Separate properties by selabel The purpose of this change is to add read access control to the property space. In the current design, a process either has access to the single /dev/__properties__ file and therefore all properties that it contains or it has access to no properties. This change separates properties into multiple property files based on their selabel, which allows creation of sepolicies that allow read access of only specific sets of properties to specific domains. Bug 21852512 Change-Id: Ice265db79201ca811c6b6cf6d851703f53224f03

commit: 49a309ff6a8349cbd1625711497743463638bebf [log] [tgz]
author: Tom Cherry <tomcherry@google.com> Wed Sep 23 16:09:47 2015 -0700
committer: Tom Cherry <tomcherry@google.com> Wed Dec 02 15:17:03 2015 -0800
tree: 934a2a6d0b469f2345a733b414e26c6654fd6020
parent: 9cbabd8fe5ef3834682996ff23b4a5325e0586cb [diff] [blame]
diff --git a/libc/include/sys/_system_properties.h b/libc/include/sys/_system_properties.h
index a0315b5..3b1f7d0 100644
--- a/libc/include/sys/_system_properties.h
+++ b/libc/include/sys/_system_properties.h

@@ -41,6 +41,7 @@
 #define PROP_AREA_VERSION_COMPAT 0x45434f76
 
 #define PROP_SERVICE_NAME "property_service"
+#define PROP_FILENAME_MAX 1024
 #define PROP_FILENAME "/dev/__properties__"
 
 #define PA_SIZE         (128 * 1024)
commit	49a309ff6a8349cbd1625711497743463638bebf	[log] [tgz]
author	Tom Cherry <tomcherry@google.com>	Wed Sep 23 16:09:47 2015 -0700
committer	Tom Cherry <tomcherry@google.com>	Wed Dec 02 15:17:03 2015 -0800
tree	934a2a6d0b469f2345a733b414e26c6654fd6020
parent	9cbabd8fe5ef3834682996ff23b4a5325e0586cb [diff] [blame]