Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 943f869f1ba9d081e0ea7cf511f3e9bdc4871ac9^1..943f869f1ba9d081e0ea7cf511f3e9bdc4871ac9 / .
commit943f869f1ba9d081e0ea7cf511f3e9bdc4871ac9[log] [tgz]
authorKangping Dong <wgtdkp@google.com>Thu Jan 25 09:39:13 2024 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Thu Jan 25 09:39:13 2024 +0000
treed9fdd236daa0ac1463d185862d7d41e170a9fc49
parent75f527a74ee8e684dd9ecc890365020a644df4ac [diff]
parent1d75b43704c4592fce2c150f6e11d83b0814a12b [diff]
Merge "Add sepolicy for the Thread Network property" into main
diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index f7b4941..c1cd3ee 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil

@@ -37,4 +37,5 @@
     drm_forcel3_prop
     proc_percpu_pagelist_high_fraction
     vendor_microdroid_file
+    threadnetwork_config_prop
   ))

diff --git a/private/property_contexts b/private/property_contexts
index f778f83..be72223 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -1628,3 +1628,5 @@
 # Properties for app archiving
 pm.archiving.enabled      u:object_r:pm_archiving_enabled_prop:s0 exact bool
 
+# Properties for ThreadNetworkService
+threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string

diff --git a/private/system_server.te b/private/system_server.te
index decabe1..6ba7d4a 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1565,3 +1565,14 @@
 # Allow GameManagerService to read and write persist.graphics.game_default_frame_rate.enabled
 set_prop(system_server, game_manager_config_prop)
 
+# ThreadNetworkService reads Thread Network properties
+get_prop(system_server, threadnetwork_config_prop)
+
+# Do not allow any domain other than init and system server to set the property
+neverallow {
+  domain
+  -init
+  -vendor_init
+  -dumpstate
+  -system_server
+} threadnetwork_config_prop:file no_rw_file_perms;

diff --git a/public/property.te b/public/property.te
index b072b5b..c513434 100644
--- a/public/property.te
+++ b/public/property.te

@@ -181,6 +181,7 @@
 system_vendor_config_prop(suspend_prop)
 system_vendor_config_prop(systemsound_config_prop)
 system_vendor_config_prop(telephony_config_prop)
+system_vendor_config_prop(threadnetwork_config_prop)
 system_vendor_config_prop(tombstone_config_prop)
 system_vendor_config_prop(usb_config_prop)
 system_vendor_config_prop(userspace_reboot_config_prop)