Skip to content

Commit 31e0945

Browse files
author
android-build-team Robot
committed
Snap for 6847696 from 63322ae to rvc-qpr1-release
Change-Id: I4661f61f56a7ce98f222d255efc8900fdecaf65f
2 parents c864b4c + 63322ae commit 31e0945

File tree

4 files changed

+12
-6
lines changed

4 files changed

+12
-6
lines changed

prebuilts/api/30.0/private/system_server.te

+5-3
Original file line numberDiff line numberDiff line change
@@ -973,8 +973,8 @@ get_prop(system_server, time_prop)
973973
# on low memory kills.
974974
get_prop(system_server, system_lmk_prop)
975975

976-
# Only system server can access BINDER_FREEZE
977-
allowxperm system_server binder_device:chr_file ioctl { BINDER_FREEZE };
976+
# Only system server can access BINDER_FREEZE and BINDER_GET_FROZEN_INFO
977+
allowxperm system_server binder_device:chr_file ioctl { BINDER_FREEZE BINDER_GET_FROZEN_INFO };
978978

979979
###
980980
### Neverallow rules
@@ -1178,4 +1178,6 @@ neverallow { domain -init -system_server } socket_hook_prop:property_service set
11781178

11791179
# BINDER_FREEZE is used to block ipc transactions to frozen processes, so it
11801180
# can be accessed by system_server only (b/143717177)
1181-
neverallowxperm { domain -system_server } binder_device:chr_file ioctl { BINDER_FREEZE };
1181+
# BINDER_GET_FROZEN_INFO is used by system_server to determine the state of a frozen binder
1182+
# interface
1183+
neverallowxperm { domain -system_server } binder_device:chr_file ioctl { BINDER_FREEZE BINDER_GET_FROZEN_INFO };

prebuilts/api/30.0/public/ioctl_defines

+1
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,7 @@ define(`BC_REPLY', `0x40406301')
133133
define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e')
134134
define(`BC_TRANSACTION', `0x40406300')
135135
define(`BINDER_FREEZE', `0x400c620e')
136+
define(`BINDER_GET_FROZEN_INFO', `0xc00c620f')
136137
define(`BINDER_GET_NODE_DEBUG_INFO', `0xc018620b')
137138
define(`BINDER_GET_NODE_INFO_FOR_REF', `0xc018620c')
138139
define(`BINDER_SET_CONTEXT_MGR', `0x40046207')

private/system_server.te

+5-3
Original file line numberDiff line numberDiff line change
@@ -973,8 +973,8 @@ get_prop(system_server, time_prop)
973973
# on low memory kills.
974974
get_prop(system_server, system_lmk_prop)
975975

976-
# Only system server can access BINDER_FREEZE
977-
allowxperm system_server binder_device:chr_file ioctl { BINDER_FREEZE };
976+
# Only system server can access BINDER_FREEZE and BINDER_GET_FROZEN_INFO
977+
allowxperm system_server binder_device:chr_file ioctl { BINDER_FREEZE BINDER_GET_FROZEN_INFO };
978978

979979
###
980980
### Neverallow rules
@@ -1178,4 +1178,6 @@ neverallow { domain -init -system_server } socket_hook_prop:property_service set
11781178

11791179
# BINDER_FREEZE is used to block ipc transactions to frozen processes, so it
11801180
# can be accessed by system_server only (b/143717177)
1181-
neverallowxperm { domain -system_server } binder_device:chr_file ioctl { BINDER_FREEZE };
1181+
# BINDER_GET_FROZEN_INFO is used by system_server to determine the state of a frozen binder
1182+
# interface
1183+
neverallowxperm { domain -system_server } binder_device:chr_file ioctl { BINDER_FREEZE BINDER_GET_FROZEN_INFO };

public/ioctl_defines

+1
Original file line numberDiff line numberDiff line change
@@ -133,6 +133,7 @@ define(`BC_REPLY', `0x40406301')
133133
define(`BC_REQUEST_DEATH_NOTIFICATION', `0x400c630e')
134134
define(`BC_TRANSACTION', `0x40406300')
135135
define(`BINDER_FREEZE', `0x400c620e')
136+
define(`BINDER_GET_FROZEN_INFO', `0xc00c620f')
136137
define(`BINDER_GET_NODE_DEBUG_INFO', `0xc018620b')
137138
define(`BINDER_GET_NODE_INFO_FOR_REF', `0xc018620c')
138139
define(`BINDER_SET_CONTEXT_MGR', `0x40046207')

0 commit comments

Comments
 (0)