bootstat: lock down *_boot_reason_prop am: 397b07b3

am: 67ec37a3 Change-Id: Ic221e8a29daf603a17bbf26506f5bbacc2c68337

bootstat: lock down *_boot_reason_prop am: 397b07b3
23e37c3d · Mark Salyzyn · android-build-merger · 8c8eeb7f · 67ec37a3 · 23e37c3d
Commit 23e37c3d authored 7 years ago by Mark Salyzyn Committed by android-build-merger 7 years ago
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -30,3 +30,31 @@ allow bootstat kernel:system syslog_read;
 read_logd(bootstat)

 # ToDo: end
+
+neverallow {
+  domain
+  -bootanim
+  -bootstat
+  -dumpstate
+  -init
+  -recovery
+  -shell
+  -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
+# ... and refine, as these components should not set the last boot reason
+neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
+
+neverallow {
+  domain
+  -bootstat
+  -init
+  -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
+# ... and refine ... for a ro propertly no less ... keep this _tight_
+neverallow system_server bootloader_boot_reason_prop:property_service set;
+
+neverallow {
+  domain
+  -bootstat
+  -init
+} system_boot_reason_prop:property_service set;