From 47cd53a55855b911b80b54b68702f5ee5db51d00 Mon Sep 17 00:00:00 2001
From: Sami Tolvanen <samitolvanen@google.com>
Date: Wed, 18 Feb 2015 13:56:06 +0000
Subject: [PATCH] Allow ueventd to set verity.* properties

On dm-verity errors, we catch uevents in ueventd and set the value
for a matching verity.* property. Allow ueventd to actually change
property values.

Needed by changes from
  Ibb82953594d234f81ad21c40f524190b88e4ac8f

Change-Id: I79bc90733edf8a45b27e64795f4adfbb3bc028dc
---
 property.te       | 1 +
 property_contexts | 3 +++
 ueventd.te        | 6 ++++++
 3 files changed, 10 insertions(+)

diff --git a/property.te b/property.te
index 6fedfa7a5..8faa4724a 100644
--- a/property.te
+++ b/property.te
@@ -8,6 +8,7 @@ type radio_prop, property_type;
 type net_radio_prop, property_type;
 type system_radio_prop, property_type;
 type system_prop, property_type;
+type verity_prop, property_type;
 type vold_prop, property_type;
 type ctl_bootanim_prop, property_type;
 type ctl_default_prop, property_type;
diff --git a/property_contexts b/property_contexts
index 06f6c174b..47e544a4e 100644
--- a/property_contexts
+++ b/property_contexts
@@ -49,6 +49,9 @@ selinux.                u:object_r:security_prop:s0
 vold.                   u:object_r:vold_prop:s0
 crypto.                 u:object_r:vold_prop:s0
 
+# dm-verity properties
+verity.                 u:object_r:verity_prop:s0
+
 # ro.build.fingerprint is either set in /system/build.prop, or is
 # set at runtime by system_server.
 build.fingerprint       u:object_r:fingerprint_prop:s0
diff --git a/ueventd.te b/ueventd.te
index 2e61e8852..0f2809d84 100644
--- a/ueventd.te
+++ b/ueventd.te
@@ -23,3 +23,9 @@ allow ueventd efs_file:file r_file_perms;
 
 # Use setfscreatecon() to label /dev directories and files.
 allow ueventd self:process setfscreate;
+
+# Set property.
+unix_socket_connect(ueventd, property, init)
+
+# Property service
+allow ueventd verity_prop:property_service set;
-- 
GitLab