Merge "Allow microdroid_manager to set dev.bootcomplete" am: 0d66aff97f

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2084003

Change-Id: Ia5154c7c853f195507272f94ce54a6961343c85d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

microdroid/system/private/microdroid_manager.te

@@ -6,6 +6,9 @@ type microdroid_manager_exec, exec_type, file_type, system_file_type;
 # allow domain transition from init
 init_daemon_domain(microdroid_manager)
 
+# Allow microdroid_manager to set boot status
+set_prop(microdroid_manager, boot_status_prop)
+
 # microdroid_manager accesses a virtual disk block device to read VM payload
 # It needs write access as it updates the instance image
 allow microdroid_manager block_device:dir r_dir_perms;

microdroid/system/private/property.te

@@ -1,3 +1,5 @@
+system_restricted_prop(boot_status_prop)
+
 # Declare ART properties for CompOS
 system_public_prop(dalvik_config_prop)
 system_restricted_prop(device_config_runtime_native_prop)

microdroid/system/private/property_contexts

@@ -41,6 +41,8 @@ service.adb.root u:object_r:shell_prop:s0 exact bool
 ro.logd.kernel u:object_r:logd_prop:s0 exact bool
 logd.ready     u:object_r:logd_prop:s0 exact bool
 
+dev.bootcomplete   u:object_r:boot_status_prop:s0 exact bool
+
 ro.config.low_ram u:object_r:build_prop:s0 exact bool
 
 ro.boottime.adbd                      u:object_r:boottime_prop:s0 exact int

microdroid/system/private/shell.te

@@ -35,6 +35,7 @@ allow shell dev_type:blk_file getattr;
 dontaudit shell sysfs:dir r_dir_perms;
 
 # Test tool tries to read various service status properties.
+get_prop(shell, boot_status_prop)
 get_prop(shell, init_service_status_prop)
 get_prop(shell, init_service_status_private_prop)