Merge "Add navigation_gesture sysprop for fingerprint VHAL" into main
diff --git a/apex/com.android.biometrics.virtual.face-file_contexts b/apex/com.android.biometrics.virtual.face-file_contexts
index 07fc0a8..8d9b86c 100644
--- a/apex/com.android.biometrics.virtual.face-file_contexts
+++ b/apex/com.android.biometrics.virtual.face-file_contexts
@@ -1,3 +1,3 @@
-(/.*)? u:object_r:vendor_file:s0
-/etc(/.*)? u:object_r:vendor_configs_file:s0
+(/.*)? u:object_r:system_file:s0
+/lib(64)?(/.*) u:object_r:system_lib_file:s0
/bin/hw/android\.hardware\.biometrics\.face-service\.example u:object_r:virtual_face_exec:s0
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 257cee6..7aaab4e 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -23,144 +23,146 @@
var (
ServiceFuzzerBindings = map[string][]string{
- "android.hardware.audio.core.IConfig/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/a2dp": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/bluetooth": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/hearing_aid": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/msd": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/r_submix": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/stub": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.core.IModule/usb": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.effect.IFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.audio.sounddose.ISoundDoseFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.authsecret.IAuthSecret/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.evs.IEvsEnumerator/hw/0": EXCEPTION_NO_FUZZER,
- "android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.ivn.IIvnAndroidDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
- "android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.IFace/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.IFace/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.face.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
- "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
- "android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.finder.IBluetoothFinder/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.ranging.IBluetoothChannelSounding/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.lmp_event.IBluetoothLmpEvent/default": EXCEPTION_NO_FUZZER,
- "android.hardware.bluetooth.socket.IBluetoothSocket/default": []string{"android.hardware.bluetooth.socket-service_fuzzer"},
- "android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
- "android.hardware.camera.provider.ICameraProvider/virtual/0": EXCEPTION_NO_FUZZER,
- "android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
- "android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
- "android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
- "android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
- "android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
- "android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
- "android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
- "android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
- "android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
- "android.hardware.graphics.composer3.IComposer/default": EXCEPTION_NO_FUZZER,
- "android.hardware.health.storage.IStorage/default": EXCEPTION_NO_FUZZER,
- "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
- "android.hardware.identity.IIdentityCredentialStore/default": EXCEPTION_NO_FUZZER,
- "android.hardware.input.processor.IInputProcessor/default": EXCEPTION_NO_FUZZER,
- "android.hardware.ir.IConsumerIr/default": EXCEPTION_NO_FUZZER,
- "android.hardware.light.ILights/default": EXCEPTION_NO_FUZZER,
- "android.hardware.macsec.IMacsecPskPlugin/default": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default1": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/default2": EXCEPTION_NO_FUZZER,
- "android.hardware.media.c2.IComponentStore/software": []string{"libcodec2-aidl-fuzzer"},
- "android.hardware.memtrack.IMemtrack/default": EXCEPTION_NO_FUZZER,
- "android.hardware.net.nlinterceptor.IInterceptor/default": EXCEPTION_NO_FUZZER,
- "android.hardware.nfc.INfc/default": []string{"nfc_service_fuzzer"},
- "android.hardware.oemlock.IOemLock/default": EXCEPTION_NO_FUZZER,
- "android.hardware.power.IPower/default": EXCEPTION_NO_FUZZER,
- "android.hardware.power.stats.IPowerStats/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.config.IRadioConfig/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.data.IRadioData/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.IRadioIms/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.ims.media.IImsMedia/default": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.messaging.IRadioMessaging/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.modem.IRadioModem/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.network.IRadioNetwork/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.satellite.IRadioSatellite/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sim.IRadioSim/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.sap.ISap/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot1": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
- "android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
- "android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE1": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE2": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/eSE3": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
- "android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
- "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure": []string{"android.hardware.authgraph-service.nonsecure_fuzzer"},
- "android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.secretkeeper.ISecretkeeper/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure": []string{"android.hardware.security.secretkeeper-service.nonsecure_fuzzer"},
- "android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
- "android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
- "android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
- "android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tetheroffload.IOffload/default": EXCEPTION_NO_FUZZER,
- "android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
- "android.hardware.threadnetwork.IThreadChip/chip0": []string{"android.hardware.threadnetwork-service.fuzzer"},
- "android.hardware.tv.hdmi.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.mediaquality.IMediaQuality/default": EXCEPTION_NO_FUZZER,
- "android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
- "android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
- "android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
- "android.hardware.uwb.IUwb/default": EXCEPTION_NO_FUZZER,
- "android.hardware.vibrator.IVibrator/default": EXCEPTION_NO_FUZZER,
- "android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
- "android.hardware.weaver.IWeaver/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.IWifi/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
- "android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.cameraservice.service.ICameraService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.devicestate.IDeviceStateService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
- "android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
- "android.frameworks.vibrator.IVibratorControlService/default": EXCEPTION_NO_FUZZER,
- "android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
- "android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
- "android.system.net.netd.INetd/default": []string{"netd_hw_service_fuzzer"},
- "android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/a2dp": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/bluetooth": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/hearing_aid": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/msd": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/r_submix": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/stub": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.core.IModule/usb": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.effect.IFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.audio.sounddose.ISoundDoseFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.authsecret.IAuthSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.boot.IBootControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.can.ICanController/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.evs.IEvsEnumerator/hw/1": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.ivn.IIvnAndroidDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.remoteaccess.IRemoteAccess/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.vehicle.IVehicle/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.automotive.audiocontrol.IAudioControl/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.IFace/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.IFace/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.face.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.biometrics.fingerprint.virtualhal.IVirtualHal/virtual": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
+ "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
+ "android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.finder.IBluetoothFinder/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.ranging.IBluetoothChannelSounding/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.lmp_event.IBluetoothLmpEvent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.bluetooth.socket.IBluetoothSocket/default": []string{"android.hardware.bluetooth.socket-service_fuzzer"},
+ "android.hardware.camera.provider.ICameraProvider/internal/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.camera.provider.ICameraProvider/virtual/0": EXCEPTION_NO_FUZZER,
+ "android.hardware.cas.IMediaCasService/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.confirmationui.IConfirmationUI/default": []string{"android.hardware.confirmationui-service.trusty_fuzzer"},
+ "android.hardware.contexthub.IContextHub/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.IDrmFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.drm.ICryptoFactory/clearkey": EXCEPTION_NO_FUZZER,
+ "android.hardware.dumpstate.IDumpstateDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.fastboot.IFastboot/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gatekeeper.IGatekeeper/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.gnss.IGnss/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.allocator.IAllocator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.graphics.composer3.IComposer/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.storage.IStorage/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.health.IHealth/default": []string{"android.hardware.health-service.aidl_fuzzer"},
+ "android.hardware.identity.IIdentityCredentialStore/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.input.processor.IInputProcessor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.ir.IConsumerIr/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.light.ILights/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.macsec.IMacsecPskPlugin/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default1": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/default2": EXCEPTION_NO_FUZZER,
+ "android.hardware.media.c2.IComponentStore/software": []string{"libcodec2-aidl-fuzzer"},
+ "android.hardware.memtrack.IMemtrack/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.net.nlinterceptor.IInterceptor/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.nfc.INfc/default": []string{"nfc_service_fuzzer"},
+ "android.hardware.oemlock.IOemLock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.IPower/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.power.stats.IPowerStats/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.config.IRadioConfig/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.data.IRadioData/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.IRadioIms/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.ims.media.IImsMedia/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.messaging.IRadioMessaging/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.modem.IRadioModem/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.network.IRadioNetwork/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.satellite.IRadioSatellite/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sim.IRadioSim/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.sap.ISap/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot1": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot2": EXCEPTION_NO_FUZZER,
+ "android.hardware.radio.voice.IRadioVoice/slot3": EXCEPTION_NO_FUZZER,
+ "android.hardware.rebootescrow.IRebootEscrow/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/eSE3": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM1": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM2": EXCEPTION_NO_FUZZER,
+ "android.hardware.secure_element.ISecureElement/SIM3": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.authgraph.IAuthGraphKeyExchange/nonsecure": []string{"android.hardware.authgraph-service.nonsecure_fuzzer"},
+ "android.hardware.security.dice.IDiceDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IKeyMintDevice/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.keymint.IRemotelyProvisionedComponent/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secretkeeper.ISecretkeeper/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure": []string{"android.hardware.security.secretkeeper-service.nonsecure_fuzzer"},
+ "android.hardware.security.secureclock.ISecureClock/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.security.sharedsecret.ISharedSecret/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.sensors.ISensors/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.soundtrigger3.ISoundTriggerHw/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tetheroffload.IOffload/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.thermal.IThermal/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.threadnetwork.IThreadChip/chip0": []string{"android.hardware.threadnetwork-service.fuzzer"},
+ "android.hardware.tv.hdmi.cec.IHdmiCec/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.connection.IHdmiConnection/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.hdmi.earc.IEArc/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.input.ITvInput/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.mediaquality.IMediaQuality/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.tv.tuner.ITuner/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.IUsb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.usb.gadget.IUsbGadget/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.uwb.IUwb/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibrator/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.vibrator.IVibratorManager/default": []string{"android.hardware.vibrator-service.example_fuzzer"},
+ "android.hardware.virtualization.capabilities.IVmCapabilitiesService/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.virtualization.capabilities.IVmCapabilitiesService/noop": EXCEPTION_NO_FUZZER,
+ "android.hardware.weaver.IWeaver/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.IWifi/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.hostapd.IHostapd/default": EXCEPTION_NO_FUZZER,
+ "android.hardware.wifi.supplicant.ISupplicant/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.cameraservice.service.ICameraService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.devicestate.IDeviceStateService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.location.altitude.IAltitudeService/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.sensorservice.ISensorManager/default": []string{"libsensorserviceaidl_fuzzer"},
+ "android.frameworks.stats.IStats/default": EXCEPTION_NO_FUZZER,
+ "android.frameworks.vibrator.IVibratorControlService/default": EXCEPTION_NO_FUZZER,
+ "android.se.omapi.ISecureElementService/default": EXCEPTION_NO_FUZZER,
+ "android.system.keystore2.IKeystoreService/default": EXCEPTION_NO_FUZZER,
+ "android.system.net.netd.INetd/default": []string{"netd_hw_service_fuzzer"},
+ "android.system.suspend.ISystemSuspend/default": EXCEPTION_NO_FUZZER,
"accessibility": EXCEPTION_NO_FUZZER,
"account": EXCEPTION_NO_FUZZER,
"activity": EXCEPTION_NO_FUZZER,
@@ -292,7 +294,6 @@
"fingerprint": EXCEPTION_NO_FUZZER,
"feature_flags": EXCEPTION_NO_FUZZER,
"font": EXCEPTION_NO_FUZZER,
- "forensic": EXCEPTION_NO_FUZZER,
"android.hardware.fingerprint.IFingerprintDaemon": EXCEPTION_NO_FUZZER,
"game": EXCEPTION_NO_FUZZER,
"gfxinfo": EXCEPTION_NO_FUZZER,
diff --git a/private/attributes b/private/attributes
index 13479c9..0da777a 100644
--- a/private/attributes
+++ b/private/attributes
@@ -31,3 +31,7 @@
until_board_api(202504, `
attribute tee_service_type;
')
+
+until_board_api(202504, `
+ hal_attribute(vm_capabilities);
+')
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 0aa0580..91ca88f 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -5,7 +5,6 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
- advanced_protection_service
app_function_service
binderfs_logs_transaction_history
binderfs_logs_transactions
@@ -16,6 +15,7 @@
forensic_service
fstype_prop
hal_mediaquality_service
+ hal_vm_capabilities_service
intrusion_detection_service
media_quality_service
proc_cgroups
@@ -23,6 +23,7 @@
profcollectd_etr_prop
ranging_service
supervision_service
+ sysfs_cma
sysfs_firmware_acpi_tables
tee_service_contexts_file
trusty_security_vm_sys_vendor_prop
diff --git a/private/dumpstate.te b/private/dumpstate.te
index a1c9ed3..501d829 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -347,6 +347,7 @@
dump_hal(hal_sensors)
dump_hal(hal_thermal)
dump_hal(hal_vehicle)
+dump_hal(hal_vm_capabilities)
dump_hal(hal_weaver)
dump_hal(hal_wifi)
@@ -462,6 +463,7 @@
-hal_service_type
-virtual_touchpad_service
-vold_service
+ -fwk_vold_service
-default_android_service
}:service_manager find;
# suppress denials for services dumpstate should not be accessing.
@@ -472,6 +474,7 @@
hal_service_type
virtual_touchpad_service
vold_service
+ fwk_vold_service
}:service_manager find;
# Most of these are neverallowed.
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 62d6c1a..a872a04 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -169,6 +169,9 @@
genfscon sysfs /kernel/dma_heap u:object_r:sysfs_dma_heap:s0
genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
+starting_at_board_api(202504, `
+genfscon sysfs /kernel/mm/cma u:object_r:sysfs_cma:s0
+')
genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
genfscon sysfs /kernel/mm/lru_gen/enabled u:object_r:sysfs_lru_gen_enabled:s0
genfscon sysfs /kernel/mm/pgsize_migration/enabled u:object_r:sysfs_pgsize_migration:s0
diff --git a/private/hal_vm_capabilities.te b/private/hal_vm_capabilities.te
new file mode 100644
index 0000000..3197784
--- /dev/null
+++ b/private/hal_vm_capabilities.te
@@ -0,0 +1,9 @@
+# Domain for the VM capability HAL, which is used to allow some pVMs to issue
+# vendor-specific SMCs.
+
+binder_call(hal_vm_capabilities_client, hal_vm_capabilities_server)
+
+hal_attribute_service(hal_vm_capabilities, hal_vm_capabilities_service)
+
+binder_use(hal_vm_capabilities_client)
+binder_use(hal_vm_capabilities_server)
diff --git a/private/property_contexts b/private/property_contexts
index 5458e2f..843a778 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -622,6 +622,7 @@
persist.bluetooth.btsnoopdefaultmode u:object_r:bluetooth_prop:s0 exact enum empty disabled filtered full
persist.bluetooth.btsnooplogmode u:object_r:bluetooth_prop:s0 exact enum empty disabled filtered full
persist.bluetooth.finder.supported u:object_r:bluetooth_finder_prop:s0 exact bool
+persist.bluetooth.sniff_offload.enabled u:object_r:bluetooth_config_prop:s0 exact bool
persist.bluetooth.snooplogfilter.headers.enabled u:object_r:bluetooth_prop:s0 exact bool
persist.bluetooth.snooplogfilter.profiles.a2dp.enabled u:object_r:bluetooth_prop:s0 exact bool
persist.bluetooth.snooplogfilter.profiles.map u:object_r:bluetooth_prop:s0 exact enum empty disabled fullfilter header magic
diff --git a/private/service.te b/private/service.te
index ce648c2..6912eb9 100644
--- a/private/service.te
+++ b/private/service.te
@@ -64,11 +64,16 @@
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
type wifi_mainline_supplicant_service, service_manager_type;
type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
+type advanced_protection_service, app_api_service, system_server_service, service_manager_type;
is_flag_enabled(RELEASE_RANGING_STACK, `
type ranging_service, app_api_service, system_server_service, service_manager_type;
')
+until_board_api(202504, `
+ type hal_vm_capabilities_service, protected_service, hal_service_type, service_manager_type;
+')
+
###
### Neverallow rules
###
diff --git a/private/service_contexts b/private/service_contexts
index e2998c7..c72f9b0 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -138,6 +138,8 @@
android.hardware.secure_element.ISecureElement/SIM3 u:object_r:hal_secure_element_service:s0
android.hardware.security.secretkeeper.ISecretkeeper/default u:object_r:hal_secretkeeper_service:s0
android.hardware.security.secretkeeper.ISecretkeeper/nonsecure u:object_r:hal_secretkeeper_service:s0
+android.hardware.virtualization.capabilities.IVmCapabilitiesService/default u:object_r:hal_vm_capabilities_service:s0
+android.hardware.virtualization.capabilities.IVmCapabilitiesService/noop u:object_r:hal_vm_capabilities_service:s0
android.system.keystore2.IKeystoreService/default u:object_r:keystore_service:s0
android.system.net.netd.INetd/default u:object_r:system_net_netd_service:s0
android.system.suspend.ISystemSuspend/default u:object_r:hal_system_suspend_service:s0
@@ -149,9 +151,7 @@
activity_task u:object_r:activity_task_service:s0
adb u:object_r:adb_service:s0
adservices_manager u:object_r:adservices_manager_service:s0
-starting_at_board_api(202504, `
- advanced_protection u:object_r:advanced_protection_service:s0
-')
+advanced_protection u:object_r:advanced_protection_service:s0
aidl_lazy_test_1 u:object_r:aidl_lazy_test_service:s0
aidl_lazy_test_2 u:object_r:aidl_lazy_test_service:s0
aidl_lazy_test_quit u:object_r:aidl_lazy_test_service:s0
@@ -279,9 +279,6 @@
file_integrity u:object_r:file_integrity_service:s0
fingerprint u:object_r:fingerprint_service:s0
font u:object_r:font_service:s0
-starting_at_board_api(202504, `
- forensic u:object_r:forensic_service:s0
-')
android.hardware.fingerprint.IFingerprintDaemon u:object_r:fingerprintd_service:s0
game u:object_r:game_service:s0
gfxinfo u:object_r:gfxinfo_service:s0
diff --git a/private/su.te b/private/su.te
index 1e2adef..247fd0b 100644
--- a/private/su.te
+++ b/private/su.te
@@ -127,6 +127,7 @@
typeattribute su hal_tv_tuner_client;
typeattribute su hal_usb_client;
typeattribute su hal_vibrator_client;
+ typeattribute su hal_vm_capabilities_client;
typeattribute su hal_vr_client;
typeattribute su hal_weaver_client;
typeattribute su hal_wifi_client;
diff --git a/private/system_server.te b/private/system_server.te
index fecca1b..20556ab 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -243,6 +243,11 @@
# Read /sys/kernel/dma_heap/*.
allow system_server sysfs_dma_heap:file r_file_perms;
+# Read /sys/kernel/mm/cma/*.
+starting_at_board_api(202504, `
+allow system_server sysfs_cma:file r_file_perms;
+')
+
# Allow reading DMA-BUF sysfs stats from /sys/kernel/dmabuf.
allow system_server sysfs_dmabuf_stats:dir r_dir_perms;
allow system_server sysfs_dmabuf_stats:file r_file_perms;
diff --git a/public/attributes b/public/attributes
index 6e11b86..1556d57 100644
--- a/public/attributes
+++ b/public/attributes
@@ -457,3 +457,8 @@
starting_at_board_api(202504, `
attribute tee_service_type;
')
+
+# HAL service used for custom smc filtering project
+starting_at_board_api(202504, `
+ hal_attribute(vm_capabilities);
+')
diff --git a/public/file.te b/public/file.te
index 4fca64e..7a8e3af 100644
--- a/public/file.te
+++ b/public/file.te
@@ -103,6 +103,11 @@
type sysfs_uio, sysfs_type, fs_type;
type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+
+starting_at_board_api(202504, `
+ type sysfs_cma, fs_type, sysfs_type;
+')
+
type sysfs_devfreq_cur, fs_type, sysfs_type;
type sysfs_devfreq_dir, fs_type, sysfs_type;
type sysfs_devices_block, fs_type, sysfs_type;
diff --git a/public/service.te b/public/service.te
index 68f4ea0..db79fdf 100644
--- a/public/service.te
+++ b/public/service.te
@@ -66,9 +66,6 @@
type activity_task_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type adb_service, system_api_service, system_server_service, service_manager_type;
type adservices_manager_service, system_api_service, system_server_service, service_manager_type;
-starting_at_board_api(202504, `
- type advanced_protection_service, app_api_service, system_server_service, service_manager_type;
-')
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type app_binding_service, system_server_service, service_manager_type;
starting_at_board_api(202504, `
@@ -144,9 +141,6 @@
type platform_compat_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type face_service, app_api_service, system_server_service, service_manager_type;
type fingerprint_service, app_api_service, system_server_service, service_manager_type;
-starting_at_board_api(202504, `
- type forensic_service, app_api_service, system_api_service, system_server_service, service_manager_type;
-')
type fwk_altitude_service, system_server_service, service_manager_type;
type fwk_stats_service, app_api_service, system_server_service, service_manager_type;
type fwk_sensor_service, system_server_service, service_manager_type;
@@ -375,6 +369,9 @@
type hal_wifi_hostapd_service, protected_service, hal_service_type, service_manager_type;
type hal_wifi_supplicant_service, protected_service, hal_service_type, service_manager_type;
type hal_gatekeeper_service, protected_service, hal_service_type, service_manager_type;
+starting_at_board_api(202504, `
+ type hal_vm_capabilities_service, protected_service, hal_service_type, service_manager_type;
+')
# system/sepolicy/public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
diff --git a/tests/apex_sepolicy_tests.py b/tests/apex_sepolicy_tests.py
index 26082cb..d8c5c2b 100644
--- a/tests/apex_sepolicy_tests.py
+++ b/tests/apex_sepolicy_tests.py
@@ -29,7 +29,7 @@
import sys
import tempfile
from dataclasses import dataclass
-from typing import List
+from typing import Callable, List
import policy
@@ -61,7 +61,12 @@
pass
-Matcher = Is | Glob | Regex | BinaryFile
+@dataclass
+class MatchPred:
+ pred: Callable[[str], bool]
+
+
+Matcher = Is | Glob | Regex | BinaryFile | MatchPred
# predicate functions for Func matcher
@@ -87,7 +92,13 @@
labels: set[str]
-Rule = AllowPerm | ResolveType | NotAnyOf
+@dataclass
+class HasAttr:
+ """Rule checking if the context has the specified attribute"""
+ attr: str
+
+
+Rule = AllowPerm | ResolveType | NotAnyOf | HasAttr
# Helper for 'read'
@@ -104,8 +115,10 @@
return pathlib.PurePath(path).match(pattern)
case Regex(pattern):
return re.match(pattern, path)
- case BinaryFile:
+ case BinaryFile():
return path.startswith('./bin/') and not path.endswith('/')
+ case MatchPred(pred):
+ return pred(path)
def check_rule(pol, path: str, tcontext: str, rule: Rule) -> List[str]:
@@ -129,6 +142,9 @@
case NotAnyOf(labels):
if tcontext in labels:
errors.append(f"Error: {path}: can't be labelled as '{tcontext}'")
+ case HasAttr(attr):
+ if tcontext not in pol.QueryTypeAttribute(attr, True):
+ errors.append(f"Error: {path}: tcontext({tcontext}) must be associated with {attr}")
return errors
@@ -139,7 +155,7 @@
generic_rules = [
# binaries should be executable
- (BinaryFile, NotAnyOf({'vendor_file'})),
+ (BinaryFile(), NotAnyOf({'vendor_file'})),
# permissions
(Is('./etc/permissions/'), AllowRead('dir', {'system_server'})),
(Glob('./etc/permissions/*.xml'), AllowRead('file', {'system_server'})),
@@ -159,6 +175,25 @@
all_rules = target_specific_rules + generic_rules
+def base_attr_for(partition):
+ if partition in ['system', 'system_ext', 'product']:
+ return 'system_file_type'
+ elif partition in ['vendor', 'odm']:
+ return 'vendor_file_type'
+ else:
+ sys.exit(f"Error: invalid partition: {partition}\n")
+
+
+def system_vendor_rule(partition):
+ exceptions = [
+ "./etc/linkerconfig.pb"
+ ]
+ def pred(path):
+ return path not in exceptions
+
+ return pred, HasAttr(base_attr_for(partition))
+
+
def check_line(pol: policy.Policy, line: str, rules) -> List[str]:
"""Parses a file_contexts line and runs checks"""
# skip empty/comment line
@@ -197,7 +232,8 @@
"""Do testing"""
parser = argparse.ArgumentParser()
parser.add_argument('--all', action='store_true', help='tests ALL aspects')
- parser.add_argument('-f', '--file_contexts', help='output of "deapexer list -Z"')
+ parser.add_argument('-f', '--file_contexts', required=True, help='output of "deapexer list -Z"')
+ parser.add_argument('-p', '--partition', help='partition to check Treble violations')
args = parser.parse_args()
lib_path = extract_data(LIBSEPOLWRAP, work_dir)
@@ -209,6 +245,9 @@
else:
rules = generic_rules
+ if args.partition:
+ rules.append(system_vendor_rule(args.partition))
+
errors = []
with open(args.file_contexts, 'rt', encoding='utf-8') as file_contexts:
for line in file_contexts:
diff --git a/tests/apex_sepolicy_tests_test.py b/tests/apex_sepolicy_tests_test.py
index 727a023..2a92aee 100644
--- a/tests/apex_sepolicy_tests_test.py
+++ b/tests/apex_sepolicy_tests_test.py
@@ -106,7 +106,7 @@
self.assert_ok('./bin/init u:object_r:init_exec:s0')
self.assert_ok('./bin/hw/svc u:object_r:init_exec:s0')
self.assert_error('./bin/hw/svc u:object_r:vendor_file:s0',
- r"Error: .*svc: can\'t be labelled as \'vendor_file\'")
+ r'Error: .*svc: can\'t be labelled as \'vendor_file\'')
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 220fbd2..b0c7a37 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -207,3 +207,4 @@
/(vendor|system/vendor)/lib(64)?/libutils\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/libutilscallstack\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/libz\.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.virtualization\.capabilities\.capabilities_service-noop u:object_r:hal_vm_capabilities_default_exec:s0
diff --git a/vendor/hal_vm_capabilities_default.te b/vendor/hal_vm_capabilities_default.te
new file mode 100644
index 0000000..82aaf41
--- /dev/null
+++ b/vendor/hal_vm_capabilities_default.te
@@ -0,0 +1,10 @@
+type hal_vm_capabilities_default, domain;
+
+starting_at_board_api(202504, `
+ hal_server_domain(hal_vm_capabilities_default, hal_vm_capabilities);
+')
+
+type hal_vm_capabilities_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_vm_capabilities_default);
+
+# TODO(b/360102915): add more rules around vm_fd passed to the HAL
