Add framework_watchdog_config_prop

The framework_watchdog_config_prop properties control framework watchdog configurations to handle watchdog timeout loop. The properties are written only by vendor_init. More details and background: go/break-sys-watchdog-loop Bug: 141948707 Change-Id: I6c0da5fdafba8165e79d0f04e0a82874f605a06d
2020-05-25 16:33:17 +08:00 · 2020-05-25 16:33:17 +08:00 · e005432482
commit e005432482
parent 7f663a15e1
4 changed files with 13 additions and 0 deletions
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -11,6 +11,7 @@
    cgroup_v2
    debugfs_kprobes
    dmabuf_system_heap_device
+    framework_watchdog_config_prop
    gki_apex_prepostinstall
    gki_apex_prepostinstall_exec
    hal_face_service
--- a/private/property_contexts
+++ b/private/property_contexts
@ -868,6 +868,10 @@ cache_key.bluetooth.                     u:object_r:binder_cache_bluetooth_serve
 cache_key.system_server.                 u:object_r:binder_cache_system_server_prop:s0 prefix string
 cache_key.telephony.                     u:object_r:binder_cache_telephony_server_prop:s0 prefix string

+# Framework watchdog configuration properties.
+framework_watchdog.fatal_count                u:object_r:framework_watchdog_config_prop:s0 exact int
+framework_watchdog.fatal_window.second        u:object_r:framework_watchdog_config_prop:s0 exact int
+
 gsm.sim.operator.numeric       u:object_r:telephony_status_prop:s0 exact string
 persist.radio.airplane_mode_on u:object_r:telephony_status_prop:s0 exact bool

--- a/private/system_server.te
+++ b/private/system_server.te
@ -1020,6 +1020,13 @@ get_prop(system_server, wifi_config_prop)
 # Only system server can access BINDER_FREEZE and BINDER_GET_FROZEN_INFO
 allowxperm system_server binder_device:chr_file ioctl { BINDER_FREEZE BINDER_GET_FROZEN_INFO };

+# Watchdog prints debugging log to /dev/kmsg_debug.
+userdebug_or_eng(`
+  allow system_server kmsg_debug_device:chr_file { open append getattr };
+')
+# Watchdog reads sysprops framework_watchdog.fatal_* to handle watchdog timeout loop.
+get_prop(system_server, framework_watchdog_config_prop)
+
 ###
 ### Neverallow rules
 ###
--- a/public/property.te
+++ b/public/property.te
@ -126,6 +126,7 @@ system_vendor_config_prop(exported_camera_prop)
 system_vendor_config_prop(exported_config_prop)
 system_vendor_config_prop(exported_default_prop)
 system_vendor_config_prop(ffs_config_prop)
+system_vendor_config_prop(framework_watchdog_config_prop)
 system_vendor_config_prop(graphics_config_prop)
 system_vendor_config_prop(hdmi_config_prop)
 system_vendor_config_prop(incremental_prop)