bootstat: enhance last reboot reason property with file backing
Helps with support of recovery and rollback boot reason history, by
also using /metadata/bootstat/persist.sys.boot.reason to file the
reboot reason. For now, label this file metadata_bootstat_file.
Test: manual
Bug: 129007837
Change-Id: Id1d21c404067414847bef14a0c43f70cafe1a3e2
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 51e7b5c..73fb877 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -118,6 +118,7 @@
mediaswcodec_tmpfs
mediaextractor_update_service
mediaprovider_tmpfs
+ metadata_bootstat_file
metadata_file
mnt_product_file
mnt_vendor_file
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index a8d64bd..8dd367a 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -107,6 +107,7 @@
mediaswcodec
mediaswcodec_exec
mediaswcodec_tmpfs
+ metadata_bootstat_file
metadata_file
mnt_product_file
mnt_vendor_file
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index de62740..16637f3 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -98,6 +98,7 @@
mediaswcodec
mediaswcodec_exec
mediaswcodec_tmpfs
+ metadata_bootstat_file
mnt_product_file
network_stack
network_stack_service
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index f28757e..fd57007 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -61,6 +61,7 @@
light_service
linker_prop
linkerconfig_file
+ metadata_bootstat_file
mnt_pass_through_file
mock_ota_prop
module_sdkextensions_prop
diff --git a/private/file_contexts b/private/file_contexts
index 3955708..0ee01b8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -697,6 +697,7 @@
/metadata/gsi/ota(/.*)? u:object_r:ota_metadata_file:s0
/metadata/password_slots(/.*)? u:object_r:password_slot_metadata_file:s0
/metadata/ota(/.*)? u:object_r:ota_metadata_file:s0
+/metadata/bootstat(/.*)? u:object_r:metadata_bootstat_file:s0
#############################
# asec containers
diff --git a/public/bootstat.te b/public/bootstat.te
index a2a060b..6143a7d 100644
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -15,6 +15,9 @@
set_prop(bootstat, bootloader_boot_reason_prop)
set_prop(bootstat, system_boot_reason_prop)
set_prop(bootstat, last_boot_reason_prop)
+allow bootstat metadata_file:dir search;
+allow bootstat metadata_bootstat_file:dir rw_dir_perms;
+allow bootstat metadata_bootstat_file:file create_file_perms;
# ToDo: TBI move access for the following to a system health HAL
diff --git a/public/file.te b/public/file.te
index 0585afd..1f8dacc 100644
--- a/public/file.te
+++ b/public/file.te
@@ -230,6 +230,8 @@
type apex_metadata_file, file_type;
# libsnapshot files within /metadata
type ota_metadata_file, file_type;
+# property files within /metadata/bootstat
+type metadata_bootstat_file, file_type;
# Type for /dev/cpu_variant:.*.
type dev_cpu_variant, file_type;
diff --git a/public/init.te b/public/init.te
index cfca727..bdcf057 100644
--- a/public/init.te
+++ b/public/init.te
@@ -566,6 +566,8 @@
# Metadata setup
allow init vold_metadata_file:dir create_dir_perms;
allow init vold_metadata_file:file getattr;
+allow init metadata_bootstat_file:dir create_dir_perms;
+allow init metadata_bootstat_file:file w_file_perms;
# Allow init to touch PSI monitors
allow init proc_pressure_mem:file { rw_file_perms setattr };