Merge "Add odsign status properties."

This commit is contained in:
Martijn Coenen 2021-03-19 10:30:20 +00:00 committed by Gerrit Code Review
commit 0b47552028
3 changed files with 9 additions and 0 deletions

View file

@ -50,6 +50,10 @@ domain_auto_trans(odsign, odrefresh_exec, odrefresh)
# Run fsverity_init to add key to fsverity keyring # Run fsverity_init to add key to fsverity keyring
domain_auto_trans(odsign, fsverity_init_exec, fsverity_init) domain_auto_trans(odsign, fsverity_init_exec, fsverity_init)
# only odsign can set odsign sysprop
set_prop(odsign, odsign_prop)
neverallow { domain -odsign -init } odsign_prop:property_service set;
# Neverallows # Neverallows
neverallow { domain -odsign -init -fsverity_init } odsign_data_file:dir *; neverallow { domain -odsign -init -fsverity_init } odsign_data_file:dir *;
neverallow { domain -odsign -init -fsverity_init } odsign_data_file:file *; neverallow { domain -odsign -init -fsverity_init } odsign_data_file:file *;

View file

@ -22,6 +22,7 @@ system_internal_prop(lower_kptr_restrict_prop)
system_internal_prop(net_464xlat_fromvendor_prop) system_internal_prop(net_464xlat_fromvendor_prop)
system_internal_prop(net_connectivity_prop) system_internal_prop(net_connectivity_prop)
system_internal_prop(netd_stable_secret_prop) system_internal_prop(netd_stable_secret_prop)
system_internal_prop(odsign_prop)
system_internal_prop(pm_prop) system_internal_prop(pm_prop)
system_internal_prop(rollback_test_prop) system_internal_prop(rollback_test_prop)
system_internal_prop(setupwizard_prop) system_internal_prop(setupwizard_prop)

View file

@ -546,6 +546,10 @@ vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int
apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
odsign.key.done u:object_r:odsign_prop:s0 exact bool
odsign.verification.done u:object_r:odsign_prop:s0 exact bool
odsign.verification.success u:object_r:odsign_prop:s0 exact bool
dev.bootcomplete u:object_r:boot_status_prop:s0 exact bool dev.bootcomplete u:object_r:boot_status_prop:s0 exact bool
sys.boot_completed u:object_r:boot_status_prop:s0 exact bool sys.boot_completed u:object_r:boot_status_prop:s0 exact bool