Add missing properties to microdroid
The main motivation is to reduce log spams.
Bug: 268333203
Test: atest MicrodroidTests MicrodroidHostTestCases
Change-Id: Idffdcd7d543590d8c580b2282098d3abd8214f86
diff --git a/microdroid/system/private/domain.te b/microdroid/system/private/domain.te
index c940eca..118425a 100644
--- a/microdroid/system/private/domain.te
+++ b/microdroid/system/private/domain.te
@@ -252,6 +252,10 @@
# Properties that microdroid doesn't have but some still want to read.
dontaudit domain { heapprofd_prop timezone_prop }:file r_file_perms;
+# Allow all processes to "read" non_existing_prop to suppress libc's access denial logs.
+# dontaudit is not enough; it's still fine because they can't be written, by neverallow rules
+get_prop(domain, non_existing_prop)
+
###
### neverallow rules
###
diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index de32003..98c483a 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te
@@ -5,6 +5,7 @@
system_public_prop(dalvik_dynamic_config_prop)
system_restricted_prop(device_config_runtime_native_prop)
system_restricted_prop(device_config_runtime_native_boot_prop)
+system_restricted_prop(non_existing_prop)
typeattribute dalvik_config_prop dalvik_config_prop_type;
typeattribute dalvik_dynamic_config_prop dalvik_config_prop_type;
@@ -61,3 +62,8 @@
-microdroid_manager
-crash_dump
} {microdroid_config_prop}:file no_rw_file_perms;
+
+neverallow {
+ domain
+ -init
+} non_existing_prop:property_service set;
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index e74d6d2..2bd5a22 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -145,6 +145,7 @@
libc.debug.hooks.enable u:object_r:libc_debug_prop:s0 exact string
arm64.memtag. u:object_r:arm64_memtag_prop:s0 prefix string
+persist.arm64.memtag. u:object_r:non_existing_prop:s0 prefix string
persist.sys.timezone u:object_r:timezone_prop:s0 exact string
@@ -171,3 +172,21 @@
dalvik.vm.restore-dex2oat-threads u:object_r:dalvik_dynamic_config_prop:s0 exact int
apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string
+
+# These non_existing_prop properties are unused in microdroid, but added here to suppress libc's
+# access denial logs.
+libc.debug.gwp_asan. u:object_r:non_existing_prop:s0 prefix string
+persist.libc.debug.gwp_asan. u:object_r:non_existing_prop:s0 prefix string
+persist.adb.tls_server.enable u:object_r:non_existing_prop:s0 exact bool
+persist.adb.watchdog.timeout_secs u:object_r:non_existing_prop:s0 exact int
+persist.adb.watchdog u:object_r:non_existing_prop:s0 exact bool
+persist.device_config. u:object_r:non_existing_prop:s0 prefix string
+persist.sys.test_harness u:object_r:non_existing_prop:s0 exact bool
+ro.arch u:object_r:non_existing_prop:s0 exact string
+ro.boot.vsock_tombstone_port u:object_r:non_existing_prop:s0 exact int
+ro.product.device u:object_r:non_existing_prop:s0 exact string
+ro.product.model u:object_r:non_existing_prop:s0 exact string
+ro.product.name u:object_r:non_existing_prop:s0 exact string
+ro.product.vndk.version u:object_r:non_existing_prop:s0 exact string
+ro.secure u:object_r:non_existing_prop:s0 exact bool
+ro.serialno u:object_r:non_existing_prop:s0 exact string