From c0c915558995ae9163151d3be5ad87fd27e8d97e Mon Sep 17 00:00:00 2001
From: Siarhei Vishniakou <svv@google.com>
Date: Mon, 14 Jan 2019 14:18:38 -0800
Subject: [PATCH] Permissions for input_native_boot flags

For input experiments that are enabled at boot time, allow system_server
to read and write the device config flags.

Bug: 120794829
Test: presubmit
Change-Id: I0f075a7579c593d4e07c3e31be529e34554068a6
---
 private/compat/28.0/28.0.ignore.cil | 1 +
 private/property_contexts           | 1 +
 private/system_server.te            | 2 ++
 public/flags_heatlh_check.te        | 2 +-
 public/property.te                  | 2 ++
 public/vendor_init.te               | 1 +
 6 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index aeba94514..8797d67d3 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -26,6 +26,7 @@
     cpu_variant_prop
     dev_cpu_variant
     device_config_boot_count_prop
+    device_config_input_native_boot_prop
     device_config_netd_native_prop
     device_config_reset_performed_prop
     device_config_service
diff --git a/private/property_contexts b/private/property_contexts
index 80ccbdf81..d7563bc06 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -169,6 +169,7 @@ persist.time.           u:object_r:time_prop:s0
 # Properties that relate to server configurable flags
 device_config.reset_performed           u:object_r:device_config_reset_performed_prop:s0
 persist.device_config.attempted_boot_count        u:object_r:device_config_boot_count_prop:s0
+persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
 persist.device_config.netd_native.           u:object_r:device_config_netd_native_prop:s0
 
 apexd.                  u:object_r:apexd_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 864873800..30235e5ff 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -582,6 +582,7 @@ set_prop(system_server, ctl_bugreport_prop)
 set_prop(system_server, cppreopt_prop)
 
 # server configurable flags properties
+set_prop(system_server, device_config_input_native_boot_prop)
 set_prop(system_server, device_config_netd_native_prop)
 
 # BootReceiver to read ro.boot.bootreason
@@ -935,6 +936,7 @@ neverallow {
   -system_server
   -flags_health_check
 } {
+  device_config_input_native_boot_prop
   device_config_netd_native_prop
 }:property_service set;
 
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index 257abc6a2..e5677c34a 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -4,7 +4,7 @@ type flags_health_check_exec, system_file_type, exec_type, file_type;
 
 set_prop(flags_health_check, device_config_boot_count_prop)
 set_prop(flags_health_check, device_config_reset_performed_prop)
-
+set_prop(flags_health_check, device_config_input_native_boot_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)
 
 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
diff --git a/public/property.te b/public/property.te
index a4893ea2f..980c3d0c1 100644
--- a/public/property.te
+++ b/public/property.te
@@ -30,6 +30,7 @@ type debug_prop, property_type, core_property_type;
 type default_prop, property_type, core_property_type;
 type device_config_boot_count_prop, property_type;
 type device_config_reset_performed_prop, property_type;
+type device_config_input_native_boot_prop, property_type;
 type device_config_netd_native_prop, property_type;
 type device_logging_prop, property_type;
 type dhcp_prop, property_type, core_property_type;
@@ -400,6 +401,7 @@ compatible_property_only(`
     -firstboot_prop
     -device_config_reset_performed_prop
     -device_config_boot_count_prop
+    -device_config_input_native_boot_prop
     -device_config_netd_native_prop
     -heapprofd_enabled_prop
     -heapprofd_prop
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 178f3fcd0..ffd5e0caf 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -176,6 +176,7 @@ not_compatible_property(`
       property_type
       -device_config_boot_count_prop
       -device_config_reset_performed_prop
+      -device_config_input_native_boot_prop
       -device_config_netd_native_prop
       -restorecon_prop
       -netd_stable_secret_prop
-- 
GitLab