Add the testharness service to sepolicy rules

The testharness service will manage Test Harness Mode and provide a command-line interface for users to enable Test Harness Mode; however it does not directly provide a public API. Bug: 80137798 Test: make Test: flash crosshatch Change-Id: Ie396e40fcea8914b4dd2247f2314e029b66ad84e

Add the testharness service to sepolicy rules
The testharness service will manage Test Harness Mode and provide a command-line interface for users to enable Test Harness Mode; however it does not directly provide a public API. Bug: 80137798 Test: make Test: flash crosshatch Change-Id: Ie396e40fcea8914b4dd2247f2314e029b66ad84e
5f486c74 · William Hester · 5a974a0e · 5f486c74 · 5f486c74 · 5f486c74
Commit 5f486c74 authored 6 years ago by William Hester
--- a/private/adbd.te
+++ b/private/adbd.te
@@ -85,6 +85,9 @@ get_prop(adbd, device_logging_prop)
 # Read device's serial number from system properties
 get_prop(adbd, serialno_prop)
+# Read whether or not Test Harness Mode is enabled
+get_prop(adbd, test_harness_prop)
 # Read device's overlayfs related properties and files
 userdebug_or_eng(`
  get_prop(adbd, persistent_properties_ready_prop)

--- a/private/app.te
+++ b/private/app.te
@@ -10,6 +10,10 @@ allow appdomain system_server_tmpfs:file read;
 # info etc.
 allow appdomain priv_app_tmpfs:file read;
+# Allow apps to read the Test Harness Mode property. This property is used in
+# the implementation of ActivityManager.isDeviceInTestHarnessMode()
+get_prop(appdomain, test_harness_prop)
 neverallow appdomain system_server:udp_socket {
        accept append bind create ioctl listen lock name_bind
        relabelfrom relabelto setattr shutdown };

--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -90,6 +90,8 @@
    system_lmk_prop
    system_suspend_hwservice
    staging_data_file
+    testharness_service
+    test_harness_prop
    time_prop
    timedetector_service
    timezonedetector_service

--- a/private/service_contexts
+++ b/private/service_contexts
@@ -181,6 +181,7 @@ system_update                             u:object_r:system_update_service:s0
 task                                      u:object_r:task_service:s0
 telecom                                   u:object_r:telecom_service:s0
 telephony.registry                        u:object_r:registry_service:s0
+testharness                               u:object_r:testharness_service:s0
 textclassification                        u:object_r:textclassification_service:s0
 textservices                              u:object_r:textservices_service:s0
 time_detector                             u:object_r:timedetector_service:s0

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -605,6 +605,9 @@ get_prop(system_server, exported_audio_prop)
 # reset during current boot.
 get_prop(system_server, device_config_reset_performed_prop)
+# Read/write the property that enables Test Harness Mode
+set_prop(system_server, test_harness_prop)
 # Create a socket for connections from debuggerd.
 allow system_server system_ndebug_socket:sock_file create_file_perms;

--- a/public/property.te
+++ b/public/property.te
@@ -71,6 +71,7 @@ type system_boot_reason_prop, property_type;
 type system_prop, property_type, core_property_type;
 type system_radio_prop, property_type, core_property_type;
 type test_boot_reason_prop, property_type;
+type test_harness_prop, property_type;
 type time_prop, property_type;
 type traced_enabled_prop, property_type;
 type vold_prop, property_type, core_property_type;
@@ -432,6 +433,7 @@ compatible_property_only(`
    -system_prop
    -system_radio_prop
    -test_boot_reason_prop
+    -test_harness_prop
    -time_prop
    -traced_enabled_prop
    -vendor_default_prop

--- a/public/property_contexts
+++ b/public/property_contexts
@@ -188,6 +188,7 @@ libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
 libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
 persist.sys.locale u:object_r:exported_system_prop:s0 exact string
 persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
+persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
 ro.adb.secure u:object_r:exported_secure_prop:s0 exact int
 ro.arch u:object_r:exported2_default_prop:s0 exact string
 ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool

--- a/public/service.te
+++ b/public/service.te
@@ -157,6 +157,7 @@ type statusbar_service, app_api_service, ephemeral_app_api_service, system_serve
 type storagestats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type system_update_service, system_server_service, service_manager_type;
 type task_service, system_server_service, service_manager_type;
+type testharness_service, system_server_service, service_manager_type;
 type textclassification_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type textservices_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type telecom_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;