Merge "Add framework_watchdog_config_prop" am: 1b2d790bc4 am: 8b3a1f1288 am: 6b2ee2e679 am: ab8ea8e552

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1317535 Change-Id: I455aefc43704b6610c741c281dfdc36d6eaa3e79
2020-10-15 09:03:16 +00:00 · 2020-10-15 09:03:16 +00:00 · 89bdebac9a
commit 89bdebac9a
parent 8ffa507458 ab8ea8e552
4 changed files with 13 additions and 0 deletions
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -12,6 +12,7 @@
    debugfs_kprobes
    device_state_service
    dmabuf_system_heap_device
+    framework_watchdog_config_prop
    gki_apex_prepostinstall
    gki_apex_prepostinstall_exec
    hal_face_service
--- a/private/property_contexts
+++ b/private/property_contexts
@ -868,6 +868,10 @@ cache_key.bluetooth.                     u:object_r:binder_cache_bluetooth_serve
 cache_key.system_server.                 u:object_r:binder_cache_system_server_prop:s0 prefix string
 cache_key.telephony.                     u:object_r:binder_cache_telephony_server_prop:s0 prefix string

+# Framework watchdog configuration properties.
+framework_watchdog.fatal_count                u:object_r:framework_watchdog_config_prop:s0 exact int
+framework_watchdog.fatal_window.second        u:object_r:framework_watchdog_config_prop:s0 exact int
+
 gsm.sim.operator.numeric       u:object_r:telephony_status_prop:s0 exact string
 persist.radio.airplane_mode_on u:object_r:telephony_status_prop:s0 exact bool

--- a/private/system_server.te
+++ b/private/system_server.te
@ -1020,6 +1020,13 @@ get_prop(system_server, wifi_config_prop)
 # Only system server can access BINDER_FREEZE and BINDER_GET_FROZEN_INFO
 allowxperm system_server binder_device:chr_file ioctl { BINDER_FREEZE BINDER_GET_FROZEN_INFO };

+# Watchdog prints debugging log to /dev/kmsg_debug.
+userdebug_or_eng(`
+  allow system_server kmsg_debug_device:chr_file { open append getattr };
+')
+# Watchdog reads sysprops framework_watchdog.fatal_* to handle watchdog timeout loop.
+get_prop(system_server, framework_watchdog_config_prop)
+
 ###
 ### Neverallow rules
 ###
--- a/public/property.te
+++ b/public/property.te
@ -126,6 +126,7 @@ system_vendor_config_prop(exported_camera_prop)
 system_vendor_config_prop(exported_config_prop)
 system_vendor_config_prop(exported_default_prop)
 system_vendor_config_prop(ffs_config_prop)
+system_vendor_config_prop(framework_watchdog_config_prop)
 system_vendor_config_prop(graphics_config_prop)
 system_vendor_config_prop(hdmi_config_prop)
 system_vendor_config_prop(incremental_prop)