Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_sepolicy / 5f486c74bf72648b9c03ffe934b1c83c95e27391^! / . / private
commit5f486c74bf72648b9c03ffe934b1c83c95e27391[log] [tgz]
authorWilliam Hester <williamhester@google.com>Tue Jan 15 13:39:30 2019 -0800
committerWilliam Hester <williamhester@google.com>Thu Jan 17 13:10:37 2019 -0800
treea3620de314d5e9d3ce91c49e78417aa22e75cf61
parent5a974a0eae28287a9c7ff1d173085cd56f4d8d8f [diff]
Add the testharness service to sepolicy rules

The testharness service will manage Test Harness Mode and provide a
command-line interface for users to enable Test Harness Mode; however it
does not directly provide a public API.

Bug: 80137798
Test: make
Test: flash crosshatch
Change-Id: Ie396e40fcea8914b4dd2247f2314e029b66ad84e

diff --git a/private/adbd.te b/private/adbd.te
index 0b42672..5bbf2dd 100644
--- a/private/adbd.te
+++ b/private/adbd.te

@@ -85,6 +85,9 @@
 # Read device's serial number from system properties
 get_prop(adbd, serialno_prop)
 
+# Read whether or not Test Harness Mode is enabled
+get_prop(adbd, test_harness_prop)
+
 # Read device's overlayfs related properties and files
 userdebug_or_eng(`
   get_prop(adbd, persistent_properties_ready_prop)

diff --git a/private/app.te b/private/app.te
index 876406f..4e433eb 100644
--- a/private/app.te
+++ b/private/app.te

@@ -10,6 +10,10 @@
 # info etc.
 allow appdomain priv_app_tmpfs:file read;
 
+# Allow apps to read the Test Harness Mode property. This property is used in
+# the implementation of ActivityManager.isDeviceInTestHarnessMode()
+get_prop(appdomain, test_harness_prop)
+
 neverallow appdomain system_server:udp_socket {
         accept append bind create ioctl listen lock name_bind
         relabelfrom relabelto setattr shutdown };

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 23a8a00..4ae2071 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -90,6 +90,8 @@
     system_lmk_prop
     system_suspend_hwservice
     staging_data_file
+    testharness_service
+    test_harness_prop
     time_prop
     timedetector_service
     timezonedetector_service

diff --git a/private/service_contexts b/private/service_contexts
index 5448183..2ad99eb 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -181,6 +181,7 @@
 task                                      u:object_r:task_service:s0
 telecom                                   u:object_r:telecom_service:s0
 telephony.registry                        u:object_r:registry_service:s0
+testharness                               u:object_r:testharness_service:s0
 textclassification                        u:object_r:textclassification_service:s0
 textservices                              u:object_r:textservices_service:s0
 time_detector                             u:object_r:timedetector_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index 0baf4d6..bb69796 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -605,6 +605,9 @@
 # reset during current boot.
 get_prop(system_server, device_config_reset_performed_prop)
 
+# Read/write the property that enables Test Harness Mode
+set_prop(system_server, test_harness_prop)
+
 # Create a socket for connections from debuggerd.
 allow system_server system_ndebug_socket:sock_file create_file_perms;