From d36b1d5f620f6dc72a65ff851f78375d82e92e2c Mon Sep 17 00:00:00 2001
From: Branden Archer <brarcher@google.com>
Date: Tue, 27 Nov 2018 15:47:12 -0800
Subject: [PATCH] Allow init to set powerctl property

NIAP certification requires that all cryptographic functions
undergo a self-test during startup to demonstrate correct
operation. init now performs this check during startup.

The self-test is forked from init. For the child process
to be able to request a reboot it needs permissions to
set the sys.powerctl property.

Bug: 119826244
Test: Built for walleye. When the BoringSSL self test was forced
      to fail the device rebooted into the bootloader, as
      expected.

Change-Id: I4171b1dd0a5e393252ae5c002171ac51c9cbb3e6
---
 private/init.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/private/init.te b/private/init.te
index 30e5e3623..b8b0066d0 100644
--- a/private/init.te
+++ b/private/init.te
@@ -25,3 +25,6 @@ userdebug_or_eng(`
   dontaudit init su:process noatsecure;
   allow init su:process { siginh rlimitinh };
 ')
+
+# Allow the BoringSSL self test to request a reboot upon failure
+set_prop(init, powerctl_prop)
-- 
GitLab