Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / b0aae28b411bcfafbfec283b976e72a862759606^! / .
commitb0aae28b411bcfafbfec283b976e72a862759606[log] [tgz]
authorGavin Corkery <gavincorkery@google.com>Sat Dec 05 17:25:35 2020 +0000
committerGavin Corkery <gavincorkery@google.com>Thu Jan 07 19:42:56 2021 +0000
treecf45fe2d0c7234d285507c6174bff4856001b35d
parentc0d1040d5869083b0aabd9636df1ccc69a02b097 [diff]
Add sepolicy for /metadata/watchdog

See go/rescue-party-reboot for more context.

One integer will be stored in a file in this
directory, which will be read and then deleted at the
next boot. No userdata is stored.

Test: Write and read from file from PackageWatchdog
Bug: 171951174

Change-Id: I18f59bd9ad324a0513b1184b2f4fe78c592640db

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 15e4c51..ceda9c4 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -53,4 +53,5 @@
     userspace_reboot_metadata_file
     vcn_management_service
     vibrator_manager_service
+    watchdog_metadata_file
     zygote_config_prop))

diff --git a/private/file_contexts b/private/file_contexts
index 633a6ce..d04fe92 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -744,6 +744,7 @@
 /metadata/bootstat(/.*)?  u:object_r:metadata_bootstat_file:s0
 /metadata/staged-install(/.*)?    u:object_r:staged_install_file:s0
 /metadata/userspacereboot(/.*)?    u:object_r:userspace_reboot_metadata_file:s0
+/metadata/watchdog(/.*)?    u:object_r:watchdog_metadata_file:s0
 
 #############################
 # asec containers

diff --git a/private/system_server.te b/private/system_server.te
index 90061c6..bf5b838 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1169,6 +1169,9 @@
 allow system_server staged_install_file:dir rw_dir_perms;
 allow system_server staged_install_file:file create_file_perms;
 
+allow system_server watchdog_metadata_file:dir rw_dir_perms;
+allow system_server watchdog_metadata_file:file create_file_perms;
+
 # Allow init to set sysprop used to compute stats about userspace reboot.
 set_prop(system_server, userspace_reboot_log_prop)
 

diff --git a/public/file.te b/public/file.te
index 021779c..45c110c 100644
--- a/public/file.te
+++ b/public/file.te

@@ -245,6 +245,8 @@
 type userspace_reboot_metadata_file, file_type;
 # Staged install files within /metadata/staged-install
 type staged_install_file, file_type;
+# Metadata information within /metadata/watchdog
+type watchdog_metadata_file, file_type;
 
 # Type for /dev/cpu_variant:.*.
 type dev_cpu_variant, file_type;