Add an adb_tradeinmode type for restricted adbd. This adds sepolicy for a super restricted adbd mode. Currently, this mode has just enough permissions to handle adb connection. It also adds a new property, persist.adb.tradeinmode, which can be used to enter this restricted version of adbd. Test: manual test Bug: 307713521 Change-Id: I99963f27ebab615332cb971701d1c06ea01332a1

commit: 3fce5ad00269b135ddcb8fc20e3641a681d46028 [log] [tgz]
author: David Anderson <dvander@google.com> Fri Oct 11 08:58:23 2024 -0700
committer: David Anderson <dvander@google.com> Tue Oct 15 10:12:56 2024 -0700
tree: 4dddccfca8be10022f8b97bff80c7bbc311c73b4
parent: 0fbd29a64cd109c13392324ad2c27d205dbfd4d9 [diff] [blame]
diff --git a/private/property.te b/private/property.te
index 40beca5..c746cb3 100644
--- a/private/property.te
+++ b/private/property.te

@@ -1,5 +1,6 @@
 # Properties used only in /system
 system_internal_prop(adbd_prop)
+system_internal_prop(adbd_tradeinmode_prop)
 system_internal_prop(apexd_payload_metadata_prop)
 system_internal_prop(ctl_snapuserd_prop)
 system_internal_prop(crashrecovery_prop)
@@ -509,6 +510,7 @@
   -init
   -vendor_init
   -adbd
+  -adbd_tradeinmode
   -system_server
 } {
   adbd_config_prop
@@ -519,6 +521,7 @@
   domain
   -init
   -adbd
+  -adbd_tradeinmode
 } {
   adbd_prop
 }:property_service set;
commit	3fce5ad00269b135ddcb8fc20e3641a681d46028	[log] [tgz]
author	David Anderson <dvander@google.com>	Fri Oct 11 08:58:23 2024 -0700
committer	David Anderson <dvander@google.com>	Tue Oct 15 10:12:56 2024 -0700
tree	4dddccfca8be10022f8b97bff80c7bbc311c73b4
parent	0fbd29a64cd109c13392324ad2c27d205dbfd4d9 [diff] [blame]