diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te index 21731ccd3..432ab1310 100644 --- a/microdroid/system/private/microdroid_manager.te +++ b/microdroid/system/private/microdroid_manager.te @@ -6,6 +6,9 @@ type microdroid_manager_exec, exec_type, file_type, system_file_type; # allow domain transition from init init_daemon_domain(microdroid_manager) +# Allow microdroid_manager to set boot status +set_prop(microdroid_manager, boot_status_prop) + # microdroid_manager accesses a virtual disk block device to read VM payload # It needs write access as it updates the instance image allow microdroid_manager block_device:dir r_dir_perms; diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te index 01aa5e486..abb193fe7 100644 --- a/microdroid/system/private/property.te +++ b/microdroid/system/private/property.te @@ -1,3 +1,5 @@ +system_restricted_prop(boot_status_prop) + # Declare ART properties for CompOS system_public_prop(dalvik_config_prop) system_restricted_prop(device_config_runtime_native_prop) diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts index 68d6df528..b2113e261 100644 --- a/microdroid/system/private/property_contexts +++ b/microdroid/system/private/property_contexts @@ -41,6 +41,8 @@ service.adb.root u:object_r:shell_prop:s0 exact bool ro.logd.kernel u:object_r:logd_prop:s0 exact bool logd.ready u:object_r:logd_prop:s0 exact bool +dev.bootcomplete u:object_r:boot_status_prop:s0 exact bool + ro.config.low_ram u:object_r:build_prop:s0 exact bool ro.boottime.adbd u:object_r:boottime_prop:s0 exact int diff --git a/microdroid/system/private/shell.te b/microdroid/system/private/shell.te index c93b488ad..d6c3c0d38 100644 --- a/microdroid/system/private/shell.te +++ b/microdroid/system/private/shell.te @@ -35,6 +35,7 @@ allow shell dev_type:blk_file getattr; dontaudit shell sysfs:dir r_dir_perms; # Test tool tries to read various service status properties. +get_prop(shell, boot_status_prop) get_prop(shell, init_service_status_prop) get_prop(shell, init_service_status_private_prop)