Merge "Add macros for treble and non-treble only policy"
diff --git a/private/android_hardware_audio_2_0_service.te b/private/android_hardware_audio_2_0_service.te
new file mode 100644
index 0000000..8a29255
--- /dev/null
+++ b/private/android_hardware_audio_2_0_service.te
@@ -0,0 +1,3 @@
+# type_transition must be private policy the domain_trans rules could stay
+# public, but conceptually should go with this
+init_daemon_domain(android_hardware_audio_2_0_service)
diff --git a/private/android_hardware_vibrator_1_0_service.te b/private/android_hardware_vibrator_1_0_service.te
deleted file mode 100644
index 1c99d23..0000000
--- a/private/android_hardware_vibrator_1_0_service.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# may be started by init
-init_daemon_domain(android_hardware_vibrator_1_0_service)
diff --git a/private/android_hardware_vibrator_service.te b/private/android_hardware_vibrator_service.te
new file mode 100644
index 0000000..ca8cc24
--- /dev/null
+++ b/private/android_hardware_vibrator_service.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(android_hardware_vibrator_service)
diff --git a/private/android_hardware_vr.te b/private/android_hardware_vr.te
new file mode 100644
index 0000000..65ab4ee
--- /dev/null
+++ b/private/android_hardware_vr.te
@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(android_hardware_vr)
diff --git a/private/file_contexts b/private/file_contexts
index a4a8770..a53c5b1 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -169,6 +169,7 @@
/system/bin/wificond u:object_r:wificond_exec:s0
/system/bin/rild u:object_r:rild_exec:s0
/system/bin/audioserver u:object_r:audioserver_exec:s0
+/system/bin/hw/android\.hardware\.audio@2\.0-service u:object_r:android_hardware_audio_2_0_service_exec:s0
/system/bin/mediadrmserver u:object_r:mediadrmserver_exec:s0
/system/bin/mediaserver u:object_r:mediaserver_exec:s0
/system/bin/cameraserver u:object_r:cameraserver_exec:s0
@@ -222,7 +223,8 @@
/system/fake-lib(64)?/libart.* u:object_r:libart_file:s0
/system/lib(64)?/libart.* u:object_r:libart_file:s0
/system/bin/hw/android.hardware.nfc@1.0-service u:object_r:android_hardware_nfc_1_0_service_exec:s0
-/system/bin/hw/android.hardware.vibrator@1.0-service u:object_r:android_hardware_vibrator_1_0_service_exec:s0
+/system/bin/hw/android.hardware.vibrator@1.0-service u:object_r:android_hardware_vibrator_service_exec:s0
+/system/bin/hw/android.hardware.vr@1.0-service u:object_r:android_hardware_vr_exec:s0
#############################
# Vendor files
@@ -273,6 +275,7 @@
/data/misc/adb(/.*)? u:object_r:adb_keys_file:s0
/data/misc/audio(/.*)? u:object_r:audio_data_file:s0
/data/misc/audioserver(/.*)? u:object_r:audioserver_data_file:s0
+/data/misc/audiohal(/.*)? u:object_r:audiohal_data_file:s0
/data/misc/bootstat(/.*)? u:object_r:bootstat_data_file:s0
/data/misc/boottrace(/.*)? u:object_r:boottrace_data_file:s0
/data/misc/bluetooth(/.*)? u:object_r:bluetooth_data_file:s0
diff --git a/private/service_contexts b/private/service_contexts
index 9f133d4..ff9305b 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -9,6 +9,7 @@
appwidget u:object_r:appwidget_service:s0
assetatlas u:object_r:assetatlas_service:s0
audio u:object_r:audio_service:s0
+autofill u:object_r:autofill_service:s0
backup u:object_r:backup_service:s0
batteryproperties u:object_r:batteryproperties_service:s0
batterystats u:object_r:batterystats_service:s0
diff --git a/public/android_hardware_audio_2_0_service.te b/public/android_hardware_audio_2_0_service.te
new file mode 100644
index 0000000..9da62c8
--- /dev/null
+++ b/public/android_hardware_audio_2_0_service.te
@@ -0,0 +1,36 @@
+# android_hardware_audio_2_0_service - audio services daemon
+type android_hardware_audio_2_0_service, domain;
+type android_hardware_audio_2_0_service_exec, exec_type, file_type;
+
+hwbinder_use(android_hardware_audio_2_0_service)
+binder_call(android_hardware_audio_2_0_service, audioserver)
+
+allow android_hardware_audio_2_0_service ion_device:chr_file r_file_perms;
+
+allow android_hardware_audio_2_0_service system_file:dir { open read };
+
+userdebug_or_eng(`
+ # used for pcm capture for debug.
+ allow android_hardware_audio_2_0_service audiohal_data_file:dir create_dir_perms;
+ allow android_hardware_audio_2_0_service audiohal_data_file:file create_file_perms;
+')
+
+r_dir_file(android_hardware_audio_2_0_service, proc)
+allow android_hardware_audio_2_0_service audio_device:dir r_dir_perms;
+allow android_hardware_audio_2_0_service audio_device:chr_file rw_file_perms;
+
+# Needed on some devices for playing audio on paired BT device,
+# but seems appropriate for all devices.
+unix_socket_connect(android_hardware_audio_2_0_service, bluetooth, bluetooth)
+
+###
+### neverallow rules
+###
+
+# android_hardware_audio_2_0_service should never execute any executable without
+# a domain transition
+neverallow android_hardware_audio_2_0_service { file_type fs_type }:file execute_no_trans;
+
+# android_hardware_audio_2_0_service should never need network access.
+# Disallow network sockets.
+neverallow android_hardware_audio_2_0_service domain:{ tcp_socket udp_socket rawip_socket } *;
\ No newline at end of file
diff --git a/public/android_hardware_vibrator_1_0_service.te b/public/android_hardware_vibrator_1_0_service.te
deleted file mode 100644
index 17336a5..0000000
--- a/public/android_hardware_vibrator_1_0_service.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# vibrator subsystem
-type android_hardware_vibrator_1_0_service, domain;
-type android_hardware_vibrator_1_0_service_exec, exec_type, file_type;
-
-# hwbinder access
-hwbinder_use(android_hardware_vibrator_1_0_service)
-
-# vibrator sysfs rw access
-allow android_hardware_vibrator_1_0_service sysfs_vibrator:file rw_file_perms;
diff --git a/public/android_hardware_vibrator_service.te b/public/android_hardware_vibrator_service.te
new file mode 100644
index 0000000..37381e8
--- /dev/null
+++ b/public/android_hardware_vibrator_service.te
@@ -0,0 +1,9 @@
+# vibrator subsystem
+type android_hardware_vibrator_service, domain;
+type android_hardware_vibrator_service_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(android_hardware_vibrator_service)
+
+# vibrator sysfs rw access
+allow android_hardware_vibrator_service sysfs_vibrator:file rw_file_perms;
diff --git a/public/android_hardware_vr.te b/public/android_hardware_vr.te
new file mode 100644
index 0000000..f6651c5
--- /dev/null
+++ b/public/android_hardware_vr.te
@@ -0,0 +1,9 @@
+# vr subsystem
+type android_hardware_vr, domain;
+type android_hardware_vr_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(android_hardware_vr)
+
+# call into system_server process
+binder_call(android_hardware_vr, system_server)
diff --git a/public/app.te b/public/app.te
index 0617e73..985e358 100644
--- a/public/app.te
+++ b/public/app.te
@@ -37,8 +37,8 @@
allow appdomain dalvikcache_data_file:file r_file_perms;
# Read the /sdcard and /mnt/sdcard symlinks
-allow appdomain rootfs:lnk_file r_file_perms;
-allow appdomain tmpfs:lnk_file r_file_perms;
+allow { appdomain -isolated_app } rootfs:lnk_file r_file_perms;
+allow { appdomain -isolated_app } tmpfs:lnk_file r_file_perms;
# Search /storage/emulated tmpfs mount.
allow appdomain tmpfs:dir r_dir_perms;
@@ -174,36 +174,36 @@
allow appdomain system_data_file:file { getattr read };
# Allow read/stat of /data/media files passed by Binder or local socket IPC.
-allow appdomain media_rw_data_file:file { read getattr };
+allow { appdomain -isolated_app } media_rw_data_file:file { read getattr };
# Read and write /data/data/com.android.providers.telephony files passed over Binder.
-allow appdomain radio_data_file:file { read write getattr };
+allow { appdomain -isolated_app } radio_data_file:file { read write getattr };
# Allow access to external storage; we have several visible mount points under /storage
# and symlinks to primary storage at places like /storage/sdcard0 and /mnt/user/0/primary
-allow appdomain storage_file:dir r_dir_perms;
-allow appdomain storage_file:lnk_file r_file_perms;
-allow appdomain mnt_user_file:dir r_dir_perms;
-allow appdomain mnt_user_file:lnk_file r_file_perms;
+allow { appdomain -isolated_app } storage_file:dir r_dir_perms;
+allow { appdomain -isolated_app } storage_file:lnk_file r_file_perms;
+allow { appdomain -isolated_app } mnt_user_file:dir r_dir_perms;
+allow { appdomain -isolated_app } mnt_user_file:lnk_file r_file_perms;
# Read/write visible storage
-allow appdomain fuse:dir create_dir_perms;
-allow appdomain fuse:file create_file_perms;
-allow appdomain sdcardfs:dir create_dir_perms;
-allow appdomain sdcardfs:file create_file_perms;
+allow { appdomain -isolated_app } fuse:dir create_dir_perms;
+allow { appdomain -isolated_app } fuse:file create_file_perms;
+allow { appdomain -isolated_app } sdcardfs:dir create_dir_perms;
+allow { appdomain -isolated_app } sdcardfs:file create_file_perms;
# Access OBBs (vfat images) mounted by vold (b/17633509)
# File write access allowed for FDs returned through Storage Access Framework
-allow appdomain vfat:dir r_dir_perms;
-allow appdomain vfat:file rw_file_perms;
+allow { appdomain -isolated_app } vfat:dir r_dir_perms;
+allow { appdomain -isolated_app } vfat:file rw_file_perms;
# Allow apps to use the USB Accessory interface.
# http://developer.android.com/guide/topics/connectivity/usb/accessory.html
#
# USB devices are first opened by the system server (USBDeviceManagerService)
# and the file descriptor is passed to the right Activity via binder.
-allow appdomain usb_device:chr_file { read write getattr ioctl };
-allow appdomain usbaccessory_device:chr_file { read write getattr };
+allow { appdomain -isolated_app } usb_device:chr_file { read write getattr ioctl };
+allow { appdomain -isolated_app } usbaccessory_device:chr_file { read write getattr };
# For art.
allow appdomain dalvikcache_data_file:file execute;
diff --git a/public/audioserver.te b/public/audioserver.te
index b1a84a2..5dea1b3 100644
--- a/public/audioserver.te
+++ b/public/audioserver.te
@@ -9,6 +9,9 @@
binder_call(audioserver, { appdomain ephemeral_app })
binder_service(audioserver)
+hwbinder_use(audioserver)
+binder_call(audioserver, android_hardware_audio_2_0_service)
+
r_dir_file(audioserver, proc)
allow audioserver ion_device:chr_file r_file_perms;
allow audioserver system_file:dir r_dir_perms;
diff --git a/public/file.te b/public/file.te
index b622c87..4867b67 100644
--- a/public/file.te
+++ b/public/file.te
@@ -142,6 +142,7 @@
# /data/misc subdirectories
type adb_keys_file, file_type, data_file_type;
type audio_data_file, file_type, data_file_type;
+type audiohal_data_file, file_type, data_file_type;
type audioserver_data_file, file_type, data_file_type;
type bluetooth_data_file, file_type, data_file_type;
type bluetooth_logs_data_file, file_type, data_file_type;
diff --git a/public/isolated_app.te b/public/isolated_app.te
index 14e7f29..081849e 100644
--- a/public/isolated_app.te
+++ b/public/isolated_app.te
@@ -76,3 +76,10 @@
netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket
netlink_rdma_socket netlink_crypto_socket
} *;
+
+# Do not allow isolated_app to access external storage
+neverallow isolated_app { storage_file mnt_user_file sdcard_type }:dir ~getattr;
+neverallow isolated_app { storage_file mnt_user_file sdcard_type }:file_class_set *;
+
+# Do not allow USB access
+neverallow isolated_app { usb_device usbaccessory_device }:chr_file *;
diff --git a/public/racoon.te b/public/racoon.te
index c99740f..3255b9e 100644
--- a/public/racoon.te
+++ b/public/racoon.te
@@ -1,10 +1,11 @@
# IKE key management daemon
-type racoon, domain, domain_deprecated;
+type racoon, domain;
type racoon_exec, exec_type, file_type;
typeattribute racoon mlstrustedsubject;
net_domain(racoon)
+allowxperm racoon self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR };
binder_use(racoon)
diff --git a/public/service.te b/public/service.te
index 8e9dd31..33ce13f 100644
--- a/public/service.te
+++ b/public/service.te
@@ -29,6 +29,7 @@
type appwidget_service, app_api_service, system_server_service, service_manager_type;
type assetatlas_service, app_api_service, system_server_service, service_manager_type;
type audio_service, app_api_service, system_server_service, service_manager_type;
+type autofill_service, app_api_service, system_server_service, service_manager_type;
type backup_service, app_api_service, system_server_service, service_manager_type;
type batterystats_service, app_api_service, system_server_service, service_manager_type;
type battery_service, system_server_service, service_manager_type;
diff --git a/public/system_server.te b/public/system_server.te
index 9805a1a..249a3d3 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -147,6 +147,8 @@
# Perform Binder IPC.
binder_use(system_server)
+binder_call(system_server, android_hardware_vibrator_service)
+binder_call(system_server, android_hardware_vr)
binder_call(system_server, binderservicedomain)
binder_call(system_server, gatekeeperd)
binder_call(system_server, fingerprintd)
@@ -155,7 +157,6 @@
binder_call(system_server, netd)
binder_call(system_server, wificond)
binder_service(system_server)
-binder_call(system_server, android_hardware_vibrator_1_0_service)
# Ask debuggerd to dump backtraces for native stacks of interest.
#
diff --git a/tools/check_seapp.c b/tools/check_seapp.c
index 927d4fd..d8fa636 100644
--- a/tools/check_seapp.c
+++ b/tools/check_seapp.c
@@ -897,8 +897,7 @@
}
if (sepol_policydb_read(pol.db, pol.pf) < 0) {
- log_error("Could not lod policy file to db: %s!\n",
- strerror(errno));
+ log_error("Could not load policy file to db: invalid input file!\n");
exit(EXIT_FAILURE);
}
}
diff --git a/tools/fc_sort/fc_sort.c b/tools/fc_sort/fc_sort.c
index f4d2cd0..5561288 100644
--- a/tools/fc_sort/fc_sort.c
+++ b/tools/fc_sort/fc_sort.c
@@ -315,7 +315,7 @@
{
int lines;
size_t start, finish, regex_len, context_len;
- size_t line_len, buf_len, i, j;
+ size_t line_len, buf_len, i;
char *input_name, *output_name, *line_buf;
file_context_node_t *temp;
@@ -336,7 +336,7 @@
input_name = argv[1];
output_name = (argc >= 3) ? argv[2] : NULL;
- i = j = lines = 0;
+ lines = 0;
/* Open the input file. */
if (!(in_file = fopen(input_name, "r"))) {