From 360e0f91c3f8ac9a51204cb0194abb05cb66ba90 Mon Sep 17 00:00:00 2001
From: Nikita Ioffe <ioffe@google.com>
Date: Sat, 13 Mar 2021 01:35:51 +0000
Subject: [PATCH] Add apexd_config_prop type

This type is used for properties that provides per-device configuration
for apexd behaviour (so far - timeouts for creating/deleting dm device).

Test: builds
Bug: 182296338
Change-Id: Ib815f081d3ab94aa8c941ac68b57ebe661acedb9
---
 private/apexd.te                    |  3 +++
 private/compat/30.0/30.0.ignore.cil |  1 +
 private/property.te                 | 12 ++++++++++++
 private/property_contexts           |  2 ++
 public/property.te                  |  1 +
 5 files changed, 19 insertions(+)

diff --git a/private/apexd.te b/private/apexd.te
index a2a77abcd..d65de1968 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -158,6 +158,9 @@ allow apexd toolbox_exec:file rx_file_perms;
 # apexd uses it to decide whether it needs to keep retrying polling for loop device.
 get_prop(apexd, cold_boot_done_prop)
 
+# Allow apexd to read per-device configuration properties.
+get_prop(apexd, apexd_config_prop)
+
 neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index cbee4b70e..82d882e96 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -13,6 +13,7 @@
     apex_info_file
     apex_ota_reserved_file
     apex_scheduling_data_file
+    apexd_config_prop
     app_hibernation_service
     appcompat_data_file
     arm64_memtag_prop
diff --git a/private/property.te b/private/property.te
index e43562815..9ec2a1acc 100644
--- a/private/property.te
+++ b/private/property.te
@@ -601,3 +601,15 @@ neverallow {
   -init
   -shell
 } rollback_test_prop:property_service set;
+
+# Only init and vendor_init are allowed to set apexd_config_prop
+neverallow { domain -init -vendor_init } apexd_config_prop:property_service set;
+
+# apexd_config properties should only be read by apexd, and dumpstate (to appear in bugreports).
+neverallow {
+  domain
+  -apexd
+  -init
+  -dumpstate
+  -vendor_init
+} apexd_config_prop:file no_rw_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index 98ac9bfa1..4120b51c3 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -244,6 +244,8 @@ persist.device_config.window_manager_native_boot.   u:object_r:device_config_win
 persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
 
 apexd.                  u:object_r:apexd_prop:s0
+apexd.config.dm_delete.timeout           u:object_r:apexd_config_prop:s0 exact uint
+apexd.config.dm_create.timeout           u:object_r:apexd_config_prop:s0 exact uint
 persist.apexd.          u:object_r:apexd_prop:s0
 
 bpf.progs_loaded        u:object_r:bpf_progs_loaded_prop:s0
diff --git a/public/property.te b/public/property.te
index 506e98585..db5d75444 100644
--- a/public/property.te
+++ b/public/property.te
@@ -112,6 +112,7 @@ compatible_property_only(`
 ')
 
 # Properties which can be written only by vendor_init
+system_vendor_config_prop(apexd_config_prop)
 system_vendor_config_prop(aaudio_config_prop)
 system_vendor_config_prop(apk_verity_prop)
 system_vendor_config_prop(audio_config_prop)