sepolicy: allow rules for apk verify system property

ro.apk_verity.mode was introduced in P on crosshatch. This change changes the label from default_prop to a new property, apk_verity_prop. ro.apk_verity.mode is set by vendor_init per build.prop, in order to honor Treble split. It is also read by system_server and installd currently. Test: verify functioning without denials in dmesg Bug: 142494008 Bug: 144164497 Change-Id: I1f24513d79237091cf30025bb7ca63282e23c739
2019-11-27 10:06:03 -08:00 · 2019-11-27 10:06:03 -08:00 · 8b65b0b12d
commit 8b65b0b12d
parent d6a91453d8
6 changed files with 10 additions and 1 deletions
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@ -1143,7 +1143,7 @@
 (typeattributeset default_android_hwservice_29_0 (default_android_hwservice))
 (typeattributeset default_android_service_29_0 (default_android_service))
 (typeattributeset default_android_vndservice_29_0 (default_android_vndservice))
-(typeattributeset default_prop_29_0 (default_prop))
+(typeattributeset default_prop_29_0 (default_prop apk_verity_prop))
 (typeattributeset dev_cpu_variant_29_0 (dev_cpu_variant))
 (typeattributeset device_29_0 (device))
 (typeattributeset device_config_activity_manager_native_boot_prop_29_0 (device_config_activity_manager_native_boot_prop))
--- a/private/installd.te
+++ b/private/installd.te
@ -37,6 +37,9 @@ allow installd rollback_data_file:file create_file_perms;
 get_prop(installd, device_config_runtime_native_prop)
 get_prop(installd, device_config_runtime_native_boot_prop)

+# Allow installd to access apk verity feature flag (for legacy case).
+get_prop(installd, apk_verity_prop)
+
 # Allow installd to delete files in /data/staging
 allow installd staging_data_file:file unlink;
 allow installd staging_data_file:dir { open read remove_name rmdir search write };
--- a/private/system_server.te
+++ b/private/system_server.te
@ -635,6 +635,9 @@ get_prop(system_server, gsid_prop)
 # Read the property that mocks an OTA
 get_prop(system_server, mock_ota_prop)

+# Read the property as feature flag for protecting apks with fs-verity.
+get_prop(system_server, apk_verity_prop)
+
 # Create a socket for connections from debuggerd.
 allow system_server system_ndebug_socket:sock_file create_file_perms;

--- a/public/property.te
+++ b/public/property.te
@ -98,6 +98,7 @@ compatible_property_only(`

 # Properties with no restrictions
 system_public_prop(audio_prop)
+system_public_prop(apk_verity_prop)
 system_public_prop(bluetooth_a2dp_offload_prop)
 system_public_prop(bluetooth_audio_hal_prop)
 system_public_prop(bluetooth_prop)
--- a/public/property_contexts
+++ b/public/property_contexts
@ -98,6 +98,7 @@ pm.dexopt.inactive u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.shared u:object_r:exported_pm_prop:s0 exact string
 ro.af.client_heap_size_kbyte u:object_r:exported3_default_prop:s0 exact int
+ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
 ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
 ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
 ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@ -229,6 +229,7 @@ not_compatible_property(`
 # Get file context
 allow vendor_init file_contexts_file:file r_file_perms;

+set_prop(vendor_init, apk_verity_prop)
 set_prop(vendor_init, bluetooth_a2dp_offload_prop)
 set_prop(vendor_init, bluetooth_audio_hal_prop)
 set_prop(vendor_init, cpu_variant_prop)