Merge "Adding sepolicy rules for CrashRecoveryProperties" into main
This commit is contained in:
commit
fedcb415a7
3 changed files with 17 additions and 0 deletions
|
@ -2,6 +2,7 @@
|
|||
system_internal_prop(adbd_prop)
|
||||
system_internal_prop(apexd_payload_metadata_prop)
|
||||
system_internal_prop(ctl_snapuserd_prop)
|
||||
system_internal_prop(crashrecovery_prop)
|
||||
system_internal_prop(device_config_core_experiments_team_internal_prop)
|
||||
system_internal_prop(device_config_lmkd_native_prop)
|
||||
system_internal_prop(device_config_mglru_native_prop)
|
||||
|
|
|
@ -1630,3 +1630,14 @@ pm.archiving.enabled u:object_r:pm_archiving_enabled_prop:s0 exact bool
|
|||
|
||||
# Properties for ThreadNetworkService
|
||||
threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string
|
||||
|
||||
# Properties for crashrecovery
|
||||
crashrecovery.attempting_factory_reset u:object_r:crashrecovery_prop:s0 exact bool
|
||||
crashrecovery.attempting_reboot u:object_r:crashrecovery_prop:s0 exact bool
|
||||
crashrecovery.boot_mitigation_count u:object_r:crashrecovery_prop:s0 exact int
|
||||
crashrecovery.boot_mitigation_start u:object_r:crashrecovery_prop:s0 exact int
|
||||
crashrecovery.max_rescue_level_attempted u:object_r:crashrecovery_prop:s0 exact int
|
||||
crashrecovery.rescue_boot_count u:object_r:crashrecovery_prop:s0 exact int
|
||||
crashrecovery.rescue_boot_start u:object_r:crashrecovery_prop:s0 exact int
|
||||
persist.crashrecovery.enable_rescue u:object_r:crashrecovery_prop:s0 exact bool
|
||||
persist.crashrecovery.last_factory_reset u:object_r:crashrecovery_prop:s0 exact int
|
||||
|
|
|
@ -737,6 +737,7 @@ set_prop(system_server, dmesgd_start_prop)
|
|||
set_prop(system_server, locale_prop)
|
||||
set_prop(system_server, timezone_metadata_prop)
|
||||
set_prop(system_server, timezone_prop)
|
||||
set_prop(system_server, crashrecovery_prop)
|
||||
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
|
||||
userdebug_or_eng(`set_prop(system_server, system_user_mode_emulation_prop)')
|
||||
|
||||
|
@ -1580,3 +1581,7 @@ neverallow {
|
|||
# Allow system server to read pm.archiving.enabled prop
|
||||
# TODO(azilio): Remove system property after archiving testing is completed.
|
||||
get_prop(system_server, pm_archiving_enabled_prop)
|
||||
|
||||
# Do not allow any domain other than init or system server to get or set the property
|
||||
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
|
||||
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;
|
||||
|
|
Loading…
Reference in a new issue