Merge "Revert^2 "Relax neverallows for vendor to use /system/bin/sh"" into main am: 77b2a438fc
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2967262
Change-Id: Ifc691316b223ba8bf5ddb3f2a4fad43afb580fdb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 726f0ab..4b1c02d 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -48,8 +48,8 @@
"android.hardware.biometrics.fingerprint.IFingerprint/default": EXCEPTION_NO_FUZZER,
"android.hardware.biometrics.fingerprint.IFingerprint/virtual": EXCEPTION_NO_FUZZER,
"android.hardware.bluetooth.audio.IBluetoothAudioProviderFactory/default": EXCEPTION_NO_FUZZER,
- "android.hardware.broadcastradio.IBroadcastRadio/amfm": EXCEPTION_NO_FUZZER,
- "android.hardware.broadcastradio.IBroadcastRadio/dab": EXCEPTION_NO_FUZZER,
+ "android.hardware.broadcastradio.IBroadcastRadio/amfm": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
+ "android.hardware.broadcastradio.IBroadcastRadio/dab": []string{"android.hardware.broadcastradio-service.default_fuzzer"},
"android.hardware.bluetooth.IBluetoothHci/default": EXCEPTION_NO_FUZZER,
"android.hardware.bluetooth.finder.IBluetoothFinder/default": EXCEPTION_NO_FUZZER,
"android.hardware.bluetooth.ranging.IBluetoothChannelSounding/default": EXCEPTION_NO_FUZZER,
@@ -332,7 +332,7 @@
"media.metrics": []string{"mediametrics_aidl_fuzzer"},
"media.extractor": []string{"mediaextractor_service_fuzzer"},
"media.transcoding": EXCEPTION_NO_FUZZER,
- "media.resource_manager": EXCEPTION_NO_FUZZER,
+ "media.resource_manager": []string{"resourcemanager_service_fuzzer", "mediaresourcemanager_fuzzer"},
"media.resource_observer": EXCEPTION_NO_FUZZER,
"media.sound_trigger_hw": EXCEPTION_NO_FUZZER,
"media.drm": EXCEPTION_NO_FUZZER,
@@ -478,7 +478,7 @@
"vibrator_manager": EXCEPTION_NO_FUZZER,
"virtualdevice": EXCEPTION_NO_FUZZER,
"virtualdevice_native": EXCEPTION_NO_FUZZER,
- "virtual_camera": EXCEPTION_NO_FUZZER,
+ "virtual_camera": []string{"virtual_camera_fuzzer"},
"virtual_touchpad": EXCEPTION_NO_FUZZER,
"voiceinteraction": EXCEPTION_NO_FUZZER,
"vold": []string{"vold_native_service_fuzzer"},
diff --git a/private/priv_app.te b/private/priv_app.te
index 536c9d4..f1ecfac 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -179,6 +179,9 @@
# allow privileged apps to read the device config flags.
get_prop(priv_app, device_config_aconfig_flags_prop)
+# allow privileged apps to read boot reason property
+get_prop(priv_app, system_boot_reason_prop)
+
# Required for Phonesky to be able to read APEX files under /data/apex/active/.
allow priv_app apex_data_file:dir search;
allow priv_app staging_data_file:file r_file_perms;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 60e0339..5dad554 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -164,7 +164,7 @@
/(vendor|system/vendor)/lib(64)?/android\.hardware\.common-V2-ndk\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/android\.hardware\.common\.fmq-V1-ndk\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/android\.hardware\.graphics\.allocator-V2-ndk\.so u:object_r:same_process_hal_file:s0
-/(vendor|system/vendor)/lib(64)?/android\.hardware\.graphics\.common-V4-ndk\.so u:object_r:same_process_hal_file:s0
+/(vendor|system/vendor)/lib(64)?/android\.hardware\.graphics\.common-V5-ndk\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/android\.hardware\.graphics\.common@1\.0\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/android\.hardware\.graphics\.common@1\.1\.so u:object_r:same_process_hal_file:s0
/(vendor|system/vendor)/lib(64)?/android\.hardware\.graphics\.common@1\.2\.so u:object_r:same_process_hal_file:s0