Merge tag 'android-13.0.0_r52' into int/13/fp3
Android 13.0.0 Release 52 (TQ3A.230605.012)
* tag 'android-13.0.0_r52': (38 commits)
sepolicy: Add spatial audio tuning properties.
sepolicy: Add spatial audio configuration properties
update api=33 sepolicy prebuilts for perfetto oome heap dumps
Fix incorrect domain used in system_server.te
Sysprop for the count of active OOME tracing sessions
update api=33 sepolicy prebuilts for perfetto profiling of system_server and sys/platform apps
tm-qpr backport: allow perfetto profiling of system_server and sys/platform apps
Allow vold to use FS_IOC_GET_ENCRYPTION_KEY_STATUS
Update prebuilt to add bluetooth_prop to system_server sepolicy.
Add bluetooth_prop to system_server sepolicy.
Allow platform_app:systemui to write protolog file
Hide ro.debuggable and ro.secure from ephemeral and isolated applications
suspend: Allow access to /sys/power/wake_[un]lock
DO NOT MERGE - Fix build.
Drop back-compatibility for hiding ro.debuggable and ro.secure
Disallow untrusted apps to read ro.debuggable and ro.secure
Allow update_verifier to connect to snapuserd daemon
Add SEPolicy for PRNG seeder daemon.
Update sepolicy prebuilts for PRNG seeder changes.
Update prebuilts to fix sepolicy_freeze_test
...
Change-Id: Ic6136a20e73c932770393d1e0d195c6b932195fc
diff --git a/prebuilts/api/30.0/public/attributes b/prebuilts/api/30.0/public/attributes
index 19623af..0c91692 100644
--- a/prebuilts/api/30.0/public/attributes
+++ b/prebuilts/api/30.0/public/attributes
@@ -91,15 +91,19 @@
# All properties defined by /system.
attribute system_property_type;
+expandattribute system_property_type false;
# All /system-defined properties used only in /system.
attribute system_internal_property_type;
+expandattribute system_internal_property_type false;
# All /system-defined properties which can't be written outside /system.
attribute system_restricted_property_type;
+expandattribute system_restricted_property_type false;
# All /system-defined properties with no restrictions.
attribute system_public_property_type;
+expandattribute system_public_property_type false;
# All properties defined by /product.
# Currently there are no enforcements between /system and /product, so for now
@@ -111,15 +115,19 @@
# All properties defined by /vendor.
attribute vendor_property_type;
+expandattribute vendor_property_type false;
# All /vendor-defined properties used only in /vendor.
attribute vendor_internal_property_type;
+expandattribute vendor_internal_property_type false;
# All /vendor-defined properties which can't be written outside /vendor.
attribute vendor_restricted_property_type;
+expandattribute vendor_restricted_property_type false;
# All /vendor-defined properties with no restrictions.
attribute vendor_public_property_type;
+expandattribute vendor_public_property_type false;
# All service_manager types created by system_server
attribute system_server_service;
diff --git a/prebuilts/api/31.0/private/mediatranscoding.te b/prebuilts/api/31.0/private/mediatranscoding.te
index 2a43cf9..073e81d 100644
--- a/prebuilts/api/31.0/private/mediatranscoding.te
+++ b/prebuilts/api/31.0/private/mediatranscoding.te
@@ -19,6 +19,7 @@
hal_client_domain(mediatranscoding, hal_configstore)
hal_client_domain(mediatranscoding, hal_omx)
hal_client_domain(mediatranscoding, hal_codec2)
+hal_client_domain(mediatranscoding, hal_allocator)
allow mediatranscoding mediaserver_service:service_manager find;
allow mediatranscoding mediametrics_service:service_manager find;
diff --git a/prebuilts/api/31.0/private/property.te b/prebuilts/api/31.0/private/property.te
index 29f4f1a..e72693a 100644
--- a/prebuilts/api/31.0/private/property.te
+++ b/prebuilts/api/31.0/private/property.te
@@ -395,10 +395,12 @@
# Allow the shell to set MTE props, so that non-root users with adb shell
# access can control the settings on their device.
+# Allow system apps to set MTE props, so Developer Options can set them.
neverallow {
domain
-init
-shell
+ -system_app
} {
arm64_memtag_prop
}:property_service set;
diff --git a/prebuilts/api/31.0/private/system_app.te b/prebuilts/api/31.0/private/system_app.te
index 239686e..41fac62 100644
--- a/prebuilts/api/31.0/private/system_app.te
+++ b/prebuilts/api/31.0/private/system_app.te
@@ -34,6 +34,7 @@
allow system_app icon_file:file r_file_perms;
# Write to properties
+set_prop(system_app, arm64_memtag_prop)
set_prop(system_app, bluetooth_a2dp_offload_prop)
set_prop(system_app, bluetooth_audio_hal_prop)
set_prop(system_app, bluetooth_prop)
diff --git a/prebuilts/api/32.0/private/mediatranscoding.te b/prebuilts/api/32.0/private/mediatranscoding.te
index 2a43cf9..073e81d 100644
--- a/prebuilts/api/32.0/private/mediatranscoding.te
+++ b/prebuilts/api/32.0/private/mediatranscoding.te
@@ -19,6 +19,7 @@
hal_client_domain(mediatranscoding, hal_configstore)
hal_client_domain(mediatranscoding, hal_omx)
hal_client_domain(mediatranscoding, hal_codec2)
+hal_client_domain(mediatranscoding, hal_allocator)
allow mediatranscoding mediaserver_service:service_manager find;
allow mediatranscoding mediametrics_service:service_manager find;
diff --git a/prebuilts/api/32.0/private/property.te b/prebuilts/api/32.0/private/property.te
index 587cf5e..77e1a7d 100644
--- a/prebuilts/api/32.0/private/property.te
+++ b/prebuilts/api/32.0/private/property.te
@@ -396,10 +396,12 @@
# Allow the shell to set MTE props, so that non-root users with adb shell
# access can control the settings on their device.
+# Allow system apps to set MTE props, so Developer Options can set them.
neverallow {
domain
-init
-shell
+ -system_app
} {
arm64_memtag_prop
}:property_service set;
diff --git a/prebuilts/api/32.0/private/system_app.te b/prebuilts/api/32.0/private/system_app.te
index 239686e..41fac62 100644
--- a/prebuilts/api/32.0/private/system_app.te
+++ b/prebuilts/api/32.0/private/system_app.te
@@ -34,6 +34,7 @@
allow system_app icon_file:file r_file_perms;
# Write to properties
+set_prop(system_app, arm64_memtag_prop)
set_prop(system_app, bluetooth_a2dp_offload_prop)
set_prop(system_app, bluetooth_audio_hal_prop)
set_prop(system_app, bluetooth_prop)
diff --git a/prebuilts/api/33.0/private/app.te b/prebuilts/api/33.0/private/app.te
index 86180b0..9a2e02a 100644
--- a/prebuilts/api/33.0/private/app.te
+++ b/prebuilts/api/33.0/private/app.te
@@ -54,6 +54,9 @@
userdebug_or_eng(`perfetto_producer({ appdomain })')
+# Allow the heap dump ART plugin to the count of sessions waiting for OOME
+get_prop(appdomain, traced_oome_heap_session_count_prop)
+
# Prevent apps from causing presubmit failures.
# Apps can cause selinux denials by accessing CE storage
# and/or external storage. In either case, the selinux denial is
diff --git a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
index 076d642..7c3058e 100644
--- a/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
+++ b/prebuilts/api/33.0/private/compat/32.0/32.0.ignore.cil
@@ -75,6 +75,7 @@
sysfs_lru_gen_enabled
system_dlkm_file
tare_service
+ traced_oome_heap_session_count_prop
tv_iapp_service
untrusted_app_30
vendor_uuid_mapping_config_file
diff --git a/prebuilts/api/33.0/private/file.te b/prebuilts/api/33.0/private/file.te
index cf9ea02..c5837f9 100644
--- a/prebuilts/api/33.0/private/file.te
+++ b/prebuilts/api/33.0/private/file.te
@@ -12,7 +12,7 @@
type storaged_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/wmtrace for wm traces
-type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
+type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/misc/a11ytrace for accessibility traces
type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/prebuilts/api/33.0/private/platform_app.te b/prebuilts/api/33.0/private/platform_app.te
index 6112ae0..91149f4 100644
--- a/prebuilts/api/33.0/private/platform_app.te
+++ b/prebuilts/api/33.0/private/platform_app.te
@@ -57,6 +57,12 @@
auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read };
')
+# Allow writing and removing wmshell protolog in /data/misc/wmtrace.
+userdebug_or_eng(`
+ allow platform_app wm_trace_data_file:dir rw_dir_perms;
+ allow platform_app wm_trace_data_file:file { getattr setattr create unlink w_file_perms };
+')
+
allow platform_app audioserver_service:service_manager find;
allow platform_app cameraserver_service:service_manager find;
allow platform_app drmserver_service:service_manager find;
@@ -113,6 +119,10 @@
# Allow platform apps to act as Perfetto producers.
perfetto_producer(platform_app)
+# Allow performance profiling if the app opts in.
+can_profile_heap(platform_app)
+can_profile_perf(platform_app)
+
# Allow platform apps to create VMs
virtualizationservice_use(platform_app)
diff --git a/prebuilts/api/33.0/private/property_contexts b/prebuilts/api/33.0/private/property_contexts
index 3841fd5..c653445 100644
--- a/prebuilts/api/33.0/private/property_contexts
+++ b/prebuilts/api/33.0/private/property_contexts
@@ -218,6 +218,9 @@
# heapprofd properties
heapprofd. u:object_r:heapprofd_prop:s0
+# traced properties
+traced.oome_heap_session.count u:object_r:traced_oome_heap_session_count_prop:s0 exact uint
+
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
@@ -351,10 +354,16 @@
audio.spatializer.priority u:object_r:audio_config_prop:s0 exact int
audio.spatializer.effect.affinity u:object_r:audio_config_prop:s0 exact int
audio.spatializer.effect.util_clamp_min u:object_r:audio_config_prop:s0 exact int
+audio.spatializer.pose_predictor_type u:object_r:audio_config_prop:s0 exact enum 0 1 2 3
+audio.spatializer.prediction_duration_ms u:object_r:audio_config_prop:s0 exact int
ro.audio.ignore_effects u:object_r:audio_config_prop:s0 exact bool
ro.audio.monitorRotation u:object_r:audio_config_prop:s0 exact bool
ro.audio.offload_wakelock u:object_r:audio_config_prop:s0 exact bool
+
+# Configure whether new device has spatialization default enabled.
+ro.audio.spatializer_binaural_enabled_default u:object_r:audio_config_prop:s0 exact bool
+ro.audio.spatializer_transaural_enabled_default u:object_r:audio_config_prop:s0 exact bool
# Boolean property used in AudioService to configure whether
# spatializer functionality should be initialized
ro.audio.spatializer_enabled u:object_r:audio_config_prop:s0 exact bool
diff --git a/prebuilts/api/33.0/private/system_app.te b/prebuilts/api/33.0/private/system_app.te
index 76e5f7d..d82cff7 100644
--- a/prebuilts/api/33.0/private/system_app.te
+++ b/prebuilts/api/33.0/private/system_app.te
@@ -177,6 +177,10 @@
# Allow system apps to act as Perfetto producers.
perfetto_producer(system_app)
+# Allow performance profiling by the platform itself.
+can_profile_heap(system_app)
+can_profile_perf(system_app)
+
###
### Neverallow rules
###
diff --git a/prebuilts/api/33.0/private/system_server.te b/prebuilts/api/33.0/private/system_server.te
index 6d3bc78..5e826bf 100644
--- a/prebuilts/api/33.0/private/system_server.te
+++ b/prebuilts/api/33.0/private/system_server.te
@@ -418,7 +418,14 @@
allow system_server mediadrmserver:tcp_socket rw_socket_perms;
allow system_server mediadrmserver:udp_socket rw_socket_perms;
-userdebug_or_eng(`perfetto_producer({ system_server })')
+# Allow writing performance tracing data to the Perfetto traced daemon. This
+# requires connecting to its producer socket and obtaining a (per-process)
+# tmpfs fd.
+perfetto_producer(system_server)
+
+# Allow performance profiling by the platform itself.
+can_profile_heap(system_server)
+can_profile_perf(system_server)
# Get file context
allow system_server file_contexts_file:file r_file_perms;
@@ -695,6 +702,7 @@
# Property Service write
set_prop(system_server, system_prop)
set_prop(system_server, bootanim_system_prop)
+set_prop(system_server, bluetooth_prop)
set_prop(system_server, exported_system_prop)
set_prop(system_server, exported3_system_prop)
set_prop(system_server, safemode_prop)
@@ -822,6 +830,9 @@
# Read persist.wm.debug. properties
get_prop(system_server, persist_wm_debug_prop)
+# Allow the heap dump ART plugin to the count of sessions waiting for OOME
+get_prop(system_server, traced_oome_heap_session_count_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/prebuilts/api/33.0/private/system_suspend.te b/prebuilts/api/33.0/private/system_suspend.te
index d924187..bef7c6d 100644
--- a/prebuilts/api/33.0/private/system_suspend.te
+++ b/prebuilts/api/33.0/private/system_suspend.te
@@ -29,6 +29,14 @@
allow system_suspend dumpstate:fd use;
allow system_suspend dumpstate:fifo_file write;
+# Allow init to take kernel wakelock and system suspend to
+# remove kenel wakelocks and the capability to access these
+# files
+allow init sysfs_wake_lock:file rw_file_perms;
+allow init self:global_capability2_class_set block_suspend;
+allow system_suspend sysfs_wake_lock:file rw_file_perms;
+allow system_suspend self:global_capability2_class_set block_suspend;
+
neverallow {
domain
-atrace # tracing
diff --git a/prebuilts/api/33.0/private/traced.te b/prebuilts/api/33.0/private/traced.te
index a6e200e..0a4afed 100644
--- a/prebuilts/api/33.0/private/traced.te
+++ b/prebuilts/api/33.0/private/traced.te
@@ -68,6 +68,11 @@
set_prop(traced, system_trace_prop)
# Allow to lazily start producers.
set_prop(traced, traced_lazy_prop)
+# Allow tracking the count of sessions intercepting Java OutOfMemoryError
+# If there are such tracing sessions and an OutOfMemoryError is thrown by ART,
+# the hprof plugin intercepts the error, lazily registers a data source to
+# traced and collects a heap dump.
+set_prop(traced, traced_oome_heap_session_count_prop)
# Allow traced to talk to statsd for logging metrics.
unix_socket_send(traced, statsdw, statsd)
diff --git a/prebuilts/api/33.0/private/update_verifier.te b/prebuilts/api/33.0/private/update_verifier.te
index 5e1b27b..a8cef37 100644
--- a/prebuilts/api/33.0/private/update_verifier.te
+++ b/prebuilts/api/33.0/private/update_verifier.te
@@ -7,3 +7,10 @@
# Allow to set the OTA related properties e.g. ota.warm_reset.
set_prop(update_verifier, ota_prop)
+
+# allow update_verifier to connect to snapuserd daemon
+allow update_verifier snapuserd_socket:sock_file write;
+allow update_verifier snapuserd:unix_stream_socket connectto;
+
+# virtual a/b properties
+get_prop(update_verifier, virtual_ab_prop)
diff --git a/prebuilts/api/33.0/public/ioctl_defines b/prebuilts/api/33.0/public/ioctl_defines
index d46e485..f57f182 100644
--- a/prebuilts/api/33.0/public/ioctl_defines
+++ b/prebuilts/api/33.0/public/ioctl_defines
@@ -823,6 +823,7 @@
define(`FS_IOC_FIEMAP', `0xc020660b')
define(`FS_IOC_FSGETXATTR', `0x801c581f')
define(`FS_IOC_FSSETXATTR', `0x401c5820')
+define(`FS_IOC_GET_ENCRYPTION_KEY_STATUS', `0xc080661a')
define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616')
define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614')
diff --git a/prebuilts/api/33.0/public/property.te b/prebuilts/api/33.0/public/property.te
index 763a80a..b8e111b 100644
--- a/prebuilts/api/33.0/public/property.te
+++ b/prebuilts/api/33.0/public/property.te
@@ -90,6 +90,7 @@
system_restricted_prop(surfaceflinger_display_prop)
system_restricted_prop(system_boot_reason_prop)
system_restricted_prop(system_jvmti_agent_prop)
+system_restricted_prop(traced_oome_heap_session_count_prop)
system_restricted_prop(ab_update_gki_prop)
system_restricted_prop(usb_prop)
system_restricted_prop(userspace_reboot_exported_prop)
diff --git a/prebuilts/api/33.0/public/vold.te b/prebuilts/api/33.0/public/vold.te
index b0fb6d0..53b2c49 100644
--- a/prebuilts/api/33.0/public/vold.te
+++ b/prebuilts/api/33.0/public/vold.te
@@ -51,6 +51,7 @@
FS_IOC_SET_ENCRYPTION_POLICY
FS_IOC_ADD_ENCRYPTION_KEY
FS_IOC_REMOVE_ENCRYPTION_KEY
+ FS_IOC_GET_ENCRYPTION_KEY_STATUS
};
# Only vold and init should ever set file-based encryption policies.
@@ -65,7 +66,7 @@
neverallowxperm {
domain
-vold
-} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY };
+} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_GET_ENCRYPTION_KEY_STATUS };
# Allow securely erasing crypto key files. F2FS_IOC_SEC_TRIM_FILE is
# tried first. Otherwise, FS_IOC_FIEMAP is needed to get the
diff --git a/private/app.te b/private/app.te
index 86180b0..9a2e02a 100644
--- a/private/app.te
+++ b/private/app.te
@@ -54,6 +54,9 @@
userdebug_or_eng(`perfetto_producer({ appdomain })')
+# Allow the heap dump ART plugin to the count of sessions waiting for OOME
+get_prop(appdomain, traced_oome_heap_session_count_prop)
+
# Prevent apps from causing presubmit failures.
# Apps can cause selinux denials by accessing CE storage
# and/or external storage. In either case, the selinux denial is
diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index 076d642..7c3058e 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -75,6 +75,7 @@
sysfs_lru_gen_enabled
system_dlkm_file
tare_service
+ traced_oome_heap_session_count_prop
tv_iapp_service
untrusted_app_30
vendor_uuid_mapping_config_file
diff --git a/private/file.te b/private/file.te
index cf9ea02..c5837f9 100644
--- a/private/file.te
+++ b/private/file.te
@@ -12,7 +12,7 @@
type storaged_data_file, file_type, data_file_type, core_data_file_type;
# /data/misc/wmtrace for wm traces
-type wm_trace_data_file, file_type, data_file_type, core_data_file_type;
+type wm_trace_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
# /data/misc/a11ytrace for accessibility traces
type accessibility_trace_data_file, file_type, data_file_type, core_data_file_type;
diff --git a/private/platform_app.te b/private/platform_app.te
index 6112ae0..91149f4 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -57,6 +57,12 @@
auditallow platform_app proc_net_type:{ dir file lnk_file } { getattr open read };
')
+# Allow writing and removing wmshell protolog in /data/misc/wmtrace.
+userdebug_or_eng(`
+ allow platform_app wm_trace_data_file:dir rw_dir_perms;
+ allow platform_app wm_trace_data_file:file { getattr setattr create unlink w_file_perms };
+')
+
allow platform_app audioserver_service:service_manager find;
allow platform_app cameraserver_service:service_manager find;
allow platform_app drmserver_service:service_manager find;
@@ -113,6 +119,10 @@
# Allow platform apps to act as Perfetto producers.
perfetto_producer(platform_app)
+# Allow performance profiling if the app opts in.
+can_profile_heap(platform_app)
+can_profile_perf(platform_app)
+
# Allow platform apps to create VMs
virtualizationservice_use(platform_app)
diff --git a/private/property_contexts b/private/property_contexts
index 3841fd5..c653445 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -218,6 +218,9 @@
# heapprofd properties
heapprofd. u:object_r:heapprofd_prop:s0
+# traced properties
+traced.oome_heap_session.count u:object_r:traced_oome_heap_session_count_prop:s0 exact uint
+
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0
@@ -351,10 +354,16 @@
audio.spatializer.priority u:object_r:audio_config_prop:s0 exact int
audio.spatializer.effect.affinity u:object_r:audio_config_prop:s0 exact int
audio.spatializer.effect.util_clamp_min u:object_r:audio_config_prop:s0 exact int
+audio.spatializer.pose_predictor_type u:object_r:audio_config_prop:s0 exact enum 0 1 2 3
+audio.spatializer.prediction_duration_ms u:object_r:audio_config_prop:s0 exact int
ro.audio.ignore_effects u:object_r:audio_config_prop:s0 exact bool
ro.audio.monitorRotation u:object_r:audio_config_prop:s0 exact bool
ro.audio.offload_wakelock u:object_r:audio_config_prop:s0 exact bool
+
+# Configure whether new device has spatialization default enabled.
+ro.audio.spatializer_binaural_enabled_default u:object_r:audio_config_prop:s0 exact bool
+ro.audio.spatializer_transaural_enabled_default u:object_r:audio_config_prop:s0 exact bool
# Boolean property used in AudioService to configure whether
# spatializer functionality should be initialized
ro.audio.spatializer_enabled u:object_r:audio_config_prop:s0 exact bool
diff --git a/private/system_app.te b/private/system_app.te
index 76e5f7d..d82cff7 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -177,6 +177,10 @@
# Allow system apps to act as Perfetto producers.
perfetto_producer(system_app)
+# Allow performance profiling by the platform itself.
+can_profile_heap(system_app)
+can_profile_perf(system_app)
+
###
### Neverallow rules
###
diff --git a/private/system_server.te b/private/system_server.te
index 6d3bc78..5e826bf 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -418,7 +418,14 @@
allow system_server mediadrmserver:tcp_socket rw_socket_perms;
allow system_server mediadrmserver:udp_socket rw_socket_perms;
-userdebug_or_eng(`perfetto_producer({ system_server })')
+# Allow writing performance tracing data to the Perfetto traced daemon. This
+# requires connecting to its producer socket and obtaining a (per-process)
+# tmpfs fd.
+perfetto_producer(system_server)
+
+# Allow performance profiling by the platform itself.
+can_profile_heap(system_server)
+can_profile_perf(system_server)
# Get file context
allow system_server file_contexts_file:file r_file_perms;
@@ -695,6 +702,7 @@
# Property Service write
set_prop(system_server, system_prop)
set_prop(system_server, bootanim_system_prop)
+set_prop(system_server, bluetooth_prop)
set_prop(system_server, exported_system_prop)
set_prop(system_server, exported3_system_prop)
set_prop(system_server, safemode_prop)
@@ -822,6 +830,9 @@
# Read persist.wm.debug. properties
get_prop(system_server, persist_wm_debug_prop)
+# Allow the heap dump ART plugin to the count of sessions waiting for OOME
+get_prop(system_server, traced_oome_heap_session_count_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/private/system_suspend.te b/private/system_suspend.te
index d924187..bef7c6d 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -29,6 +29,14 @@
allow system_suspend dumpstate:fd use;
allow system_suspend dumpstate:fifo_file write;
+# Allow init to take kernel wakelock and system suspend to
+# remove kenel wakelocks and the capability to access these
+# files
+allow init sysfs_wake_lock:file rw_file_perms;
+allow init self:global_capability2_class_set block_suspend;
+allow system_suspend sysfs_wake_lock:file rw_file_perms;
+allow system_suspend self:global_capability2_class_set block_suspend;
+
neverallow {
domain
-atrace # tracing
diff --git a/private/traced.te b/private/traced.te
index a6e200e..0a4afed 100644
--- a/private/traced.te
+++ b/private/traced.te
@@ -68,6 +68,11 @@
set_prop(traced, system_trace_prop)
# Allow to lazily start producers.
set_prop(traced, traced_lazy_prop)
+# Allow tracking the count of sessions intercepting Java OutOfMemoryError
+# If there are such tracing sessions and an OutOfMemoryError is thrown by ART,
+# the hprof plugin intercepts the error, lazily registers a data source to
+# traced and collects a heap dump.
+set_prop(traced, traced_oome_heap_session_count_prop)
# Allow traced to talk to statsd for logging metrics.
unix_socket_send(traced, statsdw, statsd)
diff --git a/private/update_verifier.te b/private/update_verifier.te
index 5e1b27b..a8cef37 100644
--- a/private/update_verifier.te
+++ b/private/update_verifier.te
@@ -7,3 +7,10 @@
# Allow to set the OTA related properties e.g. ota.warm_reset.
set_prop(update_verifier, ota_prop)
+
+# allow update_verifier to connect to snapuserd daemon
+allow update_verifier snapuserd_socket:sock_file write;
+allow update_verifier snapuserd:unix_stream_socket connectto;
+
+# virtual a/b properties
+get_prop(update_verifier, virtual_ab_prop)
diff --git a/public/ioctl_defines b/public/ioctl_defines
index d46e485..f57f182 100644
--- a/public/ioctl_defines
+++ b/public/ioctl_defines
@@ -823,6 +823,7 @@
define(`FS_IOC_FIEMAP', `0xc020660b')
define(`FS_IOC_FSGETXATTR', `0x801c581f')
define(`FS_IOC_FSSETXATTR', `0x401c5820')
+define(`FS_IOC_GET_ENCRYPTION_KEY_STATUS', `0xc080661a')
define(`FS_IOC_GET_ENCRYPTION_POLICY', `0x400c6615')
define(`FS_IOC_GET_ENCRYPTION_POLICY_EX', `0xc0096616')
define(`FS_IOC_GET_ENCRYPTION_PWSALT', `0x40106614')
diff --git a/public/property.te b/public/property.te
index 763a80a..b8e111b 100644
--- a/public/property.te
+++ b/public/property.te
@@ -90,6 +90,7 @@
system_restricted_prop(surfaceflinger_display_prop)
system_restricted_prop(system_boot_reason_prop)
system_restricted_prop(system_jvmti_agent_prop)
+system_restricted_prop(traced_oome_heap_session_count_prop)
system_restricted_prop(ab_update_gki_prop)
system_restricted_prop(usb_prop)
system_restricted_prop(userspace_reboot_exported_prop)
diff --git a/public/vold.te b/public/vold.te
index b0fb6d0..53b2c49 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -51,6 +51,7 @@
FS_IOC_SET_ENCRYPTION_POLICY
FS_IOC_ADD_ENCRYPTION_KEY
FS_IOC_REMOVE_ENCRYPTION_KEY
+ FS_IOC_GET_ENCRYPTION_KEY_STATUS
};
# Only vold and init should ever set file-based encryption policies.
@@ -65,7 +66,7 @@
neverallowxperm {
domain
-vold
-} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY };
+} data_file_type:dir ioctl { FS_IOC_ADD_ENCRYPTION_KEY FS_IOC_REMOVE_ENCRYPTION_KEY FS_IOC_GET_ENCRYPTION_KEY_STATUS };
# Allow securely erasing crypto key files. F2FS_IOC_SEC_TRIM_FILE is
# tried first. Otherwise, FS_IOC_FIEMAP is needed to get the