commit 75e3fa6ead9400aede4e3cc60986b47433f484f1
author Chun-Wei Wang <wangchun@google.com> Sat Mar 06 14:33:38 2021 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Sat Mar 06 14:33:38 2021 +0000
tree c12d6feaae10c9a7cd49cf888941b22529dafd8a
parent 3d52817da411821e7288c7c9d730fb42fc9a6e64
parent 0f8cf04965283e6d1db7e697e10508f0a5780c00

Merge "Add persist.rollback.is_test (6/n)"

private/coredomain.te

diff --git a/private/coredomain.te b/private/coredomain.te
index de9b953..9fe82d3 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -11,6 +11,7 @@
 get_prop(coredomain, localization_prop)
 get_prop(coredomain, pm_prop)
 get_prop(coredomain, radio_control_prop)
+get_prop(coredomain, rollback_test_prop)
 get_prop(coredomain, setupwizard_prop)
 get_prop(coredomain, sqlite_log_prop)
 get_prop(coredomain, storagemanager_config_prop)

private/property.te

diff --git a/private/property.te b/private/property.te
index 34c0fd8..88f3ec0 100644
--- a/private/property.te
+++ b/private/property.te
@@ -21,6 +21,7 @@
 system_internal_prop(lower_kptr_restrict_prop)
 system_internal_prop(netd_stable_secret_prop)
 system_internal_prop(pm_prop)
+system_internal_prop(rollback_test_prop)
 system_internal_prop(setupwizard_prop)
 system_internal_prop(system_adbd_prop)
 system_internal_prop(suspend_prop)
@@ -556,3 +557,9 @@
 # Only one of system_property_type and vendor_property_type can be assigned.
 # Property types having both attributes won't be accessible from anywhere.
 neverallow domain system_and_vendor_property_type:{file property_service} *;
+
+neverallow {
+  # Only allow init and shell to set rollback_test_prop
+  -init
+  -shell
+} rollback_test_prop:property_service set;

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 22e0ff6..1854bd7 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1122,3 +1122,7 @@
 # SOC related props
 ro.soc.manufacturer u:object_r:soc_prop:s0 exact string
 ro.soc.model        u:object_r:soc_prop:s0 exact string
+
+# set to true when running rollback tests to disable fallback-to-copy when enabling rollbacks
+# to detect failures where hard linking should work otherwise
+persist.rollback.is_test u:object_r:rollback_test_prop:s0 exact bool

private/shell.te

diff --git a/private/shell.te b/private/shell.te
index 94a2c2e..a99ada8 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -94,6 +94,9 @@
 # userspace reboot
 set_prop(shell, userspace_reboot_test_prop)
 
+# Allow shell to set this property used for rollback tests
+set_prop(shell, rollback_test_prop)
+
 # Allow shell to get encryption policy of /data/local/tmp/, for CTS
 allowxperm shell shell_data_file:dir ioctl {
   FS_IOC_GET_ENCRYPTION_POLICY