Allow composd to pass some system properties to CompOS Bug: 231579544 Test: see allowlisted system properties in the VM Change-Id: Idb263087639e4677e437ac2fcd2726ee71547f48

commit: 3423bc4bcb7cd3487cb82128eb2c6ab7fa67c5fc [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Tue May 10 16:14:30 2022 -0700
committer: Victor Hsieh <victorhsieh@google.com> Tue May 10 16:19:19 2022 -0700
tree: b72a94c933e326cf1337d8c0e9f77c46e765c893
parent: ce2b6da673afecfc52d0acc9e967bcf460335972 [diff]
diff --git a/microdroid/system/private/compos.te b/microdroid/system/private/compos.te
index 49bc5b3..386f11e 100644
--- a/microdroid/system/private/compos.te
+++ b/microdroid/system/private/compos.te

@@ -25,6 +25,10 @@
 # See b/35323867#comment3
 dontaudit compos self:global_capability_class_set dac_override;
 
+# Allow settings system properties that ART expects.
+set_prop(compos, dalvik_config_prop)
+set_prop(compos, device_config_runtime_native_boot_prop)
+
 # Allow running odrefresh in its own domain
 domain_auto_trans(compos, odrefresh_exec, odrefresh)
 

diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index abb193f..28fb8e1 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te

@@ -3,6 +3,7 @@
 # Declare ART properties for CompOS
 system_public_prop(dalvik_config_prop)
 system_restricted_prop(device_config_runtime_native_prop)
+system_restricted_prop(device_config_runtime_native_boot_prop)
 
 # Don't audit legacy ctl. property handling.  We only want the newer permission check to appear
 # in the audit log

diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index b2113e2..2b95520 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts

@@ -154,7 +154,9 @@
 heapprofd.enable u:object_r:heapprofd_prop:s0 exact bool
 
 # ART properties for CompOS
-dalvik.vm.                            u:object_r:dalvik_config_prop:s0 prefix
-persist.device_config.runtime_native. u:object_r:device_config_runtime_native_prop:s0 prefix
+dalvik.vm.                                  u:object_r:dalvik_config_prop:s0 prefix
+ro.dalvik.vm.                               u:object_r:dalvik_config_prop:s0 prefix
+persist.device_config.runtime_native.       u:object_r:device_config_runtime_native_prop:s0 prefix
+persist.device_config.runtime_native_boot.  u:object_r:device_config_runtime_native_boot_prop:s0 prefix
 
 apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string

diff --git a/private/composd.te b/private/composd.te
index 5f99a92..d007d66 100644
--- a/private/composd.te
+++ b/private/composd.te

@@ -31,6 +31,7 @@
 
 # Read ART's properties
 get_prop(composd, dalvik_config_prop)
+get_prop(composd, device_config_runtime_native_boot_prop)
 
 # We never create any artifact files directly
 neverallow composd apex_art_data_file:file ~unlink;
commit	3423bc4bcb7cd3487cb82128eb2c6ab7fa67c5fc	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Tue May 10 16:14:30 2022 -0700
committer	Victor Hsieh <victorhsieh@google.com>	Tue May 10 16:19:19 2022 -0700
tree	b72a94c933e326cf1337d8c0e9f77c46e765c893
parent	ce2b6da673afecfc52d0acc9e967bcf460335972 [diff]