From da492f4fca2d1c74afd5d65c7a9ca8a2676f24fa Mon Sep 17 00:00:00 2001
From: Hongyi Zhang <hongyiz@google.com>
Date: Thu, 15 Nov 2018 16:27:18 -0800
Subject: [PATCH] sepolicies for sys prop enabling flag health check
device_config_flags_health_check_prop is used for enabling/disabling
program flags_health_check which is executed during device booting.
"1" means enabling health check actions in flags_health_check, other
values mean flags_health_check will not perform any action.
Test: build succeeded & manual test
Change-Id: I93739dc5d155e057d72d08fd13097eb63c1193b5
---
private/compat/26.0/26.0.ignore.cil | 1 +
private/compat/27.0/27.0.ignore.cil | 1 +
private/compat/28.0/28.0.ignore.cil | 1 +
private/property_contexts | 1 +
private/system_server.te | 15 +++++++++++++++
public/flags_heatlh_check.te | 4 ++++
public/property.te | 2 ++
public/vendor_init.te | 1 +
8 files changed, 26 insertions(+)
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index ae9241bcc..5ba2adfae 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -37,6 +37,7 @@
ctl_sigstop_prop
device_config_boot_count_prop
device_config_reset_performed_prop
+ device_config_flags_health_check_prop
e2fs
e2fs_exec
exfat
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index f4645ee6f..38d7d0334 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -35,6 +35,7 @@
ctl_sigstop_prop
device_config_boot_count_prop
device_config_reset_performed_prop
+ device_config_flags_health_check_prop
exfat
exported2_config_prop
exported2_default_prop
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 754878632..353724b90 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -20,6 +20,7 @@
biometric_vendor_data_file
device_config_boot_count_prop
device_config_reset_performed_prop
+ device_config_flags_health_check_prop
face_service
fastbootd
flags_health_check
diff --git a/private/property_contexts b/private/property_contexts
index 390c845a1..0fc3de670 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -165,5 +165,6 @@ persist.time. u:object_r:time_prop:s0
# Properties that relate to server configurable flags
device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0
persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
+persist.device_config.global_settings.native_flags_health_check_enabled u:object_r:device_config_flags_health_check_prop:s0
apexd. u:object_r:apexd_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index d8a67c374..895be0b07 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -565,6 +565,11 @@ set_prop(system_server, ctl_bugreport_prop)
# cppreopt property
set_prop(system_server, cppreopt_prop)
+# server configurable flags properties
+# STOPSHIP: Remove the ability for system_server to set property
+# device_config_flags_health_check_prop before release. (b/119627143)
+set_prop(system_server, device_config_flags_health_check_prop)
+
# BootReceiver to read ro.boot.bootreason
get_prop(system_server, bootloader_boot_reason_prop)
# PowerManager to read sys.boot.reason
@@ -892,6 +897,16 @@ neverallow system_server *:process dyntransition;
# Only allow crash_dump to connect to system_ndebug_socket.
neverallow { domain -init -system_server -crash_dump } system_ndebug_socket:sock_file { open write };
+# Only allow init, system_server, flags_health_check to set properties for server configurable flags
+neverallow {
+ domain
+ -init
+ -system_server
+ -flags_health_check
+} {
+ device_config_flags_health_check_prop
+}:property_service set;
+
# system_server should never be executing dex2oat. This is either
# a bug (for example, bug 16317188), or represents an attempt by
# system server to dynamically load a dex file, something we do not
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index 9a5ceebc2..c17ce9f07 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -5,6 +5,10 @@ type flags_health_check_exec, system_file_type, exec_type, file_type;
set_prop(flags_health_check, device_config_boot_count_prop)
set_prop(flags_health_check, device_config_reset_performed_prop)
+# STOPSHIP: Remove the ability for flags_health_check to set property
+# device_config_flags_health_check_prop before release. (b/119627143)
+set_prop(flags_health_check, device_config_flags_health_check_prop)
+
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
# system property device_config_boot_count_prop is used for deciding when to perform server
diff --git a/public/property.te b/public/property.te
index bdd57d6e3..8a1e1fd85 100644
--- a/public/property.te
+++ b/public/property.te
@@ -28,6 +28,7 @@ type debug_prop, property_type, core_property_type;
type default_prop, property_type, core_property_type;
type device_config_boot_count_prop, property_type;
type device_config_reset_performed_prop, property_type;
+type device_config_flags_health_check_prop, property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
type dumpstate_options_prop, property_type;
@@ -393,6 +394,7 @@ compatible_property_only(`
-firstboot_prop
-device_config_reset_performed_prop
-device_config_boot_count_prop
+ -device_config_flags_health_check_prop
-hwservicemanager_prop
-last_boot_reason_prop
-system_lmk_prop
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 0653b411c..fe3f87ff5 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -176,6 +176,7 @@ not_compatible_property(`
property_type
-device_config_boot_count_prop
-device_config_reset_performed_prop
+ -device_config_flags_health_check_prop
-restorecon_prop
-netd_stable_secret_prop
-firstboot_prop
--
GitLab