Merge "[GWP-ASan] Add sysprop, allow shell and system apps to set it."
This commit is contained in:
Mitch Phillips
Gerrit Code Review
commit
800e948e61
6 changed files with 14 additions and 3 deletions
|
|
@ -29,6 +29,7 @@
|
|||
fs_bpf_vendor
|
||||
game_mode_intervention_list_file
|
||||
gesture_prop
|
||||
gwp_asan_prop
|
||||
hal_contexthub_service
|
||||
hal_camera_service
|
||||
hal_evs_service
|
||||
|
|
|
|||
|
|
@ -415,9 +415,9 @@ neverallow {
|
|||
libc_debug_prop
|
||||
}:property_service set;
|
||||
|
||||
# Allow the shell to set MTE props, so that non-root users with adb shell
|
||||
# access can control the settings on their device.
|
||||
# Allow system apps to set MTE props, so Developer Options can set them.
|
||||
# Allow the shell to set MTE & GWP-ASan props, so that non-root users with adb
|
||||
# shell access can control the settings on their device. Allow system apps to
|
||||
# set MTE props, so Developer Options can set them.
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
|
|
@ -425,6 +425,7 @@ neverallow {
|
|||
-system_app
|
||||
} {
|
||||
arm64_memtag_prop
|
||||
gwp_asan_prop
|
||||
}:property_service set;
|
||||
|
||||
neverallow {
|
||||
|
|
|
|||
|
|
@ -726,6 +726,10 @@ libc.debug.malloc.options u:object_r:libc_debug_prop:s0 exact string
|
|||
libc.debug.malloc.program u:object_r:libc_debug_prop:s0 exact string
|
||||
libc.debug.hooks.enable u:object_r:libc_debug_prop:s0 exact string
|
||||
|
||||
# GWP-ASan props. Separate from other libc.debug.* props, because we want users
|
||||
# to be able to set them from `adb shell` even on release devices.
|
||||
libc.debug.gwp_asan. u:object_r:gwp_asan_prop:s0 prefix string
|
||||
|
||||
# shell-only props for ARM memory tagging (MTE).
|
||||
arm64.memtag. u:object_r:arm64_memtag_prop:s0 prefix string
|
||||
persist.arm64.memtag.default u:object_r:arm64_memtag_prop:s0 exact string
|
||||
|
|
|
|||
|
|
@ -231,3 +231,6 @@ virtualizationservice_use(shell)
|
|||
|
||||
# Allow shell to set persist.wm.debug properties
|
||||
userdebug_or_eng(`set_prop(shell, persist_wm_debug_prop)')
|
||||
|
||||
# Allow shell to write GWP-ASan properties even on user builds.
|
||||
set_prop(shell, gwp_asan_prop)
|
||||
|
|
|
|||
|
|
@ -116,6 +116,7 @@ get_prop(domain, exported_dumpstate_prop)
|
|||
get_prop(domain, exported_secure_prop)
|
||||
get_prop(domain, exported_system_prop)
|
||||
get_prop(domain, fingerprint_prop)
|
||||
get_prop(domain, gwp_asan_prop)
|
||||
get_prop(domain, hal_instrumentation_prop)
|
||||
get_prop(domain, hw_timeout_multiplier_prop)
|
||||
get_prop(domain, init_service_status_prop)
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ system_restricted_prop(device_config_runtime_native_boot_prop)
|
|||
system_restricted_prop(device_config_runtime_native_prop)
|
||||
system_restricted_prop(device_config_surface_flinger_native_boot_prop)
|
||||
system_restricted_prop(fingerprint_prop)
|
||||
system_restricted_prop(gwp_asan_prop)
|
||||
system_restricted_prop(hal_instrumentation_prop)
|
||||
system_restricted_prop(hypervisor_prop)
|
||||
system_restricted_prop(init_service_status_prop)
|
||||
|
|
|
|||
Loading…
Reference in a new issue