Add selinux rules for userspace reboot related properties By default sys.init.userspace_reboot.* properties are internal to /system partition. Only exception is sys.init.userspace_reboot.in_progress which signals to all native services (including vendor ones) that userspace reboot is happening, hence it should be a system_public_prop. Only init should be allowed to set userspace reboot related properties. Bug: 135984674 Test: builds Test: adb reboot userspace Change-Id: Ibb04965be2d5bf6e81b34569aaaa1014ff61e0d3

commit: 7065e46b5dfd15133ae740f6824cd428cdddc403 [log] [tgz]
author: Nikita Ioffe <ioffe@google.com> Thu Nov 14 12:59:15 2019 +0000
committer: Nikita Ioffe <ioffe@google.com> Tue Nov 19 17:41:28 2019 +0000
tree: 912f21f57517684b82e1b146065b08c5f86b3b9b
parent: e2aabe5012d50b3e70016223702ec59fde60ac97 [diff] [blame]
diff --git a/private/init.te b/private/init.te
index 374b207..3edd021 100644
--- a/private/init.te
+++ b/private/init.te

@@ -32,3 +32,9 @@
 
 # Allow the BoringSSL self test to request a reboot upon failure
 set_prop(init, powerctl_prop)
+
+# Only init is allowed to set userspace reboot related properties.
+set_prop(init, userspace_reboot_prop)
+set_prop(init, userspace_reboot_exported_prop)
+neverallow { domain -init } userspace_reboot_prop:property_service set;
+neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
commit	7065e46b5dfd15133ae740f6824cd428cdddc403	[log] [tgz]
author	Nikita Ioffe <ioffe@google.com>	Thu Nov 14 12:59:15 2019 +0000
committer	Nikita Ioffe <ioffe@google.com>	Tue Nov 19 17:41:28 2019 +0000
tree	912f21f57517684b82e1b146065b08c5f86b3b9b
parent	e2aabe5012d50b3e70016223702ec59fde60ac97 [diff] [blame]