Add runtime property permissions for experiments
Bug: 120794191
Bug: 123524494
Test: set a property and ensure it can be read in AndroidRuntime.cpp
Change-Id: Ib37102f35e9987d3d9baff83c45571a5d632ad50
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index d43705f..d489e73 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -32,6 +32,7 @@
device_config_input_native_boot_prop
device_config_netd_native_prop
device_config_reset_performed_prop
+ device_config_runtime_prop
device_config_service
face_service
face_vendor_data_file
diff --git a/private/property_contexts b/private/property_contexts
index 3296a04..303832d 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -172,6 +172,7 @@
persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
persist.device_config.input_native_boot. u:object_r:device_config_input_native_boot_prop:s0
persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
+persist.device_config.runtime. u:object_r:device_config_runtime_prop:s0
apexd. u:object_r:apexd_prop:s0
persist.apexd. u:object_r:apexd_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 6fa2ae6..1893494 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -585,6 +585,7 @@
set_prop(system_server, device_config_input_native_boot_prop)
set_prop(system_server, device_config_netd_native_prop)
set_prop(system_server, device_config_activity_manager_native_boot_prop)
+set_prop(system_server, device_config_runtime_prop)
# BootReceiver to read ro.boot.bootreason
get_prop(system_server, bootloader_boot_reason_prop)
@@ -947,6 +948,7 @@
device_config_activity_manager_native_boot_prop
device_config_input_native_boot_prop
device_config_netd_native_prop
+ device_config_runtime_prop
}:property_service set;
# system_server should never be executing dex2oat. This is either
diff --git a/private/zygote.te b/private/zygote.te
index e23f36e..073b7f8 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -126,6 +126,9 @@
get_prop(zygote, overlay_prop)
get_prop(zygote, exported_overlay_prop)
+# Allow the zygote to access feature flag properties.
+get_prop(zygote, device_config_runtime_prop)
+
# ingore spurious denials
dontaudit zygote self:global_capability_class_set sys_resource;
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index 835a82a..5070393 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -4,6 +4,7 @@
set_prop(flags_health_check, device_config_boot_count_prop)
set_prop(flags_health_check, device_config_reset_performed_prop)
+set_prop(flags_health_check, device_config_runtime_prop)
set_prop(flags_health_check, device_config_input_native_boot_prop)
set_prop(flags_health_check, device_config_netd_native_prop)
set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
diff --git a/public/property.te b/public/property.te
index 379c4d3..04ee593 100644
--- a/public/property.te
+++ b/public/property.te
@@ -33,6 +33,7 @@
type device_config_reset_performed_prop, property_type;
type device_config_input_native_boot_prop, property_type;
type device_config_netd_native_prop, property_type;
+type device_config_runtime_prop, property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
type dumpstate_options_prop, property_type;
@@ -405,6 +406,7 @@
-device_config_boot_count_prop
-device_config_input_native_boot_prop
-device_config_netd_native_prop
+ -device_config_runtime_prop
-heapprofd_enabled_prop
-heapprofd_prop
-hwservicemanager_prop
diff --git a/public/vendor_init.te b/public/vendor_init.te
index d9dc72f..a468dd9 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -179,6 +179,7 @@
-device_config_reset_performed_prop
-device_config_input_native_boot_prop
-device_config_netd_native_prop
+ -device_config_runtime_prop
-restorecon_prop
-netd_stable_secret_prop
-firstboot_prop