Snap for 11486370 from 6cf5e8a73fc52dac6395b99a4e6c8609e4cfee3c to 24Q2-release
Change-Id: I2619ef0c03636789f0db68003ba74a947656edcb
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 4b1c02d..e0f6610 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -186,6 +186,7 @@
"android.hardware.security.keymint.IRemotelyProvisionedComponent/avf": EXCEPTION_NO_FUZZER,
"android.system.virtualizationservice": EXCEPTION_NO_FUZZER,
"android.system.virtualizationservice_internal.IVfioHandler": EXCEPTION_NO_FUZZER,
+ "android.system.virtualizationmaintenance": EXCEPTION_NO_FUZZER,
"ambient_context": EXCEPTION_NO_FUZZER,
"app_binding": EXCEPTION_NO_FUZZER,
"app_hibernation": EXCEPTION_NO_FUZZER,
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index 3c02a3d..c799171 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test
@@ -405,6 +405,7 @@
/system/bin/lpdumpd lpdumpd_exec
/system/bin/rss_hwm_reset rss_hwm_reset_exec
/system/bin/perfetto perfetto_exec
+/system/bin/misctrl misctrl_exec
/system/bin/mtectrl mtectrl_exec
/system/bin/traced traced_exec
/system/bin/traced_perf traced_perf_exec
@@ -995,10 +996,12 @@
/data/misc/odsign/test odsign_data_file
/data/misc/odsign/metrics odsign_metrics_file
/data/misc/odsign/metrics/test odsign_metrics_file
-/data/misc/perfetto-traces/bugreport perfetto_traces_bugreport_data_file
-/data/misc/perfetto-traces/bugreport/test perfetto_traces_bugreport_data_file
+/data/misc/perfetto-traces/bugreport perfetto_traces_bugreport_data_file
+/data/misc/perfetto-traces/bugreport/test perfetto_traces_bugreport_data_file
/data/misc/perfetto-traces perfetto_traces_data_file
/data/misc/perfetto-traces/test perfetto_traces_data_file
+/data/misc/perfetto-traces/profiling perfetto_traces_profiling_data_file
+/data/misc/perfetto-traces/profiling/test perfetto_traces_profiling_data_file
/data/misc/perfetto-configs perfetto_configs_data_file
/data/misc/perfetto-configs/test perfetto_configs_data_file
/data/misc/prereboot prereboot_data_file
diff --git a/flagging/Android.bp b/flagging/Android.bp
index 8f7355a..bdd0481 100644
--- a/flagging/Android.bp
+++ b/flagging/Android.bp
@@ -18,6 +18,7 @@
name: "aosp_selinux_flags",
flags: [
"RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT",
+ "RELEASE_AVF_ENABLE_LLPVM_CHANGES",
"RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE",
],
export_to: ["all_selinux_flags"],
diff --git a/private/app_zygote.te b/private/app_zygote.te
index e3869cd..b51f633 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -93,6 +93,10 @@
# Allow app_zygote to access odsign verification status
get_prop(app_zygote, odsign_prop)
+# /data/resource-cache
+allow app_zygote resourcecache_data_file:file r_file_perms;
+allow app_zygote resourcecache_data_file:dir r_dir_perms;
+
#####
##### Neverallow
#####
diff --git a/private/domain.te b/private/domain.te
index 2f107dd..59e30c8 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -179,6 +179,35 @@
# Allow all processes to connect to PRNG seeder daemon.
unix_socket_connect(domain, prng_seeder, prng_seeder)
+# Allow calls to system(3), popen(3), ...
+allow {
+ domain
+ # Except domains that explicitly neverallow it.
+ -kernel
+ -init
+ -vendor_init
+ -app_zygote
+ -webview_zygote
+ -system_server
+ -artd
+ -audioserver
+ -cameraserver
+ -mediadrmserver
+ -mediaextractor
+ -mediametrics
+ -mediaserver
+ -mediatuner
+ -mediatranscoding
+ -ueventd
+ -hal_audio_server
+ -hal_camera_server
+ -hal_cas_server
+ -hal_codec2_server
+ -hal_configstore_server
+ -hal_drm_server
+ -hal_omx_server
+} {shell_exec toolbox_exec}:file rx_file_perms;
+
# No domains other than a select few can access the misc_block_device. This
# block device is reserved for OTA use.
# Do not assert this rule on userdebug/eng builds, due to some devices using
@@ -197,6 +226,7 @@
-recovery
-ueventd
-mtectrl
+ -misctrl
} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
# Limit ability to ptrace or read sensitive /proc/pid files of processes
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 6798667..29cd454 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -68,6 +68,8 @@
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
+get_prop(dumpstate, misctrl_prop)
+
# Signal native processes to dump their stack.
allow dumpstate {
mediatranscoding
diff --git a/private/file.te b/private/file.te
index 450fe2c..24c118a 100644
--- a/private/file.te
+++ b/private/file.te
@@ -25,6 +25,9 @@
# /data/misc/perfetto-traces/bugreport for perfetto traces for bugreports.
type perfetto_traces_bugreport_data_file, file_type, data_file_type, core_data_file_type;
+# /data/misc/perfetto-traces/profiling for perfetto traces from profiling apis.
+type perfetto_traces_profiling_data_file, file_type, data_file_type, core_data_file_type;
+
# /data/misc/perfetto-configs for perfetto configs
type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/file_contexts b/private/file_contexts
index 3a65d81..b9d661a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -332,6 +332,7 @@
/system/bin/rss_hwm_reset u:object_r:rss_hwm_reset_exec:s0
/system/bin/perfetto u:object_r:perfetto_exec:s0
/system/bin/mtectrl u:object_r:mtectrl_exec:s0
+/system/bin/misctrl u:object_r:misctrl_exec:s0
/system/bin/traced u:object_r:traced_exec:s0
/system/bin/traced_perf u:object_r:traced_perf_exec:s0
/system/bin/traced_probes u:object_r:traced_probes_exec:s0
@@ -660,9 +661,10 @@
/data/misc/odrefresh(/.*)? u:object_r:odrefresh_data_file:s0
/data/misc/odsign(/.*)? u:object_r:odsign_data_file:s0
/data/misc/odsign/metrics(/.*)? u:object_r:odsign_metrics_file:s0
-/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
-/data/misc/perfetto-traces/bugreport(.*)? u:object_r:perfetto_traces_bugreport_data_file:s0
-/data/misc/perfetto-configs(/.*)? u:object_r:perfetto_configs_data_file:s0
+/data/misc/perfetto-traces(/.*)? u:object_r:perfetto_traces_data_file:s0
+/data/misc/perfetto-traces/bugreport(.*)? u:object_r:perfetto_traces_bugreport_data_file:s0
+/data/misc/perfetto-traces/profiling(/.*)? u:object_r:perfetto_traces_profiling_data_file:s0
+/data/misc/perfetto-configs(/.*)? u:object_r:perfetto_configs_data_file:s0
/data/misc/uprobestats-configs(/.*)? u:object_r:uprobestats_configs_data_file:s0
/data/misc/prereboot(/.*)? u:object_r:prereboot_data_file:s0
/data/misc/profcollectd(/.*)? u:object_r:profcollectd_data_file:s0
diff --git a/private/misctrl.te b/private/misctrl.te
new file mode 100644
index 0000000..2352067
--- /dev/null
+++ b/private/misctrl.te
@@ -0,0 +1,17 @@
+# binary for generic misc partition management
+type misctrl, domain, coredomain;
+type misctrl_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(misctrl)
+
+allow misctrl misc_block_device:blk_file rw_file_perms;
+allow misctrl block_device:dir r_dir_perms;
+read_fstab(misctrl)
+
+set_prop(misctrl, misctrl_prop)
+
+# bootloader_message tries to find the fstab in the device config path first,
+# but because we've already booted up we can use the ro.boot properties instead,
+# so we can just ignore the SELinux denial.
+dontaudit misctrl sysfs_dt_firmware_android:dir search;
+dontaudit misctrl vendor_property_type:file read;
diff --git a/private/perfetto.te b/private/perfetto.te
index aae61a6..d0088ef 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -26,6 +26,10 @@
allow perfetto perfetto_traces_bugreport_data_file:file create_file_perms;
allow perfetto perfetto_traces_bugreport_data_file:dir rw_dir_perms;
+# Allow to write and unlink traces into /data/misc/perfetto-traces/profiling.
+allow perfetto perfetto_traces_profiling_data_file:dir rw_dir_perms;
+allow perfetto perfetto_traces_profiling_data_file:file create_file_perms;
+
# Allow perfetto to access the proxy service for reporting traces.
allow perfetto tracingproxy_service:service_manager find;
binder_use(perfetto)
@@ -86,6 +90,7 @@
-dumpstate # For attaching traces to bugreports.
-incidentd # For receiving reported traces. TODO(lalitm): remove this.
-priv_app # For stating traces for bug-report UI.
+ -system_server # For accessing traces started by profiling apis.
} perfetto_traces_data_file:dir *;
neverallow {
domain
@@ -122,14 +127,20 @@
-vendor_data_file
-perfetto_traces_data_file
-perfetto_traces_bugreport_data_file
+ -perfetto_traces_profiling_data_file
-perfetto_configs_data_file
with_native_coverage(`-method_trace_data_file')
}:dir *;
-neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
+neverallow perfetto {
+ system_data_file
+ -perfetto_traces_data_file
+ -perfetto_traces_profiling_data_file
+}:dir ~{ getattr search };
neverallow perfetto {
data_file_type
-perfetto_traces_data_file
-perfetto_traces_bugreport_data_file
+ -perfetto_traces_profiling_data_file
-perfetto_configs_data_file
with_native_coverage(`-method_trace_data_file')
}:file ~write;
diff --git a/private/property.te b/private/property.te
index d21df55..2d030ab 100644
--- a/private/property.te
+++ b/private/property.te
@@ -35,6 +35,7 @@
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(next_boot_prop)
system_internal_prop(odsign_prop)
+system_internal_prop(misctrl_prop)
system_internal_prop(perf_drop_caches_prop)
system_internal_prop(pm_prop)
system_internal_prop(profcollectd_node_id_prop)
@@ -185,6 +186,21 @@
userdebug_or_eng(`-su')
} init_svc_debug_prop:file no_rw_file_perms;
+# DO NOT ADD: compat risk
+neverallow {
+ domain
+ -init
+ -dumpstate
+ -misctrl
+ userdebug_or_eng(`-su')
+} misctrl_prop:file no_rw_file_perms;
+neverallow {
+ domain
+ -init
+ -misctrl
+ userdebug_or_eng(`-su')
+} misctrl_prop:property_service set;
+
compatible_property_only(`
# Prevent properties from being set
neverallow {
diff --git a/private/property_contexts b/private/property_contexts
index 568bdc1..fe12202 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -98,6 +98,7 @@
ro.boot.serialno u:object_r:serialno_prop:s0
ro.bt. u:object_r:bluetooth_prop:s0
ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0
+ro.misctrl. u:object_r:misctrl_prop:s0
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
sys.boot.reason u:object_r:system_boot_reason_prop:s0
sys.boot.reason.last u:object_r:last_boot_reason_prop:s0
diff --git a/private/service.te b/private/service.te
index 36d6ccf..c4e7cbc 100644
--- a/private/service.te
+++ b/private/service.te
@@ -26,6 +26,9 @@
is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
type vfio_handler_service, service_manager_type;
')
+is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
+ type virtualization_maintenance_service, service_manager_type;
+')
type uce_service, service_manager_type;
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 82af95e..3138d90 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -165,6 +165,9 @@
is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
android.system.virtualizationservice_internal.IVfioHandler u:object_r:vfio_handler_service:s0
')
+is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
+ android.system.virtualizationmaintenance u:object_r:virtualization_maintenance_service:s0
+')
ambient_context u:object_r:ambient_context_service:s0
app_binding u:object_r:app_binding_service:s0
app_hibernation u:object_r:app_hibernation_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index b58315d..5b0caaa 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -582,6 +582,11 @@
domain_auto_trans(system_server, perfetto_exec, perfetto);
allow system_server perfetto:fifo_file { read write };
+# Allow system server to manage perfetto traces for ProfilingService.
+allow system_server perfetto_traces_profiling_data_file:dir rw_dir_perms;
+allow system_server perfetto_traces_profiling_data_file:file { rw_file_perms unlink };
+allow system_server perfetto_traces_data_file:dir search;
+
# Manage /data/backup.
allow system_server backup_data_file:dir create_dir_perms;
allow system_server backup_data_file:file create_file_perms;
@@ -982,6 +987,9 @@
allow system_server surfaceflinger_service:service_manager find;
allow system_server update_engine_service:service_manager find;
allow system_server virtual_camera_service:service_manager find;
+is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
+ allow system_server virtualization_maintenance_service:service_manager find;
+')
allow system_server vold_service:service_manager find;
allow system_server wifinl80211_service:service_manager find;
allow system_server logd_service:service_manager find;
@@ -1299,6 +1307,9 @@
neverallow system_server { domain -clatd -crash_dump -perfetto }:process transition;
neverallow system_server *:process dyntransition;
+# Ensure that system_server doesn't access anything but search in perfetto_traces_data_file:dir.
+neverallow system_server perfetto_traces_data_file:dir ~search;
+
# Only allow crash_dump to connect to system_ndebug_socket.
neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write };
diff --git a/private/vfio_handler.te b/private/vfio_handler.te
index 963809e..fd6499d 100644
--- a/private/vfio_handler.te
+++ b/private/vfio_handler.te
@@ -31,7 +31,4 @@
# Allow vfio_handler to search /dev/block for accessing dtbo.img
allow vfio_handler block_device:dir search;
allow vfio_handler dtbo_block_device:blk_file r_file_perms;
-
- # Only vfio_handler can add vfio_handler_service
- neverallow { domain -vfio_handler } vfio_handler_service:service_manager add;
') # is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT)
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 0a9ff8b..ee288f2 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -12,8 +12,11 @@
# Let the virtualizationservice domain use Binder.
binder_use(virtualizationservice)
-# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
+# Register our services with ServiceManager.
add_service(virtualizationservice, virtualization_service)
+is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
+ add_service(virtualizationservice, virtualization_maintenance_service)
+')
is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
# Let virtualizationservice find and communicate with vfio_handler.
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 0556950..1e32c1f 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -93,6 +93,10 @@
# Allow webview_zygote to access odsign verification status
get_prop(zygote, odsign_prop)
+# /data/resource-cache
+allow webview_zygote resourcecache_data_file:file r_file_perms;
+allow webview_zygote resourcecache_data_file:dir r_dir_perms;
+
#####
##### Neverallow
#####