typeattribute bootstat coredomain; init_daemon_domain(bootstat) # Collect metrics on boot time created by init get_prop(bootstat, boottime_prop) # Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) set_prop(bootstat, bootloader_boot_reason_prop) set_prop(bootstat, system_boot_reason_prop) set_prop(bootstat, last_boot_reason_prop) neverallow { domain -bootanim -bootstat -dumpstate userdebug_or_eng(`-incidentd') -init -recovery -shell -system_server } { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; # ... and refine, as these components should not set the last boot reason neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; neverallow { domain -bootstat -init -system_server } { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; # ... and refine ... for a ro propertly no less ... keep this _tight_ neverallow system_server bootloader_boot_reason_prop:property_service set;