Allow system_server to control the artd_pre_reboot service.
Bug: 356858364
Test: adb shell pm art pr-dexopt-job --run
Change-Id: Id5e557575a85b2ca753de894ff739d1ed2e188bf
diff --git a/private/property.te b/private/property.te
index 1f94608..610e448 100644
--- a/private/property.te
+++ b/private/property.te
@@ -68,6 +68,7 @@
system_internal_prop(hidl_memory_prop)
system_internal_prop(suspend_debug_prop)
system_internal_prop(system_service_enable_prop)
+system_internal_prop(ctl_artd_pre_reboot_prop)
# Properties which can't be written outside system
diff --git a/private/property_contexts b/private/property_contexts
index f631f8f..fb36be4 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -202,6 +202,11 @@
ctl.stop$snapuserd u:object_r:ctl_snapuserd_prop:s0
ctl.restart$snapuserd u:object_r:ctl_snapuserd_prop:s0
+# Restrict access to starting/stopping artd_pre_reboot.
+ctl.start$artd_pre_reboot u:object_r:ctl_artd_pre_reboot_prop:s0
+ctl.stop$artd_pre_reboot u:object_r:ctl_artd_pre_reboot_prop:s0
+ctl.restart$artd_pre_reboot u:object_r:ctl_artd_pre_reboot_prop:s0
+
# NFC properties
nfc. u:object_r:nfc_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 0385df3..d902cc8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -774,6 +774,7 @@
set_prop(system_server, ctl_default_prop)
set_prop(system_server, ctl_bugreport_prop)
set_prop(system_server, ctl_gsid_prop)
+set_prop(system_server, ctl_artd_pre_reboot_prop)
# cppreopt property
set_prop(system_server, cppreopt_prop)