Merge "Add selinux rules for userspace reboot related properties" am: a0bba66aac

am: dd0c37574b Change-Id: Ibd5221289c2148b07616c592004b27857cec4c48
2019-11-20 05:19:47 -08:00 · 2019-11-20 05:19:47 -08:00 · afa9a3034e
commit afa9a3034e
parent 26143a074b dd0c37574b
7 changed files with 16 additions and 0 deletions
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@ -34,6 +34,8 @@
    system_group_file
    system_passwd_file
    timezonedetector_service
+    userspace_reboot_prop
+    userspace_reboot_exported_prop
    vendor_apex_file
    vendor_boringssl_self_test
    vendor_install_recovery
--- a/private/domain.te
+++ b/private/domain.te
@ -73,6 +73,8 @@ compatible_property_only(`
    get_prop({coredomain appdomain shell}, exported3_default_prop)
    get_prop({coredomain appdomain shell}, exported3_radio_prop)
    get_prop({coredomain appdomain shell}, exported3_system_prop)
+    get_prop({coredomain shell}, userspace_reboot_exported_prop)
+    get_prop({coredomain shell}, userspace_reboot_prop)
    get_prop({domain -coredomain -appdomain}, vendor_default_prop)
 ')

--- a/private/init.te
+++ b/private/init.te
@ -32,3 +32,9 @@ userdebug_or_eng(`

 # Allow the BoringSSL self test to request a reboot upon failure
 set_prop(init, powerctl_prop)
+
+# Only init is allowed to set userspace reboot related properties.
+set_prop(init, userspace_reboot_prop)
+set_prop(init, userspace_reboot_exported_prop)
+neverallow { domain -init } userspace_reboot_prop:property_service set;
+neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
--- a/private/property_contexts
+++ b/private/property_contexts
@ -22,6 +22,7 @@ ro.runtime.firstboot    u:object_r:firstboot_prop:s0
 hw.                     u:object_r:system_prop:s0
 ro.hw.                  u:object_r:system_prop:s0
 sys.                    u:object_r:system_prop:s0
+sys.init.userspace_reboot   u:object_r:userspace_reboot_prop:s0
 sys.cppreopt            u:object_r:cppreopt_prop:s0
 sys.linker.             u:object_r:linker_prop:s0
 sys.lpdumpd             u:object_r:lpdumpd_prop:s0
--- a/public/property.te
+++ b/public/property.te
@ -17,6 +17,7 @@ system_internal_prop(init_svc_debug_prop)
 system_internal_prop(last_boot_reason_prop)
 system_internal_prop(netd_stable_secret_prop)
 system_internal_prop(pm_prop)
+system_internal_prop(userspace_reboot_prop)

 compatible_property_only(`
    # DO NOT ADD ANY PROPERTIES HERE
@ -62,6 +63,7 @@ system_restricted_prop(linker_prop)
 system_restricted_prop(nnapi_ext_deny_product_prop)
 system_restricted_prop(restorecon_prop)
 system_restricted_prop(system_boot_reason_prop)
+system_restricted_prop(userspace_reboot_exported_prop)

 compatible_property_only(`
    # DO NOT ADD ANY PROPERTIES HERE
--- a/public/property_contexts
+++ b/public/property_contexts
@ -269,6 +269,7 @@ ro.revision u:object_r:exported2_default_prop:s0 exact string
 ro.secure u:object_r:exported_secure_prop:s0 exact int
 service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
 sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
+sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool
 sys.use_memfd u:object_r:use_memfd_prop:s0 exact bool
 vold.decrypt u:object_r:exported_vold_prop:s0 exact string

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -220,6 +220,8 @@ not_compatible_property(`
      -nnapi_ext_deny_product_prop
      -init_svc_debug_prop
      -linker_prop
+      -userspace_reboot_exported_prop
+      -userspace_reboot_prop
    })
 ')