Rename context names of zram properties
Moving from old bad name "exported*_prop".
Bug: 154885206
Bug: 155844385
Test: m selinux_policy
Change-Id: I21af42980e5e6e2c3cabea6c36825fa2836a55bc
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index ada852d..ee267a6 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -205,7 +205,9 @@
wpantund
wpantund_exec
wpantund_service
- wpantund_tmpfs))
+ wpantund_tmpfs
+ zram_config_prop
+ zram_control_prop))
;; private_objects - a collection of types that were labeled differently in
;; older policy, but that should not remain accessible to vendor policy.
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index ba79326..32dd5f9 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1341,12 +1341,14 @@
(typeattributeset exported2_radio_prop_30_0 (exported2_radio_prop))
(typeattributeset exported2_system_prop_30_0
( exported2_system_prop
- surfaceflinger_color_prop))
+ surfaceflinger_color_prop
+ zram_control_prop))
(typeattributeset exported2_vold_prop_30_0 (exported2_vold_prop vold_config_prop))
(typeattributeset exported3_default_prop_30_0
( exported3_default_prop
camera_config_prop
- lmkd_config_prop))
+ lmkd_config_prop
+ zram_config_prop))
(typeattributeset exported3_radio_prop_30_0 (exported3_radio_prop))
(typeattributeset exported3_system_prop_30_0 (exported3_system_prop boot_status_prop))
(typeattributeset exported_audio_prop_30_0 (exported_audio_prop audio_config_prop))
diff --git a/private/property.te b/private/property.te
index 7591b85..ca9f2ca 100644
--- a/private/property.te
+++ b/private/property.te
@@ -345,3 +345,9 @@
} {
libc_debug_prop
}:property_service set;
+
+neverallow {
+ -init
+ -system_server
+ -vendor_init
+} zram_control_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index e3497f7..c7ee92a 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -472,9 +472,11 @@
ro.vendor.build.security_patch u:object_r:vendor_security_patch_level_prop:s0 exact string
-ro.zram.mark_idle_delay_mins u:object_r:exported3_default_prop:s0 exact int
-ro.zram.first_wb_delay_mins u:object_r:exported3_default_prop:s0 exact int
-ro.zram.periodic_wb_delay_hours u:object_r:exported3_default_prop:s0 exact int
+ro.zram.mark_idle_delay_mins u:object_r:zram_config_prop:s0 exact int
+ro.zram.first_wb_delay_mins u:object_r:zram_config_prop:s0 exact int
+ro.zram.periodic_wb_delay_hours u:object_r:zram_config_prop:s0 exact int
+zram.force_writeback u:object_r:zram_config_prop:s0 exact bool
+persist.sys.zram_enabled u:object_r:zram_control_prop:s0 exact bool
ro.zygote u:object_r:exported3_default_prop:s0 exact string
@@ -499,8 +501,6 @@
wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
-zram.force_writeback u:object_r:exported3_default_prop:s0 exact bool
-
apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
dev.bootcomplete u:object_r:boot_status_prop:s0 exact bool
@@ -514,8 +514,6 @@
sys.user.0.ce_available u:object_r:exported3_system_prop:s0 exact bool
sys.vdso u:object_r:exported3_system_prop:s0 exact string
-persist.sys.zram_enabled u:object_r:exported2_system_prop:s0 exact bool
-
sys.usb.config u:object_r:exported_system_radio_prop:s0 exact string
sys.usb.configfs u:object_r:exported_system_radio_prop:s0 exact int
diff --git a/private/system_server.te b/private/system_server.te
index e9f57f1..cd2fa78 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -683,6 +683,12 @@
# Read the vendor property that indicates if Incremental features is enabled
get_prop(system_server, incremental_prop)
+# Read ro.zram. properties
+get_prop(system_server, zram_config_prop)
+
+# Read/write persist.sys.zram_enabled
+set_prop(system_server, zram_control_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/public/property.te b/public/property.te
index a3b27d8..79d0ca6 100644
--- a/public/property.te
+++ b/public/property.te
@@ -121,6 +121,7 @@
system_vendor_config_prop(virtual_ab_prop)
system_vendor_config_prop(vndk_prop)
system_vendor_config_prop(vold_config_prop)
+system_vendor_config_prop(zram_config_prop)
# Properties with no restrictions
system_public_prop(audio_prop)
@@ -161,6 +162,7 @@
system_public_prop(system_prop)
system_public_prop(wifi_log_prop)
system_public_prop(wifi_prop)
+system_public_prop(zram_control_prop)
# Properties used in default HAL implementations
vendor_internal_prop(rebootescrow_hal_prop)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index d718bbc9..748cd7e 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -239,6 +239,7 @@
set_prop(vendor_init, vndk_prop)
set_prop(vendor_init, virtual_ab_prop)
set_prop(vendor_init, wifi_log_prop)
+set_prop(vendor_init, zram_control_prop)
get_prop(vendor_init, boot_status_prop)
get_prop(vendor_init, exported2_radio_prop)