Add selinux rules for userspace reboot related properties By default sys.init.userspace_reboot.* properties are internal to /system partition. Only exception is sys.init.userspace_reboot.in_progress which signals to all native services (including vendor ones) that userspace reboot is happening, hence it should be a system_public_prop. Only init should be allowed to set userspace reboot related properties. Bug: 135984674 Test: builds Test: adb reboot userspace Change-Id: Ibb04965be2d5bf6e81b34569aaaa1014ff61e0d3

commit: 7065e46b5dfd15133ae740f6824cd428cdddc403 [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Thu Nov 14 12:59:15 2019 +0000
committer: Nikita Ioffe <ioffe@google.com> Tue Nov 19 17:41:28 2019 +0000
tree: 912f21f57517684b82e1b146065b08c5f86b3b9b
parent: e2aabe5012d50b3e70016223702ec59fde60ac97 [diff]
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 33678b0..6bfa4b7 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -31,6 +31,8 @@
     system_group_file
     system_passwd_file
     timezonedetector_service
+    userspace_reboot_prop
+    userspace_reboot_exported_prop
     vendor_apex_file
     vendor_boringssl_self_test
     vendor_install_recovery

diff --git a/private/domain.te b/private/domain.te
index 5851d75..ce2d900 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -73,6 +73,8 @@
     get_prop({coredomain appdomain shell}, exported3_default_prop)
     get_prop({coredomain appdomain shell}, exported3_radio_prop)
     get_prop({coredomain appdomain shell}, exported3_system_prop)
+    get_prop({coredomain shell}, userspace_reboot_exported_prop)
+    get_prop({coredomain shell}, userspace_reboot_prop)
     get_prop({domain -coredomain -appdomain}, vendor_default_prop)
 ')
 

diff --git a/private/init.te b/private/init.te
index 374b207..3edd021 100644
--- a/private/init.te
+++ b/private/init.te

@@ -32,3 +32,9 @@
 
 # Allow the BoringSSL self test to request a reboot upon failure
 set_prop(init, powerctl_prop)
+
+# Only init is allowed to set userspace reboot related properties.
+set_prop(init, userspace_reboot_prop)
+set_prop(init, userspace_reboot_exported_prop)
+neverallow { domain -init } userspace_reboot_prop:property_service set;
+neverallow { domain -init } userspace_reboot_exported_prop:property_service set;

diff --git a/private/property_contexts b/private/property_contexts
index 16c8d93..ff79c34 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -22,6 +22,7 @@
 hw.                     u:object_r:system_prop:s0
 ro.hw.                  u:object_r:system_prop:s0
 sys.                    u:object_r:system_prop:s0
+sys.init.userspace_reboot   u:object_r:userspace_reboot_prop:s0
 sys.cppreopt            u:object_r:cppreopt_prop:s0
 sys.linker.             u:object_r:linker_prop:s0
 sys.lpdumpd             u:object_r:lpdumpd_prop:s0
commit	7065e46b5dfd15133ae740f6824cd428cdddc403	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Thu Nov 14 12:59:15 2019 +0000
committer	Nikita Ioffe <ioffe@google.com>	Tue Nov 19 17:41:28 2019 +0000
tree	912f21f57517684b82e1b146065b08c5f86b3b9b
parent	e2aabe5012d50b3e70016223702ec59fde60ac97 [diff]