diff --git a/prebuilts/api/202404/private/compat/34.0/34.0.ignore.cil b/prebuilts/api/202404/private/compat/34.0/34.0.ignore.cil index 6dc155c17..5f835a4cb 100644 --- a/prebuilts/api/202404/private/compat/34.0/34.0.ignore.cil +++ b/prebuilts/api/202404/private/compat/34.0/34.0.ignore.cil @@ -27,6 +27,7 @@ virtual_camera_service ot_daemon_service ot_daemon_socket + pm_archiving_enabled_prop remote_auth_service security_state_service sensitive_content_protection_service diff --git a/prebuilts/api/202404/private/priv_app.te b/prebuilts/api/202404/private/priv_app.te index a2f02c2e8..f1ecfac91 100644 --- a/prebuilts/api/202404/private/priv_app.te +++ b/prebuilts/api/202404/private/priv_app.te @@ -296,3 +296,6 @@ neverallow priv_app *:{ # Allow priv apps to report off body events to keystore2. allow priv_app keystore:keystore2 report_off_body; + +# Allow priv_apps to check if archiving is enabled +get_prop(priv_app, pm_archiving_enabled_prop) diff --git a/prebuilts/api/202404/private/property.te b/prebuilts/api/202404/private/property.te index 5e718e5fb..2d030abd9 100644 --- a/prebuilts/api/202404/private/property.te +++ b/prebuilts/api/202404/private/property.te @@ -750,3 +750,10 @@ neverallow { -system_app -device_as_webcam } usb_uvc_enabled_prop:file no_rw_file_perms; + +neverallow { + domain + -init + -vendor_init +} pm_archiving_enabled_prop:property_service set; + diff --git a/prebuilts/api/202404/private/property_contexts b/prebuilts/api/202404/private/property_contexts index 3005d395b..1ddde237f 100644 --- a/prebuilts/api/202404/private/property_contexts +++ b/prebuilts/api/202404/private/property_contexts @@ -1642,6 +1642,9 @@ sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop # Properties for game manager service persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool +# Properties for app archiving +pm.archiving.enabled u:object_r:pm_archiving_enabled_prop:s0 exact bool + # Properties for ThreadNetworkService threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string diff --git a/prebuilts/api/202404/private/system_app.te b/prebuilts/api/202404/private/system_app.te index d76348012..338d85284 100644 --- a/prebuilts/api/202404/private/system_app.te +++ b/prebuilts/api/202404/private/system_app.te @@ -174,6 +174,9 @@ get_prop(system_app, oem_unlock_prop) # Settings app reads ro.usb.uvc.enabled get_prop(system_app, usb_uvc_enabled_prop) +# Settings and Launcher apps read pm.archiving.enabled +get_prop(system_app, pm_archiving_enabled_prop) + ### ### Neverallow rules ### diff --git a/prebuilts/api/202404/private/system_server.te b/prebuilts/api/202404/private/system_server.te index 72e741978..886499e07 100644 --- a/prebuilts/api/202404/private/system_server.te +++ b/prebuilts/api/202404/private/system_server.te @@ -1602,6 +1602,10 @@ neverallow { -system_server } threadnetwork_config_prop:file no_rw_file_perms; +# Allow system server to read pm.archiving.enabled prop +# TODO(azilio): Remove system property after archiving testing is completed. +get_prop(system_server, pm_archiving_enabled_prop) + # Do not allow any domain other than init or system server to get or set the property neverallow { domain -init -system_server } crashrecovery_prop:property_service set; neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms; diff --git a/prebuilts/api/202404/public/property.te b/prebuilts/api/202404/public/property.te index ce4e4113b..453a467b7 100644 --- a/prebuilts/api/202404/public/property.te +++ b/prebuilts/api/202404/public/property.te @@ -200,6 +200,7 @@ system_vendor_config_prop(dck_prop) system_vendor_config_prop(tuner_config_prop) system_vendor_config_prop(usb_uvc_enabled_prop) system_vendor_config_prop(setupwizard_mode_prop) +system_vendor_config_prop(pm_archiving_enabled_prop) # Properties with no restrictions system_public_prop(adbd_config_prop) diff --git a/private/compat/202404/202404.cil b/private/compat/202404/202404.cil index 2b775beee..02bbced1c 100644 --- a/private/compat/202404/202404.cil +++ b/private/compat/202404/202404.cil @@ -813,6 +813,7 @@ (expandtypeattribute (pipefs_202404) true) (expandtypeattribute (platform_app_202404) true) (expandtypeattribute (platform_compat_service_202404) true) +(expandtypeattribute (pm_archiving_enabled_prop_202404) true) (expandtypeattribute (pmsg_device_202404) true) (expandtypeattribute (port_202404) true) (expandtypeattribute (port_device_202404) true) @@ -2204,6 +2205,7 @@ (typeattributeset pipefs_202404 (pipefs)) (typeattributeset platform_app_202404 (platform_app)) (typeattributeset platform_compat_service_202404 (platform_compat_service)) +(typeattributeset pm_archiving_enabled_prop_202404 (pm_archiving_enabled_prop)) (typeattributeset pmsg_device_202404 (pmsg_device)) (typeattributeset port_202404 (port)) (typeattributeset port_device_202404 (port_device)) diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil index c5b9eddb9..1477766a0 100644 --- a/private/compat/34.0/34.0.ignore.cil +++ b/private/compat/34.0/34.0.ignore.cil @@ -27,6 +27,7 @@ virtual_camera_service ot_daemon_service ot_daemon_socket + pm_archiving_enabled_prop remote_auth_service security_state_service sensitive_content_protection_service diff --git a/private/priv_app.te b/private/priv_app.te index 5c3f351b2..9ba2c95d3 100644 --- a/private/priv_app.te +++ b/private/priv_app.te @@ -293,3 +293,6 @@ neverallow priv_app *:{ bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket } *; + +# Allow priv_apps to check if archiving is enabled +get_prop(priv_app, pm_archiving_enabled_prop) diff --git a/private/property.te b/private/property.te index 7c3d035d7..994594d5f 100644 --- a/private/property.te +++ b/private/property.te @@ -798,3 +798,9 @@ neverallow { -system_app -device_as_webcam } usb_uvc_enabled_prop:file no_rw_file_perms; + +neverallow { + domain + -init + -vendor_init +} pm_archiving_enabled_prop:property_service set; diff --git a/private/property_contexts b/private/property_contexts index e8d876a7f..662916966 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -1656,6 +1656,9 @@ sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop # Properties for game manager service persist.graphics.game_default_frame_rate.enabled u:object_r:game_manager_config_prop:s0 exact bool +# Properties for app archiving +pm.archiving.enabled u:object_r:pm_archiving_enabled_prop:s0 exact bool + # Properties for ThreadNetworkService threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string diff --git a/private/system_app.te b/private/system_app.te index af9d168af..9795746d0 100644 --- a/private/system_app.te +++ b/private/system_app.te @@ -174,6 +174,9 @@ get_prop(system_app, oem_unlock_prop) # Settings app reads ro.usb.uvc.enabled get_prop(system_app, usb_uvc_enabled_prop) +# Settings and Launcher apps read pm.archiving.enabled +get_prop(system_app, pm_archiving_enabled_prop) + # Settings app reads and writes the wifi blob database allow system_app connectivityblob_data_file:dir rw_dir_perms; allow system_app connectivityblob_data_file:file create_file_perms; diff --git a/private/system_server.te b/private/system_server.te index 5c210c38d..8ed485a5e 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -1629,6 +1629,10 @@ neverallow { -system_server } threadnetwork_config_prop:file no_rw_file_perms; +# Allow system server to read pm.archiving.enabled prop +# TODO(azilio): Remove system property after archiving testing is completed. +get_prop(system_server, pm_archiving_enabled_prop) + # Allow accessing /mnt/pre_reboot_dexopt/chroot, to load the new service-art.jar # in Pre-reboot Dexopt. allow system_server pre_reboot_dexopt_file:dir { getattr search }; diff --git a/public/property.te b/public/property.te index b5c7f8344..fd12d7f77 100644 --- a/public/property.te +++ b/public/property.te @@ -202,6 +202,7 @@ system_vendor_config_prop(dck_prop) system_vendor_config_prop(tuner_config_prop) system_vendor_config_prop(usb_uvc_enabled_prop) system_vendor_config_prop(setupwizard_mode_prop) +system_vendor_config_prop(pm_archiving_enabled_prop) # Properties with no restrictions system_public_prop(adbd_config_prop)