Merge "Added properties for rebootless apex install"
diff --git a/private/apexd.te b/private/apexd.te
index 6db0fd9..0482090 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -131,6 +131,10 @@
# Allow apexd to stop itself
set_prop(apexd, ctl_apexd_prop)
+# Allow apexd to send control messages to load/unload apex from init
+set_prop(apexd, ctl_apex_load_prop)
+get_prop(apexd, init_apex_status_private_prop)
+
# Find the vold service, and call into vold to manage FS checkpoints
allow apexd vold_service:service_manager find;
binder_call(apexd, vold)
diff --git a/private/coredomain.te b/private/coredomain.te
index 69367b8..2aa4d0e 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -7,6 +7,7 @@
get_prop(coredomain, graphics_config_prop)
get_prop(coredomain, hdmi_config_prop)
get_prop(coredomain, init_service_status_private_prop)
+get_prop(coredomain, init_apex_status_private_prop)
get_prop(coredomain, lmkd_config_prop)
get_prop(coredomain, localization_prop)
get_prop(coredomain, pm_prop)
diff --git a/private/property.te b/private/property.te
index 2a88cbf..871b673 100644
--- a/private/property.te
+++ b/private/property.te
@@ -45,6 +45,8 @@
system_internal_prop(ctl_mediatranscoding_prop)
system_internal_prop(ctl_odsign_prop)
system_internal_prop(virtualizationservice_prop)
+system_internal_prop(ctl_apex_load_prop)
+system_internal_prop(init_apex_status_private_prop)
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
@@ -628,6 +630,25 @@
} rollback_test_prop:property_service set;
neverallow {
+ domain
+ -init
+} init_apex_status_private_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -apexd
+} ctl_apex_load_prop:property_service set;
+
+neverallow {
+ domain
+ -coredomain
+ -init
+ -dumpstate
+ -apexd
+} {init_apex_status_private_prop ctl_apex_load_prop}:file no_rw_file_perms;
+
+neverallow {
# Only allow init and profcollectd to access profcollectd_node_id_prop
domain
-init
diff --git a/private/property_contexts b/private/property_contexts
index 3d1e7a5..97aec63 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -162,6 +162,8 @@
ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0
ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
+ctl.apex_load$ u:object_r:ctl_apex_load_prop:s0
+ctl.apex_unload$ u:object_r:ctl_apex_load_prop:s0
# Restrict access to starting/stopping adbd
ctl.start$adbd u:object_r:ctl_adbd_prop:s0
@@ -726,6 +728,10 @@
init.svc.tombstoned u:object_r:init_service_status_prop:s0 exact string
init.svc.zygote u:object_r:init_service_status_prop:s0 exact string
+# apexd reads this property to check if init has done with ctl.apex_* messages
+# This should be the form of init.apex.<apex_name>.
+init.apex. u:object_r:init_apex_status_private_prop:s0 prefix enum loaded unloaded
+
libc.debug.malloc.options u:object_r:libc_debug_prop:s0 exact string
libc.debug.malloc.program u:object_r:libc_debug_prop:s0 exact string
libc.debug.hooks.enable u:object_r:libc_debug_prop:s0 exact string