From 006c2e9934e9a4a16f3abca6064947cb8ada80a8 Mon Sep 17 00:00:00 2001
From: Mark Salyzyn <salyzyn@google.com>
Date: Mon, 14 Aug 2017 14:25:10 -0700
Subject: [PATCH] Switch /data/misc/reboot/last_reboot_reason to persistent
 property

Switch from /data/misc/reboot/last_reboot_reason to persistent
Android property persist.sys.boot.reason for indicating why the
device is rebooted or shutdown.

Introduce protection for all boot reason properties

Protect the following properties with these labels

ro.boot.bootreason      u:object_r:bootloader_boot_reason_prop:s0
sys.boot.reason         u:object_r:sys_boot_reason_prop:s0
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0

Setup the current as-need access rules for each.

ToDo: Remove u:object_r:reboot_data_file after internal fixes.

Test: system/core/bootstat/boot_reason_test.sh
Bug: 64687998
Change-Id: I3771c73933e8ae2d94aee936c7a38b6282611b80
---
 private/file_contexts     | 1 -
 private/property_contexts | 3 +++
 private/system_server.te  | 9 +++++----
 public/bootanim.te        | 4 ++++
 public/bootstat.te        | 3 +++
 public/dumpstate.te       | 5 +++++
 public/property.te        | 3 +++
 public/recovery.te        | 3 +++
 public/shell.te           | 5 +++++
 9 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/private/file_contexts b/private/file_contexts
index 4029256a2..222167b19 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -369,7 +369,6 @@
 /data/misc/logd(/.*)?           u:object_r:misc_logd_file:s0
 /data/misc/media(/.*)?          u:object_r:media_data_file:s0
 /data/misc/net(/.*)?            u:object_r:net_data_file:s0
-/data/misc/reboot(/.*)?         u:object_r:reboot_data_file:s0
 /data/misc/recovery(/.*)?       u:object_r:recovery_data_file:s0
 /data/misc/shared_relro(/.*)?   u:object_r:shared_relro_file:s0
 /data/misc/sms(/.*)?            u:object_r:radio_data_file:s0
diff --git a/private/property_contexts b/private/property_contexts
index 3ca1d7064..2bbc3c5c7 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -65,6 +65,9 @@ ro.serialno             u:object_r:serialno_prop:s0
 ro.boot.btmacaddr       u:object_r:bluetooth_prop:s0
 ro.boot.serialno        u:object_r:serialno_prop:s0
 ro.bt.                  u:object_r:bluetooth_prop:s0
+ro.boot.bootreason      u:object_r:bootloader_boot_reason_prop:s0
+persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0
+sys.boot.reason         u:object_r:system_boot_reason_prop:s0
 
 # Boolean property set by system server upon boot indicating
 # if device owner is provisioned.
diff --git a/private/system_server.te b/private/system_server.te
index 205e7a614..05e84f04d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -29,10 +29,6 @@ allow system_server resourcecache_data_file:dir r_dir_perms;
 # ptrace to processes in the same domain for debugging crashes.
 allow system_server self:process ptrace;
 
-# Read and delete last_reboot_reason file
-allow system_server reboot_data_file:file { rename r_file_perms unlink };
-allow system_server reboot_data_file:dir { write search open remove_name };
-
 # Child of the zygote.
 allow system_server zygote:fd use;
 allow system_server zygote:process sigchld;
@@ -474,6 +470,11 @@ set_prop(system_server, ctl_bugreport_prop)
 # cppreopt property
 set_prop(system_server, cppreopt_prop)
 
+# BootReceiver to read ro.boot.bootreason
+get_prop(system_server, bootloader_boot_reason_prop)
+# PowerManager to read persist.sys.boot.reason
+get_prop(system_server, last_boot_reason_prop)
+
 # Collect metrics on boot time created by init
 get_prop(system_server, boottime_prop)
 
diff --git a/public/bootanim.te b/public/bootanim.te
index e2584c3b4..7e1604750 100644
--- a/public/bootanim.te
+++ b/public/bootanim.te
@@ -38,3 +38,7 @@ r_dir_file(bootanim, cgroup)
 
 # System file accesses.
 allow bootanim system_file:dir r_dir_perms;
+
+# Read ro.boot.bootreason b/30654343
+get_prop(bootanim, bootloader_boot_reason_prop)
+
diff --git a/public/bootstat.te b/public/bootstat.te
index f5c7268e0..b09e77fa5 100644
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -13,3 +13,6 @@ r_dir_file(bootstat, proc)
 
 # Collect metrics on boot time created by init
 get_prop(bootstat, boottime_prop)
+
+# Read ro.boot.bootreason
+get_prop(bootstat, bootloader_boot_reason_prop)
diff --git a/public/dumpstate.te b/public/dumpstate.te
index 551e1de9c..452f373f0 100644
--- a/public/dumpstate.te
+++ b/public/dumpstate.te
@@ -200,6 +200,11 @@ get_prop(dumpstate, serialno_prop)
 # Read state of logging-related properties
 get_prop(dumpstate, device_logging_prop)
 
+# Read state of boot reason properties
+get_prop(dumpstate, bootloader_boot_reason_prop)
+get_prop(dumpstate, last_boot_reason_prop)
+get_prop(dumpstate, system_boot_reason_prop)
+
 # Access to /data/media.
 # This should be removed if sdcardfs is modified to alter the secontext for its
 # accesses to the underlying FS.
diff --git a/public/property.te b/public/property.te
index 95eb1d15f..4daff1d15 100644
--- a/public/property.te
+++ b/public/property.te
@@ -2,6 +2,7 @@ type asan_reboot_prop, property_type;
 type audio_prop, property_type, core_property_type;
 type boottime_prop, property_type;
 type bluetooth_prop, property_type;
+type bootloader_boot_reason_prop, property_type;
 type config_prop, property_type, core_property_type;
 type cppreopt_prop, property_type, core_property_type;
 type ctl_bootanim_prop, property_type;
@@ -24,6 +25,7 @@ type ffs_prop, property_type, core_property_type;
 type fingerprint_prop, property_type, core_property_type;
 type firstboot_prop, property_type;
 type hwservicemanager_prop, property_type;
+type last_boot_reason_prop, property_type;
 type logd_prop, property_type, core_property_type;
 type logpersistd_logging_prop, property_type;
 type log_prop, property_type, log_property_type;
@@ -43,6 +45,7 @@ type restorecon_prop, property_type, core_property_type;
 type safemode_prop, property_type;
 type serialno_prop, property_type;
 type shell_prop, property_type, core_property_type;
+type system_boot_reason_prop, property_type;
 type system_prop, property_type, core_property_type;
 type system_radio_prop, property_type, core_property_type;
 type vold_prop, property_type, core_property_type;
diff --git a/public/recovery.te b/public/recovery.te
index e072cfce1..d200f71a7 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -115,6 +115,9 @@ recovery_only(`
   # Set sys.usb.ffs.ready when starting minadbd for sideload.
   set_prop(recovery, ffs_prop)
 
+  # Read ro.boot.bootreason
+  get_prop(recovery, bootloader_boot_reason_prop)
+
   # Use setfscreatecon() to label files for OTA updates.
   allow recovery self:process setfscreate;
 
diff --git a/public/shell.te b/public/shell.te
index 9540cca02..36964e50f 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -79,6 +79,11 @@ get_prop(shell, serialno_prop)
 # Read state of logging-related properties
 get_prop(shell, device_logging_prop)
 
+# Read state of boot reason properties
+get_prop(shell, bootloader_boot_reason_prop)
+get_prop(shell, last_boot_reason_prop)
+get_prop(shell, system_boot_reason_prop)
+
 # allow shell access to services
 allow shell servicemanager:service_manager list;
 # don't allow shell to access GateKeeper service
-- 
GitLab