Snap for 11486370 from 6cf5e8a73fc52dac6395b99a4e6c8609e4cfee3c to 24Q2-release

Change-Id: I2619ef0c03636789f0db68003ba74a947656edcb
diff --git a/build/soong/service_fuzzer_bindings.go b/build/soong/service_fuzzer_bindings.go
index 4b1c02d..e0f6610 100644
--- a/build/soong/service_fuzzer_bindings.go
+++ b/build/soong/service_fuzzer_bindings.go
@@ -186,6 +186,7 @@
 		"android.hardware.security.keymint.IRemotelyProvisionedComponent/avf": EXCEPTION_NO_FUZZER,
 		"android.system.virtualizationservice":                            EXCEPTION_NO_FUZZER,
 		"android.system.virtualizationservice_internal.IVfioHandler":      EXCEPTION_NO_FUZZER,
+		"android.system.virtualizationmaintenance":                        EXCEPTION_NO_FUZZER,
 		"ambient_context":                                                 EXCEPTION_NO_FUZZER,
 		"app_binding":                                                     EXCEPTION_NO_FUZZER,
 		"app_hibernation":                                                 EXCEPTION_NO_FUZZER,
diff --git a/contexts/plat_file_contexts_test b/contexts/plat_file_contexts_test
index 3c02a3d..c799171 100644
--- a/contexts/plat_file_contexts_test
+++ b/contexts/plat_file_contexts_test
@@ -405,6 +405,7 @@
 /system/bin/lpdumpd                                               lpdumpd_exec
 /system/bin/rss_hwm_reset                                         rss_hwm_reset_exec
 /system/bin/perfetto                                              perfetto_exec
+/system/bin/misctrl                                               misctrl_exec
 /system/bin/mtectrl                                               mtectrl_exec
 /system/bin/traced                                                traced_exec
 /system/bin/traced_perf                                           traced_perf_exec
@@ -995,10 +996,12 @@
 /data/misc/odsign/test                                            odsign_data_file
 /data/misc/odsign/metrics                                         odsign_metrics_file
 /data/misc/odsign/metrics/test                                    odsign_metrics_file
-/data/misc/perfetto-traces/bugreport                             perfetto_traces_bugreport_data_file
-/data/misc/perfetto-traces/bugreport/test                        perfetto_traces_bugreport_data_file
+/data/misc/perfetto-traces/bugreport                              perfetto_traces_bugreport_data_file
+/data/misc/perfetto-traces/bugreport/test                         perfetto_traces_bugreport_data_file
 /data/misc/perfetto-traces                                        perfetto_traces_data_file
 /data/misc/perfetto-traces/test                                   perfetto_traces_data_file
+/data/misc/perfetto-traces/profiling                              perfetto_traces_profiling_data_file
+/data/misc/perfetto-traces/profiling/test                         perfetto_traces_profiling_data_file
 /data/misc/perfetto-configs                                       perfetto_configs_data_file
 /data/misc/perfetto-configs/test                                  perfetto_configs_data_file
 /data/misc/prereboot                                              prereboot_data_file
diff --git a/flagging/Android.bp b/flagging/Android.bp
index 8f7355a..bdd0481 100644
--- a/flagging/Android.bp
+++ b/flagging/Android.bp
@@ -18,6 +18,7 @@
     name: "aosp_selinux_flags",
     flags: [
         "RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT",
+        "RELEASE_AVF_ENABLE_LLPVM_CHANGES",
         "RELEASE_HARDWARE_BLUETOOTH_RANGING_SERVICE",
     ],
     export_to: ["all_selinux_flags"],
diff --git a/private/app_zygote.te b/private/app_zygote.te
index e3869cd..b51f633 100644
--- a/private/app_zygote.te
+++ b/private/app_zygote.te
@@ -93,6 +93,10 @@
 # Allow app_zygote to access odsign verification status
 get_prop(app_zygote, odsign_prop)
 
+# /data/resource-cache
+allow app_zygote resourcecache_data_file:file r_file_perms;
+allow app_zygote resourcecache_data_file:dir r_dir_perms;
+
 #####
 ##### Neverallow
 #####
diff --git a/private/domain.te b/private/domain.te
index 2f107dd..59e30c8 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -179,6 +179,35 @@
 # Allow all processes to connect to PRNG seeder daemon.
 unix_socket_connect(domain, prng_seeder, prng_seeder)
 
+# Allow calls to system(3), popen(3), ...
+allow {
+  domain
+  # Except domains that explicitly neverallow it.
+  -kernel
+  -init
+  -vendor_init
+  -app_zygote
+  -webview_zygote
+  -system_server
+  -artd
+  -audioserver
+  -cameraserver
+  -mediadrmserver
+  -mediaextractor
+  -mediametrics
+  -mediaserver
+  -mediatuner
+  -mediatranscoding
+  -ueventd
+  -hal_audio_server
+  -hal_camera_server
+  -hal_cas_server
+  -hal_codec2_server
+  -hal_configstore_server
+  -hal_drm_server
+  -hal_omx_server
+} {shell_exec toolbox_exec}:file rx_file_perms;
+
 # No domains other than a select few can access the misc_block_device. This
 # block device is reserved for OTA use.
 # Do not assert this rule on userdebug/eng builds, due to some devices using
@@ -197,6 +226,7 @@
   -recovery
   -ueventd
   -mtectrl
+  -misctrl
 } misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
 
 # Limit ability to ptrace or read sensitive /proc/pid files of processes
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 6798667..29cd454 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -68,6 +68,8 @@
 # Collect metrics on boot time created by init
 get_prop(dumpstate, boottime_prop)
 
+get_prop(dumpstate, misctrl_prop)
+
 # Signal native processes to dump their stack.
 allow dumpstate {
   mediatranscoding
diff --git a/private/file.te b/private/file.te
index 450fe2c..24c118a 100644
--- a/private/file.te
+++ b/private/file.te
@@ -25,6 +25,9 @@
 # /data/misc/perfetto-traces/bugreport for perfetto traces for bugreports.
 type perfetto_traces_bugreport_data_file, file_type, data_file_type, core_data_file_type;
 
+# /data/misc/perfetto-traces/profiling for perfetto traces from profiling apis.
+type perfetto_traces_profiling_data_file, file_type, data_file_type, core_data_file_type;
+
 # /data/misc/perfetto-configs for perfetto configs
 type perfetto_configs_data_file, file_type, data_file_type, core_data_file_type;
 
diff --git a/private/file_contexts b/private/file_contexts
index 3a65d81..b9d661a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -332,6 +332,7 @@
 /system/bin/rss_hwm_reset	u:object_r:rss_hwm_reset_exec:s0
 /system/bin/perfetto        u:object_r:perfetto_exec:s0
 /system/bin/mtectrl         u:object_r:mtectrl_exec:s0
+/system/bin/misctrl         u:object_r:misctrl_exec:s0
 /system/bin/traced        u:object_r:traced_exec:s0
 /system/bin/traced_perf        u:object_r:traced_perf_exec:s0
 /system/bin/traced_probes        u:object_r:traced_probes_exec:s0
@@ -660,9 +661,10 @@
 /data/misc/odrefresh(/.*)?      u:object_r:odrefresh_data_file:s0
 /data/misc/odsign(/.*)?         u:object_r:odsign_data_file:s0
 /data/misc/odsign/metrics(/.*)? u:object_r:odsign_metrics_file:s0
-/data/misc/perfetto-traces(/.*)?          u:object_r:perfetto_traces_data_file:s0
-/data/misc/perfetto-traces/bugreport(.*)? u:object_r:perfetto_traces_bugreport_data_file:s0
-/data/misc/perfetto-configs(/.*)?         u:object_r:perfetto_configs_data_file:s0
+/data/misc/perfetto-traces(/.*)?           u:object_r:perfetto_traces_data_file:s0
+/data/misc/perfetto-traces/bugreport(.*)?  u:object_r:perfetto_traces_bugreport_data_file:s0
+/data/misc/perfetto-traces/profiling(/.*)? u:object_r:perfetto_traces_profiling_data_file:s0
+/data/misc/perfetto-configs(/.*)?          u:object_r:perfetto_configs_data_file:s0
 /data/misc/uprobestats-configs(/.*)?      u:object_r:uprobestats_configs_data_file:s0
 /data/misc/prereboot(/.*)?      u:object_r:prereboot_data_file:s0
 /data/misc/profcollectd(/.*)?   u:object_r:profcollectd_data_file:s0
diff --git a/private/misctrl.te b/private/misctrl.te
new file mode 100644
index 0000000..2352067
--- /dev/null
+++ b/private/misctrl.te
@@ -0,0 +1,17 @@
+# binary for generic misc partition management
+type misctrl, domain, coredomain;
+type misctrl_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(misctrl)
+
+allow misctrl misc_block_device:blk_file rw_file_perms;
+allow misctrl block_device:dir r_dir_perms;
+read_fstab(misctrl)
+
+set_prop(misctrl, misctrl_prop)
+
+# bootloader_message tries to find the fstab in the device config path first,
+# but because we've already booted up we can use the ro.boot properties instead,
+# so we can just ignore the SELinux denial.
+dontaudit misctrl sysfs_dt_firmware_android:dir search;
+dontaudit misctrl vendor_property_type:file read;
diff --git a/private/perfetto.te b/private/perfetto.te
index aae61a6..d0088ef 100644
--- a/private/perfetto.te
+++ b/private/perfetto.te
@@ -26,6 +26,10 @@
 allow perfetto perfetto_traces_bugreport_data_file:file create_file_perms;
 allow perfetto perfetto_traces_bugreport_data_file:dir rw_dir_perms;
 
+# Allow to write and unlink traces into /data/misc/perfetto-traces/profiling.
+allow perfetto perfetto_traces_profiling_data_file:dir rw_dir_perms;
+allow perfetto perfetto_traces_profiling_data_file:file create_file_perms;
+
 # Allow perfetto to access the proxy service for reporting traces.
 allow perfetto tracingproxy_service:service_manager find;
 binder_use(perfetto)
@@ -86,6 +90,7 @@
   -dumpstate # For attaching traces to bugreports.
   -incidentd # For receiving reported traces. TODO(lalitm): remove this.
   -priv_app  # For stating traces for bug-report UI.
+  -system_server # For accessing traces started by profiling apis.
 } perfetto_traces_data_file:dir *;
 neverallow {
   domain
@@ -122,14 +127,20 @@
   -vendor_data_file
   -perfetto_traces_data_file
   -perfetto_traces_bugreport_data_file
+  -perfetto_traces_profiling_data_file
   -perfetto_configs_data_file
   with_native_coverage(`-method_trace_data_file')
 }:dir *;
-neverallow perfetto { system_data_file -perfetto_traces_data_file }:dir ~{ getattr search };
+neverallow perfetto {
+  system_data_file
+  -perfetto_traces_data_file
+  -perfetto_traces_profiling_data_file
+}:dir ~{ getattr search };
 neverallow perfetto {
   data_file_type
   -perfetto_traces_data_file
   -perfetto_traces_bugreport_data_file
+  -perfetto_traces_profiling_data_file
   -perfetto_configs_data_file
   with_native_coverage(`-method_trace_data_file')
 }:file ~write;
diff --git a/private/property.te b/private/property.te
index d21df55..2d030ab 100644
--- a/private/property.te
+++ b/private/property.te
@@ -35,6 +35,7 @@
 system_internal_prop(netd_stable_secret_prop)
 system_internal_prop(next_boot_prop)
 system_internal_prop(odsign_prop)
+system_internal_prop(misctrl_prop)
 system_internal_prop(perf_drop_caches_prop)
 system_internal_prop(pm_prop)
 system_internal_prop(profcollectd_node_id_prop)
@@ -185,6 +186,21 @@
   userdebug_or_eng(`-su')
 } init_svc_debug_prop:file no_rw_file_perms;
 
+# DO NOT ADD: compat risk
+neverallow {
+  domain
+  -init
+  -dumpstate
+  -misctrl
+  userdebug_or_eng(`-su')
+} misctrl_prop:file no_rw_file_perms;
+neverallow {
+  domain
+  -init
+  -misctrl
+  userdebug_or_eng(`-su')
+} misctrl_prop:property_service set;
+
 compatible_property_only(`
 # Prevent properties from being set
   neverallow {
diff --git a/private/property_contexts b/private/property_contexts
index 568bdc1..fe12202 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -98,6 +98,7 @@
 ro.boot.serialno        u:object_r:serialno_prop:s0
 ro.bt.                  u:object_r:bluetooth_prop:s0
 ro.boot.bootreason      u:object_r:bootloader_boot_reason_prop:s0
+ro.misctrl.             u:object_r:misctrl_prop:s0
 persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
 sys.boot.reason         u:object_r:system_boot_reason_prop:s0
 sys.boot.reason.last    u:object_r:last_boot_reason_prop:s0
diff --git a/private/service.te b/private/service.te
index 36d6ccf..c4e7cbc 100644
--- a/private/service.te
+++ b/private/service.te
@@ -26,6 +26,9 @@
 is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
     type vfio_handler_service,          service_manager_type;
 ')
+is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
+    type virtualization_maintenance_service, service_manager_type;
+')
 
 type uce_service,                   service_manager_type;
 type wearable_sensing_service,      app_api_service, system_server_service, service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index 82af95e..3138d90 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -165,6 +165,9 @@
 is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
     android.system.virtualizationservice_internal.IVfioHandler u:object_r:vfio_handler_service:s0
 ')
+is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
+    android.system.virtualizationmaintenance u:object_r:virtualization_maintenance_service:s0
+')
 ambient_context                           u:object_r:ambient_context_service:s0
 app_binding                               u:object_r:app_binding_service:s0
 app_hibernation                           u:object_r:app_hibernation_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index b58315d..5b0caaa 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -582,6 +582,11 @@
 domain_auto_trans(system_server, perfetto_exec, perfetto);
 allow system_server perfetto:fifo_file { read write };
 
+# Allow system server to manage perfetto traces for ProfilingService.
+allow system_server perfetto_traces_profiling_data_file:dir rw_dir_perms;
+allow system_server perfetto_traces_profiling_data_file:file { rw_file_perms unlink };
+allow system_server perfetto_traces_data_file:dir search;
+
 # Manage /data/backup.
 allow system_server backup_data_file:dir create_dir_perms;
 allow system_server backup_data_file:file create_file_perms;
@@ -982,6 +987,9 @@
 allow system_server surfaceflinger_service:service_manager find;
 allow system_server update_engine_service:service_manager find;
 allow system_server virtual_camera_service:service_manager find;
+is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
+    allow system_server virtualization_maintenance_service:service_manager find;
+')
 allow system_server vold_service:service_manager find;
 allow system_server wifinl80211_service:service_manager find;
 allow system_server logd_service:service_manager find;
@@ -1299,6 +1307,9 @@
 neverallow system_server { domain -clatd -crash_dump -perfetto }:process transition;
 neverallow system_server *:process dyntransition;
 
+# Ensure that system_server doesn't access anything but search in perfetto_traces_data_file:dir.
+neverallow system_server perfetto_traces_data_file:dir ~search;
+
 # Only allow crash_dump to connect to system_ndebug_socket.
 neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write };
 
diff --git a/private/vfio_handler.te b/private/vfio_handler.te
index 963809e..fd6499d 100644
--- a/private/vfio_handler.te
+++ b/private/vfio_handler.te
@@ -31,7 +31,4 @@
     # Allow vfio_handler to search /dev/block for accessing dtbo.img
     allow vfio_handler block_device:dir search;
     allow vfio_handler dtbo_block_device:blk_file r_file_perms;
-
-    # Only vfio_handler can add vfio_handler_service
-    neverallow { domain -vfio_handler } vfio_handler_service:service_manager add;
 ') # is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT)
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 0a9ff8b..ee288f2 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -12,8 +12,11 @@
 # Let the virtualizationservice domain use Binder.
 binder_use(virtualizationservice)
 
-# Let the virtualizationservice domain register the virtualization_service with ServiceManager.
+# Register our services with ServiceManager.
 add_service(virtualizationservice, virtualization_service)
+is_flag_enabled(RELEASE_AVF_ENABLE_LLPVM_CHANGES, `
+    add_service(virtualizationservice, virtualization_maintenance_service)
+')
 
 is_flag_enabled(RELEASE_AVF_ENABLE_DEVICE_ASSIGNMENT, `
     # Let virtualizationservice find and communicate with vfio_handler.
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 0556950..1e32c1f 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -93,6 +93,10 @@
 # Allow webview_zygote to access odsign verification status
 get_prop(zygote, odsign_prop)
 
+# /data/resource-cache
+allow webview_zygote resourcecache_data_file:file r_file_perms;
+allow webview_zygote resourcecache_data_file:dir r_dir_perms;
+
 #####
 ##### Neverallow
 #####