Merge "Add runtime property permissions for experiments"

2c925143 · Mathieu Chartier · Gerrit Code Review · a579a99d · 05ad04dd · 2c925143
Commit 2c925143 authored 6 years ago by Mathieu Chartier Committed by Gerrit Code Review 6 years ago
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -32,6 +32,7 @@
    device_config_input_native_boot_prop
    device_config_netd_native_prop
    device_config_reset_performed_prop
+    device_config_runtime_prop
    device_config_service
    face_service
    face_vendor_data_file

--- a/private/property_contexts
+++ b/private/property_contexts
@@ -172,6 +172,7 @@ persist.device_config.activity_manager_native_boot. u:object_r:device_config_act
 persist.device_config.attempted_boot_count        u:object_r:device_config_boot_count_prop:s0
 persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
 persist.device_config.netd_native.           u:object_r:device_config_netd_native_prop:s0
+persist.device_config.runtime.           u:object_r:device_config_runtime_prop:s0

 apexd.                  u:object_r:apexd_prop:s0
 persist.apexd.          u:object_r:apexd_prop:s0

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -585,6 +585,7 @@ set_prop(system_server, cppreopt_prop)
 set_prop(system_server, device_config_input_native_boot_prop)
 set_prop(system_server, device_config_netd_native_prop)
 set_prop(system_server, device_config_activity_manager_native_boot_prop)
+set_prop(system_server, device_config_runtime_prop)

 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
@@ -947,6 +948,7 @@ neverallow {
  device_config_activity_manager_native_boot_prop
  device_config_input_native_boot_prop
  device_config_netd_native_prop
+  device_config_runtime_prop
 }:property_service set;

 # system_server should never be executing dex2oat. This is either

--- a/private/zygote.te
+++ b/private/zygote.te
@@ -126,6 +126,9 @@ allow zygote same_process_hal_file:file { execute read open getattr map };
 get_prop(zygote, overlay_prop)
 get_prop(zygote, exported_overlay_prop)

+# Allow the zygote to access feature flag properties.
+get_prop(zygote, device_config_runtime_prop)
+
 # ingore spurious denials
 dontaudit zygote self:global_capability_class_set sys_resource;


--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -4,6 +4,7 @@ type flags_health_check_exec, system_file_type, exec_type, file_type;

 set_prop(flags_health_check, device_config_boot_count_prop)
 set_prop(flags_health_check, device_config_reset_performed_prop)
+set_prop(flags_health_check, device_config_runtime_prop)
 set_prop(flags_health_check, device_config_input_native_boot_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)
 set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)

--- a/public/property.te
+++ b/public/property.te
@@ -33,6 +33,7 @@ type device_config_boot_count_prop, property_type;
 type device_config_reset_performed_prop, property_type;
 type device_config_input_native_boot_prop, property_type;
 type device_config_netd_native_prop, property_type;
+type device_config_runtime_prop, property_type;
 type device_logging_prop, property_type;
 type dhcp_prop, property_type, core_property_type;
 type dumpstate_options_prop, property_type;
@@ -405,6 +406,7 @@ compatible_property_only(`
    -device_config_boot_count_prop
    -device_config_input_native_boot_prop
    -device_config_netd_native_prop
+    -device_config_runtime_prop
    -heapprofd_enabled_prop
    -heapprofd_prop
    -hwservicemanager_prop

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -179,6 +179,7 @@ not_compatible_property(`
      -device_config_reset_performed_prop
      -device_config_input_native_boot_prop
      -device_config_netd_native_prop
+      -device_config_runtime_prop
      -restorecon_prop
      -netd_stable_secret_prop
      -firstboot_prop