SEPolicy updates for adding native flag namespace(netd).

For experiment flag testing, we add a flag netd and have SEPolicy updates. Test: add sepolicy, m -j, check GetServerConfigurableFlag function in netd Bug:122050512 Change-Id: I21c844c277afc358085d80447f16e4c0d4eba5b3

SEPolicy updates for adding native flag namespace(netd).
For experiment flag testing, we add a flag netd and have SEPolicy updates. Test: add sepolicy, m -j, check GetServerConfigurableFlag function in netd Bug:122050512 Change-Id: I21c844c277afc358085d80447f16e4c0d4eba5b3
e3d625b7 · chenbruce · Bruce Chen · 53f53758 · e3d625b7 · e3d625b7
Commit e3d625b7 authored 6 years ago by chenbruce Committed by Bruce Chen 6 years ago
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -39,6 +39,7 @@
    device_config_boot_count_prop
    device_config_reset_performed_prop
    device_config_flags_health_check_prop
+    device_config_netd_native_prop
    e2fs
    e2fs_exec
    exfat

--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -37,6 +37,7 @@
    device_config_boot_count_prop
    device_config_reset_performed_prop
    device_config_flags_health_check_prop
+    device_config_netd_native_prop
    exfat
    exported2_config_prop
    exported2_default_prop

--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -25,6 +25,7 @@
    dev_cpu_variant
    device_config_boot_count_prop
    device_config_flags_health_check_prop
+    device_config_netd_native_prop
    device_config_reset_performed_prop
    device_config_service
    face_service

--- a/private/property_contexts
+++ b/private/property_contexts
@@ -170,6 +170,7 @@ persist.time.           u:object_r:time_prop:s0
 device_config.reset_performed           u:object_r:device_config_reset_performed_prop:s0
 persist.device_config.attempted_boot_count        u:object_r:device_config_boot_count_prop:s0
 persist.device_config.global_settings.native_flags_health_check_enabled u:object_r:device_config_flags_health_check_prop:s0
+persist.device_config.netd_native.           u:object_r:device_config_netd_native_prop:s0

 apexd.                  u:object_r:apexd_prop:s0
 persist.apexd.          u:object_r:apexd_prop:s0

--- a/private/system_server.te
+++ b/private/system_server.te
@@ -581,6 +581,7 @@ set_prop(system_server, cppreopt_prop)
 # STOPSHIP: Remove the ability for system_server to set property
 # device_config_flags_health_check_prop before release. (b/119627143)
 set_prop(system_server, device_config_flags_health_check_prop)
+set_prop(system_server, device_config_netd_native_prop)

 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
@@ -931,6 +932,7 @@ neverallow {
  -flags_health_check
 } {
  device_config_flags_health_check_prop
+  device_config_netd_native_prop
 }:property_service set;

 # system_server should never be executing dex2oat. This is either

--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -8,6 +8,7 @@ set_prop(flags_health_check, device_config_reset_performed_prop)
 # STOPSHIP: Remove the ability for flags_health_check to set property
 # device_config_flags_health_check_prop before release. (b/119627143)
 set_prop(flags_health_check, device_config_flags_health_check_prop)
+set_prop(flags_health_check, device_config_netd_native_prop)

 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;

--- a/public/netd.te
+++ b/public/netd.te
@@ -111,6 +111,7 @@ allow netd self:netlink_xfrm_socket { create_socket_perms_no_ioctl nlmsg_write n
 add_hwservice(netd, system_net_netd_hwservice)
 hwbinder_use(netd)
 get_prop(netd, hwservicemanager_prop)
+get_prop(netd, device_config_netd_native_prop)

 ###
 ### Neverallow rules

--- a/public/property.te
+++ b/public/property.te
@@ -31,6 +31,7 @@ type default_prop, property_type, core_property_type;
 type device_config_boot_count_prop, property_type;
 type device_config_reset_performed_prop, property_type;
 type device_config_flags_health_check_prop, property_type;
+type device_config_netd_native_prop, property_type;
 type device_logging_prop, property_type;
 type dhcp_prop, property_type, core_property_type;
 type dumpstate_options_prop, property_type;
@@ -400,6 +401,7 @@ compatible_property_only(`
    -device_config_reset_performed_prop
    -device_config_boot_count_prop
    -device_config_flags_health_check_prop
+    -device_config_netd_native_prop
    -heapprofd_enabled_prop
    -heapprofd_prop
    -hwservicemanager_prop

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -177,6 +177,7 @@ not_compatible_property(`
      -device_config_boot_count_prop
      -device_config_reset_performed_prop
      -device_config_flags_health_check_prop
+      -device_config_netd_native_prop
      -restorecon_prop
      -netd_stable_secret_prop
      -firstboot_prop