Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 360e0f91c3f8ac9a51204cb0194abb05cb66ba90^! / .
commit360e0f91c3f8ac9a51204cb0194abb05cb66ba90[log] [tgz]
authorNikita Ioffe <ioffe@google.com>Sat Mar 13 01:35:51 2021 +0000
committerNikita Ioffe <ioffe@google.com>Mon Mar 15 00:35:38 2021 +0000
tree91249891d0395bd1168bf03e8206a06050c7dbf7
parent76730064a4e920d279293339c0db0e2f533022ca [diff]
Add apexd_config_prop type

This type is used for properties that provides per-device configuration
for apexd behaviour (so far - timeouts for creating/deleting dm device).

Test: builds
Bug: 182296338
Change-Id: Ib815f081d3ab94aa8c941ac68b57ebe661acedb9

diff --git a/private/apexd.te b/private/apexd.te
index a2a77ab..d65de19 100644
--- a/private/apexd.te
+++ b/private/apexd.te

@@ -158,6 +158,9 @@
 # apexd uses it to decide whether it needs to keep retrying polling for loop device.
 get_prop(apexd, cold_boot_done_prop)
 
+# Allow apexd to read per-device configuration properties.
+get_prop(apexd, apexd_config_prop)
+
 neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index cbee4b7..82d882e 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -13,6 +13,7 @@
     apex_info_file
     apex_ota_reserved_file
     apex_scheduling_data_file
+    apexd_config_prop
     app_hibernation_service
     appcompat_data_file
     arm64_memtag_prop

diff --git a/private/property.te b/private/property.te
index e435628..9ec2a1a 100644
--- a/private/property.te
+++ b/private/property.te

@@ -601,3 +601,15 @@
   -init
   -shell
 } rollback_test_prop:property_service set;
+
+# Only init and vendor_init are allowed to set apexd_config_prop
+neverallow { domain -init -vendor_init } apexd_config_prop:property_service set;
+
+# apexd_config properties should only be read by apexd, and dumpstate (to appear in bugreports).
+neverallow {
+  domain
+  -apexd
+  -init
+  -dumpstate
+  -vendor_init
+} apexd_config_prop:file no_rw_file_perms;

diff --git a/private/property_contexts b/private/property_contexts
index 98ac9bf..4120b51 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -244,6 +244,8 @@
 persist.device_config.global_settings.sys_traced u:object_r:device_config_sys_traced_prop:s0
 
 apexd.                  u:object_r:apexd_prop:s0
+apexd.config.dm_delete.timeout           u:object_r:apexd_config_prop:s0 exact uint
+apexd.config.dm_create.timeout           u:object_r:apexd_config_prop:s0 exact uint
 persist.apexd.          u:object_r:apexd_prop:s0
 
 bpf.progs_loaded        u:object_r:bpf_progs_loaded_prop:s0

diff --git a/public/property.te b/public/property.te
index 506e985..db5d754 100644
--- a/public/property.te
+++ b/public/property.te

@@ -112,6 +112,7 @@
 ')
 
 # Properties which can be written only by vendor_init
+system_vendor_config_prop(apexd_config_prop)
 system_vendor_config_prop(aaudio_config_prop)
 system_vendor_config_prop(apk_verity_prop)
 system_vendor_config_prop(audio_config_prop)