cm: SELinux policy for persistent properties API

* Set up persistent properties for devices with a /persist partition. Change-Id: I78974dd4e25831338462c91fc25e36e343795510
2015-09-06 13:53:29 -07:00 · 2015-09-06 13:53:29 -07:00 · a385501738
commit a385501738
parent 1fd23a9310
4 changed files with 13 additions and 0 deletions
--- a/prebuilt/common/etc/init.local.rc
+++ b/prebuilt/common/etc/init.local.rc
@ -104,6 +104,9 @@ on boot
    setprop net.tcp.usercfg.wifi       1
    setprop net.tcp.usercfg.lte        1

+    # Persistent properties (only created if persist exists)
+    mkdir /persist/properties 0770 system system
+
 # adb over network
 on property:service.adb.tcp.port=5555
    stop adbd
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@ -11,3 +11,6 @@ type sysfs_devices_system_iosched, file_type, sysfs_type;

 # Recovery's "cache"
 type recovery_cache_file, file_type, mlstrustedobject;
+
+# Persistent property storage
+type persist_property_file, file_type;
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@ -34,3 +34,6 @@

 # Lockscreen wallpaper
 /data/system/users/[0-9]+/keyguard_wallpaper   u:object_r:wallpaper_file:s0
+
+# Persistent properties
+/persist/properties         u:object_r:persist_property_file:s0
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@ -1,2 +1,6 @@
 allow system_server recovery_cache_file:dir rw_dir_perms;
 allow system_server recovery_cache_file:file create_file_perms;
+
+# Persistent properties
+allow system_server persist_property_file:dir rw_dir_perms;
+allow system_server persist_property_file:file { create_file_perms unlink };