Use a property instead of file to communicate cold boot done
Ueventd can't set properties currently, but this is an artificial limitation, since ueventd communicates to init that it has finished cold boot via a file, and init polls this file instead of returning to the epoll loop, where properties are handled. A related change replaces that file with a property and thus frees ueventd to be able to set properties. This change creates the cold_boot_done property type for this property and gives only ueventd permissions to set it. Bug: 62301678 Test: boot, check that properties are set Change-Id: I40843b423b192ea841db6a82f648e5bab9738e0e
This commit is contained in:
parent
0bdb4f269f
commit
2a67e947c6
4 changed files with 10 additions and 7 deletions
|
@ -5,6 +5,7 @@
|
||||||
(typeattribute new_objects)
|
(typeattribute new_objects)
|
||||||
(typeattributeset new_objects
|
(typeattributeset new_objects
|
||||||
( new_objects
|
( new_objects
|
||||||
|
cold_boot_done_prop
|
||||||
ctl_apexd_prop
|
ctl_apexd_prop
|
||||||
device_config_sys_traced_prop
|
device_config_sys_traced_prop
|
||||||
runtime_apex_dir
|
runtime_apex_dir
|
||||||
|
|
|
@ -203,3 +203,6 @@ ro.gsid. u:object_r:gsid_prop:s0
|
||||||
# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
|
# Property for disabling NNAPI vendor extensions on product image (used on GSI /product image,
|
||||||
# which can't use NNAPI vendor extensions).
|
# which can't use NNAPI vendor extensions).
|
||||||
ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0
|
ro.nnapi.extensions.deny_on_product u:object_r:nnapi_ext_deny_product_prop:s0
|
||||||
|
|
||||||
|
# Property that is set once ueventd finishes cold boot.
|
||||||
|
ro.cold_boot_done u:object_r:cold_boot_done_prop:s0
|
||||||
|
|
|
@ -6,6 +6,7 @@ type bluetooth_audio_hal_prop, property_type;
|
||||||
type bluetooth_prop, property_type;
|
type bluetooth_prop, property_type;
|
||||||
type bpf_progs_loaded_prop, property_type;
|
type bpf_progs_loaded_prop, property_type;
|
||||||
type bootloader_boot_reason_prop, property_type;
|
type bootloader_boot_reason_prop, property_type;
|
||||||
|
type cold_boot_done_prop, property_type;
|
||||||
type config_prop, property_type, core_property_type;
|
type config_prop, property_type, core_property_type;
|
||||||
type cppreopt_prop, property_type, core_property_type;
|
type cppreopt_prop, property_type, core_property_type;
|
||||||
type cpu_variant_prop, property_type;
|
type cpu_variant_prop, property_type;
|
||||||
|
@ -363,6 +364,7 @@ compatible_property_only(`
|
||||||
-bootloader_boot_reason_prop
|
-bootloader_boot_reason_prop
|
||||||
-boottime_prop
|
-boottime_prop
|
||||||
-bpf_progs_loaded_prop
|
-bpf_progs_loaded_prop
|
||||||
|
-cold_boot_done_prop
|
||||||
-config_prop
|
-config_prop
|
||||||
-cppreopt_prop
|
-cppreopt_prop
|
||||||
-ctl_adbd_prop
|
-ctl_adbd_prop
|
||||||
|
|
|
@ -59,17 +59,14 @@ allow ueventd kernel:key search;
|
||||||
allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
|
allow ueventd system_bootstrap_lib_file:dir r_dir_perms;
|
||||||
allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
|
allow ueventd system_bootstrap_lib_file:file { execute read open getattr map };
|
||||||
|
|
||||||
|
# ueventd can set properties, particularly it sets ro.cold_boot_done to signal
|
||||||
|
# to init that cold boot has completed.
|
||||||
|
set_prop(ueventd, cold_boot_done_prop)
|
||||||
|
|
||||||
#####
|
#####
|
||||||
##### neverallow rules
|
##### neverallow rules
|
||||||
#####
|
#####
|
||||||
|
|
||||||
# ueventd must never set properties, otherwise deadlocks may occur.
|
|
||||||
# https://android-review.googlesource.com/#/c/133120/6/init/devices.cpp@941
|
|
||||||
# No writing to the property socket, connecting to init, or setting properties.
|
|
||||||
neverallow ueventd property_socket:sock_file write;
|
|
||||||
neverallow ueventd init:unix_stream_socket connectto;
|
|
||||||
neverallow ueventd property_type:property_service set;
|
|
||||||
|
|
||||||
# Restrict ueventd access on block devices to maintenence operations.
|
# Restrict ueventd access on block devices to maintenence operations.
|
||||||
neverallow ueventd dev_type:blk_file ~{ getattr relabelfrom relabelto create setattr unlink };
|
neverallow ueventd dev_type:blk_file ~{ getattr relabelfrom relabelto create setattr unlink };
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue