commit 89248159daef20cc4e5057f6bb74bc81d209b227
author Treehugger Robot <treehugger-gerrit@google.com> Thu Dec 01 21:38:16 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Dec 01 21:38:16 2022 +0000
tree 9e80ad0f9a176f3e26cd605589533b2b02af131d
parent 98d709b4df95eb85212e6259fdc4f1adb321be19
parent 592b345626742eb7de296ca1d602446b44b16692

Merge "Provide network permissions to RKPD app."

microdroid/system/private/microdroid_manager.te

diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index 4c19cfe..baf8366 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te
@@ -85,6 +85,9 @@
 # Allow microdroid_manager to set sysprops calculated from the payload config
 set_prop(microdroid_manager, microdroid_config_prop)
 
+# Allow microdroid_manager to set sysprops related to microdroid_lifecycle (ex. init_done)
+set_prop(microdroid_manager, microdroid_lifecycle_prop)
+
 # Allow microdroid_manager to shutdown the device when verification fails
 set_prop(microdroid_manager, powerctl_prop)
 

microdroid/system/private/property.te

diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index 733bb33..d983775 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te
@@ -45,10 +45,10 @@
     domain
     -init
     -microdroid_manager
-} microdroid_config_prop:property_service set;
+} {microdroid_config_prop microdroid_lifecycle_prop}:property_service set;
 
 neverallow {
     domain
     -init
     -microdroid_manager
-} microdroid_config_prop:file no_rw_file_perms;
+} {microdroid_config_prop microdroid_lifecycle_prop}:file no_rw_file_perms;

microdroid/system/private/property_contexts

diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index ad8a064..9222bdb 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -122,7 +122,9 @@
 microdroid_manager.apk.mounted u:object_r:microdroid_manager_zipfuse_prop:s0 exact bool
 
 microdroid_manager.authfs.enabled u:object_r:microdroid_config_prop:s0 exact bool
-microdroid_manager.config_done u:object_r:microdroid_config_prop:s0 exact bool
+
+microdroid_manager.config_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
+microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
 
 dev.mnt.blk.root   u:object_r:dev_mnt_prop:s0 exact string
 dev.mnt.blk.vendor u:object_r:dev_mnt_prop:s0 exact string

microdroid/system/public/property.te

diff --git a/microdroid/system/public/property.te b/microdroid/system/public/property.te
index fdb8cc5..a2c3b77 100644
--- a/microdroid/system/public/property.te
+++ b/microdroid/system/public/property.te
@@ -41,6 +41,7 @@
 type microdroid_manager_roothash_prop, property_type;
 type microdroid_manager_zipfuse_prop, property_type;
 type microdroid_config_prop, property_type;
+type microdroid_lifecycle_prop, property_type;
 type property_service_version_prop, property_type;
 type shell_prop, property_type;
 type timezone_prop, property_type;