PWN-Hunter/android_system_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2952a20565
android_system_sepolicy/public/flags_health_check.te
Hector Dearman 0756dcc9da Re-add sys_traced prop 
Add permissions for:
persist.device_config.global_settings.sys_traced

Bug: b/71737179
Test: As follows:
patch aosp/891475
patch aosp/891853
patch ag/6224352

$ adb shell
walleye:/ $ ps -A | grep traced
nobody        1135     1   52288   2200 0                   0 S traced
nobody        1136     1   52288   2256 0                   0 S
traced_probes
walleye:/ $ settings put global sys_traced 0
walleye:/ $ ps -A | grep traced
1|walleye:/ $
walleye:/ $ settings put global sys_traced 1
1|walleye:/ $ ps -A | grep traced
nobody       12386     1   52288   2208 0                   0 S traced
nobody       12387     1   52288   2248 0                   0 S
traced_probes
Change-Id: I8898672c8fdc9c5d87a31b90f6c7d5c03bef78ed
2019-04-05 15:53:57 +00:00

33 lines
2.0 KiB
Plaintext
Raw Blame History

# The flags_health_check command run by init.
type flags_health_check, domain, coredomain;
type flags_health_check_exec, system_file_type, exec_type, file_type;
set_prop(flags_health_check, device_config_boot_count_prop)
set_prop(flags_health_check, device_config_reset_performed_prop)
set_prop(flags_health_check, device_config_runtime_native_boot_prop)
set_prop(flags_health_check, device_config_runtime_native_prop)
set_prop(flags_health_check, device_config_input_native_boot_prop)
set_prop(flags_health_check, device_config_netd_native_prop)
set_prop(flags_health_check, device_config_activity_manager_native_boot_prop)
set_prop(flags_health_check, device_config_media_native_prop)
set_prop(flags_health_check, device_config_sys_traced_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
# system property device_config_boot_count_prop is used for deciding when to perform server
# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a
# wrong timing, trigger server configurable flag related disaster recovery, which will override
# server configured values of all flags with default values.
neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set;
# system property device_config_reset_performed_prop is used for indicating whether server
# configurable flags have been reset during booting. Mistakenly modified by unrelated components can
# cause bad server configurable flags synced back to device.
neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set;
# server_configurable_flags_data_file is used for storing whether server configurable flags which
# have been reset during current booting. Mistakenly modified by unrelated components can
# cause bad server configurable flags synced back to device.
neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms;
Reference in New Issue View Git Blame Copy Permalink