Merge "Allow dumpstate access to /dev/binderfs/binder_logs"

commit: d13e12f9cc54be7634516ea5004e52e92a4d9f39 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Tue Feb 11 00:40:23 2020 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Feb 11 00:40:23 2020 +0000
tree: 863f3e94f5de1615f2dccd06040f1e5855da117a
parent: a85454834deeea676be86b3e2ea731235817375c [diff]
parent: 4ea5709bc439346534ba06dd96e51f92ce02eb12 [diff]
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index feb098b..7300dfe 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil

@@ -83,9 +83,9 @@
     timezonedetector_service
     untrusted_app_29
     usb_serial_device
-    userspace_reboot_prop
     userspace_reboot_config_prop
     userspace_reboot_exported_prop
+    userspace_reboot_log_prop
     vehicle_hal_prop
     vendor_apex_file
     vendor_boringssl_self_test

diff --git a/private/domain.te b/private/domain.te
index 3725e13..1f31cea 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -98,7 +98,7 @@
     get_prop({coredomain appdomain shell}, exported_camera_prop)
     get_prop({coredomain appdomain shell}, userspace_reboot_config_prop)
     get_prop({coredomain shell}, userspace_reboot_exported_prop)
-    get_prop({coredomain shell}, userspace_reboot_prop)
+    get_prop({coredomain shell}, userspace_reboot_log_prop)
     get_prop({domain -coredomain -appdomain}, vendor_default_prop)
 ')
 

diff --git a/private/init.te b/private/init.te
index 42ec0f3..b0e7f80 100644
--- a/private/init.te
+++ b/private/init.te

@@ -41,9 +41,7 @@
 set_prop(init, powerctl_prop)
 
 # Only init is allowed to set userspace reboot related properties.
-set_prop(init, userspace_reboot_prop)
 set_prop(init, userspace_reboot_exported_prop)
-neverallow { domain -init } userspace_reboot_prop:property_service set;
 neverallow { domain -init } userspace_reboot_exported_prop:property_service set;
 
 # Second-stage init performs a test for whether the kernel has SELinux hooks

diff --git a/private/property_contexts b/private/property_contexts
index 07fbe7a..1197de3 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -22,7 +22,6 @@
 hw.                     u:object_r:system_prop:s0
 ro.hw.                  u:object_r:system_prop:s0
 sys.                    u:object_r:system_prop:s0
-sys.init.userspace_reboot   u:object_r:userspace_reboot_prop:s0
 sys.init.perf_lsm_hooks u:object_r:init_perf_lsm_hooks_prop:s0
 sys.cppreopt            u:object_r:cppreopt_prop:s0
 sys.linker.             u:object_r:linker_prop:s0
@@ -232,3 +231,7 @@
 # Module properties
 com.android.sdkext.                  u:object_r:module_sdkextensions_prop:s0
 persist.com.android.sdkext.          u:object_r:module_sdkextensions_prop:s0
+
+# Userspace reboot properties
+sys.userspace_reboot.log.         u:object_r:userspace_reboot_log_prop:s0
+persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0

diff --git a/private/system_server.te b/private/system_server.te
index 4e74fee..56d91d6 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -1092,6 +1092,9 @@
 allow system_server password_slot_metadata_file:dir rw_dir_perms;
 allow system_server password_slot_metadata_file:file create_file_perms;
 
+# Allow init to set sysprop used to compute stats about userspace reboot.
+set_prop(system_server, userspace_reboot_log_prop)
+
 # JVMTI agent settings are only readable from the system server.
 neverallow {
   domain

diff --git a/public/property.te b/public/property.te
index e987906..3de80ff 100644
--- a/public/property.te
+++ b/public/property.te

@@ -19,7 +19,7 @@
 system_internal_prop(last_boot_reason_prop)
 system_internal_prop(netd_stable_secret_prop)
 system_internal_prop(pm_prop)
-system_internal_prop(userspace_reboot_prop)
+system_internal_prop(userspace_reboot_log_prop)
 
 compatible_property_only(`
     # DO NOT ADD ANY PROPERTIES HERE
@@ -564,3 +564,10 @@
     -extended_core_property_type
   }:property_service set;
 ')
+
+neverallow {
+  -init
+  -system_server
+} {
+  userspace_reboot_log_prop
+}:property_service set;

diff --git a/public/property_contexts b/public/property_contexts
index 621c2dd..4ab4f59 100644
--- a/public/property_contexts
+++ b/public/property_contexts

@@ -258,6 +258,7 @@
 ro.build.version.incremental u:object_r:exported2_default_prop:s0 exact string
 ro.build.version.preview_sdk u:object_r:exported2_default_prop:s0 exact int
 ro.build.version.release u:object_r:exported2_default_prop:s0 exact string
+ro.build.version.release_or_codename u:object_r:exported2_default_prop:s0 exact string
 ro.build.version.sdk u:object_r:exported2_default_prop:s0 exact int
 ro.build.version.security_patch u:object_r:exported2_default_prop:s0 exact string
 ro.crypto.state u:object_r:exported_vold_prop:s0 exact string
@@ -454,3 +455,4 @@
 cache_key.is_power_save_mode             u:object_r:binder_cache_system_server_prop:s0
 cache_key.is_user_unlocked               u:object_r:binder_cache_system_server_prop:s0
 cache_key.volume_list                    u:object_r:binder_cache_system_server_prop:s0
+cache_key.display_info                   u:object_r:binder_cache_system_server_prop:s0
commit	d13e12f9cc54be7634516ea5004e52e92a4d9f39	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Tue Feb 11 00:40:23 2020 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Feb 11 00:40:23 2020 +0000
tree	863f3e94f5de1615f2dccd06040f1e5855da117a
parent	a85454834deeea676be86b3e2ea731235817375c [diff]
parent	4ea5709bc439346534ba06dd96e51f92ce02eb12 [diff]