Sepolicy for microdroid_manager.init_done Add a new selinux context: microdroid_lifecycle_prop for properties like microdroid_manager.init_done. Also adding neverallow rule to not let anyone other than init & microdroid_manager set it. Bug: 260713790 Test: Builds Change-Id: I81470ce596cfe5870b6777b6ae6fde3a0dc486d1

commit: e1578a50fba557ee2a8511aa75441f2098b941c5 [log] [tgz]
author: Shikha Panwar <shikhapanwar@google.com> Wed Nov 30 11:22:10 2022 +0000
committer: Shikha Panwar <shikhapanwar@google.com> Thu Dec 01 14:59:06 2022 +0000
tree: 1e5c3733352a15d53a6f95c2d6e19fb098e40084
parent: ddc29b8d796a8a7bbb497b2128440916e747a75f [diff] [blame]
diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index 733bb33..d983775 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te

@@ -45,10 +45,10 @@
     domain
     -init
     -microdroid_manager
-} microdroid_config_prop:property_service set;
+} {microdroid_config_prop microdroid_lifecycle_prop}:property_service set;
 
 neverallow {
     domain
     -init
     -microdroid_manager
-} microdroid_config_prop:file no_rw_file_perms;
+} {microdroid_config_prop microdroid_lifecycle_prop}:file no_rw_file_perms;
commit	e1578a50fba557ee2a8511aa75441f2098b941c5	[log] [tgz]
author	Shikha Panwar <shikhapanwar@google.com>	Wed Nov 30 11:22:10 2022 +0000
committer	Shikha Panwar <shikhapanwar@google.com>	Thu Dec 01 14:59:06 2022 +0000
tree	1e5c3733352a15d53a6f95c2d6e19fb098e40084
parent	ddc29b8d796a8a7bbb497b2128440916e747a75f [diff] [blame]