kcmdlinectrl: define system property for kcmdlinectrl
This defines the kcmdline_prop context for properties controlled by
kcmdlinectrl, and defines a property called kcmdline.binder for
switching between the Rust and C implementations of the Binder driver.
It is intended that additional kcmdline properties introduced in the
future would share the same kcmdline_prop context.
Test: Verified that setprop/getprop work and that the value is loaded properly at boot
Bug: 326222756
Change-Id: Iea362df98d729ee110b6058c6e5fa6b6ace03d8e
diff --git a/private/domain.te b/private/domain.te
index 66bce05..4692eda 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -227,6 +227,7 @@
-ueventd
-mtectrl
-misctrl
+ -kcmdlinectrl
} misc_block_device:blk_file { append link relabelfrom rename write open read ioctl lock };
# Limit ability to ptrace or read sensitive /proc/pid files of processes
@@ -806,6 +807,7 @@
} system_app_data_file:dir_file_class_set { create unlink open };
neverallow { domain -init } mtectrl:process { dyntransition transition };
+neverallow { domain -init } kcmdlinectrl:process { dyntransition transition };
# For now, don't allow processes other than gmscore to access /data/misc_ce/<userid>/checkin
neverallow { domain -gmscore_app -init -vold_prepare_subdirs } checkin_data_file:{dir file} *;
diff --git a/private/file_contexts b/private/file_contexts
index e22a470..621e377 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -335,6 +335,7 @@
/system/bin/perfetto u:object_r:perfetto_exec:s0
/system/bin/mtectrl u:object_r:mtectrl_exec:s0
/system/bin/misctrl u:object_r:misctrl_exec:s0
+/system/bin/kcmdlinectrl u:object_r:kcmdlinectrl_exec:s0
/system/bin/traced u:object_r:traced_exec:s0
/system/bin/traced_perf u:object_r:traced_perf_exec:s0
/system/bin/traced_probes u:object_r:traced_probes_exec:s0
diff --git a/private/kcmdlinectrl.te b/private/kcmdlinectrl.te
new file mode 100644
index 0000000..d569dc0
--- /dev/null
+++ b/private/kcmdlinectrl.te
@@ -0,0 +1,22 @@
+# kcmdlinectrl is a tool to have the bootloader send kernel commandline flags
+# for enabling dogfood features in the kernel
+type kcmdlinectrl, domain, coredomain;
+type kcmdlinectrl_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(kcmdlinectrl)
+
+# for setting kcmdline properties to match the bootloader state.
+set_prop(kcmdlinectrl, kcmdline_prop)
+
+# kcmdlinectrl communicates the request to the bootloader via the misc partition.
+# needs to write to update the request in misc partition, and read to sync
+# back to the property.
+allow kcmdlinectrl misc_block_device:blk_file rw_file_perms;
+allow kcmdlinectrl block_device:dir r_dir_perms;
+read_fstab(kcmdlinectrl)
+
+# bootloader_message tries to find the fstab in the device config path first,
+# but because we've already booted up we can use the ro.boot properties instead,
+# so we can just ignore the SELinux denial.
+dontaudit kcmdlinectrl sysfs_dt_firmware_android:dir search;
+dontaudit kcmdlinectrl vendor_property_type:file read;
diff --git a/private/property.te b/private/property.te
index 2d030ab..e06c7e7 100644
--- a/private/property.te
+++ b/private/property.te
@@ -24,6 +24,7 @@
system_internal_prop(init_service_status_private_prop)
system_internal_prop(init_storage_prop)
system_internal_prop(init_svc_debug_prop)
+system_internal_prop(kcmdline_prop)
system_internal_prop(keystore_crash_prop)
system_internal_prop(keystore_listen_prop)
system_internal_prop(last_boot_reason_prop)
@@ -492,6 +493,15 @@
neverallow {
domain
-init
+ -shell
+ -kcmdlinectrl
+} {
+ kcmdline_prop
+}:property_service set;
+
+neverallow {
+ domain
+ -init
-system_server
-vendor_init
} zram_control_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 7e31dd7..cb22d64 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -893,6 +893,11 @@
arm64.memtag. u:object_r:arm64_memtag_prop:s0 prefix string
persist.arm64.memtag. u:object_r:arm64_memtag_prop:s0 prefix string
+# kcmdline props for dogfood experiments
+# All kcmdline properties share the kcmdline_prop context
+kcmdline.loaded u:object_r:kcmdline_prop:s0 exact bool
+kcmdline.binder u:object_r:kcmdline_prop:s0 exact enum c rust
+
net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
# Settings system properties containing mutable "global" device settings.
diff --git a/private/shell.te b/private/shell.te
index 60684f4..2b7bd88 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -228,6 +228,9 @@
# Allow shell to write MTE properties even on user builds.
set_prop(shell, arm64_memtag_prop)
+# Allow shell to write kcmdline properties even on user builds.
+set_prop(shell, kcmdline_prop)
+
# Allow shell to read the dm-verity props on user builds.
get_prop(shell, verity_status_prop)