sepolicies for sys prop enabling flag health check

device_config_flags_health_check_prop is used for enabling/disabling program flags_health_check which is executed during device booting. "1" means enabling health check actions in flags_health_check, other values mean flags_health_check will not perform any action. Test: build succeeded & manual test Change-Id: I93739dc5d155e057d72d08fd13097eb63c1193b5

sepolicies for sys prop enabling flag health check
device_config_flags_health_check_prop is used for enabling/disabling program flags_health_check which is executed during device booting. "1" means enabling health check actions in flags_health_check, other values mean flags_health_check will not perform any action. Test: build succeeded & manual test Change-Id: I93739dc5d155e057d72d08fd13097eb63c1193b5
da492f4f · Hongyi Zhang · 6e92480d · da492f4f · da492f4f · da492f4f
Commit da492f4f authored 6 years ago by Hongyi Zhang
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -37,6 +37,7 @@
    ctl_sigstop_prop
    device_config_boot_count_prop
    device_config_reset_performed_prop
+    device_config_flags_health_check_prop
    e2fs
    e2fs_exec
    exfat

--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -35,6 +35,7 @@
    ctl_sigstop_prop
    device_config_boot_count_prop
    device_config_reset_performed_prop
+    device_config_flags_health_check_prop
    exfat
    exported2_config_prop
    exported2_default_prop

--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -20,6 +20,7 @@
    biometric_vendor_data_file
    device_config_boot_count_prop
    device_config_reset_performed_prop
+    device_config_flags_health_check_prop
    face_service
    fastbootd
    flags_health_check

--- a/private/property_contexts
+++ b/private/property_contexts
@@ -165,5 +165,6 @@ persist.time.           u:object_r:time_prop:s0
 # Properties that relate to server configurable flags
 device_config.reset_performed           u:object_r:device_config_reset_performed_prop:s0
 persist.device_config.attempted_boot_count        u:object_r:device_config_boot_count_prop:s0
+persist.device_config.global_settings.native_flags_health_check_enabled u:object_r:device_config_flags_health_check_prop:s0

 apexd.                  u:object_r:apexd_prop:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -565,6 +565,11 @@ set_prop(system_server, ctl_bugreport_prop)
 # cppreopt property
 set_prop(system_server, cppreopt_prop)

+# server configurable flags properties
+# STOPSHIP: Remove the ability for system_server to set property
+# device_config_flags_health_check_prop before release. (b/119627143)
+set_prop(system_server, device_config_flags_health_check_prop)
+
 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
 # PowerManager to read sys.boot.reason
@@ -892,6 +897,16 @@ neverallow system_server *:process dyntransition;
 # Only allow crash_dump to connect to system_ndebug_socket.
 neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write };

+# Only allow init, system_server, flags_health_check to set properties for server configurable flags
+neverallow {
+  domain
+  -init
+  -system_server
+  -flags_health_check
+} {
+  device_config_flags_health_check_prop
+}:property_service set;
+
 # system_server should never be executing dex2oat. This is either
 # a bug (for example, bug 16317188), or represents an attempt by
 # system server to dynamically load a dex file, something we do not

--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -5,6 +5,10 @@ type flags_health_check_exec, system_file_type, exec_type, file_type;
 set_prop(flags_health_check, device_config_boot_count_prop)
 set_prop(flags_health_check, device_config_reset_performed_prop)

+# STOPSHIP: Remove the ability for flags_health_check to set property
+# device_config_flags_health_check_prop before release. (b/119627143)
+set_prop(flags_health_check, device_config_flags_health_check_prop)
+
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;

 # system property device_config_boot_count_prop is used for deciding when to perform server

--- a/public/property.te
+++ b/public/property.te
@@ -28,6 +28,7 @@ type debug_prop, property_type, core_property_type;
 type default_prop, property_type, core_property_type;
 type device_config_boot_count_prop, property_type;
 type device_config_reset_performed_prop, property_type;
+type device_config_flags_health_check_prop, property_type;
 type device_logging_prop, property_type;
 type dhcp_prop, property_type, core_property_type;
 type dumpstate_options_prop, property_type;
@@ -393,6 +394,7 @@ compatible_property_only(`
    -firstboot_prop
    -device_config_reset_performed_prop
    -device_config_boot_count_prop
+    -device_config_flags_health_check_prop
    -hwservicemanager_prop
    -last_boot_reason_prop
    -system_lmk_prop

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -176,6 +176,7 @@ not_compatible_property(`
      property_type
      -device_config_boot_count_prop
      -device_config_reset_performed_prop
+      -device_config_flags_health_check_prop
      -restorecon_prop
      -netd_stable_secret_prop
      -firstboot_prop