Permissions for input_native_boot flags

For input experiments that are enabled at boot time, allow system_server to read and write the device config flags. Bug: 120794829 Test: presubmit Change-Id: I0f075a7579c593d4e07c3e31be529e34554068a6
2019-01-14 14:18:38 -08:00 · 2019-01-14 14:18:38 -08:00 · c0c9155589
commit c0c9155589
parent 1b02031d18
6 changed files with 8 additions and 1 deletions
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@ -26,6 +26,7 @@
    cpu_variant_prop
    dev_cpu_variant
    device_config_boot_count_prop
+    device_config_input_native_boot_prop
    device_config_netd_native_prop
    device_config_reset_performed_prop
    device_config_service
--- a/private/property_contexts
+++ b/private/property_contexts
@ -169,6 +169,7 @@ persist.time.           u:object_r:time_prop:s0
 # Properties that relate to server configurable flags
 device_config.reset_performed           u:object_r:device_config_reset_performed_prop:s0
 persist.device_config.attempted_boot_count        u:object_r:device_config_boot_count_prop:s0
+persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
 persist.device_config.netd_native.           u:object_r:device_config_netd_native_prop:s0

 apexd.                  u:object_r:apexd_prop:s0
--- a/private/system_server.te
+++ b/private/system_server.te
@ -582,6 +582,7 @@ set_prop(system_server, ctl_bugreport_prop)
 set_prop(system_server, cppreopt_prop)

 # server configurable flags properties
+set_prop(system_server, device_config_input_native_boot_prop)
 set_prop(system_server, device_config_netd_native_prop)

 # BootReceiver to read ro.boot.bootreason
@ -935,6 +936,7 @@ neverallow {
  -system_server
  -flags_health_check
 } {
+  device_config_input_native_boot_prop
  device_config_netd_native_prop
 }:property_service set;

--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@ -4,7 +4,7 @@ type flags_health_check_exec, system_file_type, exec_type, file_type;

 set_prop(flags_health_check, device_config_boot_count_prop)
 set_prop(flags_health_check, device_config_reset_performed_prop)
-
+set_prop(flags_health_check, device_config_input_native_boot_prop)
 set_prop(flags_health_check, device_config_netd_native_prop)

 allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
--- a/public/property.te
+++ b/public/property.te
@ -30,6 +30,7 @@ type debug_prop, property_type, core_property_type;
 type default_prop, property_type, core_property_type;
 type device_config_boot_count_prop, property_type;
 type device_config_reset_performed_prop, property_type;
+type device_config_input_native_boot_prop, property_type;
 type device_config_netd_native_prop, property_type;
 type device_logging_prop, property_type;
 type dhcp_prop, property_type, core_property_type;
@ -400,6 +401,7 @@ compatible_property_only(`
    -firstboot_prop
    -device_config_reset_performed_prop
    -device_config_boot_count_prop
+    -device_config_input_native_boot_prop
    -device_config_netd_native_prop
    -heapprofd_enabled_prop
    -heapprofd_prop
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -176,6 +176,7 @@ not_compatible_property(`
      property_type
      -device_config_boot_count_prop
      -device_config_reset_performed_prop
+      -device_config_input_native_boot_prop
      -device_config_netd_native_prop
      -restorecon_prop
      -netd_stable_secret_prop