sepolicy: allow hwservicemanager to set properties
Allow hwservicemanager to set properties starting with the prefix
"hwservicemanager."
b/31458381
b/31240290
Test: passing build and runtime tests
Change-Id: Id92e2170f52893bbf236987ee59383df2264952f
Signed-off-by: Iliyan Malchev <malchev@google.com>
diff --git a/hwservicemanager.te b/hwservicemanager.te
index c347755..649e2b8 100644
--- a/hwservicemanager.te
+++ b/hwservicemanager.te
@@ -13,6 +13,8 @@
allow hwservicemanager self:binder set_context_mgr;
allow hwservicemanager { domain -init }:binder transfer;
+set_prop(hwservicemanager, hwservicemanager_prop)
+
# TODO once hwservicemanager checks whether HALs are
# allowed to register a certain service, add policy here
# for allowing to check SELinux permissions.
diff --git a/property.te b/property.te
index 2c2ddcc..379320f 100644
--- a/property.te
+++ b/property.te
@@ -40,5 +40,6 @@
type config_prop, property_type, core_property_type;
type device_logging_prop, property_type;
type safemode_prop, property_type;
+type hwservicemanager_prop, property_type;
allow property_type tmpfs:filesystem associate;
diff --git a/property_contexts b/property_contexts
index 34191db..df82223 100644
--- a/property_contexts
+++ b/property_contexts
@@ -99,3 +99,6 @@
# Shared between system server and wificond
wlan. u:object_r:wifi_prop:s0
+
+# hwservicemanager properties
+hwservicemanager. u:object_r:hwservicemanager_prop:s0