Google Git
Sign in
android / platform / system / sepolicy / 9b65845b4^! / .
commit9b65845b4acc6d55d624f3d765ba8258603adc65[log] [tgz]
authorYi Kong <yikong@google.com>Mon Mar 22 22:02:22 2021 +0800
committerYi Kong <yikong@google.com>Mon Mar 22 19:40:03 2021 +0000
tree38d665f9a3f5d468add4972631cce640a33a1649
parent133496f8a47526cc0eb5f01c9c69fb1aaa9aee69 [diff]
Allow profcollectd to store and read its application specific node ID in properties

This node ID will be used to uniquely and anonymously identify a device
by profcollectd on engineering (userdebug or eng) builds.

Test: build
Change-Id: If01f71c62479d63d4d19aac15da24bc835621e66

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 0f9b7ec..d2898c6 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -88,6 +88,7 @@
     profcollectd_data_file
     profcollectd_exec
     profcollectd_service
+    profcollectd_node_id_prop
     qemu_hw_prop
     qemu_sf_lcd_density_prop
     radio_core_data_file

diff --git a/private/profcollectd.te b/private/profcollectd.te
index baccf88..24fb056 100644
--- a/private/profcollectd.te
+++ b/private/profcollectd.te

@@ -40,6 +40,7 @@
 
   # Allow profcollectd to read its system properties.
   get_prop(profcollectd, device_config_profcollect_native_boot_prop)
+  set_prop(profcollectd, profcollectd_node_id_prop)
 
   # Allow profcollectd to publish a binder service and make binder calls.
   binder_use(profcollectd)

diff --git a/private/property.te b/private/property.te
index 2f5fcde..22c5bca 100644
--- a/private/property.te
+++ b/private/property.te

@@ -25,6 +25,7 @@
 system_internal_prop(odsign_prop)
 system_internal_prop(perf_drop_caches_prop)
 system_internal_prop(pm_prop)
+system_internal_prop(profcollectd_node_id_prop)
 system_internal_prop(rollback_test_prop)
 system_internal_prop(setupwizard_prop)
 system_internal_prop(system_adbd_prop)
@@ -590,3 +591,12 @@
   -init
   -shell
 } rollback_test_prop:property_service set;
+
+neverallow {
+  # Only allow init and profcollectd to access profcollectd_node_id_prop
+  domain
+  -init
+  -dumpstate
+  -profcollectd
+} profcollectd_node_id_prop:file r_file_perms;
+

diff --git a/private/property_contexts b/private/property_contexts
index 7f3cb2f..840a9f4 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -64,6 +64,7 @@
 persist.mmc.            u:object_r:mmc_prop:s0
 persist.netd.stable_secret      u:object_r:netd_stable_secret_prop:s0
 persist.pm.mock-upgrade u:object_r:mock_ota_prop:s0
+persist.profcollectd.node_id    u:object_r:profcollectd_node_id_prop:s0     exact   string
 persist.sys.            u:object_r:system_prop:s0
 persist.sys.safemode    u:object_r:safemode_prop:s0
 persist.sys.theme       u:object_r:theme_prop:s0