Merge "Allow the ART boot oneshot service to configure ART config properties." into udc-dev am: 4f2b8ce361

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/sepolicy/+/23131204

Change-Id: Idb0edb8c39f038d7d21e8c1c41c486d0b34a5e99
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

apex/com.android.art-file_contexts

@@ -2,6 +2,7 @@
 # System files
 #
 (/.*)?                         u:object_r:system_file:s0
+/bin/art_boot                  u:object_r:art_boot_exec:s0
 /bin/art_exec                  u:object_r:art_exec_exec:s0
 /bin/artd                      u:object_r:artd_exec:s0
 /bin/dex2oat(32|64)?           u:object_r:dex2oat_exec:s0

apex/com.android.art.debug-file_contexts

@@ -2,6 +2,7 @@
 # System files
 #
 (/.*)?                         u:object_r:system_file:s0
+/bin/art_boot                  u:object_r:art_boot_exec:s0
 /bin/art_exec                  u:object_r:art_exec_exec:s0
 /bin/artd                      u:object_r:artd_exec:s0
 /bin/dex2oat(d)?(32|64)?       u:object_r:dex2oat_exec:s0

prebuilts/api/34.0/private/art_boot.te

@@ -0,0 +1,9 @@
+# ART boot oneshot service
+type art_boot, domain, coredomain;
+type art_boot_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(art_boot)
+
+# Allow ART to set its config properties at boot, mainly to be able to propagate
+# experiment flags to properties that only may change at boot.
+set_prop(art_boot, dalvik_config_prop_type)

prebuilts/api/34.0/private/compat/33.0/33.0.ignore.cil

@@ -7,6 +7,8 @@
   ( new_objects
     adaptive_haptics_prop
     apex_ready_prop
+    art_boot
+    art_boot_exec
     artd
     bt_device
     build_attestation_prop

prebuilts/api/34.0/private/domain.te

@@ -539,6 +539,10 @@ neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
 # Do not allow reading the last boot timestamp from system properties
 neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
 
+# Allow ART to set its config properties in its oneshot boot service, in
+# addition to the common init and vendor_init access.
+neverallow { domain -art_boot -init -vendor_init } dalvik_config_prop:property_service set;
+
 # Kprobes should only be used by adb root
 neverallow { domain -init -vendor_init } debugfs_kprobes:file *;
 

prebuilts/api/34.0/public/property.te

@@ -147,7 +147,6 @@ system_vendor_config_prop(charger_config_prop)
 system_vendor_config_prop(codec2_config_prop)
 system_vendor_config_prop(composd_vm_vendor_prop)
 system_vendor_config_prop(cpu_variant_prop)
-system_vendor_config_prop(dalvik_config_prop)
 system_vendor_config_prop(debugfs_restriction_prop)
 system_vendor_config_prop(drm_service_config_prop)
 system_vendor_config_prop(exported_camera_prop)
@@ -210,6 +209,7 @@ system_public_prop(ctl_default_prop)
 system_public_prop(ctl_interface_start_prop)
 system_public_prop(ctl_start_prop)
 system_public_prop(ctl_stop_prop)
+system_public_prop(dalvik_config_prop)
 system_public_prop(dalvik_dynamic_config_prop)
 system_public_prop(dalvik_runtime_prop)
 system_public_prop(debug_prop)

prebuilts/api/34.0/public/vendor_init.te

@@ -235,6 +235,7 @@ set_prop(vendor_init, bluetooth_config_prop)
 set_prop(vendor_init, camera2_extensions_prop)
 set_prop(vendor_init, camerax_extensions_prop)
 set_prop(vendor_init, cpu_variant_prop)
+set_prop(vendor_init, dalvik_config_prop)
 set_prop(vendor_init, dalvik_dynamic_config_prop)
 set_prop(vendor_init, dalvik_runtime_prop)
 set_prop(vendor_init, debug_prop)

private/art_boot.te

@@ -0,0 +1,9 @@
+# ART boot oneshot service
+type art_boot, domain, coredomain;
+type art_boot_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(art_boot)
+
+# Allow ART to set its config properties at boot, mainly to be able to propagate
+# experiment flags to properties that only may change at boot.
+set_prop(art_boot, dalvik_config_prop_type)

private/compat/33.0/33.0.ignore.cil

@@ -7,6 +7,8 @@
   ( new_objects
     adaptive_haptics_prop
     apex_ready_prop
+    art_boot
+    art_boot_exec
     artd
     bt_device
     build_attestation_prop

private/domain.te

@@ -539,6 +539,10 @@ neverallow { domain -coredomain } pm_prop:file no_rw_file_perms;
 # Do not allow reading the last boot timestamp from system properties
 neverallow { domain -init -system_server -dumpstate } firstboot_prop:file r_file_perms;
 
+# Allow ART to set its config properties in its oneshot boot service, in
+# addition to the common init and vendor_init access.
+neverallow { domain -art_boot -init -vendor_init } dalvik_config_prop:property_service set;
+
 # Kprobes should only be used by adb root
 neverallow { domain -init -vendor_init } debugfs_kprobes:file *;
 

public/property.te

@@ -147,7 +147,6 @@ system_vendor_config_prop(charger_config_prop)
 system_vendor_config_prop(codec2_config_prop)
 system_vendor_config_prop(composd_vm_vendor_prop)
 system_vendor_config_prop(cpu_variant_prop)
-system_vendor_config_prop(dalvik_config_prop)
 system_vendor_config_prop(debugfs_restriction_prop)
 system_vendor_config_prop(drm_service_config_prop)
 system_vendor_config_prop(exported_camera_prop)
@@ -210,6 +209,7 @@ system_public_prop(ctl_default_prop)
 system_public_prop(ctl_interface_start_prop)
 system_public_prop(ctl_start_prop)
 system_public_prop(ctl_stop_prop)
+system_public_prop(dalvik_config_prop)
 system_public_prop(dalvik_dynamic_config_prop)
 system_public_prop(dalvik_runtime_prop)
 system_public_prop(debug_prop)

public/vendor_init.te

@@ -235,6 +235,7 @@ set_prop(vendor_init, bluetooth_config_prop)
 set_prop(vendor_init, camera2_extensions_prop)
 set_prop(vendor_init, camerax_extensions_prop)
 set_prop(vendor_init, cpu_variant_prop)
+set_prop(vendor_init, dalvik_config_prop)
 set_prop(vendor_init, dalvik_dynamic_config_prop)
 set_prop(vendor_init, dalvik_runtime_prop)
 set_prop(vendor_init, debug_prop)