Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / c48971f69fa07c98e62b9a8b0a2ba171846fbea1^! / .
commitc48971f69fa07c98e62b9a8b0a2ba171846fbea1[log] [tgz]
authorNick Kralevich <nnk@google.com>Tue Nov 18 14:36:23 2014 -0800
committerNick Kralevich <nnk@google.com>Tue Nov 18 22:44:31 2014 +0000
tree82ab1dce8e138e09063f7cbf90578a92a074775d
parentf330f3752922f124305c67683d061c19c9518bed [diff]
allow system_server to set ro.build.fingerprint

Some devices leave "ro.build.fingerprint" undefined at build time,
since they need to build it from the components at runtime.
See https://android.googlesource.com/platform/frameworks/base/+/5568772e8161205b86905d815783505fd3d461d8
for details.

Allow system_server to set ro.build.fingerprint

Addresses the following denial/error:

  avc:  denied  { set } for property=build.fingerprint scontext=u:r:system_server:s0 tcontext=u:object_r:default_prop:s0 tclass=property_service
  init: sys_prop: permission denied uid:1000  name:ro.build.fingerprint

Bug: 18188956
Change-Id: I98b25773904a7be3e3d2926daa82c1d08f9bcc29
diff --git a/property.te b/property.te
index 1a209e9..6fedfa7 100644
--- a/property.te
+++ b/property.te

@@ -3,6 +3,7 @@
 type debug_prop, property_type;
 type debuggerd_prop, property_type;
 type dhcp_prop, property_type;
+type fingerprint_prop, property_type;
 type radio_prop, property_type;
 type net_radio_prop, property_type;
 type system_radio_prop, property_type;

diff --git a/property_contexts b/property_contexts
index 8403d38..06f6c17 100644
--- a/property_contexts
+++ b/property_contexts

@@ -49,6 +49,10 @@
 vold.                   u:object_r:vold_prop:s0
 crypto.                 u:object_r:vold_prop:s0
 
+# ro.build.fingerprint is either set in /system/build.prop, or is
+# set at runtime by system_server.
+build.fingerprint       u:object_r:fingerprint_prop:s0
+
 # ctl properties
 ctl.bootanim            u:object_r:ctl_bootanim_prop:s0
 ctl.dumpstate           u:object_r:ctl_dumpstate_prop:s0

diff --git a/system_server.te b/system_server.te
index ae14ab3..a8348e7 100644
--- a/system_server.te
+++ b/system_server.te

@@ -277,6 +277,7 @@
 allow system_server system_radio_prop:property_service set;
 allow system_server debug_prop:property_service set;
 allow system_server powerctl_prop:property_service set;
+allow system_server fingerprint_prop:property_service set;
 
 # ctl interface
 allow system_server ctl_default_prop:property_service set;