misctrl: add a property
misctrl can set properties which can be injected into bugreports. Limit visibility of these properties so that no device code can branch based off these properties. Bug: 317262681 Test: bugreport Change-Id: I74f6f240b08b2681540bca262dcc76bcdca9cdad
This commit is contained in:
Steven Moreland
parent
b4f42d449b
commit
9f41fc081f
4 changed files with 21 additions and 0 deletions
|
|
@ -68,6 +68,8 @@ binder_call(dumpstate, ot_daemon)
|
|||
# Collect metrics on boot time created by init
|
||||
get_prop(dumpstate, boottime_prop)
|
||||
|
||||
get_prop(dumpstate, misctrl_prop)
|
||||
|
||||
# Signal native processes to dump their stack.
|
||||
allow dumpstate {
|
||||
mediatranscoding
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ allow misctrl misc_block_device:blk_file rw_file_perms;
|
|||
allow misctrl block_device:dir r_dir_perms;
|
||||
read_fstab(misctrl)
|
||||
|
||||
set_prop(misctrl, misctrl_prop)
|
||||
|
||||
# bootloader_message tries to find the fstab in the device config path first,
|
||||
# but because we've already booted up we can use the ro.boot properties instead,
|
||||
# so we can just ignore the SELinux denial.
|
||||
|
|
|
|||
|
|
@ -35,6 +35,7 @@ system_internal_prop(net_connectivity_prop)
|
|||
system_internal_prop(netd_stable_secret_prop)
|
||||
system_internal_prop(next_boot_prop)
|
||||
system_internal_prop(odsign_prop)
|
||||
system_internal_prop(misctrl_prop)
|
||||
system_internal_prop(perf_drop_caches_prop)
|
||||
system_internal_prop(pm_prop)
|
||||
system_internal_prop(profcollectd_node_id_prop)
|
||||
|
|
@ -185,6 +186,21 @@ neverallow {
|
|||
userdebug_or_eng(`-su')
|
||||
} init_svc_debug_prop:file no_rw_file_perms;
|
||||
|
||||
# DO NOT ADD: compat risk
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-dumpstate
|
||||
-misctrl
|
||||
userdebug_or_eng(`-su')
|
||||
} misctrl_prop:file no_rw_file_perms;
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-misctrl
|
||||
userdebug_or_eng(`-su')
|
||||
} misctrl_prop:property_service set;
|
||||
|
||||
compatible_property_only(`
|
||||
# Prevent properties from being set
|
||||
neverallow {
|
||||
|
|
|
|||
|
|
@ -98,6 +98,7 @@ ro.boot.btmacaddr u:object_r:bluetooth_prop:s0
|
|||
ro.boot.serialno u:object_r:serialno_prop:s0
|
||||
ro.bt. u:object_r:bluetooth_prop:s0
|
||||
ro.boot.bootreason u:object_r:bootloader_boot_reason_prop:s0
|
||||
ro.misctrl. u:object_r:misctrl_prop:s0
|
||||
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
|
||||
sys.boot.reason u:object_r:system_boot_reason_prop:s0
|
||||
sys.boot.reason.last u:object_r:last_boot_reason_prop:s0
|
||||
|
|
|
|||
Loading…
Reference in a new issue