Merge "Add contexts for sqlite debug properties"

commit: 5d6020d9f5a60e92a8ec7109344145f3d4ab533d [log] [tgz]
author: Inseob Kim <inseob@google.com> Thu Nov 19 08:34:58 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Nov 19 08:34:58 2020 +0000
tree: cb109d83cca4a3f8344999432fc3eece1bb1b750
parent: d0753735aad7bf7944a919a21a04f4e6133c165e [diff]
parent: 0cef0fe5ac8b56f3d7a601034d70fdaa8775029e [diff]
diff --git a/private/app.te b/private/app.te
index ab9cf3c..dacea29 100644
--- a/private/app.te
+++ b/private/app.te

@@ -59,3 +59,6 @@
 
 # Allow to read persist.config.calibration_fac
 get_prop(appdomain, camera_calibration_prop)
+
+# Allow to read db.log.detailed, db.log.slow_query_threshold*
+get_prop(appdomain, sqlite_log_prop)

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 9cc23b4..49a5a77 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil

@@ -1302,6 +1302,7 @@
     build_config_prop
     init_service_status_private_prop
     setupwizard_prop
+    sqlite_log_prop
     verity_status_prop
     zygote_wrap_prop
 ))

diff --git a/private/coredomain.te b/private/coredomain.te
index 3450010..fe3e1ae 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te

@@ -12,6 +12,7 @@
 get_prop(coredomain, pm_prop)
 get_prop(coredomain, radio_control_prop)
 get_prop(coredomain, setupwizard_prop)
+get_prop(coredomain, sqlite_log_prop)
 get_prop(coredomain, storagemanager_config_prop)
 get_prop(coredomain, surfaceflinger_color_prop)
 get_prop(coredomain, systemsound_config_prop)

diff --git a/private/property.te b/private/property.te
index 9a600cf..ffd3c51 100644
--- a/private/property.te
+++ b/private/property.te

@@ -524,3 +524,13 @@
   -dumpstate
   -vendor_init
 } build_config_prop:file no_rw_file_perms;
+
+neverallow {
+  -init
+  -shell
+} sqlite_log_prop:property_service set;
+
+neverallow {
+  -coredomain
+  -appdomain
+} sqlite_log_prop:file no_rw_file_perms;

diff --git a/private/property_contexts b/private/property_contexts
index 576887b..e136dc9 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -1070,3 +1070,7 @@
 setupwizard.logging                                                u:object_r:setupwizard_prop:s0 exact bool
 setupwizard.metrics_debug_mode                                     u:object_r:setupwizard_prop:s0 exact bool
 setupwizard.theme                                                  u:object_r:setupwizard_prop:s0 exact string
+
+db.log.detailed               u:object_r:sqlite_log_prop:s0 exact bool
+db.log.slow_query_threshold   u:object_r:sqlite_log_prop:s0 exact int
+db.log.slow_query_threshold.* u:object_r:sqlite_log_prop:s0 prefix int

diff --git a/private/shell.te b/private/shell.te
index b4d3505..452ee16 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -164,3 +164,6 @@
 
 # Allow shell to access the keystore2_key namespace shell_key. Mainly used for native tests.
 allow shell shell_key:keystore2_key { delete rebind use get_info update };
+
+# Allow shell to write db.log.detailed, db.log.slow_query_threshold*
+set_prop(shell, sqlite_log_prop)

diff --git a/public/property.te b/public/property.te
index cb3b91d..4afc2a0 100644
--- a/public/property.te
+++ b/public/property.te

@@ -77,6 +77,7 @@
 system_restricted_prop(restorecon_prop)
 system_restricted_prop(retaildemo_prop)
 system_restricted_prop(socket_hook_prop)
+system_restricted_prop(sqlite_log_prop)
 system_restricted_prop(surfaceflinger_display_prop)
 system_restricted_prop(system_boot_reason_prop)
 system_restricted_prop(system_jvmti_agent_prop)
commit	5d6020d9f5a60e92a8ec7109344145f3d4ab533d	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Thu Nov 19 08:34:58 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Nov 19 08:34:58 2020 +0000
tree	cb109d83cca4a3f8344999432fc3eece1bb1b750
parent	d0753735aad7bf7944a919a21a04f4e6133c165e [diff]
parent	0cef0fe5ac8b56f3d7a601034d70fdaa8775029e [diff]