Added properties for rebootless apex install
When apexd installs an apex without reboot, init also need to do some
work around the installation (e.g. terminating services from the apex
and remove data read from the apex and updating linker configuration
etc)
Apexd sets control properties to unload and load apex and init notifies
the completion with state properties.
These new properties are supposed to be used by apexd/init interaction.
Bug: 232114573
Bug: 232173613
Test: CtsStagedInstallHostTestCases
Test: CtsInitTestCases
Change-Id: I5af6b36310f3c81f1cd55537473e54756541d347
diff --git a/private/property.te b/private/property.te
index 2a88cbf..871b673 100644
--- a/private/property.te
+++ b/private/property.te
@@ -45,6 +45,8 @@
system_internal_prop(ctl_mediatranscoding_prop)
system_internal_prop(ctl_odsign_prop)
system_internal_prop(virtualizationservice_prop)
+system_internal_prop(ctl_apex_load_prop)
+system_internal_prop(init_apex_status_private_prop)
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
@@ -628,6 +630,25 @@
} rollback_test_prop:property_service set;
neverallow {
+ domain
+ -init
+} init_apex_status_private_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -apexd
+} ctl_apex_load_prop:property_service set;
+
+neverallow {
+ domain
+ -coredomain
+ -init
+ -dumpstate
+ -apexd
+} {init_apex_status_private_prop ctl_apex_load_prop}:file no_rw_file_perms;
+
+neverallow {
# Only allow init and profcollectd to access profcollectd_node_id_prop
domain
-init