Merge changes from topic "misctrl" into main am: 9fca32695a am: cfed32d4ff
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2966594
Change-Id: I38f488b39b95a40a23d8968991ed4362ac801051
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 6798667..29cd454 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -68,6 +68,8 @@
# Collect metrics on boot time created by init
get_prop(dumpstate, boottime_prop)
+get_prop(dumpstate, misctrl_prop)
+
# Signal native processes to dump their stack.
allow dumpstate {
mediatranscoding
diff --git a/private/misctrl.te b/private/misctrl.te
index c570aa4..2352067 100644
--- a/private/misctrl.te
+++ b/private/misctrl.te
@@ -8,6 +8,8 @@
allow misctrl block_device:dir r_dir_perms;
read_fstab(misctrl)
+set_prop(misctrl, misctrl_prop)
+
# bootloader_message tries to find the fstab in the device config path first,
# but because we've already booted up we can use the ro.boot properties instead,
# so we can just ignore the SELinux denial.
diff --git a/private/property.te b/private/property.te
index d21df55..2d030ab 100644
--- a/private/property.te
+++ b/private/property.te
@@ -35,6 +35,7 @@
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(next_boot_prop)
system_internal_prop(odsign_prop)
+system_internal_prop(misctrl_prop)
system_internal_prop(perf_drop_caches_prop)
system_internal_prop(pm_prop)
system_internal_prop(profcollectd_node_id_prop)
@@ -185,6 +186,21 @@
userdebug_or_eng(`-su')
} init_svc_debug_prop:file no_rw_file_perms;
+# DO NOT ADD: compat risk
+neverallow {
+ domain
+ -init
+ -dumpstate
+ -misctrl
+ userdebug_or_eng(`-su')
+} misctrl_prop:file no_rw_file_perms;
+neverallow {
+ domain
+ -init
+ -misctrl
+ userdebug_or_eng(`-su')
+} misctrl_prop:property_service set;
+
compatible_property_only(`
# Prevent properties from being set
neverallow {
diff --git a/private/property_contexts b/private/property_contexts
index 568bdc1..fe12202 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -98,6 +98,7 @@
ro.boot.serialno u:object_r:serialno_prop:s0
ro.bt. u:object_r:bluetooth_prop:s0
ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0
+ro.misctrl. u:object_r:misctrl_prop:s0
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
sys.boot.reason u:object_r:system_boot_reason_prop:s0
sys.boot.reason.last u:object_r:last_boot_reason_prop:s0