Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / dc2f9a86f0bc8c477702a1699ec64f16b15dbefc^! / .
commitdc2f9a86f0bc8c477702a1699ec64f16b15dbefc[log] [tgz]
authorRoman Kiryanov <rkir@google.com>Fri Aug 14 13:52:49 2020 -0700
committerRoman Kiryanov <rkir@google.com>Mon Aug 17 16:45:47 2020 -0700
tree768ec75f48e1d49beace69a21c85e6e08d889bdf
parentf5f23b7e03864617d00d52891a3abcdc495ca6bb [diff]
Add persist.dumpstate.verbose_logging.enabled to system/sepolicy

hardware/interfaces/dumpstate/1.1 refers to this property,
so it must be defined in system/sepolicy.

Bug: 163759751
Test: atest VtsHalDumpstateV1_1TargetTest
Signed-off-by: Roman Kiryanov <rkir@google.com>
Change-Id: I058100eacd05e32de56e0ff9de465625a2e71e9c

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index bcb571d..f50cab4 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -9,6 +9,7 @@
     apex_info_file
     debugfs_kprobes
     gnss_device
+    hal_dumpstate_config_prop
     keystore2_key_contexts_file
     mediatranscoding_tmpfs
     people_service

diff --git a/private/property.te b/private/property.te
index d62ea9c..0c61518 100644
--- a/private/property.te
+++ b/private/property.te

@@ -446,3 +446,9 @@
   -dumpstate
   -appdomain
 } camera_calibration_prop:file no_rw_file_perms;
+
+neverallow {
+  -init
+  -dumpstate
+  -hal_dumpstate
+} hal_dumpstate_config_prop:file no_rw_file_perms;

diff --git a/private/property_contexts b/private/property_contexts
index 0c563fd..2397150 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -517,6 +517,7 @@
 
 dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
 dumpstate.unroot  u:object_r:exported_dumpstate_prop:s0 exact bool
+persist.dumpstate.verbose_logging.enabled u:object_r:hal_dumpstate_config_prop:s0 exact bool
 
 hal.instrumentation.enable u:object_r:hal_instrumentation_prop:s0 exact bool
 

diff --git a/public/hal_dumpstate.te b/public/hal_dumpstate.te
index b7676ed..b7e14f8 100644
--- a/public/hal_dumpstate.te
+++ b/public/hal_dumpstate.te

@@ -2,6 +2,8 @@
 binder_call(hal_dumpstate_client, hal_dumpstate_server)
 binder_call(hal_dumpstate_server, hal_dumpstate_client)
 
+set_prop(hal_dumpstate, hal_dumpstate_config_prop)
+
 hal_attribute_hwservice(hal_dumpstate, hal_dumpstate_hwservice)
 
 # write bug reports in /data/data/com.android.shell/files/bugreports/bugreport

diff --git a/public/property.te b/public/property.te
index 3c913b1..34ed999 100644
--- a/public/property.te
+++ b/public/property.te

@@ -169,6 +169,7 @@
 system_public_prop(exported_overlay_prop)
 system_public_prop(exported_pm_prop)
 system_public_prop(ffs_control_prop)
+system_public_prop(hal_dumpstate_config_prop)
 system_public_prop(sota_prop)
 system_public_prop(hwservicemanager_prop)
 system_public_prop(lmkd_prop)