ad059403ad
Updates SEPolicy files to give camera HAL permission to access
Android Core Experiment flags.
Example denials:
11-30 13:08:33.172 1027 1027 W binder:1027_3: type=1400 audit(0.0:7): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.172 1027 1027 W binder:1027_3: type=1400 audit(0.0:8): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
11-30 13:08:33.244 1027 1027 W 3AThreadPool: type=1400 audit(0.0:9): avc: denied { read } for name="u:object_r:default_prop:s0" dev="tmpfs" ino=152 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
Bug: 259433722
Test: m
Change-Id: I11165b56d7b7e38130698cf86d9739f878580a14
42 lines
2.7 KiB
Text
42 lines
2.7 KiB
Text
typeattribute flags_health_check coredomain;
|
|
|
|
init_daemon_domain(flags_health_check)
|
|
|
|
set_prop(flags_health_check, device_config_boot_count_prop)
|
|
set_prop(flags_health_check, device_config_reset_performed_prop)
|
|
set_prop(flags_health_check, device_config_runtime_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_runtime_native_prop)
|
|
set_prop(flags_health_check, device_config_input_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_lmkd_native_prop)
|
|
set_prop(flags_health_check, device_config_netd_native_prop)
|
|
set_prop(flags_health_check, device_config_nnapi_native_prop)
|
|
set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_media_native_prop)
|
|
set_prop(flags_health_check, device_config_mglru_native_prop)
|
|
set_prop(flags_health_check, device_config_profcollect_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_statsd_native_prop)
|
|
set_prop(flags_health_check, device_config_statsd_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_storage_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_swcodec_native_prop)
|
|
set_prop(flags_health_check, device_config_sys_traced_prop)
|
|
set_prop(flags_health_check, device_config_window_manager_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_configuration_prop)
|
|
set_prop(flags_health_check, device_config_connectivity_prop)
|
|
set_prop(flags_health_check, device_config_surface_flinger_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_vendor_system_native_prop)
|
|
set_prop(flags_health_check, device_config_vendor_system_native_boot_prop)
|
|
set_prop(flags_health_check, device_config_virtualization_framework_native_prop)
|
|
set_prop(flags_health_check, device_config_memory_safety_native_prop)
|
|
set_prop(flags_health_check, device_config_remote_key_provisioning_native_prop)
|
|
set_prop(flags_health_check, device_config_camera_native_prop)
|
|
|
|
# system property device_config_boot_count_prop is used for deciding when to perform server
|
|
# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
|
|
# wrong timing, trigger server configurable flag related disaster recovery, which will override
|
|
# server configured values of all flags with default values.
|
|
neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set;
|
|
|
|
# system property device_config_reset_performed_prop is used for indicating whether server
|
|
# configurable flags have been reset during booting. Mistakenly modified by unrelated components can
|
|
# cause bad server configurable flags synced back to device.
|
|
neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set;
|