Define sepolicy for redirect-socket-calls feature Define two property_context. 1. vendor_socket_hook_prop - for ro.vendor.redirect_socket_calls. The property set once in vendor_init context. It's evaluated at process start time and is cannot change at runtime on a given device. The set permission is restricted to vendor_init. The read permission is unrestricted. 2. socket_hook_prop - for net.redirect_socket_calls.hooked. The property can be changed by System Server at runtime. It's evaluated when shimmed socket functions is called. The set permission is restricted to System Server. The read permission is unrestricted. Bug: Bug: 141611769 Test: System Server can set net.redirect_socket_calls.hooked libnetd_client can read both properties libnetd_client can't set both properties Change-Id: Ic42269539923e6930cc0ee3df8ba032797212395

commit: 64f0be204b3c7e6fb77b034edd800124f4b1bf84 [log] [tgz]
author: Ken Chen <cken@google.com> Mon Feb 10 17:43:15 2020 +0800
committer: Ken Chen <cken@google.com> Tue Feb 11 20:55:02 2020 +0800
tree: db99030079aeb4d248ac7acdf6e02b7ec19dab0e
parent: 036eb2518d5ee4ce8d2e200b3c46901f8bf0e6a3 [diff] [blame]
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 51e7b5c..acca2b1 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -146,6 +146,7 @@
     simpleperf_app_runner
     simpleperf_app_runner_exec
     slice_service
+    socket_hook_prop
     staging_data_file
     stats
     stats_data_file
@@ -199,6 +200,7 @@
     vendor_apex_file
     vendor_init
     vendor_shell
+    vendor_socket_hook_prop
     vndk_prop
     vold_metadata_file
     vold_prepare_subdirs
commit	64f0be204b3c7e6fb77b034edd800124f4b1bf84	[log] [tgz]
author	Ken Chen <cken@google.com>	Mon Feb 10 17:43:15 2020 +0800
committer	Ken Chen <cken@google.com>	Tue Feb 11 20:55:02 2020 +0800
tree	db99030079aeb4d248ac7acdf6e02b7ec19dab0e
parent	036eb2518d5ee4ce8d2e200b3c46901f8bf0e6a3 [diff] [blame]