bootstat: lock down *_boot_reason_prop

am: 397b07b3 Change-Id: I59221e03d3cdbbaa4fb416605ba66e9243afb5b9

bootstat: lock down *_boot_reason_prop
67ec37a3 · Mark Salyzyn · android-build-merger · 5d06d481 · 397b07b3 · 67ec37a3
Commit 67ec37a3 authored 7 years ago by Mark Salyzyn Committed by android-build-merger 7 years ago
--- a/public/bootstat.te
+++ b/public/bootstat.te
@@ -30,3 +30,31 @@ allow bootstat kernel:system syslog_read;
 read_logd(bootstat)
 # ToDo: end
+neverallow {
+  domain
+  -bootanim
+  -bootstat
+  -dumpstate
+  -init
+  -recovery
+  -shell
+  -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
+# ... and refine, as these components should not set the last boot reason
+neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
+neverallow {
+  domain
+  -bootstat
+  -init
+  -system_server
+} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
+# ... and refine ... for a ro propertly no less ... keep this _tight_
+neverallow system_server bootloader_boot_reason_prop:property_service set;
+neverallow {
+  domain
+  -bootstat
+  -init
+} system_boot_reason_prop:property_service set;