Merge "Add selinux rules for userspace reboot related properties"
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 6bfa4b7..739940b 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -5,6 +5,8 @@
(typeattribute new_objects)
(typeattributeset new_objects
( new_objects
+ app_search_service
+ auth_service
ashmem_libcutils_device
blob_store_service
boringssl_self_test
@@ -26,6 +28,7 @@
linker_prop
mock_ota_prop
ota_metadata_file
+ ota_prop
art_apex_dir
service_manager_service
system_group_file
diff --git a/private/property_contexts b/private/property_contexts
index ff79c34..06c662e 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -220,3 +220,6 @@
# Virtual A/B properties
ro.virtual_ab.enabled u:object_r:virtual_ab_prop:s0
ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0
+
+# Property to set/clear the warm reset flag after an OTA update.
+ota.warm_reset u:object_r:ota_prop:s0
diff --git a/private/service_contexts b/private/service_contexts
index 89959fa..dd71111 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -11,6 +11,7 @@
android.service.gatekeeper.IGateKeeperService u:object_r:gatekeeper_service:s0
app_binding u:object_r:app_binding_service:s0
app_prediction u:object_r:app_prediction_service:s0
+app_search u:object_r:app_search_service:s0
apexservice u:object_r:apex_service:s0
blob_store u:object_r:blob_store_service:s0
gsiservice u:object_r:gsi_service:s0
@@ -19,6 +20,7 @@
assetatlas u:object_r:assetatlas_service:s0
attention u:object_r:attention_service:s0
audio u:object_r:audio_service:s0
+auth u:object_r:auth_service:s0
autofill u:object_r:autofill_service:s0
backup u:object_r:backup_service:s0
batteryproperties u:object_r:batteryproperties_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index f0a447a..5544279 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -265,6 +265,7 @@
mediametrics
mediaserver
mediaswcodec
+ netd
sdcardd
statsd
surfaceflinger
diff --git a/public/property.te b/public/property.te
index f2e132f..29d1718 100644
--- a/public/property.te
+++ b/public/property.te
@@ -132,6 +132,7 @@
system_public_prop(log_tag_prop)
system_public_prop(lowpan_prop)
system_public_prop(nfc_prop)
+system_public_prop(ota_prop)
system_public_prop(powerctl_prop)
system_public_prop(radio_prop)
system_public_prop(serialno_prop)
@@ -289,6 +290,7 @@
typeattribute logd_prop core_property_type;
typeattribute net_radio_prop core_property_type;
typeattribute nfc_prop core_property_type;
+typeattribute ota_prop core_property_type;
typeattribute pan_result_prop core_property_type;
typeattribute persist_debug_prop core_property_type;
typeattribute powerctl_prop core_property_type;
@@ -315,6 +317,7 @@
-logd_prop
-net_radio_prop
-nfc_prop
+ -ota_prop
-pan_result_prop
-persist_debug_prop
-powerctl_prop
@@ -627,6 +630,7 @@
-net_radio_prop
-netd_stable_secret_prop
-nfc_prop
+ -ota_prop
-overlay_prop
-pan_result_prop
-persist_debug_prop
diff --git a/public/property_contexts b/public/property_contexts
index ec4b615..79ba012 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -11,11 +11,13 @@
camera.fifo.disable u:object_r:exported3_default_prop:s0 exact int
dalvik.vm.appimageformat u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.backgroundgctype u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.boot-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.boot-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.boot-image u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.checkjni u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
@@ -33,6 +35,7 @@
dalvik.vm.hot-startup-method-samples u:object_r:exported_dalvik_prop:s0 exact int
dalvik.vm.image-dex2oat-Xms u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-Xmx u:object_r:exported_dalvik_prop:s0 exact string
+dalvik.vm.image-dex2oat-cpu-set u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-filter u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-flags u:object_r:exported_dalvik_prop:s0 exact string
dalvik.vm.image-dex2oat-threads u:object_r:exported_dalvik_prop:s0 exact int
diff --git a/public/service.te b/public/service.te
index 018fc1e..c025530 100644
--- a/public/service.te
+++ b/public/service.te
@@ -45,10 +45,12 @@
type alarm_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type app_binding_service, system_server_service, service_manager_type;
type app_prediction_service, app_api_service, system_server_service, service_manager_type;
+type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type appops_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type appwidget_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type assetatlas_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type audio_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
+type auth_service, app_api_service, system_server_service, service_manager_type;
type autofill_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type backup_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
type batterystats_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
diff --git a/public/update_engine.te b/public/update_engine.te
index 5410bde..8aafe34 100644
--- a/public/update_engine.te
+++ b/public/update_engine.te
@@ -58,6 +58,9 @@
# Allow to start gsid service.
set_prop(update_engine, ctl_gsid_prop)
+# Allow to set the OTA related properties, e.g. ota.warm_reset.
+set_prop(update_engine, ota_prop)
+
# update_engine tries to determine the parent path for all devices (e.g.
# /dev/block/by-name) by reading the default fstab and looking for the misc
# device. ReadDefaultFstab() checks whether a GSI is running by checking
diff --git a/public/update_verifier.te b/public/update_verifier.te
index 8d40cdd..f881aeb 100644
--- a/public/update_verifier.te
+++ b/public/update_verifier.te
@@ -27,6 +27,9 @@
# Allow update_verifier to reboot the device.
set_prop(update_verifier, powerctl_prop)
+# Allow to set the OTA related properties e.g. ota.warm_reset.
+set_prop(update_verifier, ota_prop)
+
# Use Boot Control HAL
hal_client_domain(update_verifier, hal_bootctl)
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 5d2c4f9..1af56fe 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -260,6 +260,8 @@
get_prop(vendor_init, exported3_system_prop)
get_prop(vendor_init, theme_prop)
+get_prop(vendor_init, ota_prop)
+
###
### neverallow rules
###
diff --git a/public/vold.te b/public/vold.te
index 9e68d65..bc4da1e 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -174,6 +174,7 @@
set_prop(vold, powerctl_prop)
set_prop(vold, ctl_fuse_prop)
set_prop(vold, restorecon_prop)
+set_prop(vold, ota_prop)
# ASEC
allow vold asec_image_file:file create_file_perms;