Merge "Add adbd_prop, system_adbd_prop property types." am: b8c108e15f

Change-Id: Ifa7434a88ab72902166587c892b9dc466573ffdc
2020-02-21 00:41:57 +00:00 · 2020-02-21 00:41:57 +00:00 · 76cd6f8ff8
commit 76cd6f8ff8
parent b7749f2b1e b8c108e15f
5 changed files with 34 additions and 3 deletions
--- a/private/adbd.te
+++ b/private/adbd.te
@ -87,6 +87,9 @@ set_prop(adbd, powerctl_prop)
 set_prop(adbd, ffs_prop)
 set_prop(adbd, exported_ffs_prop)

+# Set service.adb.tls.port, persist.adb.wifi. properties
+set_prop(adbd, adbd_prop)
+
 # Access device logging gating property
 get_prop(adbd, device_logging_prop)

@ -96,6 +99,9 @@ get_prop(adbd, serialno_prop)
 # Read whether or not Test Harness Mode is enabled
 get_prop(adbd, test_harness_prop)

+# Read persist.adb.tls_server.enable property
+get_prop(adbd, system_adbd_prop)
+
 # Read device's overlayfs related properties and files
 userdebug_or_eng(`
  get_prop(adbd, persistent_properties_ready_prop)
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@ -8,6 +8,7 @@
    aidl_lazy_test_server
    aidl_lazy_test_server_exec
    aidl_lazy_test_service
+    adbd_prop
    apex_module_data_file
    apex_permission_data_file
    apex_rollback_data_file
@ -79,6 +80,7 @@
    socket_hook_prop
    soundtrigger_middleware_service
    sysfs_dm_verity
+    system_adbd_prop
    system_config_service
    system_group_file
    system_jvmti_agent_prop
--- a/private/property_contexts
+++ b/private/property_contexts
@ -47,7 +47,9 @@ log.tag.WifiHAL         u:object_r:wifi_log_prop:s0
 security.perf_harden    u:object_r:shell_prop:s0
 service.adb.root        u:object_r:shell_prop:s0
 service.adb.tcp.port    u:object_r:shell_prop:s0
-persist.adb.wifi.       u:object_r:shell_prop:s0
+service.adb.tls.port    u:object_r:adbd_prop:s0
+persist.adb.wifi.       u:object_r:adbd_prop:s0
+persist.adb.tls_server.enable  u:object_r:system_adbd_prop:s0

 persist.audio.          u:object_r:audio_prop:s0
 persist.bluetooth.      u:object_r:bluetooth_prop:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -854,8 +854,11 @@ allow system_server adbd:unix_stream_socket connectto;
 allow system_server adbd:fd use;
 allow system_server adbd:unix_stream_socket { getattr getopt ioctl read write shutdown };

-# Read persist.adb.wifi. properties
-get_prop(system_server, shell_prop)
+# Read service.adb.tls.port, persist.adb.wifi. properties
+get_prop(system_server, adbd_prop)
+
+# Set persist.adb.tls_server.enable property
+set_prop(system_server, system_adbd_prop)

 # Allow invoking tools like "timeout"
 allow system_server toolbox_exec:file rx_file_perms;
--- a/public/property.te
+++ b/public/property.te
@ -20,6 +20,8 @@ system_internal_prop(last_boot_reason_prop)
 system_internal_prop(netd_stable_secret_prop)
 system_internal_prop(pm_prop)
 system_internal_prop(userspace_reboot_log_prop)
+system_internal_prop(system_adbd_prop)
+system_internal_prop(adbd_prop)

 compatible_property_only(`
    # DO NOT ADD ANY PROPERTIES HERE
@ -566,3 +568,19 @@ neverallow {
 } {
  userspace_reboot_log_prop
 }:property_service set;
+
+neverallow {
+  # Only allow init and system_server to set system_adbd_prop
+  -init
+  -system_server
+} {
+  system_adbd_prop
+}:property_service set;
+
+neverallow {
+  # Only allow init and adbd to set adbd_prop
+  -init
+  -adbd
+} {
+  adbd_prop
+}:property_service set;