Add a new context for property ota.warm_reset

The property is set to inform kernel to do a warm_reset on the next reboot. This is useful to persist the logs to debug device boot failures. More details in http://go/rvc-ota-persist-logs. The property is set to 1 by update_engine after an OTA. And it's set to 0 by update_verifier or vold after we mark the current slot boot successful. The property is read by vendor_init. And according to its value, vendor_init writes a particular sysfs file to schedule a warm reset on the following reboot. Without the new context, the denial message says: [ 13.423163] audit: type=1107 audit(1746393.166:8): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { read } for property=ota.warm_reset pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0' [ 23.096497] init: Unable to set property 'OTA.warm_reset' from uid:0 gid:2001 pid:841: SELinux permission check failed [ 23.096574] type=1107 audit(1573768000.668:42): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=OTA.warm_reset pid=841 uid=0 gid=2001 scontext=u:r:update_verifier:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service permissive=0' [ 23.108430] update_verifier: Failed to reset the warm reset flag Bug: 143489994 Test: check the property can be set by update_engine, and read by vendor_init Change-Id: I87c12a53a138b72ecfed3ab6a4d846c20f5a8484
2019-11-14 14:18:40 -08:00 · 2019-11-14 14:18:40 -08:00 · f5ddc0444b
commit f5ddc0444b
parent c03def15ed
7 changed files with 17 additions and 0 deletions
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@ -26,6 +26,7 @@
    linker_prop
    mock_ota_prop
    ota_metadata_file
+    ota_prop
    art_apex_dir
    service_manager_service
    system_group_file
--- a/private/property_contexts
+++ b/private/property_contexts
@ -219,3 +219,6 @@ ro.charger.             u:object_r:charger_prop:s0
 # Virtual A/B properties
 ro.virtual_ab.enabled   u:object_r:virtual_ab_prop:s0
 ro.virtual_ab.retrofit  u:object_r:virtual_ab_prop:s0
+
+# Property to set/clear the warm reset flag after an OTA update.
+ota.warm_reset  u:object_r:ota_prop:s0
--- a/public/property.te
+++ b/public/property.te
@ -130,6 +130,7 @@ system_public_prop(log_prop)
 system_public_prop(log_tag_prop)
 system_public_prop(lowpan_prop)
 system_public_prop(nfc_prop)
+system_public_prop(ota_prop)
 system_public_prop(powerctl_prop)
 system_public_prop(radio_prop)
 system_public_prop(serialno_prop)
@ -287,6 +288,7 @@ typeattribute fingerprint_prop   core_property_type;
 typeattribute logd_prop          core_property_type;
 typeattribute net_radio_prop     core_property_type;
 typeattribute nfc_prop           core_property_type;
+typeattribute ota_prop           core_property_type;
 typeattribute pan_result_prop    core_property_type;
 typeattribute persist_debug_prop core_property_type;
 typeattribute powerctl_prop      core_property_type;
@ -313,6 +315,7 @@ neverallow * {
  -logd_prop
  -net_radio_prop
  -nfc_prop
+  -ota_prop
  -pan_result_prop
  -persist_debug_prop
  -powerctl_prop
@ -625,6 +628,7 @@ compatible_property_only(`
    -net_radio_prop
    -netd_stable_secret_prop
    -nfc_prop
+    -ota_prop
    -overlay_prop
    -pan_result_prop
    -persist_debug_prop
--- a/public/update_engine.te
+++ b/public/update_engine.te
@ -58,6 +58,9 @@ allow update_engine system_file:dir r_dir_perms;
 # Allow to start gsid service.
 set_prop(update_engine, ctl_gsid_prop)

+# Allow to set the OTA related properties, e.g. ota.warm_reset.
+set_prop(update_engine, ota_prop)
+
 # update_engine tries to determine the parent path for all devices (e.g.
 # /dev/block/by-name) by reading the default fstab and looking for the misc
 # device. ReadDefaultFstab() checks whether a GSI is running by checking
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@ -27,6 +27,9 @@ allow update_verifier kmsg_device:chr_file { getattr w_file_perms };
 # Allow update_verifier to reboot the device.
 set_prop(update_verifier, powerctl_prop)

+# Allow to set the OTA related properties e.g. ota.warm_reset.
+set_prop(update_verifier, ota_prop)
+
 # Use Boot Control HAL
 hal_client_domain(update_verifier, hal_bootctl)

--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -258,6 +258,8 @@ get_prop(vendor_init, exported2_radio_prop)
 get_prop(vendor_init, exported3_system_prop)
 get_prop(vendor_init, theme_prop)

+get_prop(vendor_init, ota_prop)
+
 ###
 ### neverallow rules
 ###
--- a/public/vold.te
+++ b/public/vold.te
@ -174,6 +174,7 @@ set_prop(vold, exported2_vold_prop)
 set_prop(vold, powerctl_prop)
 set_prop(vold, ctl_fuse_prop)
 set_prop(vold, restorecon_prop)
+set_prop(vold, ota_prop)

 # ASEC
 allow vold asec_image_file:file create_file_perms;