From 0756dcc9dafc7b3d6a70dd8e6e69c1104f688513 Mon Sep 17 00:00:00 2001
From: Hector Dearman <hjd@google.com>
Date: Fri, 5 Apr 2019 16:41:30 +0100
Subject: [PATCH] Re-add sys_traced prop

Add permissions for:
persist.device_config.global_settings.sys_traced

Bug: b/71737179
Test: As follows:
patch aosp/891475
patch aosp/891853
patch ag/6224352

$ adb shell
walleye:/ $ ps -A | grep traced
nobody        1135     1   52288   2200 0                   0 S traced
nobody        1136     1   52288   2256 0                   0 S
traced_probes
walleye:/ $ settings put global sys_traced 0
walleye:/ $ ps -A | grep traced
1|walleye:/ $
walleye:/ $ settings put global sys_traced 1
1|walleye:/ $ ps -A | grep traced
nobody       12386     1   52288   2208 0                   0 S traced
nobody       12387     1   52288   2248 0                   0 S
traced_probes
Change-Id: I8898672c8fdc9c5d87a31b90f6c7d5c03bef78ed
---
 private/compat/28.0/28.0.ignore.cil | 1 +
 private/property_contexts           | 3 +++
 private/system_server.te            | 2 ++
 public/flags_health_check.te        | 1 +
 public/property.te                  | 2 ++
 public/vendor_init.te               | 1 +
 6 files changed, 10 insertions(+)

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 5fa263155..14964699f 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -44,6 +44,7 @@
     device_config_runtime_native_prop
     device_config_media_native_prop
     device_config_service
+    device_config_sys_traced_prop
     dnsresolver_service
     dynamic_android_service
     face_service
diff --git a/private/property_contexts b/private/property_contexts
index c1f1228c5..da09b8210 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -184,6 +184,9 @@ persist.device_config.runtime_native.        u:object_r:device_config_runtime_na
 persist.device_config.runtime_native_boot.   u:object_r:device_config_runtime_native_boot_prop:s0
 persist.device_config.media_native.          u:object_r:device_config_media_native_prop:s0
 
+# Properties that relate to legacy server configurable flags
+persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
+
 apexd.                  u:object_r:apexd_prop:s0
 persist.apexd.          u:object_r:apexd_prop:s0
 
diff --git a/private/system_server.te b/private/system_server.te
index 6dcecad9f..9b986b124 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -602,6 +602,7 @@ set_prop(system_server, device_config_activity_manager_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_boot_prop)
 set_prop(system_server, device_config_runtime_native_prop)
 set_prop(system_server, device_config_media_native_prop)
+set_prop(system_server, device_config_sys_traced_prop)
 
 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
@@ -967,6 +968,7 @@ neverallow {
   device_config_runtime_native_boot_prop
   device_config_runtime_native_prop
   device_config_media_native_prop
+  device_config_sys_traced_prop
 }:property_service set;
 
 # system_server should never be executing dex2oat. This is either
diff --git a/public/flags_health_check.te b/public/flags_health_check.te
index 151c7c097..b42005ae6 100644
--- a/public/flags_health_check.te
+++ b/public/flags_health_check.te
@@ -10,6 +10,7 @@ set_prop(flags_health_check, device_config_input_native_boot_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)
 set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
 set_prop(flags_health_check, device_config_media_native_prop)
+set_prop(flags_health_check, device_config_sys_traced_prop)
 
 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
 allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
diff --git a/public/property.te b/public/property.te
index 12f042578..a5b5e9514 100644
--- a/public/property.te
+++ b/public/property.te
@@ -38,6 +38,7 @@ type device_config_netd_native_prop, property_type;
 type device_config_runtime_native_boot_prop, property_type;
 type device_config_runtime_native_prop, property_type;
 type device_config_media_native_prop, property_type;
+type device_config_sys_traced_prop, property_type;
 type device_logging_prop, property_type;
 type dhcp_prop, property_type, core_property_type;
 type dumpstate_options_prop, property_type;
@@ -421,6 +422,7 @@ compatible_property_only(`
     -device_config_runtime_native_boot_prop
     -device_config_runtime_native_prop
     -device_config_media_native_prop
+    -device_config_sys_traced_prop
     -gsid_prop
     -heapprofd_enabled_prop
     -heapprofd_prop
diff --git a/public/vendor_init.te b/public/vendor_init.te
index de60312f4..3925df220 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -197,6 +197,7 @@ not_compatible_property(`
       -device_config_runtime_native_boot_prop
       -device_config_runtime_native_prop
       -device_config_media_native_prop
+      -device_config_sys_traced_prop
       -restorecon_prop
       -netd_stable_secret_prop
       -firstboot_prop