apexd exports its status via sysprop
A sysprop apexd.status is set by apexd, to that other components (i.e.
init) can determine whether APEXs are all successfully mounted or no
(i.e., being mounted).
The sysprop is only writable by apexd.
Bug: 117403679
Test: adb shell getprop apexd.status returns 'ready'.
Change-Id: I81bcb96e6c5cb9d899f29ffa84f91eab3820be25
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 1e3977a..1a8c536 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -15,6 +15,7 @@
apex_service
apexd
apexd_exec
+ apexd_prop
apexd_tmpfs
atrace
binder_calls_stats_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index af805df..4e42041 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -14,6 +14,7 @@
apex_service
apexd
apexd_exec
+ apexd_prop
apexd_tmpfs
atrace
binder_calls_stats_service
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 6c9fbee..25e95c7 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -14,6 +14,7 @@
apex_service
apexd
apexd_exec
+ apexd_prop
apexd_tmpfs
biometric_service
;; TODO(b/116344577): remove after the issue is resolved
diff --git a/public/apexd.te b/public/apexd.te
index 73daf38..0f0f5ac 100644
--- a/public/apexd.te
+++ b/public/apexd.te
@@ -4,8 +4,12 @@
binder_use(apexd)
add_service(apexd, apex_service)
+set_prop(apexd, apexd_prop)
neverallow { domain -init -apexd } apex_service:service_manager find;
neverallow { domain -init -apexd } apexd:binder call;
neverallow domain apexd:process ptrace;
+
+# only apexd can set apexd sysprop
+neverallow { domain -apexd -init } apexd_prop:property_service set;
diff --git a/public/property.te b/public/property.te
index 66e823a..d903e00 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,3 +1,4 @@
+type apexd_prop, property_type;
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
type bluetooth_a2dp_offload_prop, property_type;
@@ -330,6 +331,7 @@
-system_writes_vendor_properties_violators
} {
property_type
+ -apexd_prop
-audio_prop
-bluetooth_a2dp_offload_prop
-bluetooth_prop
diff --git a/public/property_contexts b/public/property_contexts
index d58b1d4..5a24274 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -150,6 +150,7 @@
wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
# vendor-init-readable
+apexd.status u:object_r:apexd_prop:s0 exact enum starting ready
dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
persist.sys.usb.usbradio.config u:object_r:exported3_system_prop:s0 exact string
sys.boot_completed u:object_r:exported3_system_prop:s0 exact bool
diff --git a/public/vendor_init.te b/public/vendor_init.te
index c9aa0f2..bbfd418 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -181,6 +181,7 @@
-system_boot_reason_prop
-bootloader_boot_reason_prop
-last_boot_reason_prop
+ -apexd_prop
})
')