From 5cd114d3a0aa1173d842f068dccb3c0899c5c306 Mon Sep 17 00:00:00 2001 From: Stephen Crane Date: Tue, 22 Nov 2022 23:38:29 +0000 Subject: [PATCH 1/2] Allow Trusty storageproxy property Allows the Trusty storageproxyd to set ro.vendor.trusty.storage.fs_ready when the data filesystems are ready for use, and allows vendor init to query and wait on this property. Test: build, flash, test app loading Bug: 258018785 Change-Id: I0b4f80371385bf0ddb0c44e81b1893bb80c7a63d Merged-In: I0b4f80371385bf0ddb0c44e81b1893bb80c7a63d --- whitechapel_pro/property.te | 3 +++ whitechapel_pro/property_contexts | 3 +++ whitechapel_pro/tee.te | 2 ++ whitechapel_pro/vendor_init.te | 3 +++ 4 files changed, 11 insertions(+) diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te index 6a377573..b5bf04c2 100644 --- a/whitechapel_pro/property.te +++ b/whitechapel_pro/property.te @@ -40,3 +40,6 @@ vendor_internal_prop(vendor_telephony_app_prop) # Battery Mitigation vendor_internal_prop(vendor_mitigation_ready_prop) vendor_public_prop(vendor_brownout_reason_prop) + +# Trusty storage FS ready +vendor_internal_prop(vendor_trusty_storage_prop) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index 9aa97f1b..32b304b1 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -110,3 +110,6 @@ vendor.config.debug. u:object_r:vendor_telephony_app_prop: # Battery Mitigation vendor.brownout.mitigation.ready u:object_r:vendor_mitigation_ready_prop:s0 vendor.brownout_reason u:object_r:vendor_brownout_reason_prop:s0 + +# Trusty +ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 diff --git a/whitechapel_pro/tee.te b/whitechapel_pro/tee.te index 58228b5a..811dcbbc 100644 --- a/whitechapel_pro/tee.te +++ b/whitechapel_pro/tee.te @@ -15,3 +15,5 @@ read_fstab(tee) # storageproxyd starts before /data is mounted. It handles /data not being there # gracefully. However, attempts to access /data trigger a denial. dontaudit tee unlabeled:dir { search }; + +set_prop(tee, vendor_trusty_storage_prop) diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te index dae9fa6c..5b828e93 100644 --- a/whitechapel_pro/vendor_init.te +++ b/whitechapel_pro/vendor_init.te @@ -41,3 +41,6 @@ set_prop(vendor_init, vendor_brownout_reason_prop) # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; + +# Trusty storage FS ready +get_prop(vendor_init, vendor_trusty_storage_prop) From 24cfe388c5f6e0c25a42dd3a252a1b0102b981ae Mon Sep 17 00:00:00 2001 From: Wasb Liu Date: Mon, 14 Nov 2022 09:49:24 +0000 Subject: [PATCH 2/2] hal_health_default: updated sepolicy allow android.hardware.health service to access persist_battery_file 11-14 13:53:39.242 872 872 W android.hardwar: type=1400 audit(0.0:17): avc: denied { search } for name="battery" dev="sda1" ino=84 scontext=u:r:hal_health_default:s0 tcontext=u:object_r:persist_battery_file:s0 tclass=dir permissive=0 Bug: 258535661 Test: check for no avc denied on persist_battery_file Change-Id: I7564b03339e17f9eea4aa5a8feda31bcfdd6100c Signed-off-by: Wasb Liu --- whitechapel_pro/hal_health_default.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/whitechapel_pro/hal_health_default.te b/whitechapel_pro/hal_health_default.te index d953d4b2..6c3c6940 100644 --- a/whitechapel_pro/hal_health_default.te +++ b/whitechapel_pro/hal_health_default.te @@ -1,5 +1,7 @@ allow hal_health_default mnt_vendor_file:dir search; allow hal_health_default persist_file:dir search; +allow hal_health_default persist_battery_file:file create_file_perms; +allow hal_health_default persist_battery_file:dir rw_dir_perms; set_prop(hal_health_default, vendor_battery_defender_prop)