Merge "Add tombstone_transmit init property to microdroid"

commit: fa7661b454ba7122aa553a90d9dae57c5c598d67 [log] [tgz]
author: Inseob Kim <inseob@google.com> Fri Jan 20 14:41:15 2023 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Jan 20 14:41:15 2023 +0000
tree: 4d0cdcbff01dca93326af82b2d29195861b8688f
parent: cfdea5f4f3574385d739c1269e6c25783c109857 [diff]
parent: ef0328cf949752043ed4632effac26eb4da1b93e [diff]
diff --git a/microdroid/system/private/microdroid_manager.te b/microdroid/system/private/microdroid_manager.te
index a5b71f0..7e26f53 100644
--- a/microdroid/system/private/microdroid_manager.te
+++ b/microdroid/system/private/microdroid_manager.te

@@ -123,6 +123,9 @@
 # Allow microdroid_manager to write kmsg_debug (stdio_to_kmsg).
 allow microdroid_manager kmsg_debug_device:chr_file w_file_perms;
 
+# Read tombstone_transmit_status_prop to wait for initialization of tombstone_transmit
+get_prop(microdroid_manager, tombstone_transmit_status_prop)
+
 # Domains other than microdroid can't write extra_apks
 neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:file no_w_file_perms;
 neverallow { domain -microdroid_manager -init -vendor_init } extra_apk_file:dir no_w_dir_perms;

diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index d983775..1bbe2a9 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te

@@ -1,4 +1,5 @@
 system_internal_prop(ctl_tombstoned_prop)
+system_restricted_prop(tombstone_transmit_status_prop)
 
 system_restricted_prop(boot_status_prop)
 

diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index 0d5786c..d32e0e8 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts

@@ -161,3 +161,5 @@
 persist.device_config.runtime_native_boot.  u:object_r:device_config_runtime_native_boot_prop:s0 prefix
 
 apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string
+
+tombstone_transmit.init_done u:object_r:tombstone_transmit_status_prop:s0 exact bool

diff --git a/microdroid/system/private/tombstone_transmit.te b/microdroid/system/private/tombstone_transmit.te
index 1887654..4f2b5ab 100644
--- a/microdroid/system/private/tombstone_transmit.te
+++ b/microdroid/system/private/tombstone_transmit.te

@@ -8,3 +8,9 @@
 allow tombstone_transmit tombstone_data_file:file { r_file_perms unlink };
 
 allow tombstone_transmit self:{ vsock_socket } create_socket_perms_no_ioctl;
+
+# allow tombstone_transmit to notify its initialization
+set_prop(tombstone_transmit, tombstone_transmit_status_prop)
+
+# Only tombstone_transmit can set its status
+neverallow { domain -init -tombstone_transmit } tombstone_transmit_status_prop:property_service set;
commit	fa7661b454ba7122aa553a90d9dae57c5c598d67	[log] [tgz]
author	Inseob Kim <inseob@google.com>	Fri Jan 20 14:41:15 2023 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Jan 20 14:41:15 2023 +0000
tree	4d0cdcbff01dca93326af82b2d29195861b8688f
parent	cfdea5f4f3574385d739c1269e6c25783c109857 [diff]
parent	ef0328cf949752043ed4632effac26eb4da1b93e [diff]