Allow zygotes and installd to read odsign properties
(cherry picked from commit f135ce393c)
Bug: 192049377
Test: manual
Ignore-AOSP-First: cherry pick of https://r.android.com/1753264
Change-Id: I3e8ee380fe38e1bd6cc90a568b10b97f877e68fa
This commit is contained in:
Orion Hodson
parent
b3b0d4da94
commit
be6873bd15
8 changed files with 24 additions and 0 deletions
|
|
@ -79,6 +79,9 @@ unix_socket_send(app_zygote, system_unsolzygote, system_server)
|
|||
get_prop(app_zygote, device_config_runtime_native_prop)
|
||||
get_prop(app_zygote, device_config_runtime_native_boot_prop)
|
||||
|
||||
# Allow app_zygote to access odsign verification status
|
||||
get_prop(app_zygote, odsign_prop)
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
|
|
|||
|
|
@ -40,6 +40,9 @@ get_prop(installd, device_config_runtime_native_boot_prop)
|
|||
# Allow installd to access apk verity feature flag (for legacy case).
|
||||
get_prop(installd, apk_verity_prop)
|
||||
|
||||
# Allow installd to access odsign verification status
|
||||
get_prop(installd, odsign_prop)
|
||||
|
||||
# Allow installd to delete files in /data/staging
|
||||
allow installd staging_data_file:file unlink;
|
||||
allow installd staging_data_file:dir { open read remove_name rmdir search write };
|
||||
|
|
|
|||
|
|
@ -87,6 +87,9 @@ unix_socket_send(webview_zygote, system_unsolzygote, system_server)
|
|||
get_prop(webview_zygote, device_config_runtime_native_prop)
|
||||
get_prop(webview_zygote, device_config_runtime_native_boot_prop)
|
||||
|
||||
# Allow webview_zygote to access odsign verification status
|
||||
get_prop(zygote, odsign_prop)
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
|
|
|||
|
|
@ -217,6 +217,9 @@ unix_socket_send(zygote, system_unsolzygote, system_server)
|
|||
# Allow zygote to access media_variant_prop for static initialization
|
||||
get_prop(zygote, media_variant_prop)
|
||||
|
||||
# Allow zygote to access odsign verification status
|
||||
get_prop(zygote, odsign_prop)
|
||||
|
||||
# Allow zygote to read ro.control_privapp_permissions and ro.cp_system_other_odex
|
||||
get_prop(zygote, packagemanager_config_prop)
|
||||
|
||||
|
|
|
|||
|
|
@ -79,6 +79,9 @@ unix_socket_send(app_zygote, system_unsolzygote, system_server)
|
|||
get_prop(app_zygote, device_config_runtime_native_prop)
|
||||
get_prop(app_zygote, device_config_runtime_native_boot_prop)
|
||||
|
||||
# Allow app_zygote to access odsign verification status
|
||||
get_prop(app_zygote, odsign_prop)
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
|
|
|||
|
|
@ -40,6 +40,9 @@ get_prop(installd, device_config_runtime_native_boot_prop)
|
|||
# Allow installd to access apk verity feature flag (for legacy case).
|
||||
get_prop(installd, apk_verity_prop)
|
||||
|
||||
# Allow installd to access odsign verification status
|
||||
get_prop(installd, odsign_prop)
|
||||
|
||||
# Allow installd to delete files in /data/staging
|
||||
allow installd staging_data_file:file unlink;
|
||||
allow installd staging_data_file:dir { open read remove_name rmdir search write };
|
||||
|
|
|
|||
|
|
@ -87,6 +87,9 @@ unix_socket_send(webview_zygote, system_unsolzygote, system_server)
|
|||
get_prop(webview_zygote, device_config_runtime_native_prop)
|
||||
get_prop(webview_zygote, device_config_runtime_native_boot_prop)
|
||||
|
||||
# Allow webview_zygote to access odsign verification status
|
||||
get_prop(zygote, odsign_prop)
|
||||
|
||||
#####
|
||||
##### Neverallow
|
||||
#####
|
||||
|
|
|
|||
|
|
@ -217,6 +217,9 @@ unix_socket_send(zygote, system_unsolzygote, system_server)
|
|||
# Allow zygote to access media_variant_prop for static initialization
|
||||
get_prop(zygote, media_variant_prop)
|
||||
|
||||
# Allow zygote to access odsign verification status
|
||||
get_prop(zygote, odsign_prop)
|
||||
|
||||
# Allow zygote to read ro.control_privapp_permissions and ro.cp_system_other_odex
|
||||
get_prop(zygote, packagemanager_config_prop)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue