Add framework_watchdog_config_prop
The framework_watchdog_config_prop properties control framework watchdog
configurations to handle watchdog timeout loop. The properties are
written only by vendor_init.
More details and background: go/break-sys-watchdog-loop
Bug: 141948707
Change-Id: I6c0da5fdafba8165e79d0f04e0a82874f605a06d
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 5882ee7..2a5e7f3 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -11,6 +11,7 @@
cgroup_v2
debugfs_kprobes
dmabuf_system_heap_device
+ framework_watchdog_config_prop
gki_apex_prepostinstall
gki_apex_prepostinstall_exec
hal_face_service
diff --git a/private/property_contexts b/private/property_contexts
index ae85610..4673454 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -868,6 +868,10 @@
cache_key.system_server. u:object_r:binder_cache_system_server_prop:s0 prefix string
cache_key.telephony. u:object_r:binder_cache_telephony_server_prop:s0 prefix string
+# Framework watchdog configuration properties.
+framework_watchdog.fatal_count u:object_r:framework_watchdog_config_prop:s0 exact int
+framework_watchdog.fatal_window.second u:object_r:framework_watchdog_config_prop:s0 exact int
+
gsm.sim.operator.numeric u:object_r:telephony_status_prop:s0 exact string
persist.radio.airplane_mode_on u:object_r:telephony_status_prop:s0 exact bool
diff --git a/private/system_server.te b/private/system_server.te
index cadc6cd..a3ee549 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -1020,6 +1020,13 @@
# Only system server can access BINDER_FREEZE and BINDER_GET_FROZEN_INFO
allowxperm system_server binder_device:chr_file ioctl { BINDER_FREEZE BINDER_GET_FROZEN_INFO };
+# Watchdog prints debugging log to /dev/kmsg_debug.
+userdebug_or_eng(`
+ allow system_server kmsg_debug_device:chr_file { open append getattr };
+')
+# Watchdog reads sysprops framework_watchdog.fatal_* to handle watchdog timeout loop.
+get_prop(system_server, framework_watchdog_config_prop)
+
###
### Neverallow rules
###
diff --git a/public/property.te b/public/property.te
index 06df3d7..01ca611 100644
--- a/public/property.te
+++ b/public/property.te
@@ -126,6 +126,7 @@
system_vendor_config_prop(exported_config_prop)
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(ffs_config_prop)
+system_vendor_config_prop(framework_watchdog_config_prop)
system_vendor_config_prop(graphics_config_prop)
system_vendor_config_prop(hdmi_config_prop)
system_vendor_config_prop(incremental_prop)