Merge "add next_boot_prop SELinux context to store staged sys prop" into main am: 72da88530f

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2781127 Change-Id: If029841ec0f18f28aee860b6c91bf9e059a22e2f Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-10-13 18:59:14 +00:00 · 2023-10-13 18:59:14 +00:00 · 0c900ca152
commit 0c900ca152
parent 9eed36d267 72da88530f
5 changed files with 10 additions and 0 deletions
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@ -19,4 +19,5 @@
    device_config_aconfig_flags_prop
    proc_memhealth
    virtual_device_native_service
+    next_boot_prop
  ))
--- a/private/flags_health_check.te
+++ b/private/flags_health_check.te
@ -34,6 +34,7 @@ set_prop(flags_health_check, device_config_memory_safety_native_prop)
 set_prop(flags_health_check, device_config_remote_key_provisioning_native_prop)
 set_prop(flags_health_check, device_config_camera_native_prop)
 set_prop(flags_health_check, device_config_tethering_u_or_later_native_prop)
+set_prop(flags_health_check, next_boot_prop)

 # system property device_config_boot_count_prop is used for deciding when to perform server
 # configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
--- a/private/property.te
+++ b/private/property.te
@ -31,6 +31,7 @@ system_internal_prop(lower_kptr_restrict_prop)
 system_internal_prop(net_464xlat_fromvendor_prop)
 system_internal_prop(net_connectivity_prop)
 system_internal_prop(netd_stable_secret_prop)
+system_internal_prop(next_boot_prop)
 system_internal_prop(odsign_prop)
 system_internal_prop(perf_drop_caches_prop)
 system_internal_prop(pm_prop)
--- a/private/property_contexts
+++ b/private/property_contexts
@ -279,6 +279,9 @@ persist.device_config.memory_safety_native_boot.    u:object_r:device_config_mem
 persist.device_config.memory_safety_native.         u:object_r:device_config_memory_safety_native_prop:s0
 persist.device_config.tethering_u_or_later_native.  u:object_r:device_config_tethering_u_or_later_native_prop:s0

+# Properties that is for staging
+next_boot.  u:object_r:next_boot_prop:s0
+
 # F2FS smart idle maint prop
 persist.device_config.storage_native_boot.smart_idle_maint_enabled u:object_r:smart_idle_maint_enabled_prop:s0 exact bool

--- a/private/system_server.te
+++ b/private/system_server.te
@ -774,6 +774,9 @@ set_prop(system_server, device_config_tethering_u_or_later_native_prop)
 set_prop(system_server, smart_idle_maint_enabled_prop)
 set_prop(system_server, arm64_memtag_prop)

+# staged flag properties
+set_prop(system_server, next_boot_prop)
+
 # Allow query ART device config properties
 get_prop(system_server, device_config_runtime_native_boot_prop)
 get_prop(system_server, device_config_runtime_native_prop)
@ -1337,6 +1340,7 @@ neverallow {
  device_config_aconfig_flags_prop
  device_config_window_manager_native_boot_prop
  device_config_tethering_u_or_later_native_prop
+  next_boot_prop
 }:property_service set;

 # Only allow system_server and init to set tuner_server_ctl_prop