Allow init to set powerctl property
NIAP certification requires that all cryptographic functions
undergo a self-test during startup to demonstrate correct
operation. init now performs this check during startup.
The self-test is forked from init. For the child process
to be able to request a reboot it needs permissions to
set the sys.powerctl property.
Bug: 119826244
Test: Built for walleye. When the BoringSSL self test was forced
to fail the device rebooted into the bootloader, as
expected.
Change-Id: I4171b1dd0a5e393252ae5c002171ac51c9cbb3e6
diff --git a/private/init.te b/private/init.te
index 30e5e36..b8b0066 100644
--- a/private/init.te
+++ b/private/init.te
@@ -25,3 +25,6 @@
dontaudit init su:process noatsecure;
allow init su:process { siginh rlimitinh };
')
+
+# Allow the BoringSSL self test to request a reboot upon failure
+set_prop(init, powerctl_prop)