Enable ART properties modularization
ART is becoming a module and we need to be able to add new properties
without modifying the non updatable part of the platform:
- convert ART properties to use prefix in the namespace of
[ro].dalvik.vm.
- enable appdomain and coredomain to read device_config properties
that configure ART
(cherry picked from commit 0b2ca6c22c)
Test: boot
Bug: 181748174
Merged-In: Id23ff78474dba947301e1b6243a112b0f5b4a832
Change-Id: Id23ff78474dba947301e1b6243a112b0f5b4a832
This commit is contained in:
Calin Juravle
parent
730d6d0651
commit
d802bd8964
9 changed files with 39 additions and 6 deletions
|
|
@ -14,6 +14,11 @@ get_prop(appdomain, userspace_reboot_config_prop)
|
||||||
get_prop(appdomain, vold_config_prop)
|
get_prop(appdomain, vold_config_prop)
|
||||||
get_prop(appdomain, adbd_config_prop)
|
get_prop(appdomain, adbd_config_prop)
|
||||||
|
|
||||||
|
# Allow ART to be configurable via device_config properties
|
||||||
|
# (ART "runs" inside the app process)
|
||||||
|
get_prop(appdomain, device_config_runtime_native_prop)
|
||||||
|
get_prop(appdomain, device_config_runtime_native_boot_prop)
|
||||||
|
|
||||||
userdebug_or_eng(`perfetto_producer({ appdomain })')
|
userdebug_or_eng(`perfetto_producer({ appdomain })')
|
||||||
|
|
||||||
# Prevent apps from causing presubmit failures.
|
# Prevent apps from causing presubmit failures.
|
||||||
|
|
|
||||||
|
|
@ -75,6 +75,10 @@ allow app_zygote system_data_file:file { getattr read map };
|
||||||
# Send unsolicited message to system_server
|
# Send unsolicited message to system_server
|
||||||
unix_socket_send(app_zygote, system_unsolzygote, system_server)
|
unix_socket_send(app_zygote, system_unsolzygote, system_server)
|
||||||
|
|
||||||
|
# Allow the app_zygote to access the runtime feature flag properties.
|
||||||
|
get_prop(app_zygote, device_config_runtime_native_prop)
|
||||||
|
get_prop(app_zygote, device_config_runtime_native_boot_prop)
|
||||||
|
|
||||||
#####
|
#####
|
||||||
##### Neverallow
|
##### Neverallow
|
||||||
#####
|
#####
|
||||||
|
|
|
||||||
|
|
@ -47,3 +47,7 @@ allow dexoptanalyzer { privapp_data_file app_data_file }:file { getattr read map
|
||||||
|
|
||||||
# Allow testing /data/user/0 which symlinks to /data/data
|
# Allow testing /data/user/0 which symlinks to /data/data
|
||||||
allow dexoptanalyzer system_data_file:lnk_file { getattr };
|
allow dexoptanalyzer system_data_file:lnk_file { getattr };
|
||||||
|
|
||||||
|
# Allow query ART device config properties
|
||||||
|
get_prop(dexoptanalyzer, device_config_runtime_native_prop)
|
||||||
|
get_prop(dexoptanalyzer, device_config_runtime_native_boot_prop)
|
||||||
|
|
|
||||||
|
|
@ -48,3 +48,7 @@ neverallow { domain -init -odrefresh -system_server } odrefresh_data_file:file *
|
||||||
|
|
||||||
# Allow updating boot animation status.
|
# Allow updating boot animation status.
|
||||||
set_prop(odrefresh, bootanim_system_prop)
|
set_prop(odrefresh, bootanim_system_prop)
|
||||||
|
|
||||||
|
# Allow query ART device config properties
|
||||||
|
get_prop(odrefresh, device_config_runtime_native_prop)
|
||||||
|
get_prop(odrefresh, device_config_runtime_native_boot_prop)
|
||||||
|
|
|
||||||
|
|
@ -331,7 +331,13 @@ ro.camera.enableLazyHal u:object_r:camera_config_prop:s0 exact bool
|
||||||
|
|
||||||
ro.camerax.extensions.enabled u:object_r:camerax_extensions_prop:s0 exact bool
|
ro.camerax.extensions.enabled u:object_r:camerax_extensions_prop:s0 exact bool
|
||||||
|
|
||||||
# Should always_debuggable be bool? It's checked against the string "1".
|
# ART properties
|
||||||
|
dalvik.vm. u:object_r:dalvik_config_prop:s0
|
||||||
|
ro.dalvik.vm. u:object_r:dalvik_config_prop:s0
|
||||||
|
ro.zygote u:object_r:dalvik_config_prop:s0 exact string
|
||||||
|
|
||||||
|
# A set of ART properties listed explicitly for compatibility purposes.
|
||||||
|
ro.dalvik.vm.native.bridge u:object_r:dalvik_config_prop:s0 exact string
|
||||||
dalvik.vm.always_debuggable u:object_r:dalvik_config_prop:s0 exact int
|
dalvik.vm.always_debuggable u:object_r:dalvik_config_prop:s0 exact int
|
||||||
dalvik.vm.appimageformat u:object_r:dalvik_config_prop:s0 exact string
|
dalvik.vm.appimageformat u:object_r:dalvik_config_prop:s0 exact string
|
||||||
dalvik.vm.backgroundgctype u:object_r:dalvik_config_prop:s0 exact string
|
dalvik.vm.backgroundgctype u:object_r:dalvik_config_prop:s0 exact string
|
||||||
|
|
@ -407,7 +413,6 @@ dalvik.vm.restore-dex2oat-threads u:object_r:dalvik_config_prop:s0 e
|
||||||
dalvik.vm.usejit u:object_r:dalvik_config_prop:s0 exact bool
|
dalvik.vm.usejit u:object_r:dalvik_config_prop:s0 exact bool
|
||||||
dalvik.vm.usejitprofiles u:object_r:dalvik_config_prop:s0 exact bool
|
dalvik.vm.usejitprofiles u:object_r:dalvik_config_prop:s0 exact bool
|
||||||
dalvik.vm.zygote.max-boot-retry u:object_r:dalvik_config_prop:s0 exact int
|
dalvik.vm.zygote.max-boot-retry u:object_r:dalvik_config_prop:s0 exact int
|
||||||
ro.zygote u:object_r:dalvik_config_prop:s0 exact string
|
|
||||||
|
|
||||||
persist.sys.dalvik.vm.lib.2 u:object_r:dalvik_runtime_prop:s0 exact string
|
persist.sys.dalvik.vm.lib.2 u:object_r:dalvik_runtime_prop:s0 exact string
|
||||||
|
|
||||||
|
|
@ -495,8 +500,6 @@ ro.crypto.volume.metadata.encryption u:object_r:vold_config_prop:s0 e
|
||||||
ro.crypto.volume.metadata.method u:object_r:vold_config_prop:s0 exact string
|
ro.crypto.volume.metadata.method u:object_r:vold_config_prop:s0 exact string
|
||||||
ro.crypto.volume.options u:object_r:vold_config_prop:s0 exact string
|
ro.crypto.volume.options u:object_r:vold_config_prop:s0 exact string
|
||||||
|
|
||||||
ro.dalvik.vm.native.bridge u:object_r:dalvik_config_prop:s0 exact string
|
|
||||||
|
|
||||||
external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
|
external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
|
||||||
external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
|
external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
|
||||||
external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
|
external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
|
||||||
|
|
|
||||||
|
|
@ -689,6 +689,11 @@ set_prop(system_server, device_config_window_manager_native_boot_prop)
|
||||||
set_prop(system_server, device_config_configuration_prop)
|
set_prop(system_server, device_config_configuration_prop)
|
||||||
set_prop(system_server, device_config_connectivity_prop)
|
set_prop(system_server, device_config_connectivity_prop)
|
||||||
|
|
||||||
|
|
||||||
|
# Allow query ART device config properties
|
||||||
|
get_prop(system_server, device_config_runtime_native_boot_prop)
|
||||||
|
get_prop(system_server, device_config_runtime_native_prop)
|
||||||
|
|
||||||
# BootReceiver to read ro.boot.bootreason
|
# BootReceiver to read ro.boot.bootreason
|
||||||
get_prop(system_server, bootloader_boot_reason_prop)
|
get_prop(system_server, bootloader_boot_reason_prop)
|
||||||
# PowerManager to read sys.boot.reason
|
# PowerManager to read sys.boot.reason
|
||||||
|
|
|
||||||
|
|
@ -83,6 +83,10 @@ allow webview_zygote system_data_file:lnk_file r_file_perms;
|
||||||
# Send unsolicited message to system_server
|
# Send unsolicited message to system_server
|
||||||
unix_socket_send(webview_zygote, system_unsolzygote, system_server)
|
unix_socket_send(webview_zygote, system_unsolzygote, system_server)
|
||||||
|
|
||||||
|
# Allow the webview_zygote to access the runtime feature flag properties.
|
||||||
|
get_prop(webview_zygote, device_config_runtime_native_prop)
|
||||||
|
get_prop(webview_zygote, device_config_runtime_native_boot_prop)
|
||||||
|
|
||||||
#####
|
#####
|
||||||
##### Neverallow
|
##### Neverallow
|
||||||
#####
|
#####
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,10 @@ allow profman installd:fd use;
|
||||||
allow profman { privapp_data_file app_data_file }:file { getattr read write lock map };
|
allow profman { privapp_data_file app_data_file }:file { getattr read write lock map };
|
||||||
allow profman { privapp_data_file app_data_file }:dir { getattr read search };
|
allow profman { privapp_data_file app_data_file }:dir { getattr read search };
|
||||||
|
|
||||||
|
# Allow query ART device config properties
|
||||||
|
get_prop(profman, device_config_runtime_native_prop)
|
||||||
|
get_prop(profman, device_config_runtime_native_boot_prop)
|
||||||
|
|
||||||
###
|
###
|
||||||
### neverallow rules
|
### neverallow rules
|
||||||
###
|
###
|
||||||
|
|
|
||||||
|
|
@ -11,8 +11,6 @@ system_internal_prop(device_config_input_native_boot_prop)
|
||||||
system_internal_prop(device_config_media_native_prop)
|
system_internal_prop(device_config_media_native_prop)
|
||||||
system_internal_prop(device_config_netd_native_prop)
|
system_internal_prop(device_config_netd_native_prop)
|
||||||
system_internal_prop(device_config_reset_performed_prop)
|
system_internal_prop(device_config_reset_performed_prop)
|
||||||
system_internal_prop(device_config_runtime_native_boot_prop)
|
|
||||||
system_internal_prop(device_config_runtime_native_prop)
|
|
||||||
system_internal_prop(firstboot_prop)
|
system_internal_prop(firstboot_prop)
|
||||||
|
|
||||||
compatible_property_only(`
|
compatible_property_only(`
|
||||||
|
|
@ -67,6 +65,8 @@ system_restricted_prop(bq_config_prop)
|
||||||
system_restricted_prop(build_bootimage_prop)
|
system_restricted_prop(build_bootimage_prop)
|
||||||
system_restricted_prop(build_prop)
|
system_restricted_prop(build_prop)
|
||||||
system_restricted_prop(charger_status_prop)
|
system_restricted_prop(charger_status_prop)
|
||||||
|
system_restricted_prop(device_config_runtime_native_boot_prop)
|
||||||
|
system_restricted_prop(device_config_runtime_native_prop)
|
||||||
system_restricted_prop(fingerprint_prop)
|
system_restricted_prop(fingerprint_prop)
|
||||||
system_restricted_prop(hal_instrumentation_prop)
|
system_restricted_prop(hal_instrumentation_prop)
|
||||||
system_restricted_prop(init_service_status_prop)
|
system_restricted_prop(init_service_status_prop)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue