Added properties for rebootless apex install
When apexd installs an apex without reboot, init also need to do some
work around the installation (e.g. terminating services from the apex
and remove data read from the apex and updating linker configuration
etc)
Apexd sets control properties to unload and load apex and init notifies
the completion with state properties.
These new properties are supposed to be used by apexd/init interaction.
Bug: 232114573
Bug: 232173613
Test: CtsStagedInstallHostTestCases
Test: CtsInitTestCases
Change-Id: I5af6b36310f3c81f1cd55537473e54756541d347
diff --git a/private/apexd.te b/private/apexd.te
index 6db0fd9..0482090 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -131,6 +131,10 @@
# Allow apexd to stop itself
set_prop(apexd, ctl_apexd_prop)
+# Allow apexd to send control messages to load/unload apex from init
+set_prop(apexd, ctl_apex_load_prop)
+get_prop(apexd, init_apex_status_private_prop)
+
# Find the vold service, and call into vold to manage FS checkpoints
allow apexd vold_service:service_manager find;
binder_call(apexd, vold)
diff --git a/private/coredomain.te b/private/coredomain.te
index 69367b8..2aa4d0e 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -7,6 +7,7 @@
get_prop(coredomain, graphics_config_prop)
get_prop(coredomain, hdmi_config_prop)
get_prop(coredomain, init_service_status_private_prop)
+get_prop(coredomain, init_apex_status_private_prop)
get_prop(coredomain, lmkd_config_prop)
get_prop(coredomain, localization_prop)
get_prop(coredomain, pm_prop)
diff --git a/private/property.te b/private/property.te
index 2a88cbf..871b673 100644
--- a/private/property.te
+++ b/private/property.te
@@ -45,6 +45,8 @@
system_internal_prop(ctl_mediatranscoding_prop)
system_internal_prop(ctl_odsign_prop)
system_internal_prop(virtualizationservice_prop)
+system_internal_prop(ctl_apex_load_prop)
+system_internal_prop(init_apex_status_private_prop)
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
@@ -628,6 +630,25 @@
} rollback_test_prop:property_service set;
neverallow {
+ domain
+ -init
+} init_apex_status_private_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -apexd
+} ctl_apex_load_prop:property_service set;
+
+neverallow {
+ domain
+ -coredomain
+ -init
+ -dumpstate
+ -apexd
+} {init_apex_status_private_prop ctl_apex_load_prop}:file no_rw_file_perms;
+
+neverallow {
# Only allow init and profcollectd to access profcollectd_node_id_prop
domain
-init
diff --git a/private/property_contexts b/private/property_contexts
index 3d1e7a5..97aec63 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -162,6 +162,8 @@
ctl.interface_start$ u:object_r:ctl_interface_start_prop:s0
ctl.interface_stop$ u:object_r:ctl_interface_stop_prop:s0
ctl.interface_restart$ u:object_r:ctl_interface_restart_prop:s0
+ctl.apex_load$ u:object_r:ctl_apex_load_prop:s0
+ctl.apex_unload$ u:object_r:ctl_apex_load_prop:s0
# Restrict access to starting/stopping adbd
ctl.start$adbd u:object_r:ctl_adbd_prop:s0
@@ -726,6 +728,10 @@
init.svc.tombstoned u:object_r:init_service_status_prop:s0 exact string
init.svc.zygote u:object_r:init_service_status_prop:s0 exact string
+# apexd reads this property to check if init has done with ctl.apex_* messages
+# This should be the form of init.apex.<apex_name>.
+init.apex. u:object_r:init_apex_status_private_prop:s0 prefix enum loaded unloaded
+
libc.debug.malloc.options u:object_r:libc_debug_prop:s0 exact string
libc.debug.malloc.program u:object_r:libc_debug_prop:s0 exact string
libc.debug.hooks.enable u:object_r:libc_debug_prop:s0 exact string