blob: 016292ed31e23c24e69160732a3e3feca1805ec8 [file] [log] [blame]
Inseob Kimff43be22021-06-07 16:56:56 +09001typeattribute bootstat coredomain;
2
3init_daemon_domain(bootstat)
4
5# Collect metrics on boot time created by init
6get_prop(bootstat, boottime_prop)
7
8# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
9set_prop(bootstat, bootloader_boot_reason_prop)
10set_prop(bootstat, system_boot_reason_prop)
11set_prop(bootstat, last_boot_reason_prop)
12
13neverallow {
14 domain
15 -bootanim
16 -bootstat
17 -dumpstate
18 userdebug_or_eng(`-incidentd')
19 -init
20 -recovery
21 -shell
22 -system_server
23} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
24# ... and refine, as these components should not set the last boot reason
25neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
26
27neverallow {
28 domain
29 -bootstat
30 -init
31 -system_server
32} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
33# ... and refine ... for a ro propertly no less ... keep this _tight_
34neverallow system_server bootloader_boot_reason_prop:property_service set;