tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Allow composd to pass some system properties to CompOS" into tm-dev

Browse source
This commit is contained in:
Victor Hsieh 2022-05-12 15:30:40 +00:00 committed by Android (Google) Code Review
commit 05d625ef62
5 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
microdroid/system/private/compos.te
View file

@ -25,6 +25,10 @@ dontaudit compos self:dir write;
# See b/35323867#comment3
dontaudit compos self:global_capability_class_set dac_override;
# Allow settings system properties that ART expects.
set_prop(compos, dalvik_config_prop)
set_prop(compos, device_config_runtime_native_boot_prop)
# Allow running odrefresh in its own domain
domain_auto_trans(compos, odrefresh_exec, odrefresh)

1
microdroid/system/private/property.te
View file

@ -1,6 +1,7 @@
# Declare ART properties for CompOS
system_public_prop(dalvik_config_prop)
system_restricted_prop(device_config_runtime_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
# Don't audit legacy ctl. property handling. We only want the newer permission check to appear
# in the audit log

6
microdroid/system/private/property_contexts
View file

@ -152,7 +152,9 @@ ro.vndk.version u:object_r:build_prop:s0 exact string
heapprofd.enable u:object_r:heapprofd_prop:s0 exact bool
# ART properties for CompOS
dalvik.vm. u:object_r:dalvik_config_prop:s0 prefix
persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0 prefix
dalvik.vm. u:object_r:dalvik_config_prop:s0 prefix
ro.dalvik.vm. u:object_r:dalvik_config_prop:s0 prefix
persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0 prefix
persist.device_config.runtime_native_boot. u:object_r:device_config_runtime_native_boot_prop:s0 prefix
apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string

1
prebuilts/api/33.0/private/composd.te
View file

@ -31,6 +31,7 @@ allow composd compos_fd_server:process signal;
# Read ART's properties
get_prop(composd, dalvik_config_prop)
get_prop(composd, device_config_runtime_native_boot_prop)
# We never create any artifact files directly
neverallow composd apex_art_data_file:file ~unlink;

1
private/composd.te
View file

@ -31,6 +31,7 @@ allow composd compos_fd_server:process signal;
# Read ART's properties
get_prop(composd, dalvik_config_prop)
get_prop(composd, device_config_runtime_native_boot_prop)
# We never create any artifact files directly
neverallow composd apex_art_data_file:file ~unlink;