Add tombstone_config_prop and move related prop tombstoned.max_tombstone_coun becomes tombstone_config_prop to remove exported*_default_prop Bug: 155844385 Test: tombstoned is running and logcat shows no denials Change-Id: I57bebb5766d790dc52d40a6d106f480e0e34fa4e

commit: 14a71fb16283e19302ccee72eb8fb1defc44855b [log] [tgz]
author: Inseob Kim <inseob@google.com> Tue Jul 07 13:35:34 2020 +0900
committer: Inseob Kim <inseob@google.com> Tue Jul 07 14:17:40 2020 +0900
tree: 12190258e689417301829b074e76468458c23f54
parent: 66158f98174d29caddb95092ead3144cd9b9b522 [diff] [blame]
diff --git a/private/tombstoned.te b/private/tombstoned.te
index 305f9d0..ca9a0aa 100644
--- a/private/tombstoned.te
+++ b/private/tombstoned.te

@@ -1,3 +1,12 @@
 typeattribute tombstoned coredomain;
 
 init_daemon_domain(tombstoned)
+
+get_prop(tombstoned, tombstone_config_prop)
+
+neverallow {
+    -init
+    -vendor_init
+    -dumpstate
+    -tombstoned
+} tombstone_config_prop:file no_rw_file_perms;
commit	14a71fb16283e19302ccee72eb8fb1defc44855b	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Tue Jul 07 13:35:34 2020 +0900
committer	Inseob Kim <inseob@google.com>	Tue Jul 07 14:17:40 2020 +0900
tree	12190258e689417301829b074e76468458c23f54
parent	66158f98174d29caddb95092ead3144cd9b9b522 [diff] [blame]