served by vendor and also using the copy of libbinder on
-# system (for instance via libbinder_ndk). services using a different copy
-# of libbinder currently need their own context manager (e.g.
-# vndservicemanager)
-attribute vendor_service;
-
# All types used for services managed by servicemanager.
# On change, update CHECK_SC_ASSERT_ATTRS
# definition in tools/checkfc.c.
@@ -218,6 +206,9 @@
# All third party apps (except isolated_app and ephemeral_app)
attribute untrusted_app_all;
+# All apps with UID between AID_ISOLATED_START (99000) and AID_ISOLATED_END (99999).
+attribute isolated_app_all;
+
# All domains used for apps with network access.
attribute netdomain;
@@ -350,6 +341,7 @@
hal_attribute(dumpstate);
hal_attribute(evs);
hal_attribute(face);
+hal_attribute(fastboot);
hal_attribute(fingerprint);
hal_attribute(gatekeeper);
hal_attribute(gnss);
@@ -374,12 +366,16 @@
hal_attribute(power);
hal_attribute(power_stats);
hal_attribute(rebootescrow);
+hal_attribute(remoteaccess);
hal_attribute(secure_element);
hal_attribute(sensors);
hal_attribute(telephony);
hal_attribute(tetheroffload);
hal_attribute(thermal);
hal_attribute(tv_cec);
+hal_attribute(tv_hdmi_cec);
+hal_attribute(tv_hdmi_connection);
+hal_attribute(tv_hdmi_earc);
hal_attribute(tv_input);
hal_attribute(tv_tuner);
hal_attribute(usb);
@@ -407,6 +403,7 @@
attribute camera_service_server;
attribute display_service_server;
attribute evsmanager_service_server;
+attribute remote_provisioning_service_server;
attribute scheduler_service_server;
attribute sensor_service_server;
attribute stats_service_server;
diff --git a/public/cameraserver.te b/public/cameraserver.te
index d41339a..c88e3f0 100644
--- a/public/cameraserver.te
+++ b/public/cameraserver.te
@@ -19,6 +19,7 @@
allow cameraserver hal_graphics_composer:fd use;
add_service(cameraserver, cameraserver_service)
+add_service(cameraserver, fwk_camera_service)
add_hwservice(cameraserver, fwk_camera_hwservice)
allow cameraserver activity_service:service_manager find;
diff --git a/public/device.te b/public/device.te
index 1bb386f..ead7fbc 100644
--- a/public/device.te
+++ b/public/device.te
@@ -7,6 +7,7 @@
type hwbinder_device, dev_type, mlstrustedobject;
type vndbinder_device, dev_type;
type block_device, dev_type;
+type bt_device, dev_type;
type camera_device, dev_type;
type dm_device, dev_type;
type dm_user_device, dev_type;
@@ -94,6 +95,9 @@
# Documented at https://source.android.com/devices/bootloader/partitions
type userdata_block_device, dev_type;
+# Zoned block device.
+type zoned_block_device, dev_type;
+
# Cache block device mounted on /cache.
# Documented at https://source.android.com/devices/bootloader/partitions
type cache_block_device, dev_type;
diff --git a/public/domain.te b/public/domain.te
index 46e9456..56c3142 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -80,6 +80,7 @@
# /dev/binder can be accessed by ... everyone! :)
allow { domain -hwservicemanager -vndservicemanager } binder_device:chr_file rw_file_perms;
+get_prop({domain -hwservicemanager -vndservicemanager }, servicemanager_prop)
# Restrict binder ioctls to an allowlist. Additional ioctl commands may be
# added to individual domains, but this sets safe defaults for all processes.
@@ -100,46 +101,6 @@
allow domain properties_serial:file r_file_perms;
allow domain property_info:file r_file_perms;
-# Public readable properties
-get_prop(domain, aaudio_config_prop)
-get_prop(domain, apexd_select_prop)
-get_prop(domain, arm64_memtag_prop)
-get_prop(domain, bluetooth_config_prop)
-get_prop(domain, bootloader_prop)
-get_prop(domain, build_odm_prop)
-get_prop(domain, build_prop)
-get_prop(domain, build_vendor_prop)
-get_prop(domain, debug_prop)
-get_prop(domain, exported_config_prop)
-get_prop(domain, exported_default_prop)
-get_prop(domain, exported_dumpstate_prop)
-get_prop(domain, exported_secure_prop)
-get_prop(domain, exported_system_prop)
-get_prop(domain, fingerprint_prop)
-get_prop(domain, framework_status_prop)
-get_prop(domain, gwp_asan_prop)
-get_prop(domain, hal_instrumentation_prop)
-get_prop(domain, hw_timeout_multiplier_prop)
-get_prop(domain, init_service_status_prop)
-get_prop(domain, libc_debug_prop)
-get_prop(domain, logd_prop)
-get_prop(domain, mediadrm_config_prop)
-get_prop(domain, property_service_version_prop)
-get_prop(domain, soc_prop)
-get_prop(domain, socket_hook_prop)
-get_prop(domain, surfaceflinger_prop)
-get_prop(domain, telephony_status_prop)
-get_prop({domain -untrusted_app_all userdebug_or_eng(`-isolated_app -ephemeral_app') }, userdebug_or_eng_prop)
-get_prop(domain, vendor_socket_hook_prop)
-get_prop(domain, vndk_prop)
-get_prop(domain, vold_status_prop)
-get_prop(domain, vts_config_prop)
-
-# Binder cache properties are world-readable
-get_prop(domain, binder_cache_bluetooth_server_prop)
-get_prop(domain, binder_cache_system_server_prop)
-get_prop(domain, binder_cache_telephony_server_prop)
-
# Let everyone read log properties, so that liblog can avoid sending unloggable
# messages to logd.
get_prop(domain, log_property_type)
@@ -228,11 +189,10 @@
# read and stat any sysfs symlinks
allow domain sysfs:lnk_file { getattr read };
-# libc references /data/misc/zoneinfo and /system/usr/share/zoneinfo for
-# timezone related information.
+# libc references /system/usr/share/zoneinfo for timezone related information.
# This directory is considered to be a VNDK-stable
-allow domain { system_zoneinfo_file zoneinfo_data_file }:file r_file_perms;
-allow domain { system_zoneinfo_file zoneinfo_data_file }:dir r_dir_perms;
+allow domain { system_zoneinfo_file }:file r_file_perms;
+allow domain { system_zoneinfo_file }:dir r_dir_perms;
# Lots of processes access current CPU information
r_dir_file(domain, sysfs_devices_system_cpu)
@@ -244,16 +204,30 @@
allow domain sysfs_transparent_hugepage:dir search;
allow domain sysfs_transparent_hugepage:file r_file_perms;
-# files under /data.
+# Allow search access, and sometimes getattr access, to various directories
+# under /data. We are fairly lenient in allowing search access to top-level
+# dirs that commonly need to be traversed to get access to the "real" files, as
+# this greatly simplifies the policy and doesn't open up much attack surface.
not_full_treble(`
allow domain system_data_file:dir getattr;
')
allow { coredomain appdomain } system_data_file:dir getattr;
-# /data has the label system_data_root_file. Vendor components need the search
-# permission on system_data_root_file for path traversal to /data/vendor.
+# Anything that accesses anything in /data needs search access to /data itself.
+# This includes vendor components, as they need to access /data/vendor.
allow domain system_data_root_file:dir { search getattr } ;
+# system_data_file is the default type for directories in /data. Anything
+# accessing data files with a more specific type often has to traverse a
+# system_data_file directory such as /data/misc to get there.
allow domain system_data_file:dir search;
+# Anything that accesses files in /data/user (and /data/user_de, etc.) needs
+# search access to these directories themselves. getattr access is sometimes
+# needed too.
+allow { coredomain appdomain } system_userdir_file:dir { search getattr };
+# Anything that accesses files in /data/media needs search access to /data/media
+# itself.
+allow { coredomain appdomain } media_userdir_file:dir search;
# TODO restrict this to non-coredomain
+allow domain vendor_userdir_file:dir { getattr search };
allow domain vendor_data_file:dir { getattr search };
# required by the dynamic linker
@@ -563,6 +537,14 @@
neverallow { domain -coredomain -vendor_init } exported_pm_prop:file no_rw_file_perms;
')
+# New "pm.dexopt." sysprops should be explicitly listed as exported_pm_prop.
+neverallow { domain -init -dumpstate -vendor_init } future_pm_prop:property_service set;
+neverallow { domain -init -dumpstate -vendor_init } future_pm_prop:file no_rw_file_perms;
+
+# ART may introduce new sysprops. SELinux denials due to reading new sysprops on
+# old platforms shouldn't be regarded as a problem.
+dontaudit domain future_pm_prop:file read;
+
neverallow { domain -init } aac_drc_prop:property_service set;
neverallow { domain -init } build_prop:property_service set;
neverallow { domain -init } userdebug_or_eng_prop:property_service set;
@@ -577,6 +559,7 @@
-hal_camera_server
-hal_cas_server
-hal_drm_server
+ -hal_keymint_server
userdebug_or_eng(`-incidentd')
-init
-mediadrmserver
@@ -607,6 +590,7 @@
-e2fs
-fsck
-fastbootd
+ -hal_fastboot_server
} metadata_block_device:blk_file { append link rename write open read ioctl lock };
# No domain other than recovery, update_engine and fastbootd can write to system partition(s).
@@ -629,22 +613,6 @@
neverallow vndservicemanager binder_device:chr_file no_rw_file_perms;
neverallow vndservicemanager hwbinder_device:chr_file no_rw_file_perms;
-# system services cant add vendor services
-neverallow {
- coredomain
-} vendor_service:service_manager add;
-
-full_treble_only(`
- # vendor services cant add system services
- neverallow {
- domain
- -coredomain
- } {
- service_manager_type
- -vendor_service
- }:service_manager add;
-')
-
full_treble_only(`
# Vendor apps are permited to use only stable public services. If they were to use arbitrary
# services which can change any time framework/core is updated, breakage is likely.
@@ -657,9 +625,10 @@
service_manager_type
-app_api_service
- -vendor_service # must be @VintfStability to be used by an app
-ephemeral_app_api_service
+ -hal_service_type # see app_neverallows.te
+
-apc_service
-audioserver_service # TODO(b/36783122) remove exemptions below once app_api_service is fixed
-cameraserver_service
@@ -825,11 +794,6 @@
-vendor_init
} {
core_data_file_type
- # libc includes functions like mktime and localtime which attempt to access
- # files in /data/misc/zoneinfo/tzdata and /system/usr/share/zoneinfo/tzdata.
- # These functions are considered vndk-stable and thus must be allowed for
- # all processes.
- -zoneinfo_data_file
with_native_coverage(`-method_trace_data_file')
}:file_class_set ~{ append getattr ioctl read write map };
neverallow {
@@ -838,7 +802,6 @@
} {
core_data_file_type
-unencrypted_data_file
- -zoneinfo_data_file
with_native_coverage(`-method_trace_data_file')
}:file_class_set ~{ append getattr ioctl read write map };
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
@@ -857,8 +820,8 @@
core_data_file_type
-system_data_file # default label for files on /data. Covered below...
-system_data_root_file
+ -vendor_userdir_file
-vendor_data_file
- -zoneinfo_data_file
with_native_coverage(`-method_trace_data_file')
}:dir *;
neverallow {
@@ -869,8 +832,8 @@
-unencrypted_data_file
-system_data_file
-system_data_root_file
+ -vendor_userdir_file
-vendor_data_file
- -zoneinfo_data_file
with_native_coverage(`-method_trace_data_file')
}:dir *;
# vendor init needs to be able to read unencrypted_data_file to create directories with FBE.
@@ -938,8 +901,6 @@
-system_lib_file
-system_linker_exec
-crash_dump_exec
- -iorap_prefetcherd_exec
- -iorap_inode2filename_exec
-netutils_wrapper_exec
userdebug_or_eng(`-tcpdump_exec')
}:file { entrypoint execute execute_no_trans };
@@ -1007,7 +968,6 @@
system_file_type
-crash_dump_exec
-file_contexts_file
- -iorap_inode2filename_exec
-netutils_wrapper_exec
-property_contexts_file
-system_event_log_tags_file
@@ -1149,6 +1109,7 @@
neverallow {
domain
-appdomain
+ -artd
-installd
} { app_data_file privapp_data_file }:lnk_file read;
@@ -1159,33 +1120,6 @@
-installd
} shell_data_file:lnk_file read;
-# In addition to the symlink reading restrictions above, restrict
-# write access to shell owned directories. The /data/local/tmp
-# directory is untrustworthy, and non-allowed domains should
-# not be trusting any content in those directories.
-neverallow {
- domain
- -adbd
- -dumpstate
- -installd
- -init
- -shell
- -vold
-} shell_data_file:dir no_w_dir_perms;
-
-neverallow {
- domain
- -adbd
- -appdomain
- -dumpstate
- -init
- -installd
- -iorap_inode2filename
- -simpleperf_app_runner
- -system_server # why?
- userdebug_or_eng(`-uncrypt')
-} shell_data_file:dir { open search };
-
# servicemanager and vndservicemanager are the only processes which handle the
# service_manager list request
neverallow * ~{
@@ -1230,11 +1164,12 @@
neverallow { domain -vold -init -vendor_init } fusectlfs:file no_rw_file_perms;
# Profiles contain untrusted data and profman parses that. We should only run
-# in from installd forked processes.
+# it from installd and artd forked processes.
neverallow {
domain
-installd
-profman
+ -artd
} profman_exec:file no_x_file_perms;
# Enforce restrictions on kernel module origin.
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 5eb3d27..6b112dc 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -75,9 +75,11 @@
vold
# This list comes from hal_interfaces_to_dump in dumputils/dump_utils.c
+ evsmanagerd
hal_audio_server
hal_audiocontrol_server
hal_bluetooth_server
+ hal_broadcastradio_server
hal_camera_server
hal_codec2_server
hal_drm_server
@@ -147,22 +149,29 @@
binder_call(dumpstate, { appdomain netd wificond })
# Allow dumpstate to call dump() on specific hals.
+dump_hal(hal_authsecret)
+dump_hal(hal_bluetooth)
+dump_hal(hal_contexthub)
+dump_hal(hal_drm)
dump_hal(hal_dumpstate)
-dump_hal(hal_wifi)
-dump_hal(hal_graphics_allocator)
-dump_hal(hal_input_processor)
-dump_hal(hal_light)
-dump_hal(hal_neuralnetworks)
-dump_hal(hal_nfc)
-dump_hal(hal_thermal)
-dump_hal(hal_power)
-dump_hal(hal_power_stats)
-dump_hal(hal_identity)
dump_hal(hal_face)
dump_hal(hal_fingerprint)
dump_hal(hal_gnss)
-dump_hal(hal_contexthub)
-dump_hal(hal_drm)
+dump_hal(hal_graphics_allocator)
+dump_hal(hal_identity)
+dump_hal(hal_input_processor)
+dump_hal(hal_keymint)
+dump_hal(hal_light)
+dump_hal(hal_memtrack)
+dump_hal(hal_neuralnetworks)
+dump_hal(hal_nfc)
+dump_hal(hal_oemlock)
+dump_hal(hal_power)
+dump_hal(hal_power_stats)
+dump_hal(hal_rebootescrow)
+dump_hal(hal_thermal)
+dump_hal(hal_weaver)
+dump_hal(hal_wifi)
# Vibrate the device after we are done collecting the bugreport
hal_client_domain(dumpstate, hal_vibrator)
@@ -236,9 +245,9 @@
allow dumpstate recovery_data_file:dir r_dir_perms;
allow dumpstate recovery_data_file:file r_file_perms;
-#Access /data/misc/update_engine_log
-allow dumpstate update_engine_log_data_file:dir r_dir_perms;
-allow dumpstate update_engine_log_data_file:file r_file_perms;
+# Access /data/misc/update_engine & /data/misc/update_engine_log
+allow dumpstate { update_engine_data_file update_engine_log_data_file }:dir r_dir_perms;
+allow dumpstate { update_engine_data_file update_engine_log_data_file }:file r_file_perms;
# Access /data/misc/profiles/{cur,ref}/
userdebug_or_eng(`
@@ -314,9 +323,6 @@
# Allow dumpstate to talk to installd over binder
binder_call(dumpstate, installd);
-# Allow dumpstate to talk to iorapd over binder.
-binder_call(dumpstate, iorapd)
-
# Allow dumpstate to run ip xfrm policy
allow dumpstate self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_read };
@@ -351,31 +357,6 @@
# Allow dumpstate to talk to mediaswcodec over binder
binder_call(dumpstate, mediaswcodec);
-# Allow dumpstate to talk to these stable AIDL services over binder
-binder_call(dumpstate, hal_rebootescrow_server)
-allow hal_rebootescrow_server dumpstate:fifo_file write;
-allow hal_rebootescrow_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_authsecret_server)
-allow hal_authsecret_server dumpstate:fifo_file write;
-allow hal_authsecret_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_keymint_server)
-allow hal_keymint_server dumpstate:fifo_file write;
-allow hal_keymint_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_memtrack_server)
-allow hal_memtrack_server dumpstate:fifo_file write;
-allow hal_memtrack_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_oemlock_server)
-allow hal_oemlock_server dumpstate:fifo_file write;
-allow hal_oemlock_server dumpstate:fd use;
-
-binder_call(dumpstate, hal_weaver_server)
-allow hal_weaver_server dumpstate:fifo_file write;
-allow hal_weaver_server dumpstate:fd use;
-
#Access /data/misc/snapshotctl_log
allow dumpstate snapshotctl_log_data_file:dir r_dir_perms;
allow dumpstate snapshotctl_log_data_file:file r_file_perms;
@@ -385,7 +366,7 @@
allow dumpstate binderfs_logs:file r_file_perms;
allow dumpstate binderfs_logs_proc:file r_file_perms;
-allow dumpstate apex_info_file:file getattr;
+use_apex_info(dumpstate)
###
### neverallow rules
diff --git a/public/e2fs.te b/public/e2fs.te
index dd5bd69..8dcf0cc 100644
--- a/public/e2fs.te
+++ b/public/e2fs.te
@@ -8,8 +8,9 @@
allow e2fs userdata_block_device:blk_file rw_file_perms;
allow e2fs metadata_block_device:blk_file rw_file_perms;
allow e2fs dm_device:blk_file rw_file_perms;
+allow e2fs zoned_block_device:blk_file rw_file_perms;
allowxperm e2fs { userdata_block_device metadata_block_device dm_device }:blk_file ioctl {
- BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET
+ BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET BLKREPORTZONE BLKRESETZONE
};
allow e2fs {
diff --git a/public/fastbootd.te b/public/fastbootd.te
index 0c43a89..8452b97 100644
--- a/public/fastbootd.te
+++ b/public/fastbootd.te
@@ -13,6 +13,7 @@
# fastbootd can use AIDL HALs in binder mode
binder_use(fastbootd)
hal_client_domain(fastbootd, hal_health)
+ hal_client_domain(fastbootd, hal_fastboot)
# Access /dev/usb-ffs/fastbootd/ep0
allow fastbootd functionfs:dir search;
@@ -103,6 +104,13 @@
allow fastbootd tmpfs:dir rw_dir_perms;
# Fetch vendor_boot partition
allow fastbootd boot_block_device:blk_file r_file_perms;
+
+ # popen(/system/bin/dmesg) and associated permissions. We only allow this
+ # on unlocked devices running userdebug builds.
+ allow fastbootd rootfs:file execute_no_trans;
+ allow fastbootd system_file:file execute_no_trans;
+ allow fastbootd kmsg_device:chr_file read;
+ allow fastbootd kernel:system syslog_read;
')
# Allow using libfiemap/gsid directly (no binder in recovery).
diff --git a/public/file.te b/public/file.te
index 2bfa282..8d33a9d3 100644
--- a/public/file.te
+++ b/public/file.te
@@ -157,6 +157,7 @@
type sdcardfs, sdcard_type, fs_type, mlstrustedobject;
type vfat, sdcard_type, fs_type, mlstrustedobject;
type exfat, sdcard_type, fs_type, mlstrustedobject;
+type ntfs, sdcard_type, fs_type, mlstrustedobject;
type debugfs, fs_type, debugfs_type;
type debugfs_kprobes, fs_type, debugfs_type;
type debugfs_mmc, fs_type, debugfs_type;
@@ -300,13 +301,20 @@
type system_data_root_file, file_type, data_file_type, core_data_file_type;
# Default type for anything under /data.
type system_data_file, file_type, data_file_type, core_data_file_type;
+# Default type for directories containing per-user encrypted directories, such
+# as /data/user and /data/user_de.
+type system_userdir_file, file_type, data_file_type, core_data_file_type;
# Type for /data/system/packages.list.
# TODO(b/129332765): Narrow down permissions to this.
# Find out users of system_data_file that should be granted only this.
type packages_list_file, file_type, data_file_type, core_data_file_type;
type game_mode_intervention_list_file, file_type, data_file_type, core_data_file_type;
-# Default type for anything under /data/vendor{_ce,_de}.
+# Default type for anything inside /data/vendor_{ce,de}.
type vendor_data_file, file_type, data_file_type;
+# Type for /data/vendor_{ce,de} themselves. This has core_data_file_type
+# because these directories themselves are platform-managed; only the files
+# *inside* them are vendor data. (Somewhat similar to system_data_root_file.)
+type vendor_userdir_file, file_type, data_file_type, core_data_file_type;
# Unencrypted data
type unencrypted_data_file, file_type, data_file_type, core_data_file_type;
# installd-create files in /data/misc/installd such as layout_version
@@ -428,6 +436,7 @@
type keystore_data_file, file_type, data_file_type, core_data_file_type;
type media_data_file, file_type, data_file_type, core_data_file_type;
type media_rw_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+type media_userdir_file, file_type, data_file_type, core_data_file_type;
type misc_user_data_file, file_type, data_file_type, core_data_file_type;
type net_data_file, file_type, data_file_type, core_data_file_type;
type network_watchlist_data_file, file_type, data_file_type, core_data_file_type;
@@ -443,9 +452,7 @@
type trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
type vpn_data_file, file_type, data_file_type, core_data_file_type;
type wifi_data_file, file_type, data_file_type, core_data_file_type;
-type zoneinfo_data_file, file_type, data_file_type, core_data_file_type;
type vold_data_file, file_type, data_file_type, core_data_file_type;
-type iorapd_data_file, file_type, data_file_type, core_data_file_type;
type tee_data_file, file_type, data_file_type;
type update_engine_data_file, file_type, data_file_type, core_data_file_type;
type update_engine_log_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/public/fsck.te b/public/fsck.te
index 1fb5d0d..1a74ba8 100644
--- a/public/fsck.te
+++ b/public/fsck.te
@@ -17,6 +17,7 @@
allow fsck userdata_block_device:blk_file rw_file_perms;
allow fsck cache_block_device:blk_file rw_file_perms;
allow fsck dm_device:blk_file rw_file_perms;
+allow fsck zoned_block_device:blk_file rw_file_perms;
userdebug_or_eng(`
allow fsck system_block_device:blk_file rw_file_perms;
')
@@ -32,6 +33,7 @@
allowxperm fsck dev_type:blk_file ioctl {
BLKDISCARDZEROES
BLKROGET
+ BLKREPORTZONE
};
# To determine if it is safe to run fsck on a filesystem, e2fsck
@@ -48,8 +50,10 @@
allow fsck {
proc_mounts
proc_swaps
+ sysfs_dm
}:file r_file_perms;
allow fsck rootfs:dir r_dir_perms;
+allow fsck sysfs_dm:dir r_dir_perms;
###
### neverallow rules
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index 97177ba..53bbef2 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -1,8 +1,10 @@
# HwBinder IPC from clients into server, and callbacks
binder_call(hal_bluetooth_client, hal_bluetooth_server)
binder_call(hal_bluetooth_server, hal_bluetooth_client)
+binder_call(hal_bluetooth_server, servicemanager)
hal_attribute_hwservice(hal_bluetooth, hal_bluetooth_hwservice)
+hal_attribute_service(hal_bluetooth, hal_bluetooth_service)
wakelock_use(hal_bluetooth);
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index a1f3d7f..f9b50b0 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te
@@ -1,6 +1,10 @@
# HwBinder IPC from client to server, and callbacks
binder_call(hal_bootctl_client, hal_bootctl_server)
binder_call(hal_bootctl_server, hal_bootctl_client)
+binder_use(hal_bootctl_server)
hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
allow hal_bootctl_server proc_bootconfig:file r_file_perms;
+
+# Needed to wait for AIDL hal services
+hal_attribute_service(hal_bootctl, hal_bootctl_service);
diff --git a/public/hal_broadcastradio.te b/public/hal_broadcastradio.te
index 84a2597..bb882c9 100644
--- a/public/hal_broadcastradio.te
+++ b/public/hal_broadcastradio.te
@@ -2,3 +2,6 @@
binder_call(hal_broadcastradio_server, hal_broadcastradio_client)
hal_attribute_hwservice(hal_broadcastradio, hal_broadcastradio_hwservice)
+hal_attribute_service(hal_broadcastradio, hal_broadcastradio_service)
+
+binder_call(hal_broadcastradio_server, servicemanager)
diff --git a/public/hal_can.te b/public/hal_can.te
index 959d1d9..d48c43f 100644
--- a/public/hal_can.te
+++ b/public/hal_can.te
@@ -7,3 +7,7 @@
binder_call(hal_can_bus_client, hal_can_bus_server)
binder_call(hal_can_bus_server, hal_can_bus_client)
hal_attribute_hwservice(hal_can_bus, hal_can_bus_hwservice)
+
+# AIDL HAL for CAN buses (ICanController)
+hal_attribute_service(hal_can_controller, hal_can_controller_service)
+binder_use(hal_can_controller)
diff --git a/public/hal_cas.te b/public/hal_cas.te
index e699a6b..056b4c9 100644
--- a/public/hal_cas.te
+++ b/public/hal_cas.te
@@ -5,6 +5,11 @@
hal_attribute_hwservice(hal_cas, hal_cas_hwservice)
allow hal_cas_server hidl_memory_hwservice:hwservice_manager find;
+hal_attribute_service(hal_cas, hal_cas_service)
+
+binder_call(hal_cas_server, servicemanager)
+binder_call(hal_cas_client, servicemanager)
+
# Permit reading device's serial number from system properties
get_prop(hal_cas_server, serialno_prop)
diff --git a/public/hal_configstore.te b/public/hal_configstore.te
index 23b04c9..8867a8d 100644
--- a/public/hal_configstore.te
+++ b/public/hal_configstore.te
@@ -34,8 +34,6 @@
-prng_seeder
userdebug_or_eng(`-su')
-tombstoned
- userdebug_or_eng(`-heapprofd')
- userdebug_or_eng(`-traced_perf')
}:{ unix_dgram_socket unix_stream_socket } *;
# Should never need access to anything on /data
@@ -43,18 +41,17 @@
data_file_type
-anr_data_file # for crash dump collection
-tombstone_data_file # for crash dump collection
- -zoneinfo_data_file # granted to domain
with_native_coverage(`-method_trace_data_file')
}:{ file fifo_file sock_file } *;
# Should never need sdcard access
neverallow hal_configstore_server {
sdcard_type
- fuse sdcardfs vfat exfat # manual expansion for completeness
+ fuse sdcardfs vfat exfat ntfs # manual expansion for completeness
}:dir ~getattr;
neverallow hal_configstore_server {
sdcard_type
- fuse sdcardfs vfat exfat # manual expansion for completeness
+ fuse sdcardfs vfat exfat ntfs # manual expansion for completeness
}:file *;
# Do not permit access to service_manager and vndservice_manager
diff --git a/public/hal_confirmationui.te b/public/hal_confirmationui.te
index 5d2e4b7..9896e35 100644
--- a/public/hal_confirmationui.te
+++ b/public/hal_confirmationui.te
@@ -2,3 +2,5 @@
binder_call(hal_confirmationui_client, hal_confirmationui_server)
hal_attribute_hwservice(hal_confirmationui, hal_confirmationui_hwservice)
+hal_attribute_service(hal_confirmationui, hal_confirmationui_service)
+binder_call(hal_confirmationui_server, servicemanager)
diff --git a/public/hal_drm.te b/public/hal_drm.te
index 72fa308..43d0a7c 100644
--- a/public/hal_drm.te
+++ b/public/hal_drm.te
@@ -26,6 +26,12 @@
allow hal_drm cgroup_v2:dir { search write };
allow hal_drm cgroup_v2:file w_file_perms;
+# Allow dumpsys Widevine without root
+userdebug_or_eng(`
+ allow hal_drm_server shell:fd use;
+ allow hal_drm_server shell:fifo_file write;
+')
+
# Allow access to ion memory allocation device
allow hal_drm ion_device:chr_file rw_file_perms;
allow hal_drm hal_graphics_allocator:fd use;
diff --git a/public/hal_dumpstate.te b/public/hal_dumpstate.te
index aee283a..193b05a 100644
--- a/public/hal_dumpstate.te
+++ b/public/hal_dumpstate.te
@@ -13,3 +13,6 @@
allow hal_dumpstate shell_data_file:file write;
# allow reading /proc/interrupts for all hal impls
allow hal_dumpstate proc_interrupts:file r_file_perms;
+
+# Log fsck results
+r_dir_file(hal_dumpstate, fscklogs)
diff --git a/public/hal_fastboot.te b/public/hal_fastboot.te
new file mode 100644
index 0000000..7aecac1
--- /dev/null
+++ b/public/hal_fastboot.te
@@ -0,0 +1,7 @@
+# allow binder connection from client to server
+binder_call(hal_fastboot_client, hal_fastboot_server)
+# allow client to find the service, allow server to register the service
+hal_attribute_service(hal_fastboot, hal_fastboot_service)
+# allow binder communication from server to service_manager
+binder_call(hal_fastboot_server, servicemanager)
+
diff --git a/public/hal_gatekeeper.te b/public/hal_gatekeeper.te
index b918f88..fc23e64 100644
--- a/public/hal_gatekeeper.te
+++ b/public/hal_gatekeeper.te
@@ -1,6 +1,8 @@
binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice)
+hal_attribute_service(hal_gatekeeper, hal_gatekeeper_service)
+binder_call(hal_gatekeeper_server, servicemanager)
# TEE access.
allow hal_gatekeeper tee_device:chr_file rw_file_perms;
diff --git a/public/hal_graphics_allocator.te b/public/hal_graphics_allocator.te
index 7ef27113..35a19de 100644
--- a/public/hal_graphics_allocator.te
+++ b/public/hal_graphics_allocator.te
@@ -11,6 +11,9 @@
allow hal_graphics_allocator ion_device:chr_file r_file_perms;
allow hal_graphics_allocator dmabuf_system_heap_device:chr_file r_file_perms;
+# Access the secure heap
+allow hal_graphics_allocator dmabuf_system_secure_heap_device:chr_file r_file_perms;
+
# allow to run with real-time scheduling policy
allow hal_graphics_allocator self:global_capability_class_set sys_nice;
diff --git a/public/hal_input_processor.te b/public/hal_input_processor.te
index 77d1d70..b59b15f 100644
--- a/public/hal_input_processor.te
+++ b/public/hal_input_processor.te
@@ -3,3 +3,6 @@
binder_call(hal_input_processor_server, servicemanager)
hal_attribute_service(hal_input_processor, hal_input_processor_service)
+
+# Allow dumping of the HAL
+allow hal_input_processor_server dumpstate:fifo_file write;
diff --git a/public/hal_keymint.te b/public/hal_keymint.te
index 9c65e22..ba29956 100644
--- a/public/hal_keymint.te
+++ b/public/hal_keymint.te
@@ -4,5 +4,5 @@
hal_attribute_service(hal_keymint, hal_remotelyprovisionedcomponent_service)
binder_call(hal_keymint_server, servicemanager)
-allow hal_keymint tee_device:chr_file rw_file_perms;
-allow hal_keymint ion_device:chr_file r_file_perms;
+allow hal_keymint_server tee_device:chr_file rw_file_perms;
+allow hal_keymint_server ion_device:chr_file r_file_perms;
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index 04d0b59..c7049fd 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -7,6 +7,8 @@
allow hal_neuralnetworks hal_allocator:fd use;
allow hal_neuralnetworks hal_graphics_mapper_hwservice:hwservice_manager find;
allow hal_neuralnetworks hal_graphics_allocator:fd use;
+allow hal_neuralnetworks gpu_device:chr_file rw_file_perms;
+allow hal_neuralnetworks gpu_device:dir r_dir_perms;
# Allow NN HAL service to use a client-provided fd residing in /data/data/.
allow hal_neuralnetworks_server app_data_file:file { read write getattr map };
diff --git a/public/hal_remoteaccess.te b/public/hal_remoteaccess.te
new file mode 100644
index 0000000..8a55529
--- /dev/null
+++ b/public/hal_remoteaccess.te
@@ -0,0 +1,6 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_remoteaccess_client, hal_remoteaccess_server)
+binder_call(hal_remoteaccess_server, hal_remoteaccess_client)
+
+hal_attribute_service(hal_remoteaccess, hal_remoteaccess_service)
+
diff --git a/public/hal_secure_element.te b/public/hal_secure_element.te
index 3724d35..8d3e15c 100644
--- a/public/hal_secure_element.te
+++ b/public/hal_secure_element.te
@@ -3,3 +3,8 @@
binder_call(hal_secure_element_server, hal_secure_element_client)
hal_attribute_hwservice(hal_secure_element, hal_secure_element_hwservice)
+hal_attribute_service(hal_secure_element, hal_secure_element_service)
+
+binder_use(hal_secure_element_server)
+
+allow hal_secure_element_client hal_secure_element_service:service_manager find;
diff --git a/public/hal_tetheroffload.te b/public/hal_tetheroffload.te
index cf51723..c9553dc 100644
--- a/public/hal_tetheroffload.te
+++ b/public/hal_tetheroffload.te
@@ -3,6 +3,9 @@
binder_call(hal_tetheroffload_server, hal_tetheroffload_client)
hal_attribute_hwservice(hal_tetheroffload, hal_tetheroffload_hwservice)
+hal_attribute_service(hal_tetheroffload, hal_tetheroffload_service)
+
+binder_use(hal_tetheroffload_server)
# allow the client to pass the server already open netlink sockets
allow hal_tetheroffload_server hal_tetheroffload_client:netlink_netfilter_socket { getattr read setopt write };
diff --git a/public/hal_thermal.te b/public/hal_thermal.te
index 2115da1..13fed00 100644
--- a/public/hal_thermal.te
+++ b/public/hal_thermal.te
@@ -3,3 +3,8 @@
binder_call(hal_thermal_server, hal_thermal_client)
hal_attribute_hwservice(hal_thermal, hal_thermal_hwservice)
+hal_attribute_service(hal_thermal, hal_thermal_service)
+
+add_service(hal_thermal_server, hal_thermal_service)
+binder_call(hal_thermal_server, servicemanager)
+binder_call(hal_thermal_client, servicemanager)
diff --git a/public/hal_tv_hdmi_cec.te b/public/hal_tv_hdmi_cec.te
new file mode 100644
index 0000000..eb01b67
--- /dev/null
+++ b/public/hal_tv_hdmi_cec.te
@@ -0,0 +1,7 @@
+# Binder IPC from clients into server, and callbacks
+binder_call(hal_tv_hdmi_cec_client, hal_tv_hdmi_cec_server)
+binder_call(hal_tv_hdmi_cec_server, hal_tv_hdmi_cec_client)
+binder_use(hal_tv_hdmi_cec_client)
+binder_use(hal_tv_hdmi_cec_server)
+
+hal_attribute_service(hal_tv_hdmi_cec, hal_tv_hdmi_cec_service)
diff --git a/public/hal_tv_hdmi_connection.te b/public/hal_tv_hdmi_connection.te
new file mode 100644
index 0000000..f6de27d
--- /dev/null
+++ b/public/hal_tv_hdmi_connection.te
@@ -0,0 +1,7 @@
+# Binder IPC from clients into server, and callbacks
+binder_call(hal_tv_hdmi_connection_client, hal_tv_hdmi_connection_server)
+binder_call(hal_tv_hdmi_connection_server, hal_tv_hdmi_connection_client)
+binder_use(hal_tv_hdmi_connection_client)
+binder_use(hal_tv_hdmi_connection_server)
+
+hal_attribute_service(hal_tv_hdmi_connection, hal_tv_hdmi_connection_service)
diff --git a/public/hal_tv_hdmi_earc.te b/public/hal_tv_hdmi_earc.te
new file mode 100644
index 0000000..2d76fc6
--- /dev/null
+++ b/public/hal_tv_hdmi_earc.te
@@ -0,0 +1,7 @@
+# Binder IPC from clients into server, and callbacks
+binder_call(hal_tv_hdmi_earc_client, hal_tv_hdmi_earc_server)
+binder_call(hal_tv_hdmi_earc_server, hal_tv_hdmi_earc_client)
+binder_use(hal_tv_hdmi_earc_client)
+binder_use(hal_tv_hdmi_earc_server)
+
+hal_attribute_service(hal_tv_hdmi_earc, hal_tv_hdmi_earc_service)
diff --git a/public/hal_tv_input.te b/public/hal_tv_input.te
index 5a5bdda..b345189 100644
--- a/public/hal_tv_input.te
+++ b/public/hal_tv_input.te
@@ -3,3 +3,7 @@
binder_call(hal_tv_input_server, hal_tv_input_client)
hal_attribute_hwservice(hal_tv_input, hal_tv_input_hwservice)
+hal_attribute_service(hal_tv_input, hal_tv_input_service)
+
+binder_call(hal_tv_input_server, servicemanager)
+binder_call(hal_tv_input_client, servicemanager)
diff --git a/public/hal_usb_gadget.te b/public/hal_usb_gadget.te
index a474652..c0df9a9 100644
--- a/public/hal_usb_gadget.te
+++ b/public/hal_usb_gadget.te
@@ -2,6 +2,9 @@
binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
binder_call(hal_usb_gadget_server, hal_usb_gadget_client)
+hal_attribute_service(hal_usb_gadget, hal_usb_gadget_service)
+binder_call(hal_usb_gadget_server, servicemanager)
+
hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice)
# Configuring usb gadget functions
@@ -10,4 +13,7 @@
allow hal_usb_gadget_server configfs:file create_file_perms;
allow hal_usb_gadget_server functionfs:dir { read search };
allow hal_usb_gadget_server functionfs:file read;
+allow hal_usb_gadget_server proc_interrupts:file r_file_perms;
+# Read access to ro.usb.uvc.enabled
+get_prop(hal_usb_gadget_server, usb_uvc_enabled_prop)
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index 2e4fa78..e4f1d21 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -3,6 +3,9 @@
binder_call(hal_wifi_server, hal_wifi_client)
hal_attribute_hwservice(hal_wifi, hal_wifi_hwservice)
+hal_attribute_service(hal_wifi, hal_wifi_service)
+
+binder_call(hal_wifi_server, servicemanager)
r_dir_file(hal_wifi, proc_net_type)
r_dir_file(hal_wifi, sysfs_type)
diff --git a/public/idmap.te b/public/idmap.te
index f41f573..76ef622 100644
--- a/public/idmap.te
+++ b/public/idmap.te
@@ -2,15 +2,10 @@
type idmap, domain;
type idmap_exec, system_file_type, exec_type, file_type;
-# TODO remove /system/bin/idmap and the link between idmap and installd (b/118711077)
-# Use open file to /data/resource-cache file inherited from installd.
-allow idmap installd:fd use;
+# Allow read + write access to /data/resource-cache
allow idmap resourcecache_data_file:file create_file_perms;
allow idmap resourcecache_data_file:dir rw_dir_perms;
-# Ignore reading /proc/<pid>/maps after a fork.
-dontaudit idmap installd:file read;
-
# Open and read from target and overlay apk files passed by argument.
allow idmap apk_data_file:file r_file_perms;
allow idmap apk_data_file:dir search;
diff --git a/public/init.te b/public/init.te
index ce0d130..a399b3a 100644
--- a/public/init.te
+++ b/public/init.te
@@ -199,6 +199,7 @@
allow init {
file_type
-app_data_file
+ -bpffs_type
-exec_type
-misc_logd_file
-nativetest_data_file
@@ -212,10 +213,11 @@
allow init {
file_type
-app_data_file
- -exec_type
- -iorapd_data_file
+ -bpffs_type
-credstore_data_file
+ -exec_type
-keystore_data_file
+ -media_userdir_file
-misc_logd_file
-nativetest_data_file
-privapp_data_file
@@ -223,7 +225,9 @@
-system_app_data_file
-system_dlkm_file_type
-system_file_type
+ -system_userdir_file
-vendor_file_type
+ -vendor_userdir_file
-vold_data_file
}:dir { write add_name remove_name rmdir relabelfrom };
@@ -231,9 +235,9 @@
file_type
-apex_info_file
-app_data_file
+ -bpffs_type
-exec_type
-gsi_data_file
- -iorapd_data_file
-credstore_data_file
-keystore_data_file
-misc_logd_file
@@ -251,12 +255,16 @@
allow init tracefs_type:file { create_file_perms relabelfrom };
+# Allow init to read /apex/apex-info-list.xml for preinstalled paths of APEXes to determine
+# subcontext for action/service defined in APEXes.
+allow init apex_info_file:file r_file_perms;
+
allow init {
file_type
-app_data_file
+ -bpffs_type
-exec_type
-gsi_data_file
- -iorapd_data_file
-credstore_data_file
-keystore_data_file
-misc_logd_file
@@ -274,9 +282,9 @@
file_type
-apex_mnt_dir
-app_data_file
+ -bpffs_type
-exec_type
-gsi_data_file
- -iorapd_data_file
-credstore_data_file
-keystore_data_file
-misc_logd_file
@@ -294,6 +302,7 @@
allow init {
file_type
+ -bpffs_type
-system_dlkm_file_type
-system_file_type
-vendor_file_type
@@ -318,6 +327,7 @@
# chown/chmod on pseudo files.
allow init {
fs_type
+ -bpffs_type
-contextmount_type
-keychord_device
-proc_type
@@ -327,7 +337,14 @@
-rootfs
enforce_debugfs_restriction(`-debugfs_type')
}:file { open read setattr };
-allow init { fs_type -contextmount_type -sdcard_type -fusefs_type -rootfs }:dir { open read setattr search };
+allow init {
+ fs_type
+ -bpffs_type
+ -contextmount_type
+ -sdcard_type
+ -fusefs_type
+ -rootfs
+}:dir { open read setattr search };
allow init {
binder_device
@@ -362,7 +379,8 @@
userdebug_or_eng(`
# Overlayfs workdir write access check during mount to permit remount,rw
allow init overlayfs_file:dir { relabelfrom mounton write };
- allow init overlayfs_file:file { append };
+ allow init overlayfs_file:file { append rename };
+ allow init overlayfs_file:chr_file unlink;
allow init system_block_device:blk_file { write };
')
@@ -380,7 +398,6 @@
allow init {
proc_abi
- proc_bpf
proc_cpu_alignment
proc_dirty
proc_hostname
diff --git a/public/installd.te b/public/installd.te
index 46796af..216704d 100644
--- a/public/installd.te
+++ b/public/installd.te
@@ -42,13 +42,12 @@
allow installd asec_image_file:dir search;
allow installd asec_image_file:file getattr;
-# Create /data/user and /data/user/0 if necessary.
-# Also required to initially create /data/data subdirectories
+# Required to initially create subdirectories of /data/user/$userId
# and lib symlinks before the setfilecon call. May want to
# move symlink creation after setfilecon in installd.
allow installd system_data_file:dir create_dir_perms;
-# Also, allow read for lnk_file so that we can process /data/user/0 links when
-# optimizing application code.
+# Also, allow read for lnk_file so that we can process symlinks within
+# /data/user/$userId when optimizing application code.
allow installd system_data_file:lnk_file { create getattr read setattr unlink };
# Manage lower filesystem via pass_through mounts
@@ -62,6 +61,7 @@
allow installd media_rw_data_file:dir relabelto;
# Delete /data/media files through sdcardfs, instead of going behind its back
+allow installd media_userdir_file:dir r_dir_perms;
allow installd tmpfs:dir r_dir_perms;
allow installd storage_file:dir search;
allow installd { sdcard_type fuse }:dir { search open read write remove_name getattr rmdir };
@@ -71,6 +71,7 @@
allow installd mirror_data_file:dir { create_dir_perms mounton };
# Upgrade /data/misc/keychain for multi-user if necessary.
+allow installd system_userdir_file:dir r_dir_perms;
allow installd misc_user_data_file:dir create_dir_perms;
allow installd misc_user_data_file:file create_file_perms;
allow installd keychain_data_file:dir create_dir_perms;
diff --git a/public/ioctl_defines b/public/ioctl_defines
index d46e485..e900173 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -132,6 +132,7 @@
define(`BC_REPLY', `0x40406301')
define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e')
define(`BC_TRANSACTION', `0x40406300')
+define(`BINDER_GET_EXTENDED_ERROR', `0xc0486211')
define(`BINDER_ENABLE_ONEWAY_SPAM_DETECTION', `0x40046210')
define(`BINDER_FREEZE', `0x400c620e')
define(`BINDER_GET_FROZEN_INFO', `0xc00c620f')
@@ -165,6 +166,8 @@
define(`BLKPG', `0x00001269')
define(`BLKRAGET', `0x00001263')
define(`BLKRASET', `0x00001262')
+define(`BLKREPORTZONE', `0xc0101282')
+define(`BLKRESETZONE', `0x40101283')
define(`BLKROGET', `0x0000125e')
define(`BLKROSET', `0x0000125d')
define(`BLKROTATIONAL', `0x0000127e')
diff --git a/public/ioctl_macros b/public/ioctl_macros
index 47a5157..64ee1b0 100644
--- a/public/ioctl_macros
+++ b/public/ioctl_macros
@@ -73,4 +73,5 @@
BINDER_SET_IDLE_PRIORITY BINDER_SET_CONTEXT_MGR BINDER_THREAD_EXIT
BINDER_VERSION BINDER_GET_NODE_DEBUG_INFO BINDER_GET_NODE_INFO_FOR_REF
BINDER_SET_CONTEXT_MGR_EXT BINDER_ENABLE_ONEWAY_SPAM_DETECTION
+BINDER_GET_EXTENDED_ERROR
}')
diff --git a/public/iorap.te b/public/iorap.te
new file mode 100644
index 0000000..0671c34
--- /dev/null
+++ b/public/iorap.te
@@ -0,0 +1,4 @@
+# Define these types for now, as they may be used in device-specific policy.
+type iorapd;
+type iorap_inode2filename;
+type iorap_prefetcherd;
diff --git a/public/iorap_inode2filename.te b/public/iorap_inode2filename.te
deleted file mode 100644
index 6f119ee..0000000
--- a/public/iorap_inode2filename.te
+++ /dev/null
@@ -1,70 +0,0 @@
-# iorap.inode2filename -> look up file paths from an inode
-type iorap_inode2filename, domain;
-type iorap_inode2filename_exec, exec_type, file_type, system_file_type;
-type iorap_inode2filename_tmpfs, file_type;
-
-r_dir_file(iorap_inode2filename, rootfs)
-
-# Allow usage of pipes (child stdout -> parent pipe).
-allow iorap_inode2filename iorapd:fd use;
-allow iorap_inode2filename iorapd:fifo_file { read write getattr };
-
-# Allow reading most files under / ignoring usual access controls.
-allow iorap_inode2filename self:capability dac_read_search;
-
-typeattribute iorap_inode2filename mlstrustedsubject;
-
-# Grant access to open most of the files under /
-allow iorap_inode2filename apex_data_file:dir { getattr open read search };
-allow iorap_inode2filename apex_data_file:file { getattr };
-allow iorap_inode2filename apex_mnt_dir:dir { getattr open read search };
-allow iorap_inode2filename apex_mnt_dir:file { getattr };
-allow iorap_inode2filename apk_data_file:dir { getattr open read search };
-allow iorap_inode2filename apk_data_file:file { getattr };
-allow iorap_inode2filename app_data_file_type:dir { getattr open read search };
-allow iorap_inode2filename app_data_file_type:file { getattr };
-allow iorap_inode2filename backup_data_file:dir { getattr open read search };
-allow iorap_inode2filename backup_data_file:file { getattr };
-allow iorap_inode2filename bootchart_data_file:dir { getattr open read search };
-allow iorap_inode2filename bootchart_data_file:file { getattr };
-allow iorap_inode2filename metadata_file:dir { getattr open read search search };
-allow iorap_inode2filename metadata_file:file { getattr };
-allow iorap_inode2filename packages_list_file:dir { getattr open read search };
-allow iorap_inode2filename packages_list_file:file { getattr };
-allow iorap_inode2filename property_data_file:dir { getattr open read search };
-allow iorap_inode2filename property_data_file:file { getattr };
-allow iorap_inode2filename resourcecache_data_file:dir { getattr open read search };
-allow iorap_inode2filename resourcecache_data_file:file { getattr };
-allow iorap_inode2filename recovery_data_file:dir { getattr open read search };
-allow iorap_inode2filename ringtone_file:dir { getattr open read search };
-allow iorap_inode2filename ringtone_file:file { getattr };
-allow iorap_inode2filename same_process_hal_file:dir { getattr open read search };
-allow iorap_inode2filename same_process_hal_file:file { getattr };
-allow iorap_inode2filename sepolicy_file:file { getattr };
-allow iorap_inode2filename staging_data_file:dir { getattr open read search };
-allow iorap_inode2filename staging_data_file:file { getattr };
-allow iorap_inode2filename system_bootstrap_lib_file:dir { getattr open read search };
-allow iorap_inode2filename system_bootstrap_lib_file:file { getattr };
-allow iorap_inode2filename system_data_file:dir { getattr open read search };
-allow iorap_inode2filename system_data_file:file { getattr };
-allow iorap_inode2filename system_data_file:lnk_file { getattr open read };
-allow iorap_inode2filename system_data_root_file:dir { getattr open read search };
-allow iorap_inode2filename textclassifier_data_file:dir { getattr open read search };
-allow iorap_inode2filename textclassifier_data_file:file { getattr };
-allow iorap_inode2filename toolbox_exec:file getattr;
-allow iorap_inode2filename user_profile_root_file:dir { getattr open read search };
-allow iorap_inode2filename user_profile_data_file:dir { getattr open read search };
-allow iorap_inode2filename user_profile_data_file:file { getattr };
-allow iorap_inode2filename unencrypted_data_file:dir { getattr open read search };
-allow iorap_inode2filename unlabeled:file { getattr };
-allow iorap_inode2filename vendor_file:dir { getattr open read search };
-allow iorap_inode2filename vendor_file:file { getattr };
-allow iorap_inode2filename vendor_overlay_file:file { getattr };
-allow iorap_inode2filename zygote_exec:file { getattr };
-
-###
-### neverallow rules
-###
-
-neverallow { domain -init -iorapd } iorap_inode2filename:process { transition dyntransition };
-neverallow iorap_inode2filename domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/iorap_prefetcherd.te b/public/iorap_prefetcherd.te
deleted file mode 100644
index 4b218fb..0000000
--- a/public/iorap_prefetcherd.te
+++ /dev/null
@@ -1,55 +0,0 @@
-# volume manager
-type iorap_prefetcherd, domain;
-type iorap_prefetcherd_exec, exec_type, file_type, system_file_type;
-type iorap_prefetcherd_tmpfs, file_type;
-
-r_dir_file(iorap_prefetcherd, rootfs)
-
-# Allow read/write /proc/sys/vm/drop/caches
-allow iorap_prefetcherd proc_drop_caches:file rw_file_perms;
-
-# iorap_prefetcherd temporarily changes its priority when running benchmarks
-allow iorap_prefetcherd self:global_capability_class_set sys_nice;
-
-# Allow usage of pipes (--input-fd=# and --output-fd=# command line parameters).
-allow iorap_prefetcherd iorapd:fd use;
-allow iorap_prefetcherd iorapd:fifo_file { read write };
-
-# Allow reading most files under / ignoring usual access controls.
-allow iorap_prefetcherd self:capability dac_read_search;
-
-typeattribute iorap_prefetcherd mlstrustedsubject;
-
-# Grant logcat access
-allow iorap_prefetcherd logcat_exec:file { open read };
-
-# Grant access to open most of the files under /
-allow iorap_prefetcherd apk_data_file:dir { open read search };
-allow iorap_prefetcherd apk_data_file:file { open read };
-allow iorap_prefetcherd app_data_file:dir { open read search };
-allow iorap_prefetcherd app_data_file:file { open read };
-allow iorap_prefetcherd dalvikcache_data_file:dir { open read search };
-allow iorap_prefetcherd dalvikcache_data_file:file{ open read };
-allow iorap_prefetcherd packages_list_file:dir { open read search };
-allow iorap_prefetcherd packages_list_file:file { open read };
-allow iorap_prefetcherd privapp_data_file:dir { open read search };
-allow iorap_prefetcherd privapp_data_file:file { open read };
-allow iorap_prefetcherd same_process_hal_file:dir{ open read search };
-allow iorap_prefetcherd same_process_hal_file:file { open read };
-allow iorap_prefetcherd system_data_file:dir { open read search };
-allow iorap_prefetcherd system_data_file:file { open read };
-allow iorap_prefetcherd system_data_file:lnk_file { open read };
-allow iorap_prefetcherd user_profile_root_file:dir { open read search };
-allow iorap_prefetcherd user_profile_data_file:dir { open read search };
-allow iorap_prefetcherd user_profile_data_file:file { open read };
-allow iorap_prefetcherd vendor_overlay_file:dir { open read search };
-allow iorap_prefetcherd vendor_overlay_file:file { open read };
-# Note: Do not add any /vendor labels because they can be customized
-# by the vendor and we won't know about them beforehand.
-
-###
-### neverallow rules
-###
-
-neverallow { domain -init -iorapd } iorap_prefetcherd:process { transition dyntransition };
-neverallow iorap_prefetcherd domain:{ tcp_socket udp_socket rawip_socket } *;
diff --git a/public/iorapd.te b/public/iorapd.te
deleted file mode 100644
index 8fded0c..0000000
--- a/public/iorapd.te
+++ /dev/null
@@ -1,94 +0,0 @@
-# volume manager
-type iorapd, domain;
-type iorapd_exec, exec_type, file_type, system_file_type;
-type iorapd_tmpfs, file_type;
-
-r_dir_file(iorapd, rootfs)
-
-# Allow read/write /proc/sys/vm/drop/caches
-allow iorapd proc_drop_caches:file rw_file_perms;
-
-# Give iorapd a place where only iorapd can store files; everyone else is off limits
-allow iorapd iorapd_data_file:dir create_dir_perms;
-allow iorapd iorapd_data_file:file create_file_perms;
-
-# Allow iorapd to publish a binder service and make binder calls.
-binder_use(iorapd)
-add_service(iorapd, iorapd_service)
-
-# Allow iorapd to call into the system server so it can check permissions.
-binder_call(iorapd, system_server)
-allow iorapd permission_service:service_manager find;
-# IUserManager
-allow iorapd user_service:service_manager find;
-# IPackageManagerNative
-allow iorapd package_native_service:service_manager find;
-# Allow dumpstate (bugreport) to call into iorapd.
-allow iorapd dumpstate:fd use;
-allow iorapd dumpstate:fifo_file write;
-
-# TODO: does each of the service_manager allow finds above need the binder_call?
-
-# iorapd temporarily changes its priority when running benchmarks
-allow iorapd self:global_capability_class_set sys_nice;
-
-# Allow to access Perfetto traced's privileged consumer socket to start/stop
-# tracing sessions and read trace data.
-unix_socket_connect(iorapd, traced_consumer, traced)
-
-# Allow iorapd to execute compilation (iorap.cmd.compiler) in idle time.
-allow iorapd system_file:file rx_file_perms;
-
-# Allow iorapd to send signull to iorap_inode2filename and iorap_prefetcherd.
-allow iorapd iorap_inode2filename:process signull;
-allow iorapd iorap_prefetcherd:process signull;
-
-# Allowing system_server to check for the existence and size of files under iorapd
-# dir without collecting any sensitive app data.
-# This is used to predict if iorapd is doing prefetching or not.
-allow system_server iorapd_data_file:dir { getattr open read search };
-allow system_server iorapd_data_file:file getattr;
-
-###
-### neverallow rules
-###
-
-neverallow {
- domain
- -iorapd
-} iorapd_data_file:dir ~{ open create read getattr setattr search relabelto ioctl };
-
-neverallow {
- domain
- -init
- -iorapd
- -system_server
-} iorapd_data_file:dir *;
-
-neverallow {
- domain
- -kernel
- -iorapd
-} iorapd_data_file:notdevfile_class_set ~{ relabelto getattr };
-
-neverallow {
- domain
- -init
- -kernel
- -vendor_init
- -iorapd
- -system_server
-} { iorapd_data_file }:notdevfile_class_set *;
-
-# Only system_server and shell (for dumpsys) can interact with iorapd over binder
-neverallow { domain -dumpstate -system_server -iorapd } iorapd_service:service_manager find;
-neverallow iorapd {
- domain
- -servicemanager
- -system_server
- userdebug_or_eng(`-su')
-}:binder call;
-
-neverallow { domain -init } iorapd:process { transition dyntransition };
-neverallow iorapd domain:{ udp_socket rawip_socket } *;
-neverallow iorapd { domain userdebug_or_eng(`-su') }:tcp_socket *;
diff --git a/public/kernel.te b/public/kernel.te
index 09d2480..b01c07ad 100644
--- a/public/kernel.te
+++ b/public/kernel.te
@@ -95,10 +95,10 @@
staging_data_file
vendor_apex_file
}:file read;
-# Also allow the kernel to read /data/local/tmp files via loop device
-# for ApexTestCases
+# Also allow the kernel to read/write /data/local/tmp files via loop device
+# for ApexTestCases and fiemap_image_test.
userdebug_or_eng(`
- allow kernel shell_data_file:file read;
+ allow kernel shell_data_file:file { read write };
')
# Allow the first-stage init (which is running in the kernel domain) to execute the
diff --git a/public/keystore.te b/public/keystore.te
index e1c58a4..4cef175 100644
--- a/public/keystore.te
+++ b/public/keystore.te
@@ -5,6 +5,7 @@
typeattribute keystore mlstrustedsubject;
binder_use(keystore)
binder_service(keystore)
+binder_call(keystore, remote_provisioning_service_server)
binder_call(keystore, system_server)
binder_call(keystore, wificond)
@@ -17,6 +18,7 @@
add_service(keystore, remoteprovisioning_service)
allow keystore sec_key_att_app_id_provider_service:service_manager find;
allow keystore dropbox_service:service_manager find;
+allow keystore remote_provisioning_service:service_manager find;
add_service(keystore, apc_service)
add_service(keystore, keystore_compat_hal_service)
add_service(keystore, authorization_service)
@@ -48,3 +50,6 @@
# The software KeyMint implementation used in km_compat needs
# to read the vendor security patch level.
get_prop(keystore, vendor_security_patch_level_prop);
+
+# Allow keystore to read its vendor configuration
+get_prop(keystore, keystore_config_prop)
diff --git a/public/mediaextractor.te b/public/mediaextractor.te
index 1315b8f..44786fc 100644
--- a/public/mediaextractor.te
+++ b/public/mediaextractor.te
@@ -67,7 +67,6 @@
# descriptor opened outside the process.
neverallow mediaextractor {
data_file_type
- -zoneinfo_data_file # time zone data from /data/misc/zoneinfo
userdebug_or_eng(`-apk_data_file') # for loading media extractor plugins
with_native_coverage(`-method_trace_data_file')
}:file open;
diff --git a/public/mediaserver.te b/public/mediaserver.te
index 621b6d7..367012c 100644
--- a/public/mediaserver.te
+++ b/public/mediaserver.te
@@ -66,6 +66,9 @@
# but seems appropriate for all devices.
unix_socket_connect(mediaserver, bluetooth, bluetooth)
+# Needed for mediaserver to send information to statsd socket.
+unix_socket_send(mediaserver, statsdw, statsd)
+
add_service(mediaserver, mediaserver_service)
allow mediaserver activity_service:service_manager find;
allow mediaserver appops_service:service_manager find;
@@ -77,6 +80,7 @@
allow mediaserver mediaextractor_service:service_manager find;
allow mediaserver mediametrics_service:service_manager find;
allow mediaserver media_session_service:service_manager find;
+allow mediaserver package_native_service:service_manager find;
allow mediaserver permission_service:service_manager find;
allow mediaserver permission_checker_service:service_manager find;
allow mediaserver power_service:service_manager find;
diff --git a/public/net.te b/public/net.te
index 31c9c45..aa30b62 100644
--- a/public/net.te
+++ b/public/net.te
@@ -21,6 +21,3 @@
# Talks to netd via fwmarkd socket.
unix_socket_connect(netdomain, fwmarkd, netd)
-
-# Connect to mdnsd via mdnsd socket.
-unix_socket_connect(netdomain, mdnsd, mdnsd)
diff --git a/public/netd.te b/public/netd.te
index 7c7655e..e3ea1cb 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -3,6 +3,8 @@
type netd_exec, system_file_type, exec_type, file_type;
net_domain(netd)
+# Connect to mdnsd via mdnsd socket.
+unix_socket_connect(netd, mdnsd, mdnsd)
# in addition to ioctls allowlisted for all domains, grant netd priv_sock_ioctls.
allowxperm netd self:udp_socket ioctl priv_sock_ioctls;
@@ -111,6 +113,10 @@
add_hwservice(netd, system_net_netd_hwservice)
hwbinder_use(netd)
+# AIDL hal server
+binder_call(system_net_netd_service, servicemanager)
+add_service(netd, system_net_netd_service)
+
###
### Neverallow rules
###
diff --git a/public/profman.te b/public/profman.te
index c014d79..727daee 100644
--- a/public/profman.te
+++ b/public/profman.te
@@ -14,8 +14,6 @@
allow profman tmpfs:file { read map };
allow profman profman_dump_data_file:file { write map };
-allow profman installd:fd use;
-
# Allow profman to analyze profiles for the secondary dex files. These
# are application dex files reported back to the framework when using
# BaseDexClassLoader.
diff --git a/public/property.te b/public/property.te
index deb166b..c41aa91 100644
--- a/public/property.te
+++ b/public/property.te
@@ -53,6 +53,7 @@
# Properties which can't be written outside system
system_restricted_prop(aac_drc_prop)
system_restricted_prop(adaptive_haptics_prop)
+system_restricted_prop(apex_ready_prop)
system_restricted_prop(arm64_memtag_prop)
system_restricted_prop(binder_cache_bluetooth_server_prop)
system_restricted_prop(binder_cache_system_server_prop)
@@ -64,6 +65,7 @@
system_restricted_prop(bq_config_prop)
system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
+system_restricted_prop(device_config_camera_native_prop)
system_restricted_prop(device_config_nnapi_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
system_restricted_prop(device_config_runtime_native_prop)
@@ -74,7 +76,6 @@
system_restricted_prop(gwp_asan_prop)
system_restricted_prop(hal_instrumentation_prop)
system_restricted_prop(userdebug_or_eng_prop)
-system_restricted_prop(hypervisor_prop)
system_restricted_prop(init_service_status_prop)
system_restricted_prop(libc_debug_prop)
system_restricted_prop(module_sdkextensions_prop)
@@ -85,6 +86,7 @@
system_restricted_prop(provisioned_prop)
system_restricted_prop(restorecon_prop)
system_restricted_prop(retaildemo_prop)
+system_restricted_prop(servicemanager_prop)
system_restricted_prop(smart_idle_maint_enabled_prop)
system_restricted_prop(socket_hook_prop)
system_restricted_prop(sqlite_log_prop)
@@ -128,6 +130,7 @@
system_vendor_config_prop(audio_config_prop)
system_vendor_config_prop(bootanim_config_prop)
system_vendor_config_prop(bluetooth_config_prop)
+system_vendor_config_prop(build_attestation_prop)
system_vendor_config_prop(build_config_prop)
system_vendor_config_prop(build_odm_prop)
system_vendor_config_prop(build_vendor_prop)
@@ -149,8 +152,11 @@
system_vendor_config_prop(graphics_config_prop)
system_vendor_config_prop(hdmi_config_prop)
system_vendor_config_prop(hw_timeout_multiplier_prop)
+system_vendor_config_prop(hypervisor_prop)
+system_vendor_config_prop(hypervisor_restricted_prop)
system_vendor_config_prop(incremental_prop)
system_vendor_config_prop(keyguard_config_prop)
+system_vendor_config_prop(keystore_config_prop)
system_vendor_config_prop(lmkd_config_prop)
system_vendor_config_prop(media_config_prop)
system_vendor_config_prop(media_variant_prop)
@@ -159,6 +165,7 @@
system_vendor_config_prop(oem_unlock_prop)
system_vendor_config_prop(packagemanager_config_prop)
system_vendor_config_prop(recovery_config_prop)
+system_vendor_config_prop(recovery_usb_config_prop)
system_vendor_config_prop(sendbug_config_prop)
system_vendor_config_prop(soc_prop)
system_vendor_config_prop(storage_config_prop)
@@ -181,6 +188,8 @@
system_vendor_config_prop(zram_config_prop)
system_vendor_config_prop(zygote_config_prop)
system_vendor_config_prop(dck_prop)
+system_vendor_config_prop(tuner_config_prop)
+system_vendor_config_prop(usb_uvc_enabled_prop)
# Properties with no restrictions
system_public_prop(adbd_config_prop)
@@ -196,11 +205,14 @@
system_public_prop(ctl_stop_prop)
system_public_prop(dalvik_runtime_prop)
system_public_prop(debug_prop)
+system_public_prop(device_config_memory_safety_native_boot_prop)
+system_public_prop(device_config_memory_safety_native_prop)
system_public_prop(dumpstate_options_prop)
system_public_prop(exported_system_prop)
system_public_prop(exported_bluetooth_prop)
system_public_prop(exported_overlay_prop)
system_public_prop(exported_pm_prop)
+system_public_prop(future_pm_prop)
system_public_prop(ffs_control_prop)
system_public_prop(framework_status_prop)
system_public_prop(gesture_prop)
@@ -208,6 +220,7 @@
system_public_prop(sota_prop)
system_public_prop(hwservicemanager_prop)
system_public_prop(lmkd_prop)
+system_public_prop(locale_prop)
system_public_prop(logd_prop)
system_public_prop(logpersistd_logging_prop)
system_public_prop(log_prop)
@@ -215,6 +228,7 @@
system_public_prop(lowpan_prop)
system_public_prop(nfc_prop)
system_public_prop(ota_prop)
+system_public_prop(permissive_mte_prop)
system_public_prop(powerctl_prop)
system_public_prop(qemu_hw_prop)
system_public_prop(qemu_sf_lcd_density_prop)
@@ -223,7 +237,9 @@
system_public_prop(serialno_prop)
system_public_prop(surfaceflinger_color_prop)
system_public_prop(system_prop)
+system_public_prop(system_user_mode_emulation_prop)
system_public_prop(telephony_status_prop)
+system_public_prop(timezone_prop)
system_public_prop(usb_control_prop)
system_public_prop(vold_post_fs_data_prop)
system_public_prop(wifi_hal_prop)
@@ -237,6 +253,12 @@
# Properties used in default HAL implementations
vendor_internal_prop(rebootescrow_hal_prop)
+# Properties used in the default Face HAL implementations
+vendor_internal_prop(virtual_face_hal_prop)
+
+# Properties used in the default Fingerprint HAL implementations
+vendor_internal_prop(virtual_fingerprint_hal_prop)
+
vendor_public_prop(persist_vendor_debug_wifi_prop)
# Properties which are public for devices launching with Android O or earlier
diff --git a/public/remote_provisioning_service_server.te b/public/remote_provisioning_service_server.te
new file mode 100644
index 0000000..710b43d
--- /dev/null
+++ b/public/remote_provisioning_service_server.te
@@ -0,0 +1,5 @@
+# This service is hosted by system server, and provides a stable aidl
+# front-end for a mainline module that is loaded into system server.
+add_service(remote_provisioning_service_server, remote_provisioning_service)
+
+binder_use(remote_provisioning_service_server)
diff --git a/public/rkpd_app.te b/public/rkpd_app.te
new file mode 100644
index 0000000..2aaf3b8
--- /dev/null
+++ b/public/rkpd_app.te
@@ -0,0 +1,6 @@
+###
+### A domain for sandboxing the remote key provisioning daemon
+### app that is shipped via mainline.
+###
+
+type rkpdapp, domain;
diff --git a/public/service.te b/public/service.te
index e862b40..3d3d98a 100644
--- a/public/service.te
+++ b/public/service.te
@@ -7,6 +7,7 @@
type batteryproperties_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type bluetooth_service, service_manager_type;
type cameraserver_service, service_manager_type;
+type fwk_camera_service, service_manager_type;
type default_android_service, service_manager_type;
type dice_maintenance_service, service_manager_type;
type dice_node_service, service_manager_type;
@@ -19,7 +20,6 @@
type gatekeeper_service, app_api_service, service_manager_type;
type gpu_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type idmap_service, service_manager_type;
-type iorapd_service, service_manager_type;
type incident_service, service_manager_type;
type installd_service, service_manager_type;
type credstore_service, app_api_service, service_manager_type;
@@ -37,6 +37,7 @@
type mediatranscoding_service, app_api_service, service_manager_type;
type netd_service, service_manager_type;
type nfc_service, service_manager_type;
+type ondevicepersonalization_system_service, system_api_service, system_server_service, service_manager_type;
type radio_service, service_manager_type;
type remotelyprovisionedkeypool_service, service_manager_type;
type remoteprovisioning_service, service_manager_type;
@@ -45,6 +46,7 @@
type storaged_service, service_manager_type;
type surfaceflinger_service, app_api_service, ephemeral_app_api_service, service_manager_type;
type system_app_service, service_manager_type;
+type system_net_netd_service, service_manager_type;
type system_suspend_control_internal_service, service_manager_type;
type system_suspend_control_service, service_manager_type;
type update_engine_service, service_manager_type;
@@ -102,6 +104,7 @@
# with EMMA_INSTRUMENT=true. We should consider locking this down in the future.
type coverage_service, system_server_service, service_manager_type;
type cpuinfo_service, system_api_service, system_server_service, service_manager_type;
+type credential_service, app_api_service, ephemeral_app_api_service, system_api_service, system_server_service, service_manager_type;
type dataloader_manager_service, system_server_service, service_manager_type;
type dbinfo_service, system_api_service, system_server_service, service_manager_type;
type device_config_service, system_server_service, service_manager_type;
@@ -119,24 +122,28 @@
type font_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type netd_listener_service, system_server_service, service_manager_type;
type network_watchlist_service, system_server_service, service_manager_type;
+type devicelock_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type DockObserver_service, system_server_service, service_manager_type;
type dreams_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type dropbox_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
-type lowpan_service, system_api_service, system_server_service, service_manager_type;
type ethernet_service, app_api_service, system_server_service, service_manager_type;
type biometric_service, app_api_service, system_server_service, service_manager_type;
type bugreport_service, app_api_service, system_server_service, service_manager_type;
type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type face_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
+type fwk_altitude_service, system_server_service, service_manager_type;
type fwk_stats_service, app_api_service, system_server_service, service_manager_type;
+type fwk_sensor_service, system_server_service, service_manager_type;
type game_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type gfxinfo_service, system_api_service, system_server_service, service_manager_type;
type gnss_time_update_service, system_server_service, service_manager_type;
+type grammatical_inflection_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type graphicsstats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hardware_service, system_server_service, service_manager_type;
type hardware_properties_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type hdmi_control_service, app_api_service, system_server_service, service_manager_type;
+type healthconnect_service, app_api_service, system_server_service, service_manager_type;
type hint_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type imms_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type incremental_service, system_server_service, service_manager_type;
@@ -191,6 +198,7 @@
type reboot_readiness_service, app_api_service, system_server_service, service_manager_type;
type recovery_service, system_server_service, service_manager_type;
type registry_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type remote_provisioning_service, system_server_service, service_manager_type;
type resources_manager_service, system_api_service, system_server_service, service_manager_type;
type restrictions_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type role_service, app_api_service, system_server_service, service_manager_type;
@@ -228,7 +236,6 @@
type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type thermal_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type timedetector_service, app_api_service, system_server_service, service_manager_type;
-type timezone_service, system_server_service, service_manager_type;
type timezonedetector_service, app_api_service, system_server_service, service_manager_type;
type translation_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type trust_service, app_api_service, system_server_service, service_manager_type;
@@ -259,7 +266,6 @@
type wifiaware_service, app_api_service, system_server_service, service_manager_type;
type window_service, system_api_service, system_server_service, service_manager_type;
type inputflinger_service, system_api_service, system_server_service, service_manager_type;
-type wpantund_service, system_api_service, service_manager_type;
type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type emergency_affordance_service, system_server_service, service_manager_type;
@@ -267,49 +273,67 @@
### HAL Services
###
-type hal_audio_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_audiocontrol_service, vendor_service, hal_service_type, service_manager_type;
-type hal_authsecret_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_camera_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_contexthub_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_dice_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_drm_service, vendor_service, hal_service_type, service_manager_type;
-type hal_dumpstate_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_evs_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_face_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_fingerprint_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_gnss_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_graphics_allocator_service, vendor_service, hal_service_type, service_manager_type;
-type hal_graphics_composer_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_health_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_health_storage_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_identity_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_input_processor_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_ir_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_keymint_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_light_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_memtrack_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_neuralnetworks_service, vendor_service, hal_service_type, service_manager_type;
-type hal_nfc_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_oemlock_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_power_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_power_stats_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_radio_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_rebootescrow_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_remotelyprovisionedcomponent_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_sensors_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_secureclock_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_sharedsecret_service, vendor_service, protected_service, hal_service_type, service_manager_type;
+type hal_audio_service, protected_service, hal_service_type, service_manager_type;
+type hal_audiocontrol_service, hal_service_type, service_manager_type;
+type hal_authsecret_service, protected_service, hal_service_type, service_manager_type;
+type hal_bluetooth_service, protected_service, hal_service_type, service_manager_type;
+type hal_bootctl_service, protected_service, hal_service_type, service_manager_type;
+type hal_broadcastradio_service, protected_service, hal_service_type, service_manager_type;
+type hal_camera_service, protected_service, hal_service_type, service_manager_type;
+type hal_can_controller_service, protected_service, hal_service_type, service_manager_type;
+type hal_cas_service, hal_service_type, service_manager_type;
+type hal_confirmationui_service, protected_service, hal_service_type, service_manager_type;
+type hal_contexthub_service, protected_service, hal_service_type, service_manager_type;
+type hal_dice_service, protected_service, hal_service_type, service_manager_type;
+type hal_drm_service, hal_service_type, service_manager_type;
+type hal_dumpstate_service, protected_service, hal_service_type, service_manager_type;
+type hal_evs_service, protected_service, hal_service_type, service_manager_type;
+type hal_face_service, protected_service, hal_service_type, service_manager_type;
+type hal_fastboot_service, protected_service, hal_service_type, service_manager_type;
+type hal_fingerprint_service, protected_service, hal_service_type, service_manager_type;
+type hal_gnss_service, protected_service, hal_service_type, service_manager_type;
+type hal_graphics_allocator_service, hal_service_type, service_manager_type;
+type hal_graphics_composer_service, protected_service, hal_service_type, service_manager_type;
+type hal_health_service, protected_service, hal_service_type, service_manager_type;
+type hal_health_storage_service, protected_service, hal_service_type, service_manager_type;
+type hal_identity_service, protected_service, hal_service_type, service_manager_type;
+type hal_input_processor_service, protected_service, hal_service_type, service_manager_type;
+type hal_ir_service, protected_service, hal_service_type, service_manager_type;
+type hal_keymint_service, protected_service, hal_service_type, service_manager_type;
+type hal_light_service, protected_service, hal_service_type, service_manager_type;
+type hal_memtrack_service, protected_service, hal_service_type, service_manager_type;
+type hal_neuralnetworks_service, hal_service_type, service_manager_type;
+type hal_nfc_service, protected_service, hal_service_type, service_manager_type;
+type hal_oemlock_service, protected_service, hal_service_type, service_manager_type;
+type hal_power_service, protected_service, hal_service_type, service_manager_type;
+type hal_power_stats_service, protected_service, hal_service_type, service_manager_type;
+type hal_radio_service, protected_service, hal_service_type, service_manager_type;
+type hal_rebootescrow_service, protected_service, hal_service_type, service_manager_type;
+type hal_remoteaccess_service, protected_service, hal_service_type, service_manager_type;
+type hal_remotelyprovisionedcomponent_service, protected_service, hal_service_type, service_manager_type;
+type hal_sensors_service, protected_service, hal_service_type, service_manager_type;
+type hal_secureclock_service, protected_service, hal_service_type, service_manager_type;
+type hal_secure_element_service, protected_service, hal_service_type, service_manager_type;
+type hal_sharedsecret_service, protected_service, hal_service_type, service_manager_type;
type hal_system_suspend_service, protected_service, hal_service_type, service_manager_type;
-type hal_tv_tuner_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_usb_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_uwb_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_vehicle_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_vibrator_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_weaver_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_nlinterceptor_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_wifi_hostapd_service, vendor_service, protected_service, hal_service_type, service_manager_type;
-type hal_wifi_supplicant_service, vendor_service, protected_service, hal_service_type, service_manager_type;
+type hal_tetheroffload_service, protected_service, hal_service_type, service_manager_type;
+type hal_thermal_service, protected_service, hal_service_type, service_manager_type;
+type hal_tv_hdmi_cec_service, protected_service, hal_service_type, service_manager_type;
+type hal_tv_hdmi_connection_service, protected_service, hal_service_type, service_manager_type;
+type hal_tv_hdmi_earc_service, protected_service, hal_service_type, service_manager_type;
+type hal_tv_input_service, protected_service, hal_service_type, service_manager_type;
+type hal_tv_tuner_service, protected_service, hal_service_type, service_manager_type;
+type hal_usb_service, protected_service, hal_service_type, service_manager_type;
+type hal_usb_gadget_service, protected_service, hal_service_type, service_manager_type;
+type hal_uwb_service, protected_service, hal_service_type, service_manager_type;
+type hal_vehicle_service, protected_service, hal_service_type, service_manager_type;
+type hal_vibrator_service, protected_service, hal_service_type, service_manager_type;
+type hal_weaver_service, protected_service, hal_service_type, service_manager_type;
+type hal_nlinterceptor_service, protected_service, hal_service_type, service_manager_type;
+type hal_wifi_service, protected_service, hal_service_type, service_manager_type;
+type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
+type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
+type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
###
### Neverallow rules
diff --git a/public/servicemanager.te b/public/servicemanager.te
index a812338..58153f7 100644
--- a/public/servicemanager.te
+++ b/public/servicemanager.te
@@ -31,10 +31,9 @@
# Check SELinux permissions.
selinux_check_access(servicemanager)
-recovery_only(`
- # In recovery, log to kmsg.
- allow servicemanager kmsg_device:chr_file rw_file_perms;
+allow servicemanager kmsg_device:chr_file rw_file_perms;
+recovery_only(`
# Read VINTF files.
r_dir_file(servicemanager, rootfs)
')
diff --git a/public/shell.te b/public/shell.te
index 4175c86..6c67cea 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -60,7 +60,6 @@
r_dir_file(shell, system_file)
allow shell system_file:file x_file_perms;
allow shell toolbox_exec:file rx_file_perms;
-allow shell tzdatacheck_exec:file rx_file_perms;
allow shell shell_exec:file rx_file_perms;
allow shell zygote_exec:file rx_file_perms;
@@ -82,9 +81,11 @@
-apex_service
-dnsresolver_service
-gatekeeper_service
+ -hal_keymint_service
+ -hal_secureclock_service
+ -hal_sharedsecret_service
-incident_service
-installd_service
- -iorapd_service
-mdns_service
-netd_service
-system_suspend_control_internal_service
@@ -198,6 +199,14 @@
### Neverallow rules
###
+# Do not allow shell to talk directly to security HAL services other than
+# hal_remotelyprovisionedcomponent_service
+neverallow shell {
+ hal_keymint_service
+ hal_secureclock_service
+ hal_sharedsecret_service
+}:service_manager find;
+
# Do not allow shell to hard link to any files.
# In particular, if shell hard links to app data
# files, installd will not be able to guarantee the deletion
diff --git a/public/statsd.te b/public/statsd.te
index 1a09586..31d033f 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -40,6 +40,10 @@
allow statsd mediametrics_service:service_manager find;
binder_call(statsd, mediametrics)
+# Allow statsd to interact with mediametrics
+allow statsd mediaserver_service:service_manager find;
+binder_call(statsd, mediaserver)
+
# Allow logd access.
read_logd(statsd)
control_logd(statsd)
diff --git a/public/su.te b/public/su.te
index 8328140..3473e74 100644
--- a/public/su.te
+++ b/public/su.te
@@ -97,6 +97,9 @@
typeattribute su hal_tetheroffload_client;
typeattribute su hal_thermal_client;
typeattribute su hal_tv_cec_client;
+ typeattribute su hal_tv_hdmi_cec_client;
+ typeattribute su hal_tv_hdmi_connection_client;
+ typeattribute su hal_tv_hdmi_earc_client;
typeattribute su hal_tv_input_client;
typeattribute su hal_tv_tuner_client;
typeattribute su hal_usb_client;
diff --git a/public/te_macros b/public/te_macros
index 58d04b4..63805de 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -176,32 +176,31 @@
dontaudit su $1_userfaultfd:anon_inode *;
# Other domains may not use userfaultfd anon_inodes created by this domain.
neverallow { domain -$1 } $1_userfaultfd:anon_inode *;
-# This domain may not use userfaultfd anon_inodes created by other domains.
-neverallow $1 ~$1_userfaultfd:anon_inode *;
')
####################################
# virtualizationservice_use(domain)
# Allow domain to create and communicate with a virtual machine using
-# virtualizationservice.
+# virtualizationservice and virtualizationmanager.
define(`virtualizationservice_use', `
-allow $1 virtualization_service:service_manager find;
-# Let the client call virtualizationservice.
-binder_call($1, virtualizationservice)
-# Let virtualizationservice call back to the client.
-binder_call(virtualizationservice, $1)
-# Let the client pass file descriptors to virtualizationservice and on
-# to crosvm
-allow { virtualizationservice crosvm } $1:fd use;
+# Transition to virtualizationmanager when the client executes it.
+domain_auto_trans($1, virtualizationmanager_exec, virtualizationmanager)
+# Allow virtualizationmanager to communicate over UDS with the client.
+allow { virtualizationmanager crosvm } $1:unix_stream_socket { getattr read write };
+# Let the client pass file descriptors to virtualizationmanager and on to crosvm.
+allow { virtualizationmanager crosvm } $1:fd use;
+# Let the client use file descriptors created by virtualizationmanager.
+allow $1 virtualizationmanager:fd use;
# Allow piping console log to the client
-allow { virtualizationservice crosvm } $1:fifo_file write;
-# Allow client to read/write vsock created by virtualizationservice to
-# communicate with the VM that it created. Notice that we do not grant
-# permission to create a vsock; the client can only connect to VMs
-# that it owns.
-allow $1 virtualizationservice:vsock_socket { getattr read write };
+allow { virtualizationmanager crosvm } $1:fifo_file { getattr read write };
+# Allow client to read/write vsock created by virtualizationmanager to communicate with the VM
+# that it created. Notice that we do not grant permission to create a vsock;
+# the client can only connect to VMs that it owns.
+allow $1 virtualizationmanager:vsock_socket { getattr getopt read write };
# Allow client to inspect hypervisor capabilities
get_prop($1, hypervisor_prop)
+# Allow client to read (but not open) the crashdump provided by virtualizationmanager
+allow $1 virtualizationservice_data_file:file { getattr read };
')
#####################################
@@ -234,6 +233,13 @@
')
#####################################
+# isolated_app_domain(domain)
+# Allow a base set of permissions required for all isolated apps.
+define(`isolated_app_domain', `
+typeattribute $1 isolated_app_all;
+')
+
+#####################################
# net_domain(domain)
# Allow a base set of permissions required for network access.
define(`net_domain', `
@@ -758,7 +764,6 @@
-$1_server
# some services are allowed to find all services
-atrace
- -dumpstate
-shell
-system_app
-traceur_app
@@ -1035,3 +1040,29 @@
allow $1 system_bootstrap_lib_file:dir r_dir_perms;
allow $1 system_bootstrap_lib_file:file { execute read open getattr map };
')
+
+######################################
+# use_apex_info(domain)
+# Allow access to apex information
+define(`use_apex_info', `
+ allow $1 apex_mnt_dir:dir r_dir_perms;
+ allow $1 apex_info_file:file r_file_perms;
+')
+
+####################################
+# io_uring_use(domain)
+# Allow domain to create/use io_uring.
+define(`io_uring_use', `
+# Set up a type_transition to "io_uring" named anonymous inode object.
+type $1_iouring;
+type_transition $1 $1:anon_inode $1_iouring "[io_uring]";
+# Allow domain to create/use io_uring anon_inode.
+allow $1 $1_iouring:anon_inode { create map read write };
+allow $1 self:io_uring sqpoll;
+# Other domains may not use iouring anon_inodes created by this domain.
+neverallow { domain -$1 } $1_iouring:anon_inode *;
+# io_uring checks for CAP_IPC_LOCK to determine whether or not to track
+# memory usage per uid against RLIMIT_MEMLOCK. This can lead folks to
+# grant CAP_IPC_LOCK to silence avc denials, which is undesireable.
+dontaudit $1 self:global_capability_class_set ipc_lock;
+')
diff --git a/public/toolbox.te b/public/toolbox.te
index 4c2cc3e..3705a92 100644
--- a/public/toolbox.te
+++ b/public/toolbox.te
@@ -1,5 +1,4 @@
# Any toolbox command run by init.
-# At present, the only known usage is for running mkswap via fs_mgr.
# Do NOT use this domain for toolbox when run by any other domain.
type toolbox, domain;
type toolbox_exec, system_file_type, exec_type, file_type;
@@ -23,16 +22,11 @@
neverallow * toolbox:process dyntransition;
neverallow toolbox { file_type fs_type -toolbox_exec}:file entrypoint;
-# rm -rf directories in /data
+# rm -rf /data/per_boot
allow toolbox system_data_root_file:dir { remove_name write };
allow toolbox system_data_file:dir { rmdir rw_dir_perms };
allow toolbox system_data_file:file { getattr unlink };
-# chattr +F and chattr +P /data/media in init
-allow toolbox media_rw_data_file:dir { r_dir_perms setattr };
-allowxperm toolbox media_rw_data_file:dir ioctl {
- FS_IOC_FSGETXATTR
- FS_IOC_FSSETXATTR
- FS_IOC_GETFLAGS
- FS_IOC_SETFLAGS
-};
+# chattr +F /data/media in init
+allow toolbox media_userdir_file:dir { r_dir_perms setattr };
+allowxperm toolbox media_userdir_file:dir ioctl { FS_IOC_SETFLAGS FS_IOC_GETFLAGS };
diff --git a/public/traced.te b/public/traced.te
index 922d46e..48da0d8 100644
--- a/public/traced.te
+++ b/public/traced.te
@@ -1,3 +1,4 @@
type traced, domain, coredomain, mlstrustedsubject;
type traced_tmpfs, file_type;
+
diff --git a/public/traceur_app.te b/public/traceur_app.te
index 1ab150d..22f6c3b 100644
--- a/public/traceur_app.te
+++ b/public/traceur_app.te
@@ -10,7 +10,6 @@
-gatekeeper_service
-incident_service
-installd_service
- -iorapd_service
-lpdump_service
-mdns_service
-netd_service
diff --git a/public/tzdatacheck.te b/public/tzdatacheck.te
deleted file mode 100644
index cf9b95d..0000000
--- a/public/tzdatacheck.te
+++ /dev/null
@@ -1,18 +0,0 @@
-# The tzdatacheck command run by init.
-type tzdatacheck, domain;
-type tzdatacheck_exec, system_file_type, exec_type, file_type;
-
-allow tzdatacheck zoneinfo_data_file:dir create_dir_perms;
-allow tzdatacheck zoneinfo_data_file:file unlink;
-
-# Below are strong assertion that only init, system_server and tzdatacheck
-# can modify the /data time zone rules directories. This is to make it very
-# clear that only these domains should modify the actual time zone rules data.
-# The tzdatacheck binary itself may be executed by shell for tests but it must
-# not be able to modify the real rules.
-# If other users / binaries could modify time zone rules on device this might
-# have negative implications for users (who may get incorrect local times)
-# or break assumptions made / invalidate data held by the components actually
-# responsible for updating time zone rules.
-neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:file no_w_file_perms;
-neverallow { domain -system_server -init -tzdatacheck } zoneinfo_data_file:dir no_w_dir_perms;
diff --git a/public/untrusted_app.te b/public/untrusted_app.te
index 0a67614..a4ee6f5 100644
--- a/public/untrusted_app.te
+++ b/public/untrusted_app.te
@@ -17,9 +17,12 @@
###
# This file defines the rules for untrusted apps running with
-# targetSdkVersion >= 32.
+# targetSdkVersion >= 34.
type untrusted_app, domain;
# This file defines the rules for untrusted apps running with
+# 31 < targetSdkVersion <= 33.
+type untrusted_app_32, domain;
+# This file defines the rules for untrusted apps running with
# 29 < targetSdkVersion <= 31.
type untrusted_app_30, domain;
# This file defines the rules for untrusted apps running with
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index e8fd29e..12961e7 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -72,6 +72,7 @@
# read /dev/dm-user, so that we can inotify wait for control devices to be
# asynchronously created by ueventd.
allow update_engine dm_user_device:dir r_dir_perms;
+allow update_engine dm_user_device:chr_file r_file_perms;
# read / write metadata on super device to resize partitions
allow update_engine_common super_block_device_type:blk_file rw_file_perms;
diff --git a/public/usbd.te b/public/usbd.te
index 6f34954..ee36784 100644
--- a/public/usbd.te
+++ b/public/usbd.te
@@ -1,2 +1,4 @@
type usbd, domain;
type usbd_exec, system_file_type, exec_type, file_type;
+
+binder_call(usbd, servicemanager)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 1e221ae..683ab61 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -48,6 +48,7 @@
allow vendor_init {
file_type
+ -bpffs_type
-core_data_file_type
-exec_type
-system_dlkm_file_type
@@ -67,6 +68,7 @@
allow vendor_init {
file_type
+ -bpffs_type
-core_data_file_type
-exec_type
-password_slot_metadata_file
@@ -86,6 +88,7 @@
allow vendor_init {
file_type
+ -bpffs_type
-core_data_file_type
-exec_type
-password_slot_metadata_file
@@ -103,6 +106,7 @@
allow vendor_init {
file_type
-apex_mnt_dir
+ -bpffs_type
-core_data_file_type
-exec_type
-password_slot_metadata_file
@@ -119,6 +123,7 @@
allow vendor_init {
file_type
+ -bpffs_type
-core_data_file_type
-exec_type
-mnt_product_file
@@ -142,6 +147,7 @@
# chown/chmod on pseudo files.
allow vendor_init {
fs_type
+ -bpffs_type
-contextmount_type
-keychord_device
-sdcard_type
@@ -157,6 +163,7 @@
allow vendor_init {
fs_type
+ -bpffs_type
-contextmount_type
-sdcard_type
-fusefs_type
@@ -164,7 +171,7 @@
-proc_uid_time_in_state
-proc_uid_concurrent_active_time
-proc_uid_concurrent_policy_time
-}:dir { open read setattr search };
+}:dir { open read setattr search };
allow vendor_init dev_type:blk_file getattr;
@@ -253,6 +260,7 @@
set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)
+set_prop(vendor_init, keystore_config_prop)
set_prop(vendor_init, vendor_security_patch_level_prop)
set_prop(vendor_init, vndk_prop)
set_prop(vendor_init, virtual_ab_prop)
diff --git a/public/vold.te b/public/vold.te
index b0fb6d0..209bf49 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -99,8 +99,8 @@
# Allow mounting (lower filesystem) on parts of media for performance
allow vold media_rw_data_file:dir mounton;
-# Allow setting extended attributes (for project quota IDs) on files and dirs
-# and to enable project ID inheritance through FS_IOC_SETFLAGS
+# Allow setting project quota IDs and enabling project ID inheritance on
+# /data/media/$userId/* and /mnt/expand/$volume/media/$userId/*
allowxperm vold media_rw_data_file:{ dir file } ioctl {
FS_IOC_FSGETXATTR
FS_IOC_FSSETXATTR
@@ -124,6 +124,10 @@
allow vold mnt_expand_file:dir { create_dir_perms mounton };
allow vold apk_data_file:dir { create getattr setattr };
allow vold shell_data_file:dir { create getattr setattr };
+allow vold system_userdir_file:dir { create getattr setattr };
+allow vold media_userdir_file:dir { create getattr setattr open read ioctl };
+# Needed to set the casefold flag on /mnt/expand/$volume/media
+allowxperm vold media_userdir_file:dir ioctl { FS_IOC_GETFLAGS FS_IOC_SETFLAGS };
# Allow to mount incremental file system on /data/incremental and create files
allow vold apk_data_file:dir { mounton rw_dir_perms };
@@ -152,7 +156,7 @@
allowxperm vold vold_device:blk_file ioctl { BLKDISCARD BLKGETSIZE };
allow vold dm_device:chr_file rw_file_perms;
allow vold dm_device:blk_file rw_file_perms;
-allowxperm vold dm_device:blk_file ioctl { BLKDISCARD BLKSECDISCARD };
+allowxperm vold dm_device:blk_file ioctl { BLKDISCARD BLKSECDISCARD BLKREPORTZONE BLKRESETZONE };
# For vold Process::killProcessesWithOpenFiles function.
allow vold domain:dir r_dir_perms;
allow vold domain:{ file lnk_file } r_file_perms;
@@ -223,6 +227,9 @@
allow vold userdata_block_device:blk_file rw_file_perms;
allowxperm vold userdata_block_device:blk_file ioctl BLKSECDISCARD;
+# Access zoned block device.
+allow vold zoned_block_device:blk_file rw_file_perms;
+
# Access metadata block device used for encryption meta-data.
allow vold metadata_block_device:blk_file rw_file_perms;
allowxperm vold metadata_block_device:blk_file ioctl BLKSECDISCARD;
@@ -330,7 +337,6 @@
-system_suspend_server
-hal_bootctl_server
-hwservicemanager
- -iorapd_service
-keystore
-servicemanager
-system_server
diff --git a/public/wpantund.te b/public/wpantund.te
deleted file mode 100644
index 8ddd693..0000000
--- a/public/wpantund.te
+++ /dev/null
@@ -1,29 +0,0 @@
-type wpantund, domain;
-type wpantund_exec, system_file_type, exec_type, file_type;
-
-hal_client_domain(wpantund, hal_lowpan)
-net_domain(wpantund)
-
-binder_use(wpantund)
-binder_call(wpantund, system_server)
-
-# wpantund needs to be able to check in with the lowpan_service
-allow wpantund lowpan_service:service_manager find;
-
-# Allow wpantund to call any callbacks that have been registered with it.
-# Generally, only privileged apps are able to register callbacks with
-# wpantund, so we are limiting the scope for callbacks to only privileged
-# apps. We also add shell to allow the command-line utility `lowpanctl`
-# to work properly from `adb shell`.
-allow wpantund {priv_app shell}:binder call;
-
-# create sockets to set interfaces up and down, add multicast groups, etc.
-allow wpantund self:udp_socket create_socket_perms;
-
-# setting interface state up/down and changing MTU are privileged ioctls
-allowxperm wpantund self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFMTU };
-
-# Allow us to bring up a TUN network interface.
-allow wpantund tun_device:chr_file rw_file_perms;
-allow wpantund self:global_capability_class_set { net_admin net_raw };
-allow wpantund self:tun_socket create;
diff --git a/tests/Android.bp b/tests/Android.bp
index 8ca952d..e271346 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -43,6 +43,11 @@
srcs: [
"treble_sepolicy_tests.py",
],
+ version: {
+ py3: {
+ embedded_launcher: true,
+ },
+ },
libs: [
"mini_cil_parser",
"pysepolwrap",
@@ -55,6 +60,11 @@
srcs: [
"sepolicy_tests.py",
],
+ version: {
+ py3: {
+ embedded_launcher: true,
+ },
+ },
libs: ["pysepolwrap"],
data: [":libsepolwrap"],
}
diff --git a/tests/fix_policies.sh b/tests/fix_policies.sh
new file mode 100755
index 0000000..6011829
--- /dev/null
+++ b/tests/fix_policies.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+# Copyright (C) 2023 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+if [ $# -ne 1 ]; then
+ echo "Usage: $0 <directory>"
+ exit 1
+fi
+
+directory=$1
+
+# This fixes the Neverallow test involving policy violations of isolated_compute_app
+function fix_isolated_policies
+{
+ # Replace make sure we don't wrongly replace the existing occurrence
+ find "$directory" -name "*.te" -print0 | xargs -0 sed -i 's/-\s*isolated_app_all/-isolated_app/g'
+
+ # Replacement
+ find "$directory" -name "*.te" -print0 | xargs -0 sed -i 's/-\s*isolated_app/-isolated_app_all/g'
+
+ echo "Successfully replaced all occurrences of '-isolated_app' to '-isolated_app_all'!"
+}
+
+fix_isolated_policies
diff --git a/tests/policy.py b/tests/policy.py
index 60c6962..910dd3d 100644
--- a/tests/policy.py
+++ b/tests/policy.py
@@ -222,11 +222,15 @@
scontext = set()
for sctx in kwargs['scontext']:
scontext |= self.ResolveTypeAttribute(sctx)
+ if (len(scontext) == 0):
+ return []
kwargs['scontext'] = scontext
if ("tcontext" in kwargs and len(kwargs['tcontext']) > 0):
tcontext = set()
for tctx in kwargs['tcontext']:
tcontext |= self.ResolveTypeAttribute(tctx)
+ if (len(tcontext) == 0):
+ return []
kwargs['tcontext'] = tcontext
for Rule in self.__Rules:
if self.__TERuleMatch(Rule, **kwargs):
diff --git a/tests/searchpolicy.py b/tests/searchpolicy.py
index 9d2c636..79efecf 100644
--- a/tests/searchpolicy.py
+++ b/tests/searchpolicy.py
@@ -78,10 +78,10 @@
for r in TERules:
if len(r.perms) > 1:
rules.append("allow " + r.sctx + " " + r.tctx + ":" + r.tclass + " { " +
- " ".join(r.perms) + " };")
+ " ".join(sorted(r.perms)) + " };")
else:
rules.append("allow " + r.sctx + " " + r.tctx + ":" + r.tclass + " " +
- " ".join(r.perms) + ";")
+ " ".join(sorted(r.perms)) + ";")
for r in sorted(rules):
print(r)
diff --git a/tests/sepolicy_tests.py b/tests/sepolicy_tests.py
index e940681..63144dd 100644
--- a/tests/sepolicy_tests.py
+++ b/tests/sepolicy_tests.py
@@ -15,9 +15,12 @@
from optparse import OptionParser
from optparse import Option, OptionValueError
import os
+import pkgutil
import policy
import re
+import shutil
import sys
+import tempfile
SHARED_LIB_EXTENSION = '.dylib' if sys.platform == 'darwin' else '.so'
@@ -146,7 +149,11 @@
"TestDmaHeapDevTypeViolations",
]
-if __name__ == '__main__':
+def do_main(libpath):
+ """
+ Args:
+ libpath: string, path to libsepolwrap.so
+ """
usage = "sepolicy_tests -f vendor_file_contexts -f "
usage +="plat_file_contexts -p policy [--test test] [--help]"
parser = OptionParser(option_class=MultipleOption, usage=usage)
@@ -158,11 +165,6 @@
(options, args) = parser.parse_args()
- libpath = os.path.join(os.path.dirname(os.path.realpath(__file__)),
- "libsepolwrap" + SHARED_LIB_EXTENSION)
- if not os.path.exists(libpath):
- sys.exit("Error: libsepolwrap does not exist. Is this binary corrupted?\n")
-
if not options.policy:
sys.exit("Must specify monolithic policy file\n" + parser.usage)
if not os.path.exists(options.policy):
@@ -207,3 +209,17 @@
if len(results) > 0:
sys.exit(results)
+
+if __name__ == '__main__':
+ temp_dir = tempfile.mkdtemp()
+ try:
+ libname = "libsepolwrap" + SHARED_LIB_EXTENSION
+ libpath = os.path.join(temp_dir, libname)
+ with open(libpath, "wb") as f:
+ blob = pkgutil.get_data("sepolicy_tests", libname)
+ if not blob:
+ sys.exit("Error: libsepolwrap does not exist. Is this binary corrupted?\n")
+ f.write(blob)
+ do_main(libpath)
+ finally:
+ shutil.rmtree(temp_dir)
diff --git a/tests/treble_sepolicy_tests.py b/tests/treble_sepolicy_tests.py
index 64a9e95..b49f138 100644
--- a/tests/treble_sepolicy_tests.py
+++ b/tests/treble_sepolicy_tests.py
@@ -16,10 +16,13 @@
from optparse import Option, OptionValueError
import os
import mini_parser
+import pkgutil
import policy
from policy import MatchPathPrefix
import re
+import shutil
import sys
+import tempfile
DEBUG=False
SHARED_LIB_EXTENSION = '.dylib' if sys.platform == 'darwin' else '.so'
@@ -341,7 +344,13 @@
"TrebleCompatMapping": TestTrebleCompatMapping,
"ViolatorAttributes": TestViolatorAttributes}
-if __name__ == '__main__':
+def do_main(libpath):
+ """
+ Args:
+ libpath: string, path to libsepolwrap.so
+ """
+ global pol, FakeTreble
+
usage = "treble_sepolicy_tests "
usage += "-f nonplat_file_contexts -f plat_file_contexts "
usage += "-p curr_policy -b base_policy -o old_policy "
@@ -374,11 +383,6 @@
sys.exit("Error: File_contexts file " + f + " does not exist\n" +
parser.usage)
- libpath = os.path.join(os.path.dirname(os.path.realpath(__file__)),
- "libsepolwrap" + SHARED_LIB_EXTENSION)
- if not os.path.exists(libpath):
- sys.exit("Error: libsepolwrap does not exist. Is this binary corrupted?\n")
-
# Mapping files and public platform policy are only necessary for the
# TrebleCompatMapping test.
if options.tests is None or options.tests == "TrebleCompatMapping":
@@ -428,3 +432,17 @@
if len(results) > 0:
sys.exit(results)
+
+if __name__ == '__main__':
+ temp_dir = tempfile.mkdtemp()
+ try:
+ libname = "libsepolwrap" + SHARED_LIB_EXTENSION
+ libpath = os.path.join(temp_dir, libname)
+ with open(libpath, "wb") as f:
+ blob = pkgutil.get_data("treble_sepolicy_tests", libname)
+ if not blob:
+ sys.exit("Error: libsepolwrap does not exist. Is this binary corrupted?\n")
+ f.write(blob)
+ do_main(libpath)
+ finally:
+ shutil.rmtree(temp_dir)
diff --git a/tools/Android.bp b/tools/Android.bp
index fcf375d..057b073 100644
--- a/tools/Android.bp
+++ b/tools/Android.bp
@@ -59,6 +59,13 @@
srcs: ["version_policy.c"],
}
+cc_binary {
+ name: "seamendc",
+ defaults: ["sepolicy_tools_defaults"],
+ srcs: ["seamendc.c"],
+ host_supported: true,
+}
+
python_binary_host {
name: "insertkeys",
srcs: ["insertkeys.py"],
@@ -70,3 +77,8 @@
libs: ["mini_cil_parser", "pysepolwrap"],
data: [":libsepolwrap"],
}
+
+python_binary_host {
+ name: "fuzzer_bindings_check",
+ srcs: ["fuzzer_bindings_check.py"],
+}
diff --git a/tools/README b/tools/README
index 5e340a0..8976c68 100644
--- a/tools/README
+++ b/tools/README
@@ -70,3 +70,15 @@
sepolicy-analyze
A tool for performing various kinds of analysis on a sepolicy
file.
+
+fuzzer_bindings_check
+ Tool to check if fuzzer is added for new services. it is used by fuzzer_bindings_test soong module internally.
+ Error will be generated if there is no fuzzer binding present for service added in service_contexts in
+ system/sepolicy/soong/build/service_fuzzer_bindings.go
+
+ Usage:
+ fuzzer_bindings_check.py -s [SRCs...] -b /path/to/binding.json
+
+ -s [SRCs...] list of service_contexts files. Tool will check if there is fuzzer for every service
+ in the context file.
+ -b /path/to/binding.json Path to json file containing "service":[fuzzers...] bindings.
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 7795e3a..e57a6b3 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -213,6 +213,7 @@
{ .name = "isPrivApp", .dir = dir_in, .fn_validate = validate_bool },
{ .name = "minTargetSdkVersion", .dir = dir_in, .fn_validate = validate_uint },
{ .name = "fromRunAs", .dir = dir_in, .fn_validate = validate_bool },
+ { .name = "isIsolatedComputeApp", .dir = dir_in, .fn_validate = validate_bool },
/*Outputs*/
{ .name = "domain", .dir = dir_out, .fn_validate = validate_domain },
{ .name = "type", .dir = dir_out, .fn_validate = validate_type },
diff --git a/tools/fuzzer_bindings_check.py b/tools/fuzzer_bindings_check.py
new file mode 100644
index 0000000..55859ac
--- /dev/null
+++ b/tools/fuzzer_bindings_check.py
@@ -0,0 +1,96 @@
+#!/usr/bin/env python3
+#
+# Copyright 2022 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import logging
+import json
+import sys
+import os
+import argparse
+
+def check_file_exists(file_name):
+ if not os.path.exists(file_name):
+ sys.exit("File doesn't exist : {0}".format(file_name))
+
+def read_bindings(binding_file):
+ check_file_exists(binding_file)
+ with open(binding_file) as jsonFile:
+ bindings = json.loads(jsonFile.read())
+ return bindings
+
+def check_fuzzer_exists(context_file, bindings):
+ with open(context_file) as file:
+ for line in file:
+ # Ignore empty lines and comments
+ line = line.strip()
+ if line.startswith("#"):
+ logging.debug("Found a comment..skipping")
+ continue
+
+ tokens = line.split()
+ if len(tokens) == 0:
+ logging.debug("Skipping empty lines in service_contexts")
+ continue
+
+ # For a valid service_context file, there will be only two tokens
+ # First will be service name and second will be its label.
+ service_name = tokens[0]
+ if service_name not in bindings:
+ sys.exit("\nerror: Service '{0}' is being added, but we have no fuzzer on file for it. "
+ "Fuzzers are listed at $ANDROID_BUILD_TOP/system/sepolicy/build/soong/service_fuzzer_bindings.go \n\n"
+ "NOTE: automatic service fuzzers are currently not supported in Java (b/232439254) "
+ "and Rust (b/164122727). In this case, please ignore this for now and add an entry for your"
+ "new service in service_fuzzer_bindings.go \n\n"
+ "If you are writing a new service, it may be subject to attack from other "
+ "potentially malicious processes. A fuzzer can be written automatically "
+ "by adding these things: \n"
+ "- a cc_fuzz Android.bp entry \n"
+ "- a main file that constructs your service and calls 'fuzzService' \n\n"
+ "An examples can be found here: \n"
+ "- $ANDROID_BUILD_TOP/hardware/interfaces/vibrator/aidl/default/fuzzer.cpp \n"
+ "- https://source.android.com/docs/core/architecture/aidl/aidl-fuzzing \n\n"
+ "This is only ~30 lines of configuration. It requires dependency injection "
+ "for your service which is a good practice, and (in AOSP) you will get bugs "
+ "automatically filed on you. You will find out about issues without needing "
+ "to backport changes years later, and the system will automatically find ways "
+ "to reproduce difficult to solve issues for you. \n\n"
+ "This error can be bypassed by adding entry "
+ "for new service in $ANDROID_BUILD_TOP/system/sepolicy/build/soong/service_fuzzer_bindings.go \n\n"
+ "- Android Fuzzing and Security teams".format(service_name))
+ return
+
+def validate_bindings(args):
+ bindings = read_bindings(args.bindings)
+ for file in args.srcs:
+ check_file_exists(file)
+ check_fuzzer_exists(file, bindings)
+ return
+
+def get_args():
+ parser = argparse.ArgumentParser(description="Tool to check if fuzzer is "
+ "added for new services")
+ parser.add_argument('-b', help='Path to json file containing '
+ '"service":[fuzzers...] bindings.',
+ required=True, dest='bindings')
+ parser.add_argument('-s', '--list', nargs='+',
+ help='list of service_contexts files. Tool will check if '
+ 'there is fuzzer for every service in the context '
+ 'file.', required=True, dest='srcs')
+ parsed_args = parser.parse_args()
+ return parsed_args
+
+if __name__ == "__main__":
+ args = get_args()
+ validate_bindings(args)
diff --git a/tools/seamendc.c b/tools/seamendc.c
new file mode 100644
index 0000000..cd79c76
--- /dev/null
+++ b/tools/seamendc.c
@@ -0,0 +1,286 @@
+#include <getopt.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include <cil/cil.h>
+#include <cil/android.h>
+#include <sepol/policydb.h>
+#include "sepol/handle.h"
+
+void usage(const char *prog)
+{
+ printf("Usage: %s [OPTION]... FILE...\n", prog);
+ printf("Takes a binary policy file as input and applies the rules and definitions specified ");
+ printf("in the provided FILEs. Each FILE must be a policy file in CIL format.\n");
+ printf("\n");
+ printf("Options:\n");
+ printf(" -b, --base=<file> (required) base binary policy.\n");
+ printf(" -o, --output=<file> (required) write binary policy to <file>\n");
+ printf(" -v, --verbose increment verbosity level\n");
+ printf(" -h, --help display usage information\n");
+ exit(1);
+}
+
+/*
+ * Read binary policy file from path into the allocated pdb.
+ *
+ * We first read the binary policy into memory, and then we parse it to a
+ * policydb object using sepol_policydb_from_image. This combination is slightly
+ * faster than using sepol_policydb_read that reads the binary file in small
+ * chunks at a time.
+ */
+static int read_binary_policy(char *path, sepol_policydb_t *pdb)
+{
+ int rc = SEPOL_OK;
+ char *buff = NULL;
+ sepol_handle_t *handle = NULL;
+
+ FILE *file = fopen(path, "r");
+ if (!file) {
+ fprintf(stderr, "Could not open %s: %s.\n", path, strerror(errno));
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+
+ struct stat binarydata;
+ rc = stat(path, &binarydata);
+ if (rc == -1) {
+ fprintf(stderr, "Could not stat %s: %s.\n", path, strerror(errno));
+ goto exit;
+ }
+
+ uint32_t file_size = binarydata.st_size;
+ if (!file_size) {
+ fprintf(stderr, "Binary policy file is empty.\n");
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+
+ buff = malloc(file_size);
+ if (buff == NULL) {
+ perror("malloc failed");
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+
+ rc = fread(buff, file_size, 1, file);
+ if (rc != 1) {
+ fprintf(stderr, "Failure reading %s: %s.\n", path, strerror(errno));
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+
+ handle = sepol_handle_create();
+ if (!handle) {
+ perror("Could not create policy handle");
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+
+ rc = sepol_policydb_from_image(handle, buff, file_size, pdb);
+ if (rc != 0) {
+ fprintf(stderr, "Failed to read binary policy: %d.\n", rc);
+ }
+
+exit:
+ if (file != NULL && fclose(file) == EOF && rc == SEPOL_OK) {
+ perror("Failure closing binary file");
+ rc = SEPOL_ERR;
+ }
+ if(handle != NULL) {
+ sepol_handle_destroy(handle);
+ }
+ free(buff);
+ return rc;
+}
+
+/*
+ * read_cil_files - Initialize db and parse CIL input files.
+ */
+static int read_cil_files(struct cil_db **db, char **paths,
+ unsigned int n_files)
+{
+ int rc = SEPOL_ERR;
+ FILE *file = NULL;
+ char *buff = NULL;
+
+ for (int i = 0; i < n_files; i++) {
+ char *path = paths[i];
+
+ file = fopen(path, "r");
+ if (file == NULL) {
+ rc = SEPOL_ERR;
+ fprintf(stderr, "Could not open %s: %s.\n", path, strerror(errno));
+ goto file_err;
+ }
+
+ struct stat filedata;
+ rc = stat(path, &filedata);
+ if (rc == -1) {
+ fprintf(stderr, "Could not stat %s: %s.\n", path, strerror(errno));
+ goto err;
+ }
+
+ uint32_t file_size = filedata.st_size;
+ buff = malloc(file_size);
+ if (buff == NULL) {
+ perror("malloc failed");
+ rc = SEPOL_ERR;
+ goto err;
+ }
+
+ rc = fread(buff, file_size, 1, file);
+ if (rc != 1) {
+ fprintf(stderr, "Failure reading %s: %s.\n", path, strerror(errno));
+ rc = SEPOL_ERR;
+ goto err;
+ }
+ fclose(file);
+ file = NULL;
+
+ /* create parse_tree */
+ rc = cil_add_file(*db, path, buff, file_size);
+ if (rc != SEPOL_OK) {
+ fprintf(stderr, "Failure adding %s to parse tree.\n", path);
+ goto parse_err;
+ }
+ free(buff);
+ buff = NULL;
+ }
+
+ return SEPOL_OK;
+err:
+ fclose(file);
+parse_err:
+ free(buff);
+file_err:
+ return rc;
+}
+
+/*
+ * Write binary policy in pdb to file at path.
+ */
+static int write_binary_policy(sepol_policydb_t *pdb, char *path)
+{
+ int rc = SEPOL_OK;
+
+ FILE *file = fopen(path, "w");
+ if (file == NULL) {
+ fprintf(stderr, "Could not open %s: %s.\n", path, strerror(errno));
+ rc = SEPOL_ERR;
+ goto exit;
+ }
+
+ struct sepol_policy_file *pf = NULL;
+ rc = sepol_policy_file_create(&pf);
+ if (rc != 0) {
+ fprintf(stderr, "Failed to create policy file: %d.\n", rc);
+ goto exit;
+ }
+ sepol_policy_file_set_fp(pf, file);
+
+ rc = sepol_policydb_write(pdb, pf);
+ if (rc != 0) {
+ fprintf(stderr, "failed to write binary policy: %d.\n", rc);
+ goto exit;
+ }
+
+exit:
+ if (file != NULL && fclose(file) == EOF && rc == SEPOL_OK) {
+ perror("Failure closing binary file");
+ rc = SEPOL_ERR;
+ }
+ return rc;
+}
+
+int main(int argc, char *argv[])
+{
+ char *base = NULL;
+ char *output = NULL;
+ enum cil_log_level log_level = CIL_ERR;
+ static struct option long_opts[] = {{"base", required_argument, 0, 'b'},
+ {"output", required_argument, 0, 'o'},
+ {"verbose", no_argument, 0, 'v'},
+ {"help", no_argument, 0, 'h'},
+ {0, 0, 0, 0}};
+
+ while (1) {
+ int opt_index = 0;
+ int opt_char = getopt_long(argc, argv, "b:o:vh", long_opts, &opt_index);
+ if (opt_char == -1) {
+ break;
+ }
+ switch (opt_char)
+ {
+ case 'b':
+ base = optarg;
+ break;
+ case 'o':
+ output = optarg;
+ break;
+ case 'v':
+ log_level++;
+ break;
+ case 'h':
+ usage(argv[0]);
+ default:
+ fprintf(stderr, "Unsupported option: %s.\n", optarg);
+ usage(argv[0]);
+ }
+ }
+ if (base == NULL || output == NULL) {
+ fprintf(stderr, "Please specify required arguments.\n");
+ usage(argv[0]);
+ }
+
+ cil_set_log_level(log_level);
+
+ // Initialize and read input policydb file.
+ sepol_policydb_t *pdb = NULL;
+ int rc = sepol_policydb_create(&pdb);
+ if (rc != 0) {
+ fprintf(stderr, "Could not create policy db: %d.\n", rc);
+ exit(rc);
+ }
+
+ rc = read_binary_policy(base, pdb);
+ if (rc != SEPOL_OK) {
+ fprintf(stderr, "Failed to read binary policy: %d.\n", rc);
+ exit(rc);
+ }
+
+ // Initialize cil_db.
+ struct cil_db *incremental_db = NULL;
+ cil_db_init(&incremental_db);
+ cil_set_attrs_expand_generated(incremental_db, 1);
+
+ // Read input cil files and compile them into cil_db.
+ rc = read_cil_files(&incremental_db, argv + optind, argc - optind);
+ if (rc != SEPOL_OK) {
+ fprintf(stderr, "Failed to read CIL files: %d.\n", rc);
+ exit(rc);
+ }
+
+ rc = cil_compile(incremental_db);
+ if (rc != SEPOL_OK) {
+ fprintf(stderr, "Failed to compile cildb: %d.\n", rc);
+ exit(rc);
+ }
+
+ // Amend the policydb.
+ rc = cil_amend_policydb(incremental_db, pdb);
+ if (rc != SEPOL_OK) {
+ fprintf(stderr, "Failed to build policydb.\n");
+ exit(rc);
+ }
+
+ rc = write_binary_policy(pdb, output);
+ if (rc != SEPOL_OK) {
+ fprintf(stderr, "Failed to write binary policy: %d.\n", rc);
+ exit(rc);
+ }
+}
diff --git a/tools/sepolicy_generate_compat.py b/tools/sepolicy_generate_compat.py
index 17a4d75..cd61c9a 100644
--- a/tools/sepolicy_generate_compat.py
+++ b/tools/sepolicy_generate_compat.py
@@ -14,8 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from pathlib import Path
import argparse
-import distutils.ccompiler
import glob
import logging
import mini_parser
@@ -29,9 +29,13 @@
"""This tool generates a mapping file for {ver} core sepolicy."""
temp_dir = ''
-compat_cil_template = ";; This file can't be empty.\n"
-ignore_cil_template = """;; new_objects - a collection of types that have been introduced that have no
-;; analogue in older policy. Thus, we do not need to map these types to
+mapping_cil_footer = ";; mapping information from ToT policy's types to %s policy's types.\n"
+compat_cil_template = """;; complement CIL file for compatibility between ToT policy and %s vendors.
+;; will be compiled along with other normal policy files, on %s vendors.
+;;
+"""
+ignore_cil_template = """;; new_objects - a collection of types that have been introduced with ToT policy
+;; that have no analogue in %s policy. Thus, we do not need to map these types to
;; previous ones. Add here to pass checkapi tests.
(type new_objects)
(typeattribute new_objects)
@@ -41,6 +45,7 @@
))
"""
+SHARED_LIB_EXTENSION = '.dylib' if sys.platform == 'darwin' else '.so'
def check_run(cmd, cwd=None):
if cwd:
@@ -105,7 +110,7 @@
path = os.path.join(destination, '%s.cil' % ver)
with open(path, 'wb') as f:
logging.debug('Extracting %s.cil to %s' % (ver, destination))
- f.write(check_output(cmd).stdout.replace(b'10000.0',b'33.0').replace(b'10000_0',b'33_0'))
+ f.write(check_output(cmd).stdout.replace(b'10000_0', ver.replace('.', '_').encode()))
return path
@@ -190,6 +195,122 @@
return versioned_type.removesuffix(old_suffix) + new_suffix
+def create_target_compat_modules(bp_path, target_ver):
+ """ Creates compat modules to Android.bp.
+
+ Args:
+ bp_path: string, path to Android.bp
+ target_ver: string, api version to generate
+ """
+
+ module_template = """
+se_build_files {{
+ name: "{ver}.board.compat.map",
+ srcs: ["compat/{ver}/{ver}.cil"],
+}}
+
+se_build_files {{
+ name: "{ver}.board.compat.cil",
+ srcs: ["compat/{ver}/{ver}.compat.cil"],
+}}
+
+se_build_files {{
+ name: "{ver}.board.ignore.map",
+ srcs: ["compat/{ver}/{ver}.ignore.cil"],
+}}
+
+se_cil_compat_map {{
+ name: "plat_{ver}.cil",
+ stem: "{ver}.cil",
+ bottom_half: [":{ver}.board.compat.map{{.plat_private}}"],
+}}
+
+se_cil_compat_map {{
+ name: "system_ext_{ver}.cil",
+ stem: "{ver}.cil",
+ bottom_half: [":{ver}.board.compat.map{{.system_ext_private}}"],
+ system_ext_specific: true,
+}}
+
+se_cil_compat_map {{
+ name: "product_{ver}.cil",
+ stem: "{ver}.cil",
+ bottom_half: [":{ver}.board.compat.map{{.product_private}}"],
+ product_specific: true,
+}}
+
+se_cil_compat_map {{
+ name: "{ver}.ignore.cil",
+ bottom_half: [":{ver}.board.ignore.map{{.plat_private}}"],
+}}
+
+se_cil_compat_map {{
+ name: "system_ext_{ver}.ignore.cil",
+ stem: "{ver}.ignore.cil",
+ bottom_half: [":{ver}.board.ignore.map{{.system_ext_private}}"],
+ system_ext_specific: true,
+}}
+
+se_cil_compat_map {{
+ name: "product_{ver}.ignore.cil",
+ stem: "{ver}.ignore.cil",
+ bottom_half: [":{ver}.board.ignore.map{{.product_private}}"],
+ product_specific: true,
+}}
+
+se_compat_cil {{
+ name: "{ver}.compat.cil",
+ srcs: [":{ver}.board.compat.cil{{.plat_private}}"],
+}}
+
+se_compat_cil {{
+ name: "system_ext_{ver}.compat.cil",
+ stem: "{ver}.compat.cil",
+ srcs: [":{ver}.board.compat.cil{{.system_ext_private}}"],
+ system_ext_specific: true,
+}}
+"""
+
+ with open(bp_path, 'a') as f:
+ f.write(module_template.format(ver=target_ver))
+
+
+def patch_top_half_of_latest_compat_modules(bp_path, latest_ver, target_ver):
+ """ Adds top_half property to latest compat modules in Android.bp.
+
+ Args:
+ bp_path: string, path to Android.bp
+ latest_ver: string, previous api version
+ target_ver: string, api version to generate
+ """
+
+ modules_to_patch = [
+ "plat_{ver}.cil",
+ "system_ext_{ver}.cil",
+ "product_{ver}.cil",
+ "{ver}.ignore.cil",
+ "system_ext_{ver}.ignore.cil",
+ "product_{ver}.ignore.cil",
+ ]
+
+ for module in modules_to_patch:
+ # set latest_ver module's top_half property to target_ver
+ # e.g.
+ #
+ # se_cil_compat_map {
+ # name: "plat_33.0.cil",
+ # top_half: "plat_34.0.cil", <== this
+ # ...
+ # }
+ check_run([
+ "bpmodify",
+ "-m", module.format(ver=latest_ver),
+ "-property", "top_half",
+ "-str", module.format(ver=target_ver),
+ "-w",
+ bp_path
+ ])
+
def get_args():
parser = argparse.ArgumentParser()
parser.add_argument(
@@ -227,8 +348,7 @@
try:
libpath = os.path.join(
- os.path.dirname(os.path.realpath(__file__)), 'libsepolwrap' +
- distutils.ccompiler.new_compiler().shared_lib_extension)
+ os.path.dirname(os.path.realpath(__file__)), 'libsepolwrap' + SHARED_LIB_EXTENSION)
if not os.path.exists(libpath):
sys.exit(
'Error: libsepolwrap does not exist. Is this binary corrupted?\n'
@@ -237,6 +357,26 @@
build_top = get_android_build_top()
sepolicy_path = os.path.join(build_top, 'system', 'sepolicy')
+ # Step 0. Create a placeholder files and compat modules
+ # These are needed to build base policy files below.
+ compat_bp_path = os.path.join(sepolicy_path, 'compat', 'Android.bp')
+ create_target_compat_modules(compat_bp_path, args.target_version)
+ patch_top_half_of_latest_compat_modules(compat_bp_path, args.latest_version,
+ args.target_version)
+
+ target_compat_path = os.path.join(sepolicy_path, 'private', 'compat',
+ args.target_version)
+ target_mapping_file = os.path.join(target_compat_path,
+ args.target_version + '.cil')
+ target_compat_file = os.path.join(target_compat_path,
+ args.target_version + '.compat.cil')
+ target_ignore_file = os.path.join(target_compat_path,
+ args.target_version + '.ignore.cil')
+ Path(target_compat_path).mkdir(parents=True, exist_ok=True)
+ Path(target_mapping_file).touch()
+ Path(target_compat_file).touch()
+ Path(target_ignore_file).touch()
+
# Step 1. Download system/etc/selinux/mapping/{ver}.cil, and remove types/typeattributes
mapping_file = download_mapping_file(
args.branch, args.build, args.target_version, destination=temp_dir)
@@ -342,31 +482,23 @@
sys.exit(error_msg)
# Step 5. Write to system/sepolicy/private/compat
- target_compat_path = os.path.join(sepolicy_path, 'private', 'compat',
- args.target_version)
- target_mapping_file = os.path.join(target_compat_path,
- args.target_version + '.cil')
- target_compat_file = os.path.join(target_compat_path,
- args.target_version + '.compat.cil')
- target_ignore_file = os.path.join(target_compat_path,
- args.target_version + '.ignore.cil')
-
with open(target_mapping_file, 'w') as f:
logging.info('writing %s' % target_mapping_file)
if removed_types:
f.write(';; types removed from current policy\n')
f.write('\n'.join(f'(type {x})' for x in sorted(target_removed_types)))
f.write('\n\n')
+ f.write(mapping_cil_footer % args.target_version)
f.write(mapping_file_cil.unparse())
with open(target_compat_file, 'w') as f:
logging.info('writing %s' % target_compat_file)
- f.write(compat_cil_template)
+ f.write(compat_cil_template % (args.target_version, args.target_version))
with open(target_ignore_file, 'w') as f:
logging.info('writing %s' % target_ignore_file)
f.write(ignore_cil_template %
- ('\n '.join(sorted(target_ignored_types))))
+ (args.target_version, '\n '.join(sorted(target_ignored_types))))
finally:
logging.info('Deleting temporary dir: {}'.format(temp_dir))
shutil.rmtree(temp_dir)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 392a750..f167e65 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -4,29 +4,35 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.atrace@1\.0-service u:object_r:hal_atrace_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio(@2\.0-|\.)service u:object_r:hal_audio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.audio@7\.0-service\.example u:object_r:hal_audio_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.audio\.service-aidl.example u:object_r:hal_audio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.audio\.service-aidl\.example u:object_r:hal_audio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.audio\.effect\.service-aidl\.example u:object_r:hal_audio_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@1\.0-service u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol@2\.0-service u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.audiocontrol-service.example u:object_r:hal_audiocontrol_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can@1\.0-service u:object_r:hal_can_socketcan_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.can-service u:object_r:hal_can_socketcan_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.evs(.*)? u:object_r:hal_evs_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@2\.0-((default|emulator)-)*(service|protocan-service) u:object_r:hal_vehicle_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.vehicle@V1-(default|emulator)-service u:object_r:hal_vehicle_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.remoteaccess@V1-(.*)-service u:object_r:hal_remoteaccess_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux u:object_r:hal_bluetooth_btlinux_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth-service.default u:object_r:hal_bluetooth_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face-service\.example u:object_r:hal_face_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.2-service\.example u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.example u:object_r:hal_fingerprint_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.boot@1\.[0-9]+-service u:object_r:hal_bootctl_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.boot-service.default u:object_r:hal_bootctl_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio@\d+\.\d+-service u:object_r:hal_broadcastradio_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service_64 u:object_r:hal_camera_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service u:object_r:hal_camera_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service-lazy_64 u:object_r:hal_camera_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-service-lazy u:object_r:hal_camera_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-external-service u:object_r:hal_camera_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider@2\.[0-9]+-external-service-lazy u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.broadcastradio-service.default u:object_r:hal_broadcastradio_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-service_64 u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-service u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-service-lazy_64 u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-service-lazy u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-external-service u:object_r:hal_camera_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.camera\.provider(@2\.[0-9]+|-V1)-external-service-lazy u:object_r:hal_camera_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]+-service u:object_r:hal_configstore_default_exec:s0
/(vendor|sustem/vendor)/bin/hw/android\.hardware\.confirmationui@1\.0-service u:object_r:hal_confirmationui_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.contexthub@1\.[0-9]+-service u:object_r:hal_contexthub_default_exec:s0
@@ -36,6 +42,8 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.drm-service(-lazy)?\.clearkey u:object_r:hal_drm_clearkey_aidl_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[0-2]-service u:object_r:hal_cas_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.cas@1\.[0-2]-service-lazy u:object_r:hal_cas_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.cas-service\.example u:object_r:hal_cas_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.cas-service\.example-lazy u:object_r:hal_cas_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate@1\.[0-1]-service\.example u:object_r:hal_dumpstate_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.dumpstate-service\.example u:object_r:hal_dumpstate_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service u:object_r:hal_gatekeeper_default_exec:s0
@@ -45,6 +53,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@3\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator@4\.0-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator-V1-service u:object_r:hal_graphics_allocator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.allocator-service u:object_r:hal_graphics_allocator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer@[0-9]\.[0-9]-service u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.graphics\.composer3-service\.example u:object_r:hal_graphics_composer_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.health@1\.0-service u:object_r:hal_health_default_exec:s0
@@ -84,16 +93,24 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service\.example u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service(\.multihal)? u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element-service.example u:object_r:hal_secure_element_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.dice-service\.non-secure-software u:object_r:hal_dice_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service u:object_r:hal_keymint_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tetheroffload-service\.example u:object_r:hal_tetheroffload_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal-service\.example u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.[01]-service u:object_r:hal_tv_cec_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.hdmi.cec-service u:object_r:hal_tv_hdmi_cec_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.hdmi.connection-service u:object_r:hal_tv_hdmi_connection_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.hdmi.earc-service u:object_r:hal_tv_hdmi_earc_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input-service\.example u:object_r:hal_tv_input_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner@1\.[01]-service u:object_r:hal_tv_tuner_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example u:object_r:hal_tv_tuner_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.tuner-service\.example(-lazy)? u:object_r:hal_tv_tuner_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb-service\.example u:object_r:hal_usb_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget-service\.example u:object_r:hal_usb_gadget_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb\.gadget@1\.1-service u:object_r:hal_usb_gadget_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.uwb-service u:object_r:hal_uwb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
@@ -101,6 +118,8 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service-lazy u:object_r:hal_wifi_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi-service u:object_r:hal_wifi_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi-service-lazy u:object_r:hal_wifi_default_exec:s0
/(vendor|system/vendor)/bin/hw/hostapd u:object_r:hal_wifi_hostapd_default_exec:s0
/(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0
/(vendor|system/vendor)/bin/install-recovery\.sh u:object_r:vendor_install_recovery_exec:s0
diff --git a/vendor/hal_audio_default.te b/vendor/hal_audio_default.te
index 82cbf8e..506c7e4 100644
--- a/vendor/hal_audio_default.te
+++ b/vendor/hal_audio_default.te
@@ -6,5 +6,8 @@
hal_client_domain(hal_audio_default, hal_allocator)
+# android.frameworks.sensorservice through libsensorndkbridge
+allow hal_audio_default fwk_sensor_service:service_manager find;
+
# allow audioserver to call hal_audio dump with its own fd to retrieve status
allow hal_audio_default audioserver:fifo_file write;
diff --git a/vendor/hal_bluetooth_default.te b/vendor/hal_bluetooth_default.te
index 01d60db..efa75a7 100644
--- a/vendor/hal_bluetooth_default.te
+++ b/vendor/hal_bluetooth_default.te
@@ -1,5 +1,8 @@
type hal_bluetooth_default, domain;
hal_server_domain(hal_bluetooth_default, hal_bluetooth)
+allow hal_bluetooth_default bt_device:chr_file { open read write };
+allow hal_bluetooth_default self:bluetooth_socket { create bind read write };
+
type hal_bluetooth_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_bluetooth_default)
diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te
index 2b94313..f94cf5f 100644
--- a/vendor/hal_bootctl_default.te
+++ b/vendor/hal_bootctl_default.te
@@ -14,3 +14,7 @@
# Needed for reading/writing misc partition.
allow hal_bootctl_default block_device:dir search;
allow hal_bootctl_default misc_block_device:blk_file rw_file_perms;
+
+# Needed for writing to kernel log
+allow hal_bootctl_default kmsg_device:chr_file open;
+allow hal_bootctl_default kmsg_device:chr_file write;
diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te
index b0912d4..e7c5886 100644
--- a/vendor/hal_camera_default.te
+++ b/vendor/hal_camera_default.te
@@ -4,7 +4,12 @@
type hal_camera_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_camera_default)
+# HIDL sensorservice
allow hal_camera_default fwk_sensor_hwservice:hwservice_manager find;
+# AIDL sensorservice
+allow hal_camera_default fwk_sensor_service:service_manager find;
+
+get_prop(hal_camera_default, device_config_camera_native_prop);
# For collecting bugreports.
allow hal_camera_default dumpstate:fd use;
diff --git a/vendor/hal_can_socketcan.te b/vendor/hal_can_socketcan.te
index 7498788..12bb028 100644
--- a/vendor/hal_can_socketcan.te
+++ b/vendor/hal_can_socketcan.te
@@ -9,10 +9,12 @@
allow hal_can_socketcan self:capability net_admin;
allow hal_can_socketcan self:netlink_route_socket { create bind write nlmsg_write read };
-# Calling if_nametoindex(3) to open CAN sockets
+# See man page for netdevice(7) for more info on ioctls
allow hal_can_socketcan self:udp_socket { create ioctl };
allowxperm hal_can_socketcan self:udp_socket ioctl {
SIOCGIFINDEX
+ SIOCGIFFLAGS
+ SIOCSIFFLAGS
};
# Communicating with SocketCAN interfaces and bringing them up/down
diff --git a/vendor/hal_face_default.te b/vendor/hal_face_default.te
index 891d1f4..66ce40c 100644
--- a/vendor/hal_face_default.te
+++ b/vendor/hal_face_default.te
@@ -3,3 +3,8 @@
type hal_face_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_face_default)
+
+# android.frameworks.sensorservice through libsensorndkbridge
+allow hal_face_default fwk_sensor_service:service_manager find;
+
+set_prop(hal_face_default, virtual_face_hal_prop)
diff --git a/vendor/hal_fastboot_default.te b/vendor/hal_fastboot_default.te
new file mode 100644
index 0000000..4a52642
--- /dev/null
+++ b/vendor/hal_fastboot_default.te
@@ -0,0 +1,6 @@
+type hal_fastboot_default, domain;
+
+hal_server_domain(hal_fastboot_default, hal_fastboot)
+
+type hal_fastboot_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_fastboot_default)
diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te
index 638b603..7173223 100644
--- a/vendor/hal_fingerprint_default.te
+++ b/vendor/hal_fingerprint_default.te
@@ -3,3 +3,8 @@
type hal_fingerprint_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_fingerprint_default)
+
+# android.frameworks.sensorservice through libsensorndkbridge
+allow hal_fingerprint_default fwk_sensor_service:service_manager find;
+
+set_prop(hal_fingerprint_default, virtual_fingerprint_hal_prop)
diff --git a/vendor/hal_remoteaccess_default.te b/vendor/hal_remoteaccess_default.te
new file mode 100644
index 0000000..475c2e8
--- /dev/null
+++ b/vendor/hal_remoteaccess_default.te
@@ -0,0 +1,9 @@
+type hal_remoteaccess_default, domain;
+hal_server_domain(hal_remoteaccess_default, hal_remoteaccess)
+
+# May be started by init
+type hal_remoteaccess_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_remoteaccess_default)
+
+# Allow registering with service manager.
+binder_call(hal_remoteaccess_default, servicemanager)
diff --git a/vendor/hal_tv_hdmi_cec_default.te b/vendor/hal_tv_hdmi_cec_default.te
new file mode 100644
index 0000000..2f06c34
--- /dev/null
+++ b/vendor/hal_tv_hdmi_cec_default.te
@@ -0,0 +1,5 @@
+type hal_tv_hdmi_cec_default, domain;
+hal_server_domain(hal_tv_hdmi_cec_default, hal_tv_hdmi_cec)
+
+type hal_tv_hdmi_cec_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_tv_hdmi_cec_default)
diff --git a/vendor/hal_tv_hdmi_connection_default.te b/vendor/hal_tv_hdmi_connection_default.te
new file mode 100644
index 0000000..bad8961
--- /dev/null
+++ b/vendor/hal_tv_hdmi_connection_default.te
@@ -0,0 +1,5 @@
+type hal_tv_hdmi_connection_default, domain;
+hal_server_domain(hal_tv_hdmi_connection_default, hal_tv_hdmi_connection)
+
+type hal_tv_hdmi_connection_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_tv_hdmi_connection_default)
diff --git a/vendor/hal_tv_hdmi_earc_default.te b/vendor/hal_tv_hdmi_earc_default.te
new file mode 100644
index 0000000..d2a729d
--- /dev/null
+++ b/vendor/hal_tv_hdmi_earc_default.te
@@ -0,0 +1,5 @@
+type hal_tv_hdmi_earc_default, domain;
+hal_server_domain(hal_tv_hdmi_earc_default, hal_tv_hdmi_earc)
+
+type hal_tv_hdmi_earc_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_tv_hdmi_earc_default)
diff --git a/vendor/hal_tv_tuner_default.te b/vendor/hal_tv_tuner_default.te
index 639c7bd..e11d4dd 100644
--- a/vendor/hal_tv_tuner_default.te
+++ b/vendor/hal_tv_tuner_default.te
@@ -8,3 +8,6 @@
# Access to /dev/dma_heap/system
allow hal_tv_tuner_default dmabuf_system_heap_device:chr_file r_file_perms;
+
+# Allow servicemanager to notify hal_tv_tuner_default clients status
+binder_use(hal_tv_tuner_default)
diff --git a/vendor/hal_vehicle_default.te b/vendor/hal_vehicle_default.te
index 52769dd..8adf8d3 100644
--- a/vendor/hal_vehicle_default.te
+++ b/vendor/hal_vehicle_default.te
@@ -11,3 +11,8 @@
# communicate with servicemanager
binder_call(hal_vehicle_server, servicemanager)
+
+# communicate with statsd
+hwbinder_use(hal_vehicle_default)
+allow hal_vehicle_default fwk_stats_hwservice:hwservice_manager find;
+binder_call(hal_vehicle_default, stats_service_server)
diff --git a/vendor/vndservicemanager.te b/vendor/vndservicemanager.te
index 497e027..2ad0502 100644
--- a/vendor/vndservicemanager.te
+++ b/vendor/vndservicemanager.te
@@ -20,3 +20,6 @@
# Check SELinux permissions.
selinux_check_access(vndservicemanager)
+
+# Log to kmesg
+allow vndservicemanager kmsg_device:chr_file rw_file_perms;