Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / cd597cd52aa58e5a4c39fc5b4b31a792436c7162^! / .
commitcd597cd52aa58e5a4c39fc5b4b31a792436c7162[log] [tgz]
authorSteven Moreland <smoreland@google.com>Fri Jan 13 11:37:38 2017 -0800
committerSteven Moreland <smoreland@google.com>Thu Jan 26 06:06:24 2017 +0000
tree87c14b60d0f48115a30c67a2d6bd07e647dcc7af
parent606d2fd6651027204727b5141c03e5e47ed1f6e4 [diff]
property: add persist.hal.binderization

- Added set_prop to shell so that you can set it from shell.
- Added set_prop to sytem_app so that it can be updated in settings.

Bug: 34256441
Test: can update prop from Settings and shell. nfc and lights work with
ag/1833821 with persist.hal.binderization set to on and off. There are
no additional selinux denials.
Change-Id: I883ca489093c1d56b2efa725c58e6e3f3b81c3aa

diff --git a/private/property_contexts b/private/property_contexts
index 80476cc..552c6b5 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -57,6 +57,7 @@
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0
 persist.security.       u:object_r:system_prop:s0
+persist.hal.binderization    u:object_r:hal_binderization_prop:s0
 persist.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boottime.             u:object_r:boottime_prop:s0

diff --git a/private/system_app.te b/private/system_app.te
index 367df1f..c53f7a8 100644
--- a/private/system_app.te
+++ b/private/system_app.te

@@ -30,6 +30,7 @@
 # Write to properties
 set_prop(system_app, bluetooth_prop)
 set_prop(system_app, debug_prop)
+set_prop(system_app, hal_binderization_prop)
 set_prop(system_app, system_prop)
 set_prop(system_app, logd_prop)
 set_prop(system_app, net_radio_prop)

diff --git a/public/property.te b/public/property.te
index 1bde35c..572c24e 100644
--- a/public/property.te
+++ b/public/property.te

@@ -41,6 +41,7 @@
 type shell_prop, property_type, core_property_type;
 type system_prop, property_type, core_property_type;
 type system_radio_prop, property_type, core_property_type;
+type hal_binderization_prop, property_type;
 type vold_prop, property_type, core_property_type;
 type wifi_log_prop, property_type, log_property_type;
 type wifi_prop, property_type;

diff --git a/public/shell.te b/public/shell.te
index d643b7e..9f4ac5c 100644
--- a/public/shell.te
+++ b/public/shell.te

@@ -64,6 +64,8 @@
 userdebug_or_eng(`set_prop(shell, log_prop)')
 # logpersist script
 userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
+# hal binderization
+userdebug_or_eng(`set_prop(shell, hal_binderization_prop)')
 
 userdebug_or_eng(`
   # "systrace --boot" support - allow boottrace service to run

diff --git a/public/te_macros b/public/te_macros
index 0eba3ff..0a423ac 100644
--- a/public/te_macros
+++ b/public/te_macros

@@ -217,6 +217,12 @@
 allow hwservicemanager $1:dir search;
 allow hwservicemanager $1:file { read open };
 allow hwservicemanager $1:process getattr;
+# TODO(b/34274385): hals wait for data to be mounted so they can
+# start only if persist.hal.binderization is enabled. (for dogfood
+# stability). getService must also check for data to be mounted
+# if the vintf promises the hal will be registered over hwbinder.
+get_prop($1, hal_binderization_prop)
+get_prop($1, vold_prop)
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 # all domains in domain.te.
 ')