Merge changes from topics "apex-ready-prop", "apex-update-prop"
* changes:
Modifed sepolicy for new apex ready prop
Remove init.apex.<apex-name>.load/unload property
diff --git a/private/apexd.te b/private/apexd.te
index 0482090..b74d4ee 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -133,7 +133,6 @@
# Allow apexd to send control messages to load/unload apex from init
set_prop(apexd, ctl_apex_load_prop)
-get_prop(apexd, init_apex_status_private_prop)
# Find the vold service, and call into vold to manage FS checkpoints
allow apexd vold_service:service_manager find;
@@ -210,3 +209,6 @@
# Allow calling derive_classpath to gather BCP information for staged sessions
domain_auto_trans(apexd, derive_classpath_exec, apexd_derive_classpath);
+
+# Allow set apex ready property
+set_prop(apexd, apex_ready_prop)
diff --git a/private/coredomain.te b/private/coredomain.te
index 9888fa4..c041ca3 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -1,3 +1,4 @@
+get_prop(coredomain, apex_ready_prop)
get_prop(coredomain, boot_status_prop)
get_prop(coredomain, camera_config_prop)
get_prop(coredomain, dalvik_config_prop)
@@ -7,7 +8,6 @@
get_prop(coredomain, graphics_config_prop)
get_prop(coredomain, hdmi_config_prop)
get_prop(coredomain, init_service_status_private_prop)
-get_prop(coredomain, init_apex_status_private_prop)
get_prop(coredomain, lmkd_config_prop)
get_prop(coredomain, localization_prop)
get_prop(coredomain, pm_prop)
diff --git a/private/property.te b/private/property.te
index ddb427d..90db686 100644
--- a/private/property.te
+++ b/private/property.te
@@ -47,7 +47,7 @@
system_internal_prop(ctl_odsign_prop)
system_internal_prop(virtualizationservice_prop)
system_internal_prop(ctl_apex_load_prop)
-system_internal_prop(init_apex_status_private_prop)
+system_internal_prop(apex_ready_prop)
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
@@ -633,11 +633,6 @@
neverallow {
domain
-init
-} init_apex_status_private_prop:property_service set;
-
-neverallow {
- domain
- -init
-apexd
} ctl_apex_load_prop:property_service set;
@@ -647,7 +642,20 @@
-init
-dumpstate
-apexd
-} {init_apex_status_private_prop ctl_apex_load_prop}:file no_rw_file_perms;
+} ctl_apex_load_prop:file no_rw_file_perms;
+
+neverallow {
+ domain
+ -init
+ -apexd
+} apex_ready_prop:property_service set;
+
+neverallow {
+ domain
+ -coredomain
+ -dumpstate
+ -apexd
+} apex_ready_prop:file no_rw_file_perms;
neverallow {
# Only allow init and profcollectd to access profcollectd_node_id_prop
diff --git a/private/property_contexts b/private/property_contexts
index ed9de36..b2586f9 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -288,6 +288,9 @@
persist.vendor.apex. u:object_r:apexd_select_prop:s0
ro.boot.vendor.apex. u:object_r:apexd_select_prop:s0
+# Property that indicates if an apex is ready: apex.<apex-name>.ready
+apex. u:object_r:apex_ready_prop:s0 prefix bool
+
bpf.progs_loaded u:object_r:bpf_progs_loaded_prop:s0 exact bool
gsid. u:object_r:gsid_prop:s0
@@ -761,10 +764,6 @@
init.svc.tombstoned u:object_r:init_service_status_prop:s0 exact string
init.svc.zygote u:object_r:init_service_status_prop:s0 exact string
-# apexd reads this property to check if init has done with ctl.apex_* messages
-# This should be the form of init.apex.<apex_name>.
-init.apex. u:object_r:init_apex_status_private_prop:s0 prefix enum loaded unloaded
-
libc.debug.malloc.options u:object_r:libc_debug_prop:s0 exact string
libc.debug.malloc.program u:object_r:libc_debug_prop:s0 exact string
libc.debug.hooks.enable u:object_r:libc_debug_prop:s0 exact string