Blame - private/bootstat.te - android_system_sepolicy

blob: 99d8c6d290d6e8139e37166c383f1d1cc02d4132 [file] [log] [blame]

Alex Klyubin	f5446eb	2017-03-23 14:27:32 -0700	[diff] [blame]	1	typeattribute bootstat coredomain;
				2
dcashman	cc39f63	2016-07-22 13:13:11 -0700	[diff] [blame]	3	init_daemon_domain(bootstat)
Inseob Kim	55e5c9b	2020-03-04 17:20:35 +0900	[diff] [blame]	4
				5	# Collect metrics on boot time created by init
				6	get_prop(bootstat, boottime_prop)
				7
				8	# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
				9	set_prop(bootstat, bootloader_boot_reason_prop)
				10	set_prop(bootstat, system_boot_reason_prop)
				11	set_prop(bootstat, last_boot_reason_prop)
				12
				13	neverallow {
				14	domain
				15	-bootanim
				16	-bootstat
				17	-dumpstate
Wenjie Zhou	27d5255	2020-04-09 14:43:00 -0700	[diff] [blame]	18	userdebug_or_eng(`-incidentd')
Inseob Kim	55e5c9b	2020-03-04 17:20:35 +0900	[diff] [blame]	19	-init
Alexei Nicoara	957e8f3	2023-09-11 17:43:45 +0100	[diff] [blame^]	20	-platform_app
Inseob Kim	55e5c9b	2020-03-04 17:20:35 +0900	[diff] [blame]	21	-recovery
				22	-shell
				23	-system_server
				24	} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
				25	# ... and refine, as these components should not set the last boot reason
				26	neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
				27
				28	neverallow {
				29	domain
				30	-bootstat
				31	-init
				32	-system_server
				33	} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
				34	# ... and refine ... for a ro propertly no less ... keep this _tight_
				35	neverallow system_server bootloader_boot_reason_prop:property_service set;