Add persist.sysui.notification.builder_extras_ovrd

Adds persist.sysui.notification.builder_extras_override property and associated permissions, which will be used to flag guard a change in core/...Notification.java. Permissions are limited in scope to avoid unnecessary access. Apps may need to read the flag (because Notification.java is a core library), but setting should only be possible internally (and via debug shell). Test: manual flash+adb setprop/getprop Bug: 169435530 Change-Id: I3f7e2220798d22c90f4326570732a52b0deeb54d
2023-03-23 02:19:22 +00:00 · 2023-03-23 02:19:22 +00:00 · 829d974505
commit 829d974505
parent 3e86cee7c4
7 changed files with 19 additions and 0 deletions
--- a/private/app.te
+++ b/private/app.te
@ -46,6 +46,7 @@ get_prop(appdomain, vold_config_prop)
 get_prop(appdomain, adbd_config_prop)
 get_prop(appdomain, dck_prop)
 get_prop(appdomain, persist_wm_debug_prop)
+get_prop(appdomain, persist_sysui_builder_extras_prop)

 # Allow ART to be configurable via device_config properties
 # (ART "runs" inside the app process)
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@ -48,6 +48,7 @@
    fuseblkd
    fuseblkd_exec
    permissive_mte_prop
+    persist_sysui_builder_extras_prop
    prng_seeder
    recovery_usb_config_prop
    remote_provisioning_service
--- a/private/platform_app.te
+++ b/private/platform_app.te
@ -45,6 +45,10 @@ userdebug_or_eng(`
 ')
 neverallow { domain -init -dumpstate userdebug_or_eng(`-domain') } persist_wm_debug_prop:property_service set;

+userdebug_or_eng(`
+  set_prop(platform_app, persist_sysui_builder_extras_prop)
+')
+
 # com.android.captiveportallogin reads /proc/vmstat
 allow platform_app {
  proc_vmstat
@ -122,5 +126,7 @@ virtualizationservice_use(platform_app)
 ### Neverallow rules
 ###

+neverallow { domain -init userdebug_or_eng(`-shell -platform_app') } persist_sysui_builder_extras_prop:property_service set;
+
 # app domains which access /dev/fuse should not run as platform_app
 neverallow platform_app fuse_device:chr_file *;
--- a/private/property.te
+++ b/private/property.te
@ -54,6 +54,7 @@ system_internal_prop(ctl_apex_load_prop)
 # Properties which can't be written outside system
 system_restricted_prop(device_config_virtualization_framework_native_prop)
 system_restricted_prop(log_file_logger_prop)
+system_restricted_prop(persist_sysui_builder_extras_prop)

 ###
 ### Neverallow rules
--- a/private/property_contexts
+++ b/private/property_contexts
@ -1534,3 +1534,6 @@ vibrator.adaptive_haptics.enabled u:object_r:adaptive_haptics_prop:s0 exact stri

 # UVC Gadget property
 ro.usb.uvc.enabled      u:object_r:usb_uvc_enabled_prop:s0 exact bool
+
+# System UI notification properties
+persist.sysui.notification.builder_extras_override u:object_r:persist_sysui_builder_extras_prop:s0 exact bool
--- a/private/shell.te
+++ b/private/shell.te
@ -243,3 +243,7 @@ userdebug_or_eng(`set_prop(shell, persist_wm_debug_prop)')

 # Allow shell to write GWP-ASan properties even on user builds.
 set_prop(shell, gwp_asan_prop)
+
+# Allow shell to set persist.sysui.notification.builder_extras_override property
+userdebug_or_eng(`set_prop(shell, persist_sysui_builder_extras_prop)')
+
--- a/private/system_server.te
+++ b/private/system_server.te
@ -836,6 +836,9 @@ get_prop(system_server, hypervisor_prop)
 # Read persist.wm.debug. properties
 get_prop(system_server, persist_wm_debug_prop)

+# Read persist.sysui.notification.builder_extras_override property
+get_prop(system_server, persist_sysui_builder_extras_prop)
+
 # Read ro.tuner.lazyhal
 get_prop(system_server, tuner_config_prop)
 # Write tuner.server.enable