Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / e3d625b72e0d516670d04f3e5b7b21c89c856ab8^! / . / private
commite3d625b72e0d516670d04f3e5b7b21c89c856ab8[log] [tgz]
authorchenbruce <chenbruce@google.com>Thu Dec 27 18:01:25 2018 +0800
committerBruce Chen <chenbruce@google.com>Tue Jan 15 02:47:57 2019 +0000
treee324bbcfbc2ad277a85e7afbed0622b0934fdefa
parent53f537582471d7bdf5c8273a6bbf4d9fdd2623fb [diff]
SEPolicy updates for adding native flag namespace(netd).

For experiment flag testing, we add a flag netd and have
SEPolicy updates.

Test:  add sepolicy, m -j, check GetServerConfigurableFlag function in netd
Bug:122050512
Change-Id: I21c844c277afc358085d80447f16e4c0d4eba5b3

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 351ed54..ee9a99e 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil

@@ -39,6 +39,7 @@
     device_config_boot_count_prop
     device_config_reset_performed_prop
     device_config_flags_health_check_prop
+    device_config_netd_native_prop
     e2fs
     e2fs_exec
     exfat

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index da1eaa9..bf273f3 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil

@@ -37,6 +37,7 @@
     device_config_boot_count_prop
     device_config_reset_performed_prop
     device_config_flags_health_check_prop
+    device_config_netd_native_prop
     exfat
     exported2_config_prop
     exported2_default_prop

diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 57e6876..960d5fc 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil

@@ -25,6 +25,7 @@
     dev_cpu_variant
     device_config_boot_count_prop
     device_config_flags_health_check_prop
+    device_config_netd_native_prop
     device_config_reset_performed_prop
     device_config_service
     face_service

diff --git a/private/property_contexts b/private/property_contexts
index 06c2822..8d87262 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -170,6 +170,7 @@
 device_config.reset_performed           u:object_r:device_config_reset_performed_prop:s0
 persist.device_config.attempted_boot_count        u:object_r:device_config_boot_count_prop:s0
 persist.device_config.global_settings.native_flags_health_check_enabled u:object_r:device_config_flags_health_check_prop:s0
+persist.device_config.netd_native.           u:object_r:device_config_netd_native_prop:s0
 
 apexd.                  u:object_r:apexd_prop:s0
 persist.apexd.          u:object_r:apexd_prop:s0

diff --git a/private/system_server.te b/private/system_server.te
index 46fb591..0baf4d6 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -581,6 +581,7 @@
 # STOPSHIP: Remove the ability for system_server to set property
 # device_config_flags_health_check_prop before release. (b/119627143)
 set_prop(system_server, device_config_flags_health_check_prop)
+set_prop(system_server, device_config_netd_native_prop)
 
 # BootReceiver to read ro.boot.bootreason
 get_prop(system_server, bootloader_boot_reason_prop)
@@ -931,6 +932,7 @@
   -flags_health_check
 } {
   device_config_flags_health_check_prop
+  device_config_netd_native_prop
 }:property_service set;
 
 # system_server should never be executing dex2oat. This is either