Inseob Kim | ff43be2 | 2021-06-07 16:56:56 +0900 | [diff] [blame] | 1 | typeattribute bootstat coredomain; |
| 2 | |
| 3 | init_daemon_domain(bootstat) |
| 4 | |
| 5 | # Collect metrics on boot time created by init |
| 6 | get_prop(bootstat, boottime_prop) |
| 7 | |
| 8 | # Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) |
| 9 | set_prop(bootstat, bootloader_boot_reason_prop) |
| 10 | set_prop(bootstat, system_boot_reason_prop) |
| 11 | set_prop(bootstat, last_boot_reason_prop) |
| 12 | |
| 13 | neverallow { |
| 14 | domain |
| 15 | -bootanim |
| 16 | -bootstat |
| 17 | -dumpstate |
| 18 | userdebug_or_eng(`-incidentd') |
| 19 | -init |
| 20 | -recovery |
| 21 | -shell |
| 22 | -system_server |
| 23 | } { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; |
| 24 | # ... and refine, as these components should not set the last boot reason |
| 25 | neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; |
| 26 | |
| 27 | neverallow { |
| 28 | domain |
| 29 | -bootstat |
| 30 | -init |
| 31 | -system_server |
| 32 | } { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; |
| 33 | # ... and refine ... for a ro propertly no less ... keep this _tight_ |
| 34 | neverallow system_server bootloader_boot_reason_prop:property_service set; |