Merge "SELinux rule for ro.device_owner and persist.logd.security"

65d364b9 · Rubin Xu · Gerrit Code Review · 8632b9e4 · 0c8286fe · 65d364b9
Commit 65d364b9 authored 9 years ago by Rubin Xu Committed by Gerrit Code Review 9 years ago
--- a/adbd.te
+++ b/adbd.te
@@ -49,6 +49,9 @@ set_prop(adbd, shell_prop)
 set_prop(adbd, powerctl_prop)
 set_prop(adbd, ffs_prop)

+# Access device logging gating property
+get_prop(adbd, device_logging_prop)
+
 # Run /system/bin/bu
 allow adbd system_file:file rx_file_perms;


--- a/logd.te
+++ b/logd.te
@@ -18,6 +18,9 @@ userdebug_or_eng(`
 allow logd pstorefs:dir search;
 allow logd pstorefs:file r_file_perms;

+# Access device logging gating property
+get_prop(logd, device_logging_prop)
+
 r_dir_file(logd, domain)

 allow logd kernel:system syslog_mod;

--- a/property.te
+++ b/property.te
@@ -31,5 +31,6 @@ type powerctl_prop, property_type, core_property_type;
 type nfc_prop, property_type, core_property_type;
 type dalvik_prop, property_type, core_property_type;
 type config_prop, property_type, core_property_type;
+type device_logging_prop, property_type;

 allow property_type tmpfs:filesystem associate;
--- a/property_contexts
+++ b/property_contexts
@@ -39,12 +39,17 @@ service.adb.tcp.port    u:object_r:shell_prop:s0
 persist.audio.          u:object_r:audio_prop:s0
 persist.debug.          u:object_r:persist_debug_prop:s0
 persist.logd.           u:object_r:logd_prop:s0
+persist.logd.security   u:object_r:device_logging_prop:s0
 persist.log.tag         u:object_r:logd_prop:s0
 persist.sys.            u:object_r:system_prop:s0
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0
 persist.security.       u:object_r:system_prop:s0

+# Boolean property set by system server upon boot indicating
+# if device owner is provisioned.
+ro.device_owner         u:object_r:device_logging_prop:s0
+
 # selinux non-persistent properties
 selinux.restorecon_recursive   u:object_r:restorecon_prop:s0
 selinux.                       u:object_r:security_prop:s0

--- a/system_server.te
+++ b/system_server.te
@@ -288,6 +288,7 @@ set_prop(system_server, system_radio_prop)
 set_prop(system_server, debug_prop)
 set_prop(system_server, powerctl_prop)
 set_prop(system_server, fingerprint_prop)
+set_prop(system_server, device_logging_prop)

 # ctl interface
 set_prop(system_server, ctl_default_prop)