Merge "Revert^2 "Add pm.archiving.enabled system property"" into main am: 949b5d7e4e
am: 9554cc2f10
Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/3038852 Change-Id: I508a47862cc851afff9e94a10b106b08e2e13fc2 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
commit
22594ac4e2
15 changed files with 45 additions and 0 deletions
|
@ -27,6 +27,7 @@
|
|||
virtual_camera_service
|
||||
ot_daemon_service
|
||||
ot_daemon_socket
|
||||
pm_archiving_enabled_prop
|
||||
remote_auth_service
|
||||
security_state_service
|
||||
sensitive_content_protection_service
|
||||
|
|
|
@ -296,3 +296,6 @@ neverallow priv_app *:{
|
|||
|
||||
# Allow priv apps to report off body events to keystore2.
|
||||
allow priv_app keystore:keystore2 report_off_body;
|
||||
|
||||
# Allow priv_apps to check if archiving is enabled
|
||||
get_prop(priv_app, pm_archiving_enabled_prop)
|
||||
|
|
|
@ -750,3 +750,10 @@ neverallow {
|
|||
-system_app
|
||||
-device_as_webcam
|
||||
} usb_uvc_enabled_prop:file no_rw_file_perms;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-vendor_init
|
||||
} pm_archiving_enabled_prop:property_service set;
|
||||
|
||||
|
|
|
@ -1642,6 +1642,9 @@ sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop
|
|||
# Properties for game manager service
|
||||
persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool
|
||||
|
||||
# Properties for app archiving
|
||||
pm.archiving.enabled u:object_r:pm_archiving_enabled_prop:s0 exact bool
|
||||
|
||||
# Properties for ThreadNetworkService
|
||||
threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string
|
||||
|
||||
|
|
|
@ -174,6 +174,9 @@ get_prop(system_app, oem_unlock_prop)
|
|||
# Settings app reads ro.usb.uvc.enabled
|
||||
get_prop(system_app, usb_uvc_enabled_prop)
|
||||
|
||||
# Settings and Launcher apps read pm.archiving.enabled
|
||||
get_prop(system_app, pm_archiving_enabled_prop)
|
||||
|
||||
###
|
||||
### Neverallow rules
|
||||
###
|
||||
|
|
|
@ -1602,6 +1602,10 @@ neverallow {
|
|||
-system_server
|
||||
} threadnetwork_config_prop:file no_rw_file_perms;
|
||||
|
||||
# Allow system server to read pm.archiving.enabled prop
|
||||
# TODO(azilio): Remove system property after archiving testing is completed.
|
||||
get_prop(system_server, pm_archiving_enabled_prop)
|
||||
|
||||
# Do not allow any domain other than init or system server to get or set the property
|
||||
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
|
||||
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;
|
||||
|
|
|
@ -200,6 +200,7 @@ system_vendor_config_prop(dck_prop)
|
|||
system_vendor_config_prop(tuner_config_prop)
|
||||
system_vendor_config_prop(usb_uvc_enabled_prop)
|
||||
system_vendor_config_prop(setupwizard_mode_prop)
|
||||
system_vendor_config_prop(pm_archiving_enabled_prop)
|
||||
|
||||
# Properties with no restrictions
|
||||
system_public_prop(adbd_config_prop)
|
||||
|
|
|
@ -813,6 +813,7 @@
|
|||
(expandtypeattribute (pipefs_202404) true)
|
||||
(expandtypeattribute (platform_app_202404) true)
|
||||
(expandtypeattribute (platform_compat_service_202404) true)
|
||||
(expandtypeattribute (pm_archiving_enabled_prop_202404) true)
|
||||
(expandtypeattribute (pmsg_device_202404) true)
|
||||
(expandtypeattribute (port_202404) true)
|
||||
(expandtypeattribute (port_device_202404) true)
|
||||
|
@ -2204,6 +2205,7 @@
|
|||
(typeattributeset pipefs_202404 (pipefs))
|
||||
(typeattributeset platform_app_202404 (platform_app))
|
||||
(typeattributeset platform_compat_service_202404 (platform_compat_service))
|
||||
(typeattributeset pm_archiving_enabled_prop_202404 (pm_archiving_enabled_prop))
|
||||
(typeattributeset pmsg_device_202404 (pmsg_device))
|
||||
(typeattributeset port_202404 (port))
|
||||
(typeattributeset port_device_202404 (port_device))
|
||||
|
|
|
@ -27,6 +27,7 @@
|
|||
virtual_camera_service
|
||||
ot_daemon_service
|
||||
ot_daemon_socket
|
||||
pm_archiving_enabled_prop
|
||||
remote_auth_service
|
||||
security_state_service
|
||||
sensitive_content_protection_service
|
||||
|
|
|
@ -293,3 +293,6 @@ neverallow priv_app *:{
|
|||
bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
|
||||
alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
|
||||
} *;
|
||||
|
||||
# Allow priv_apps to check if archiving is enabled
|
||||
get_prop(priv_app, pm_archiving_enabled_prop)
|
||||
|
|
|
@ -798,3 +798,9 @@ neverallow {
|
|||
-system_app
|
||||
-device_as_webcam
|
||||
} usb_uvc_enabled_prop:file no_rw_file_perms;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-vendor_init
|
||||
} pm_archiving_enabled_prop:property_service set;
|
||||
|
|
|
@ -1656,6 +1656,9 @@ sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop
|
|||
# Properties for game manager service
|
||||
persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool
|
||||
|
||||
# Properties for app archiving
|
||||
pm.archiving.enabled u:object_r:pm_archiving_enabled_prop:s0 exact bool
|
||||
|
||||
# Properties for ThreadNetworkService
|
||||
threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string
|
||||
|
||||
|
|
|
@ -174,6 +174,9 @@ get_prop(system_app, oem_unlock_prop)
|
|||
# Settings app reads ro.usb.uvc.enabled
|
||||
get_prop(system_app, usb_uvc_enabled_prop)
|
||||
|
||||
# Settings and Launcher apps read pm.archiving.enabled
|
||||
get_prop(system_app, pm_archiving_enabled_prop)
|
||||
|
||||
# Settings app reads and writes the wifi blob database
|
||||
allow system_app connectivityblob_data_file:dir rw_dir_perms;
|
||||
allow system_app connectivityblob_data_file:file create_file_perms;
|
||||
|
|
|
@ -1629,6 +1629,10 @@ neverallow {
|
|||
-system_server
|
||||
} threadnetwork_config_prop:file no_rw_file_perms;
|
||||
|
||||
# Allow system server to read pm.archiving.enabled prop
|
||||
# TODO(azilio): Remove system property after archiving testing is completed.
|
||||
get_prop(system_server, pm_archiving_enabled_prop)
|
||||
|
||||
# Allow accessing /mnt/pre_reboot_dexopt/chroot, to load the new service-art.jar
|
||||
# in Pre-reboot Dexopt.
|
||||
allow system_server pre_reboot_dexopt_file:dir { getattr search };
|
||||
|
|
|
@ -202,6 +202,7 @@ system_vendor_config_prop(dck_prop)
|
|||
system_vendor_config_prop(tuner_config_prop)
|
||||
system_vendor_config_prop(usb_uvc_enabled_prop)
|
||||
system_vendor_config_prop(setupwizard_mode_prop)
|
||||
system_vendor_config_prop(pm_archiving_enabled_prop)
|
||||
|
||||
# Properties with no restrictions
|
||||
system_public_prop(adbd_config_prop)
|
||||
|
|
Loading…
Reference in a new issue