Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / d60859a08602f8cd4d24563b6d9de778a1aedd31^! / .
commitd60859a08602f8cd4d24563b6d9de778a1aedd31[log] [tgz]
authortyiu <tyiu@google.com>Fri Jun 21 18:15:46 2024 +0000
committerAndroid Build Cherrypicker Worker <android-build-cherrypicker-worker@google.com>Fri Jun 21 18:15:46 2024 +0000
tree9f511561a8c56842a5b02ce090affe116e5118b8
parent67af3c33e3ff2cd2c9a091e138c5d412aafcb7c6 [diff]
Add prop for enabling system services

Added system_service_enable_prop domain for properties that could
enable/disable system services.

Bug: 340928990
Test: Local build + confirm bic not starting + presubmit
Ignore-AOSP-First: need to submit with changes in clockwork
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:09983fc534f280ac9a79f552eee5a473f2220df1)
Merged-In: Ife9041d30f10f2fbe7ab4cbcee1397901a21f0fb
Change-Id: Ife9041d30f10f2fbe7ab4cbcee1397901a21f0fb

diff --git a/private/property.te b/private/property.te
index 19513d9..77fd497 100644
--- a/private/property.te
+++ b/private/property.te

@@ -66,6 +66,7 @@
 system_internal_prop(game_manager_config_prop)
 system_internal_prop(hidl_memory_prop)
 system_internal_prop(suspend_debug_prop)
+system_internal_prop(system_service_enable_prop)
 
 # Properties which can't be written outside system
 system_restricted_prop(device_config_virtualization_framework_native_prop)

diff --git a/private/property_contexts b/private/property_contexts
index 9b48082..601dc99 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -1695,3 +1695,7 @@
 # Properties for controlling snapshotctl.
 sys.snapshotctl.map u:object_r:snapshotctl_prop:s0 exact string
 sys.snapshotctl.unmap u:object_r:snapshotctl_prop:s0 exact string
+
+# Properties for enabling/disabling system services
+ro.system_settings.service.odp_enabled   u:object_r:system_service_enable_prop:s0 exact bool
+ro.system_settings.service.backgound_install_control_enabled   u:object_r:system_service_enable_prop:s0 exact bool

diff --git a/private/system_server.te b/private/system_server.te
index e7ae9fc..1298bf7 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -900,6 +900,9 @@
 # configuration properties
 get_prop(system_server, sensors_config_prop)
 
+# Allow system server to determine if system services are enabled
+get_prop(system_server, system_service_enable_prop)
+
 # Create a socket for connections from debuggerd.
 allow system_server system_ndebug_socket:sock_file create_file_perms;