commit 14a71fb16283e19302ccee72eb8fb1defc44855b
author Inseob Kim <inseob@google.com> Tue Jul 07 13:35:34 2020 +0900
committer Inseob Kim <inseob@google.com> Tue Jul 07 14:17:40 2020 +0900
tree 12190258e689417301829b074e76468458c23f54
parent 66158f98174d29caddb95092ead3144cd9b9b522

Add tombstone_config_prop and move related prop

tombstoned.max_tombstone_coun becomes tombstone_config_prop to remove
exported*_default_prop

Bug: 155844385
Test: tombstoned is running and logcat shows no denials
Change-Id: I57bebb5766d790dc52d40a6d106f480e0e34fa4e

private/compat/27.0/27.0.ignore.cil

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 59b93da..0ecc85c 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -184,6 +184,7 @@
     test_boot_reason_prop
     time_prop
     timedetector_service
+    tombstone_config_prop
     tombstone_wifi_data_file
     trace_data_file
     traced

private/compat/30.0/30.0.cil

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 4c2a7a2..5cc8eca 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1367,6 +1367,7 @@
     packagemanager_config_prop
     recovery_config_prop
     telephony_config_prop
+    tombstone_config_prop
     zram_config_prop))
 (typeattributeset exported3_radio_prop_30_0 (exported3_radio_prop))
 (typeattributeset exported3_system_prop_30_0

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index d56c89c..9eb8251 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -484,7 +484,7 @@
 sys.usb.ffs.ready     u:object_r:ffs_control_prop:s0 exact bool
 sys.usb.ffs.mtp.ready u:object_r:ffs_control_prop:s0 exact bool
 
-tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
+tombstoned.max_tombstone_count u:object_r:tombstone_config_prop:s0 exact int
 
 vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int
 

private/tombstoned.te

diff --git a/private/tombstoned.te b/private/tombstoned.te
index 305f9d0..ca9a0aa 100644
--- a/private/tombstoned.te
+++ b/private/tombstoned.te
@@ -1,3 +1,12 @@
 typeattribute tombstoned coredomain;
 
 init_daemon_domain(tombstoned)
+
+get_prop(tombstoned, tombstone_config_prop)
+
+neverallow {
+    -init
+    -vendor_init
+    -dumpstate
+    -tombstoned
+} tombstone_config_prop:file no_rw_file_perms;

public/property.te

diff --git a/public/property.te b/public/property.te
index aeb83f6..b00b345 100644
--- a/public/property.te
+++ b/public/property.te
@@ -129,6 +129,7 @@
 system_vendor_config_prop(surfaceflinger_prop)
 system_vendor_config_prop(systemsound_config_prop)
 system_vendor_config_prop(telephony_config_prop)
+system_vendor_config_prop(tombstone_config_prop)
 system_vendor_config_prop(usb_config_prop)
 system_vendor_config_prop(userspace_reboot_config_prop)
 system_vendor_config_prop(vehicle_hal_prop)