Prefetch: Add sepolicy to control prefetch properties
1: Add prefetch tunable property
2: Default path to store the prefetch record is in /metadata/prefetch/
3: Add policy to control the service
4: Allow init to start/stop the service
Bug: 362507272
Test: Test prefetch record/replay with enforcing mode
Change-Id: I55cbf4f2110da298a8d7df52daad08eaedebd061
Signed-off-by: Akilesh Kailash <akailash@google.com>
diff --git a/private/file.te b/private/file.te
index 559b0fe..4ef8d55 100644
--- a/private/file.te
+++ b/private/file.te
@@ -224,6 +224,9 @@
# /metadata/tradeinmode files
type tradeinmode_metadata_file, file_type;
+# /metadata/prefetch files
+type prefetch_metadata_file, file_type;
+
# Types added in 202504 in public/file.te
until_board_api(202504, `
type binderfs_logs_transactions, fs_type;
diff --git a/private/file_contexts b/private/file_contexts
index 2350a7c..6970864 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -414,6 +414,7 @@
/system/bin/bert_collector u:object_r:bert_collector_exec:s0
/system/bin/linux_vm_setup u:object_r:linux_vm_setup_exec:s0
/system/bin/tradeinmode u:object_r:tradeinmode_exec:s0
+/system/bin/prefetch u:object_r:prefetch_exec:s0
#############################
# Vendor files
@@ -898,6 +899,7 @@
/metadata/aconfig/flags(/.*)? u:object_r:aconfig_storage_flags_metadata_file:s0
/metadata/aconfig_test_missions(/.*)? u:object_r:aconfig_test_mission_files:s0
/metadata/tradeinmode(/.*)? u:object_r:tradeinmode_metadata_file:s0
+/metadata/prefetch(/.*)? u:object_r:prefetch_metadata_file:s0
############################
# mount point for ota metadata
diff --git a/private/init.te b/private/init.te
index d1f7c18..15f79e3 100644
--- a/private/init.te
+++ b/private/init.te
@@ -85,6 +85,10 @@
# Allow init to set 16kb app compatibility props
set_prop(init, bionic_linker_16kb_app_compat_prop)
+# Allow init to set/get prefetch boot prop to initiate record/replay
+set_prop(init, ctl_prefetch_prop);
+get_prop(init, prefetch_boot_prop);
+
# Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
allow init debugfs_bootreceiver_tracing:file w_file_perms;
diff --git a/private/property.te b/private/property.te
index 3694666..5beb712 100644
--- a/private/property.te
+++ b/private/property.te
@@ -3,6 +3,7 @@
system_internal_prop(adbd_tradeinmode_prop)
system_internal_prop(apexd_payload_metadata_prop)
system_internal_prop(ctl_snapuserd_prop)
+system_internal_prop(ctl_prefetch_prop)
system_internal_prop(ctl_uprobestats_prop)
system_internal_prop(crashrecovery_prop)
system_internal_prop(debug_tracing_desktop_mode_visible_tasks_prop)
@@ -50,6 +51,7 @@
system_internal_prop(setupwizard_prop)
system_internal_prop(snapshotctl_prop)
system_internal_prop(snapuserd_prop)
+system_internal_prop(prefetch_boot_prop)
system_internal_prop(system_adbd_prop)
system_internal_prop(system_audio_config_prop)
system_internal_prop(timezone_metadata_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 6c74fb0..23c2399 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -203,6 +203,11 @@
ctl.stop$snapuserd u:object_r:ctl_snapuserd_prop:s0
ctl.restart$snapuserd u:object_r:ctl_snapuserd_prop:s0
+# Restrict access to control prefetch
+ctl.start$prefetch u:object_r:ctl_prefetch_prop:s0
+ctl.stop$prefetch u:object_r:ctl_prefetch_prop:s0
+ctl.restart$prefetch u:object_r:ctl_prefetch_prop:s0
+
# Restrict access to control uprobestats
ctl.start$uprobestats u:object_r:ctl_uprobestats_prop:s0
ctl.stop$uprobestats u:object_r:ctl_uprobestats_prop:s0
@@ -355,6 +360,13 @@
ro.enable_boot_charger_mode u:object_r:charger_config_prop:s0 exact bool
ro.product.charger.unplugged_shutdown_time u:object_r:charger_config_prop:s0 exact int
+# Prefetch boot properties
+ro.prefetch_boot.enabled u:object_r:prefetch_boot_prop:s0 exact bool
+ro.prefetch_boot.trace_buffer_size_kib u:object_r:prefetch_boot_prop:s0 exact int
+ro.prefetch_boot.duration_s u:object_r:prefetch_boot_prop:s0 exact int
+ro.prefetch_boot.io_depth u:object_r:prefetch_boot_prop:s0 exact int
+ro.prefetch_boot.max_fds u:object_r:prefetch_boot_prop:s0 exact int
+
# Virtual A/B and snapuserd properties
ro.virtual_ab.enabled u:object_r:virtual_ab_prop:s0 exact bool
ro.virtual_ab.retrofit u:object_r:virtual_ab_prop:s0 exact bool
diff --git a/private/shell.te b/private/shell.te
index 70f296e..3b7a1f5 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -185,6 +185,8 @@
# Allow shell to start/stop gsid via ctl.start|stop|restart gsid.
set_prop(shell, ctl_gsid_prop)
set_prop(shell, ctl_snapuserd_prop)
+# Allow shell to start/stop prefetch
+set_prop(shell, ctl_prefetch_prop)
# Allow shell to enable Dynamic System Update
set_prop(shell, dynamic_system_prop)
# Allow shell to mock an OTA using persist.pm.mock-upgrade