Add rules for snapshotctl map/unmap.

This change adds rules for system properties "sys.snapshotctl.map" and "sys.snapshotctl.unmap", for controlling snapshotctl. This change also adds the missing rules for snapshotctl to perform its job. Initially, the rules for snapshotctl were added by http://r.android.com/1126904, for running snapshotctl through init (http://r.android.com/1123645). However, the trigger was then removed by http://r.android.com/1239286. Since then, snapshotctl can be only run by the root shell, in which case it is run in the "su" domain, so the rules are not tested and therefore get stale over time. To make snapshotctl function properly when run by init, we need to add the missing rules. Bug: 311377497 Test: adb shell setprop sys.snapshotctl.map requested Test: adb shell setprop sys.snapshotctl.unmap requested Change-Id: I304be6e1825a6768f757d74b3365c4d759b9d07e
2024-03-08 18:36:03 +00:00 · 2024-03-08 18:36:03 +00:00 · b9cf68a2f5
commit b9cf68a2f5
parent 489766292a
4 changed files with 35 additions and 0 deletions
--- a/private/property.te
+++ b/private/property.te
@ -44,6 +44,7 @@ system_internal_prop(radio_cdma_ecm_prop)
 system_internal_prop(remote_prov_prop)
 system_internal_prop(rollback_test_prop)
 system_internal_prop(setupwizard_prop)
+system_internal_prop(snapshotctl_prop)
 system_internal_prop(snapuserd_prop)
 system_internal_prop(system_adbd_prop)
 system_internal_prop(system_audio_config_prop)
--- a/private/property_contexts
+++ b/private/property_contexts
@ -1659,3 +1659,7 @@ crashrecovery.rescue_boot_count u:object_r:crashrecovery_prop:s0 exact int
 crashrecovery.rescue_boot_start u:object_r:crashrecovery_prop:s0 exact int
 persist.crashrecovery.enable_rescue u:object_r:crashrecovery_prop:s0 exact bool
 persist.crashrecovery.last_factory_reset u:object_r:crashrecovery_prop:s0 exact int
+
+# Properties for controlling snapshotctl.
+sys.snapshotctl.map u:object_r:snapshotctl_prop:s0 exact string
+sys.snapshotctl.unmap u:object_r:snapshotctl_prop:s0 exact string
--- a/private/snapshotctl.te
+++ b/private/snapshotctl.te
@ -43,3 +43,22 @@ userdebug_or_eng(`
  allow snapshotctl snapshotctl_log_data_file:dir rw_dir_perms;
  allow snapshotctl snapshotctl_log_data_file:file create_file_perms;
 ')
+
+# Allow to read /proc/bootconfig.
+allow snapshotctl proc_bootconfig:file r_file_perms;
+
+# Allow to control snapuserd.
+set_prop(snapshotctl, ctl_snapuserd_prop)
+
+# Allow to read snapuserd.* properties.
+get_prop(snapshotctl, snapuserd_prop)
+
+# Allow to talk to snapuserd.
+allow snapshotctl snapuserd_socket:sock_file write;
+allow snapshotctl snapuserd:unix_stream_socket { connectto };
+
+# Allow to read /dev/block/dm-* (device-mapper) nodes.
+allow snapshotctl dm_device:blk_file r_file_perms;
+
+# Allow to read dm-user control nodes.
+allow snapshotctl dm_user_device:dir search;
--- a/private/snapuserd.te
+++ b/private/snapuserd.te
@ -71,3 +71,14 @@ allow snapuserd proc_stat:file r_file_perms;
 # io_uring. An Alternative would be to up the memlock rlimit for the snapuserd service.
 allow snapuserd self:capability ipc_lock;
 io_uring_use(snapuserd)
+
+# Disallow other domains controlling snapuserd.
+neverallow {
+  domain
+  -fastbootd
+  -init
+  -recovery
+  -shell
+  -snapshotctl
+  -update_engine
+} ctl_snapuserd_prop:property_service set;