Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 55e5c9b5131e9754d9cd14f44a2078ada053fb5f / . / private / bootstat.te
blob: da3179b1e1844640bda4baea3c0e4992e9a9fddf [file] [log] [blame]
Alex Klyubinf5446eb2017-03-23 14:27:32 -0700[diff] [blame]1typeattribute bootstat coredomain;
2
dcashmancc39f632016-07-22 13:13:11 -0700[diff] [blame]3init_daemon_domain(bootstat)
Inseob Kim55e5c9b2020-03-04 17:20:35 +0900[diff] [blame^]4
5# Collect metrics on boot time created by init
6get_prop(bootstat, boottime_prop)
7
8# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
9set_prop(bootstat, bootloader_boot_reason_prop)
10set_prop(bootstat, system_boot_reason_prop)
11set_prop(bootstat, last_boot_reason_prop)
12
13neverallow {
14 domain
15 -bootanim
16 -bootstat
17 -dumpstate
18 -init
19 -recovery
20 -shell
21 -system_server
22} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
23# ... and refine, as these components should not set the last boot reason
24neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
25
26neverallow {
27 domain
28 -bootstat
29 -init
30 -system_server
31} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
32# ... and refine ... for a ro propertly no less ... keep this _tight_
33neverallow system_server bootloader_boot_reason_prop:property_service set;