0756dcc9da
Add permissions for: persist.device_config.global_settings.sys_traced Bug: b/71737179 Test: As follows: patch aosp/891475 patch aosp/891853 patch ag/6224352 $ adb shell walleye:/ $ ps -A | grep traced nobody 1135 1 52288 2200 0 0 S traced nobody 1136 1 52288 2256 0 0 S traced_probes walleye:/ $ settings put global sys_traced 0 walleye:/ $ ps -A | grep traced 1|walleye:/ $ walleye:/ $ settings put global sys_traced 1 1|walleye:/ $ ps -A | grep traced nobody 12386 1 52288 2208 0 0 S traced nobody 12387 1 52288 2248 0 0 S traced_probes Change-Id: I8898672c8fdc9c5d87a31b90f6c7d5c03bef78ed
32 lines
2 KiB
Text
32 lines
2 KiB
Text
# The flags_health_check command run by init.
|
|
type flags_health_check, domain, coredomain;
|
|
type flags_health_check_exec, system_file_type, exec_type, file_type;
|
|
|
|
set_prop(flags_health_check, device_config_boot_count_prop)
|
|
set_prop(flags_health_check, device_config_reset_performed_prop)
|
|
set_prop(flags_health_check, device_config_runtime_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_runtime_native_prop)
|
|
set_prop(flags_health_check, device_config_input_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_netd_native_prop)
|
|
set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_media_native_prop)
|
|
set_prop(flags_health_check, device_config_sys_traced_prop)
|
|
|
|
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
|
|
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
|
|
|
|
# system property device_config_boot_count_prop is used for deciding when to perform server
|
|
# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
|
|
# wrong timing, trigger server configurable flag related disaster recovery, which will override
|
|
# server configured values of all flags with default values.
|
|
neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set;
|
|
|
|
# system property device_config_reset_performed_prop is used for indicating whether server
|
|
# configurable flags have been reset during booting. Mistakenly modified by unrelated components can
|
|
# cause bad server configurable flags synced back to device.
|
|
neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set;
|
|
|
|
# server_configurable_flags_data_file is used for storing whether server configurable flags which
|
|
# have been reset during current booting. Mistakenly modified by unrelated components can
|
|
# cause bad server configurable flags synced back to device.
|
|
neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms;
|