commit 47cd53a55855b911b80b54b68702f5ee5db51d00
author Sami Tolvanen <samitolvanen@google.com> Wed Feb 18 13:56:06 2015 +0000
committer Sami Tolvanen <samitolvanen@google.com> Wed Feb 18 13:56:06 2015 +0000
tree 4fdff8cd19d43eab3e8ed92c1c8dd311cc022f4b
parent 41d961a7281bff9e345dcefcf7a6ea95f6129714

Allow ueventd to set verity.* properties

On dm-verity errors, we catch uevents in ueventd and set the value
for a matching verity.* property. Allow ueventd to actually change
property values.

Needed by changes from
  Ibb82953594d234f81ad21c40f524190b88e4ac8f

Change-Id: I79bc90733edf8a45b27e64795f4adfbb3bc028dc

property.te

diff --git a/property.te b/property.te
index 6fedfa7..8faa472 100644
--- a/property.te
+++ b/property.te
@@ -8,6 +8,7 @@
 type net_radio_prop, property_type;
 type system_radio_prop, property_type;
 type system_prop, property_type;
+type verity_prop, property_type;
 type vold_prop, property_type;
 type ctl_bootanim_prop, property_type;
 type ctl_default_prop, property_type;

property_contexts

diff --git a/property_contexts b/property_contexts
index 06f6c17..47e544a 100644
--- a/property_contexts
+++ b/property_contexts
@@ -49,6 +49,9 @@
 vold.                   u:object_r:vold_prop:s0
 crypto.                 u:object_r:vold_prop:s0
 
+# dm-verity properties
+verity.                 u:object_r:verity_prop:s0
+
 # ro.build.fingerprint is either set in /system/build.prop, or is
 # set at runtime by system_server.
 build.fingerprint       u:object_r:fingerprint_prop:s0

ueventd.te

diff --git a/ueventd.te b/ueventd.te
index 2e61e88..0f2809d 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -23,3 +23,9 @@
 
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;
+
+# Set property.
+unix_socket_connect(ueventd, property, init)
+
+# Property service
+allow ueventd verity_prop:property_service set;