Minimize public policy
Ideally, public should only contain APIs (types / attributes) for
vendor. The other statements like allow/neverallow/typeattributes are
regarded as implementation detail for platform and should be in private.
Bug: 232023812
Test: m selinux_policy
Test: diff <(git diff --staged | grep "^-" | cut -b2- | sort) \
<(git diff --staged | grep "^+" | cut -b2- | sort)
Test: remove comments on plat_sepolicy.cil, replace base_typeattr_*
to base_typeattr and then compare old and new plat_sepolicy.cil
Change-Id: I5e7d2da4465ab0216de6bacdf03077d37f6ffe12
diff --git a/private/system_server.te b/private/system_server.te
index 7306773..acaa9e2 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1281,6 +1281,10 @@
# Allow system server to read profcollectd reports for upload.
userdebug_or_eng(`r_dir_file(system_server, profcollectd_data_file)')
+# Power controls for debugging/diagnostics
+get_prop(system_server, power_debug_prop)
+set_prop(system_server, power_debug_prop)
+
###
### Neverallow rules
###
@@ -1616,10 +1620,18 @@
# TODO(azilio): Remove system property after archiving testing is completed.
get_prop(system_server, pm_archiving_enabled_prop)
+# Allow accessing /mnt/pre_reboot_dexopt/chroot, to load the new service-art.jar
+# in Pre-reboot Dexopt.
+allow system_server pre_reboot_dexopt_file:dir { getattr search };
+
# Do not allow any domain other than init or system server to get or set the property
neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;
-# Allow accessing /mnt/pre_reboot_dexopt/chroot, to load the new service-art.jar
-# in Pre-reboot Dexopt.
-allow system_server pre_reboot_dexopt_file:dir { getattr search };
+neverallow {
+ domain
+ -init
+ -vendor_init
+ -system_server
+ -shell
+} power_debug_prop:property_service set;