commit 8bfdd82123d617bd5134dde4312cc8dc6c0bfe82
author Seth Moore <sethmo@google.com> Wed Apr 20 10:10:49 2022 -0700
committer Seth Moore <sethmo@google.com> Wed Apr 20 17:15:20 2022 -0700
tree 3e48201fd7e4640806f0e343393d80936bcc5cc5
parent 47bddcd065d6b13a9e8048330286bb54a25582a8

Allow the remote provisioner app to set rkp_only properties

The properties for rkp_only are no longer read only.

This allows remote provisioner unit tests to enable/disable the remote
provisioning only mode, which is required to fully verify functionality.

Test: RemoteProvisionerUnitTests
Bug: 227306369
Change-Id: I8006712a49c4d0605f6268068414b49714bbd939

private/init.te

diff --git a/private/init.te b/private/init.te
index 1405b9e..997a184 100644
--- a/private/init.te
+++ b/private/init.te
@@ -105,9 +105,6 @@
 # Only init can set keystore.boot_level
 neverallow { domain -init } keystore_listen_prop:property_service set;
 
-# Only init can set the ro.remote_provisioning.* props
-neverallow { domain -init } remote_prov_prop:property_service set;
-
 # Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
 allow init debugfs_bootreceiver_tracing:file w_file_perms;
 

private/property.te

diff --git a/private/property.te b/private/property.te
index ccf6040..5f565da 100644
--- a/private/property.te
+++ b/private/property.te
@@ -614,6 +614,13 @@
 neverallow domain system_and_vendor_property_type:{file property_service} *;
 
 neverallow {
+  # Only init and the remote provisioner can set the ro.remote_provisioning.* props
+  domain
+  -init
+  -remote_prov_app
+} remote_prov_prop:property_service set;
+
+neverallow {
   # Only allow init and shell to set rollback_test_prop
   domain
   -init

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 1ad19c1..97d3764 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1255,9 +1255,9 @@
 
 ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool
 
-# Store the URL that the provisioning code should point at.
-ro.remote_provisioning.strongbox.rkp_only u:object_r:remote_prov_prop:s0 exact bool
-ro.remote_provisioning.tee.rkp_only u:object_r:remote_prov_prop:s0 exact bool
+# Allows a device to run without batch attestation keys
+remote_provisioning.strongbox.rkp_only u:object_r:remote_prov_prop:s0 exact bool
+remote_provisioning.tee.rkp_only u:object_r:remote_prov_prop:s0 exact bool
 
 # Broadcast boot stages, which keystore listens to
 keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int

private/remote_prov_app.te

diff --git a/private/remote_prov_app.te b/private/remote_prov_app.te
index b2b3987..43b69d2 100644
--- a/private/remote_prov_app.te
+++ b/private/remote_prov_app.te
@@ -4,7 +4,7 @@
 app_domain(remote_prov_app)
 net_domain(remote_prov_app)
 
-get_prop(remote_prov_app, remote_prov_prop)
+set_prop(remote_prov_app, remote_prov_prop)
 # The app needs access to properly build a DeviceInfo package for the verifying server
 get_prop(remote_prov_app, vendor_security_patch_level_prop)