Merge "Adds a new prop context for choosing between multi-installed APEXes." am: 8e276eae6b

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1869814

Change-Id: Idb0cbbe30faec914e9d894564733d50e213f77e0
This commit is contained in:
Daniel Norman 2021-11-16 00:56:56 +00:00 committed by Automerger Merge Worker
commit d6746bd67a
4 changed files with 8 additions and 0 deletions

View file

@ -155,6 +155,10 @@ get_prop(apexd, cold_boot_done_prop)
# Allow apexd to read per-device configuration properties.
get_prop(apexd, apexd_config_prop)
# Allow apexd to read apex selection properties.
# These are used to choose between multi-installed APEXes at activation time.
get_prop(apexd, apexd_select_prop)
neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;

View file

@ -5,6 +5,7 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
apexd_select_prop
artd_service
attestation_verification_service
camera2_extensions_prop

View file

@ -265,6 +265,8 @@ apexd. u:object_r:apexd_prop:s0
apexd.config.dm_delete.timeout u:object_r:apexd_config_prop:s0 exact uint
apexd.config.dm_create.timeout u:object_r:apexd_config_prop:s0 exact uint
persist.apexd. u:object_r:apexd_prop:s0
persist.vendor.apex. u:object_r:apexd_select_prop:s0
ro.boot.vendor.apex. u:object_r:apexd_select_prop:s0
bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0

View file

@ -115,6 +115,7 @@ compatible_property_only(`
# Properties which can be written only by vendor_init
system_vendor_config_prop(apexd_config_prop)
system_vendor_config_prop(apexd_select_prop)
system_vendor_config_prop(aaudio_config_prop)
system_vendor_config_prop(apk_verity_prop)
system_vendor_config_prop(audio_config_prop)