From d840374e654881fbd633acc68b827244d2a28768 Mon Sep 17 00:00:00 2001
From: Tom Cherry <tomcherry@google.com>
Date: Wed, 1 Aug 2018 15:48:20 -0700
Subject: [PATCH] Move watchdogd out of init and into its own domain

Bug: 73660730
Test: watchdogd still runs
Change-Id: I31697c7c6fa2f7009731ff48c659af051838e42f
---
 private/compat/26.0/26.0.cil        | 2 +-
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/compat/27.0/27.0.cil        | 2 +-
 private/compat/27.0/27.0.ignore.cil | 1 +
 private/compat/28.0/28.0.cil        | 2 +-
 private/compat/28.0/28.0.ignore.cil | 3 ++-
 private/file_contexts               | 1 +
 private/init.te                     | 1 -
 private/watchdogd.te                | 2 ++
 public/watchdogd.te                 | 2 ++
 10 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/private/compat/26.0/26.0.cil b/private/compat/26.0/26.0.cil
index c8b7a1f5a..085948a56 100644
--- a/private/compat/26.0/26.0.cil
+++ b/private/compat/26.0/26.0.cil
@@ -279,7 +279,7 @@
 (typeattributeset incident_data_file_26_0 (incident_data_file))
 (typeattributeset incident_service_26_0 (incident_service))
 (typeattributeset init_26_0 (init))
-(typeattributeset init_exec_26_0 (init_exec))
+(typeattributeset init_exec_26_0 (init_exec watchdogd_exec))
 (typeattributeset inotify_26_0 (inotify))
 (typeattributeset input_device_26_0 (input_device))
 (typeattributeset inputflinger_26_0 (inputflinger))
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index f29703efd..daeee95bf 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -156,6 +156,7 @@
     wait_for_keymaster
     wait_for_keymaster_exec
     wait_for_keymaster_tmpfs
+    watchdogd_tmpfs
     wpantund
     wpantund_exec
     wpantund_service
diff --git a/private/compat/27.0/27.0.cil b/private/compat/27.0/27.0.cil
index d0cb9b7bb..fcf4561c0 100644
--- a/private/compat/27.0/27.0.cil
+++ b/private/compat/27.0/27.0.cil
@@ -993,7 +993,7 @@
 (typeattributeset incident_data_file_27_0 (incident_data_file))
 (typeattributeset incident_service_27_0 (incident_service))
 (typeattributeset init_27_0 (init))
-(typeattributeset init_exec_27_0 (init_exec))
+(typeattributeset init_exec_27_0 (init_exec watchdogd_exec))
 (typeattributeset inotify_27_0 (inotify))
 (typeattributeset input_device_27_0 (input_device))
 (typeattributeset inputflinger_27_0 (inputflinger))
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index ad986fce1..f99f9a7cf 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -131,6 +131,7 @@
     wait_for_keymaster
     wait_for_keymaster_exec
     wait_for_keymaster_tmpfs
+    watchdogd_tmpfs
     wm_trace_data_file
     wpantund
     wpantund_exec
diff --git a/private/compat/28.0/28.0.cil b/private/compat/28.0/28.0.cil
index a784b444d..054cca268 100644
--- a/private/compat/28.0/28.0.cil
+++ b/private/compat/28.0/28.0.cil
@@ -1177,7 +1177,7 @@
 (typeattributeset incident_helper_28_0 (incident_helper))
 (typeattributeset incident_service_28_0 (incident_service))
 (typeattributeset init_28_0 (init))
-(typeattributeset init_exec_28_0 (init_exec))
+(typeattributeset init_exec_28_0 (init_exec watchdogd_exec))
 (typeattributeset inotify_28_0 (inotify))
 (typeattributeset input_device_28_0 (input_device))
 (typeattributeset inputflinger_28_0 (inputflinger))
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 1c09df8ee..ad7faa351 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -13,4 +13,5 @@
     timedetector_service
     timezonedetector_service
     uri_grants_service
-    vrflinger_vsync_service))
+    vrflinger_vsync_service
+    watchdogd_tmpfs))
diff --git a/private/file_contexts b/private/file_contexts
index 9f3d8174b..e78c02fa8 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -296,6 +296,7 @@
 /system/bin/statsd               u:object_r:statsd_exec:s0
 /system/bin/bpfloader            u:object_r:bpfloader_exec:s0
 /system/bin/wait_for_keymaster   u:object_r:wait_for_keymaster_exec:s0
+/system/bin/watchdogd            u:object_r:watchdogd_exec:s0
 
 #############################
 # Vendor files
diff --git a/private/init.te b/private/init.te
index e9959d3d2..4cf692249 100644
--- a/private/init.te
+++ b/private/init.te
@@ -13,7 +13,6 @@ recovery_only(`
 ')
 domain_trans(init, shell_exec, shell)
 domain_trans(init, init_exec, ueventd)
-domain_trans(init, init_exec, watchdogd)
 domain_trans(init, init_exec, vendor_init)
 domain_trans(init, { rootfs toolbox_exec }, modprobe)
 # case where logpersistd is actually logcat -f in logd context (nee: logcatd)
diff --git a/private/watchdogd.te b/private/watchdogd.te
index 36dd30fd7..91ece7052 100644
--- a/private/watchdogd.te
+++ b/private/watchdogd.te
@@ -1 +1,3 @@
 typeattribute watchdogd coredomain;
+
+init_daemon_domain(watchdogd)
diff --git a/public/watchdogd.te b/public/watchdogd.te
index 00292a9a9..d2718d833 100644
--- a/public/watchdogd.te
+++ b/public/watchdogd.te
@@ -1,4 +1,6 @@
 # watchdogd seclabel is specified in init.<board>.rc
 type watchdogd, domain;
+type watchdogd_exec, exec_type, file_type;
+
 allow watchdogd watchdog_device:chr_file rw_file_perms;
 allow watchdogd kmsg_device:chr_file rw_file_perms;
-- 
GitLab