Revert^2 "Adding sepolicy rules for CrashRecoveryProperties"
This reverts commit f76b3cf07a8c12bc19549284436a7610fbfb5fc4.
Reason for revert: This part is not causing failures
Change-Id: I3c01877f7473f35552e43433c069664276a99067
diff --git a/private/property.te b/private/property.te
index a098d05..38e69bb 100644
--- a/private/property.te
+++ b/private/property.te
@@ -2,6 +2,7 @@
system_internal_prop(adbd_prop)
system_internal_prop(apexd_payload_metadata_prop)
system_internal_prop(ctl_snapuserd_prop)
+system_internal_prop(crashrecovery_prop)
system_internal_prop(device_config_core_experiments_team_internal_prop)
system_internal_prop(device_config_lmkd_native_prop)
system_internal_prop(device_config_mglru_native_prop)
diff --git a/private/property_contexts b/private/property_contexts
index be72223..2812556 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1630,3 +1630,14 @@
# Properties for ThreadNetworkService
threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string
+
+# Properties for crashrecovery
+crashrecovery.attempting_factory_reset u:object_r:crashrecovery_prop:s0 exact bool
+crashrecovery.attempting_reboot u:object_r:crashrecovery_prop:s0 exact bool
+crashrecovery.boot_mitigation_count u:object_r:crashrecovery_prop:s0 exact int
+crashrecovery.boot_mitigation_start u:object_r:crashrecovery_prop:s0 exact int
+crashrecovery.max_rescue_level_attempted u:object_r:crashrecovery_prop:s0 exact int
+crashrecovery.rescue_boot_count u:object_r:crashrecovery_prop:s0 exact int
+crashrecovery.rescue_boot_start u:object_r:crashrecovery_prop:s0 exact int
+persist.crashrecovery.enable_rescue u:object_r:crashrecovery_prop:s0 exact bool
+persist.crashrecovery.last_factory_reset u:object_r:crashrecovery_prop:s0 exact int
diff --git a/private/system_server.te b/private/system_server.te
index 20c3e8b..d4ce559 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -736,6 +736,7 @@
set_prop(system_server, locale_prop)
set_prop(system_server, timezone_metadata_prop)
set_prop(system_server, timezone_prop)
+set_prop(system_server, crashrecovery_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
userdebug_or_eng(`set_prop(system_server, system_user_mode_emulation_prop)')
@@ -1579,3 +1580,7 @@
# Allow system server to read pm.archiving.enabled prop
# TODO(azilio): Remove system property after archiving testing is completed.
get_prop(system_server, pm_archiving_enabled_prop)
+
+# Do not allow any domain other than init or system server to get or set the property
+neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
+neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;