Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 22fb5c7d248d24f68c08356e9ce2f8a5a69e5105^! / . / microdroid / system / private
commit22fb5c7d248d24f68c08356e9ce2f8a5a69e5105[log] [tgz]
authorJiakai Zhang <jiakaiz@google.com>Thu Mar 30 15:50:05 2023 +0100
committerJiakai Zhang <jiakaiz@google.com>Fri Mar 31 11:46:05 2023 +0100
tree28c5ff712e060c8528a1e076d74a18dd5aefabbd
parentc5da4fc2b9260574e27291dce91b54129689654c [diff]
Allow system server to set dynamic ART properties.

This change gives a new type (dalvik_dynamic_config_prop) to some ART
properties such as dalvik.vm.dex2oat-cpu-set and adds a new rule to
allow system server to set them.

Bug: 274530433
Test: Locally added some code to set those properties and saw it being
  successfull.
Change-Id: Ie28602e9039b7647656594ce5c184d29778fa089

diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index f4bb79b..6dd97d0 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te

@@ -11,7 +11,7 @@
 dontaudit compos self:global_capability_class_set dac_override;
 
 # Allow settings system properties that ART expects.
-set_prop(compos, dalvik_config_prop)
+set_prop(compos, dalvik_config_prop_type)
 set_prop(compos, device_config_runtime_native_boot_prop)
 
 # Allow running odrefresh in its own domain

diff --git a/microdroid/system/private/dex2oat.te b/microdroid/system/private/dex2oat.te
index bd93f6e..1639640 100644
--- a/microdroid/system/private/dex2oat.te
+++ b/microdroid/system/private/dex2oat.te

@@ -31,7 +31,7 @@
 allow dex2oat apex_info_file:file r_file_perms;
 
 # Allow reading dalvik system properties that may affect compilation
-get_prop(dex2oat, dalvik_config_prop)
+get_prop(dex2oat, dalvik_config_prop_type)
 get_prop(dex2oat, device_config_runtime_native_boot_prop)
 
 # Don't audit because we don't configure the compiler through these

diff --git a/microdroid/system/private/odrefresh.te b/microdroid/system/private/odrefresh.te
index c236637..0acf046 100644
--- a/microdroid/system/private/odrefresh.te
+++ b/microdroid/system/private/odrefresh.te

@@ -37,7 +37,7 @@
 
 # Allow odrefresh to read all dalvik system properties. odrefresh needs to record the relevant ones
 # in the output for later verification check.
-get_prop(odrefresh, dalvik_config_prop)
+get_prop(odrefresh, dalvik_config_prop_type)
 get_prop(odrefresh, device_config_runtime_native_boot_prop)
 
 # Silently ignore the write to properties, e.g. for setting boot animation progress.

diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index 638b246..3077301 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te

@@ -2,6 +2,7 @@
 
 # Declare ART properties for CompOS
 system_public_prop(dalvik_config_prop)
+system_public_prop(dalvik_dynamic_config_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(device_config_runtime_native_boot_prop)
 

diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index dd43a81..e74d6d2 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts

@@ -152,10 +152,22 @@
 
 heapprofd.enable u:object_r:heapprofd_prop:s0 exact bool
 
-# ART properties for CompOS
+# ART properties for CompOS.
 dalvik.vm.                                  u:object_r:dalvik_config_prop:s0 prefix
 ro.dalvik.vm.                               u:object_r:dalvik_config_prop:s0 prefix
 persist.device_config.runtime_native.       u:object_r:device_config_runtime_native_prop:s0 prefix
 persist.device_config.runtime_native_boot.  u:object_r:device_config_runtime_native_boot_prop:s0 prefix
 
+# A list of ART properties that can be set dynamically.
+dalvik.vm.background-dex2oat-cpu-set          u:object_r:dalvik_dynamic_config_prop:s0 exact string
+dalvik.vm.background-dex2oat-threads          u:object_r:dalvik_dynamic_config_prop:s0 exact int
+dalvik.vm.boot-dex2oat-cpu-set                u:object_r:dalvik_dynamic_config_prop:s0 exact string
+dalvik.vm.boot-dex2oat-threads                u:object_r:dalvik_dynamic_config_prop:s0 exact int
+dalvik.vm.dex2oat-cpu-set                     u:object_r:dalvik_dynamic_config_prop:s0 exact string
+dalvik.vm.dex2oat-threads                     u:object_r:dalvik_dynamic_config_prop:s0 exact int
+dalvik.vm.image-dex2oat-cpu-set               u:object_r:dalvik_dynamic_config_prop:s0 exact string
+dalvik.vm.image-dex2oat-threads               u:object_r:dalvik_dynamic_config_prop:s0 exact int
+dalvik.vm.restore-dex2oat-cpu-set             u:object_r:dalvik_dynamic_config_prop:s0 exact string
+dalvik.vm.restore-dex2oat-threads             u:object_r:dalvik_dynamic_config_prop:s0 exact int
+
 apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string