Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / c1e2918fd9d08fa4e20e0004cd8760246b690726^! / . / private
commitc1e2918fd9d08fa4e20e0004cd8760246b690726[log] [tgz]
authorAlessio Balsini <balsini@google.com>Fri Apr 30 15:00:35 2021 +0100
committerAlessio Balsini <balsini@google.com>Thu May 13 17:38:16 2021 +0000
tree088af2180c17affa2e4b73ee87a51f828dffa11d
parent4274f98522dee7cc1e23f31c68249bfa49314210 [diff]
Allow the MediaProvider app to set FUSE passthrough property

Allow the MediaProvider app to write the system property
fuse.passthrough.enabled in case FUSE passthrough is enabled.
The need for this additional system property is due to the ScopedStorage
CTS tests that are assuming FUSE passtrhough is always on for devices
supporting it, but there may be some cases (e.g., GSI mixed builds)
where this is not possible true and the feature is disabled at runtime,
thus causing the tests to fail.
This additional system property is only set when FUSE passthrough is
actually being used by the system.

Bug: 186635810
Test: CtsScopedStorageDeviceOnlyTest
Signed-off-by: Alessio Balsini <balsini@google.com>
Change-Id: I623042d67399253a9167188c3748d93eb0f2d41f

diff --git a/private/app.te b/private/app.te
index 94d24e0..e738745 100644
--- a/private/app.te
+++ b/private/app.te

@@ -4,6 +4,8 @@
 
 get_prop(appdomain, boot_status_prop)
 get_prop(appdomain, dalvik_config_prop)
+# TODO(b/187912701) restrict the scope of fuse_passthrough_prop
+get_prop(appdomain, fuse_passthrough_prop)
 get_prop(appdomain, media_config_prop)
 get_prop(appdomain, packagemanager_config_prop)
 get_prop(appdomain, radio_control_prop)

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 9f40876..7dd65e2 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil

@@ -2071,7 +2071,10 @@
 (typeattributeset system_ndebug_socket_30_0 (system_ndebug_socket))
 (typeattributeset system_net_netd_hwservice_30_0 (system_net_netd_hwservice))
 (typeattributeset system_passwd_file_30_0 (system_passwd_file))
-(typeattributeset system_prop_30_0 (system_prop))
+(typeattributeset system_prop_30_0 (
+  system_prop
+  fuse_passthrough_prop
+))
 (typeattributeset system_radio_prop_30_0 (system_radio_prop usb_prop))
 (typeattributeset system_seccomp_policy_file_30_0 (system_seccomp_policy_file))
 (typeattributeset system_security_cacerts_file_30_0 (system_security_cacerts_file))

diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index 0e4a50e..d1908fb 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te

@@ -54,3 +54,8 @@
 get_prop(mediaprovider_app, drm_service_config_prop)
 
 allow mediaprovider_app gpu_device:dir search;
+
+# Allow MediaProvider to set system properties.
+# This is required to let other services know that FUSE passthrough is enabled
+# on the device (b/186635810).
+set_prop(mediaprovider_app, fuse_passthrough_prop)

diff --git a/private/property_contexts b/private/property_contexts
index 5af4bb7..f964561 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -1185,3 +1185,6 @@
 
 # bootanimation properties
 ro.bootanim.quiescent.enabled u:object_r:bootanim_config_prop:s0 exact bool
+
+# FUSE Passthrough properties
+fuse.passthrough.enabled u:object_r:fuse_passthrough_prop:s0 exact bool

diff --git a/private/shell.te b/private/shell.te
index 5831d54..83526a6 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -197,3 +197,6 @@
 
 # Allow ReadDefaultFstab() for CTS.
 read_fstab(shell)
+
+# Allow shell to read FUSE passthrough properties
+get_prop(shell, fuse_passthrough_prop)