commit b76a639956031bb2b2ba97768ce0dbc8060e43fd
author Joel Fernandes <joelaf@google.com> Fri Jan 11 08:32:45 2019 -0500
committer Joel Fernandes <joelaf@google.com> Mon Jan 14 10:59:10 2019 -0500
tree 0d4ec414ae450cd8f4ecad7f30be9672a9359c0d
parent 147cf6482e64b61c29de11d76a618fbbaa530bb3

Add permissions for bpf.progs_loaded property

Change-Id: If4e550e4186415c5a1088bb53b0755b69f92560a
Signed-off-by: Joel Fernandes <joelaf@google.com>

private/bpfloader.te

diff --git a/private/bpfloader.te b/private/bpfloader.te
index 1ae5430..d9b29ce 100644
--- a/private/bpfloader.te
+++ b/private/bpfloader.te
@@ -26,3 +26,5 @@
 
 # No domain should be allowed to ptrace bpfloader
 neverallow { domain userdebug_or_eng(`-llkd') } bpfloader:process ptrace;
+
+set_prop(bpfloader, bpf_progs_loaded_prop)

private/compat/28.0/28.0.ignore.cil

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 569ea1e..57e6876 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -18,6 +18,7 @@
     apexd_prop
     apexd_tmpfs
     biometric_service
+    bpf_progs_loaded_prop
     content_capture_service
     content_suggestions_service
     cpu_variant_prop

private/netd.te

diff --git a/private/netd.te b/private/netd.te
index 67c2e9e..65c74ce 100644
--- a/private/netd.te
+++ b/private/netd.te
@@ -11,3 +11,5 @@
 # give netd permission to setup iptables rule with xt_bpf, attach program to cgroup, and read/write
 # the map created by bpfloader
 allow netd bpfloader:bpf { prog_run map_read map_write };
+
+get_prop(netd, bpf_progs_loaded_prop)

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 66c98bc..06c2822 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -173,3 +173,5 @@
 
 apexd.                  u:object_r:apexd_prop:s0
 persist.apexd.          u:object_r:apexd_prop:s0
+
+bpf.progs_loaded        u:object_r:bpf_progs_loaded_prop:s0

public/property.te

diff --git a/public/property.te b/public/property.te
index 6ee568c..5a22340 100644
--- a/public/property.te
+++ b/public/property.te
@@ -3,6 +3,7 @@
 type boottime_prop, property_type;
 type bluetooth_a2dp_offload_prop, property_type;
 type bluetooth_prop, property_type;
+type bpf_progs_loaded_prop, property_type;
 type bootloader_boot_reason_prop, property_type;
 type config_prop, property_type, core_property_type;
 type cppreopt_prop, property_type, core_property_type;
@@ -342,6 +343,7 @@
     -bluetooth_prop
     -bootloader_boot_reason_prop
     -boottime_prop
+    -bpf_progs_loaded_prop
     -config_prop
     -cppreopt_prop
     -ctl_adbd_prop