From cd597cd52aa58e5a4c39fc5b4b31a792436c7162 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 13 Jan 2017 11:37:38 -0800
Subject: [PATCH] property: add persist.hal.binderization

- Added set_prop to shell so that you can set it from shell.
- Added set_prop to sytem_app so that it can be updated in settings.

Bug: 34256441
Test: can update prop from Settings and shell. nfc and lights work with
ag/1833821 with persist.hal.binderization set to on and off. There are
no additional selinux denials.
Change-Id: I883ca489093c1d56b2efa725c58e6e3f3b81c3aa
---
 private/property_contexts | 1 +
 private/system_app.te     | 1 +
 public/property.te        | 1 +
 public/shell.te           | 2 ++
 public/te_macros          | 6 ++++++
 5 files changed, 11 insertions(+)

diff --git a/private/property_contexts b/private/property_contexts
index 80476cc25..552c6b5f2 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -57,6 +57,7 @@ persist.sys.audit_safemode      u:object_r:safemode_prop:s0
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0
 persist.security.       u:object_r:system_prop:s0
+persist.hal.binderization    u:object_r:hal_binderization_prop:s0
 persist.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boottime.             u:object_r:boottime_prop:s0
diff --git a/private/system_app.te b/private/system_app.te
index 367df1f24..c53f7a81d 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -30,6 +30,7 @@ allow system_app icon_file:file r_file_perms;
 # Write to properties
 set_prop(system_app, bluetooth_prop)
 set_prop(system_app, debug_prop)
+set_prop(system_app, hal_binderization_prop)
 set_prop(system_app, system_prop)
 set_prop(system_app, logd_prop)
 set_prop(system_app, net_radio_prop)
diff --git a/public/property.te b/public/property.te
index 1bde35c4d..572c24e84 100644
--- a/public/property.te
+++ b/public/property.te
@@ -41,6 +41,7 @@ type serialno_prop, property_type;
 type shell_prop, property_type, core_property_type;
 type system_prop, property_type, core_property_type;
 type system_radio_prop, property_type, core_property_type;
+type hal_binderization_prop, property_type;
 type vold_prop, property_type, core_property_type;
 type wifi_log_prop, property_type, log_property_type;
 type wifi_prop, property_type;
diff --git a/public/shell.te b/public/shell.te
index d643b7e7a..9f4ac5cf5 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -64,6 +64,8 @@ set_prop(shell, wifi_log_prop)
 userdebug_or_eng(`set_prop(shell, log_prop)')
 # logpersist script
 userdebug_or_eng(`set_prop(shell, logpersistd_logging_prop)')
+# hal binderization
+userdebug_or_eng(`set_prop(shell, hal_binderization_prop)')
 
 userdebug_or_eng(`
   # "systrace --boot" support - allow boottrace service to run
diff --git a/public/te_macros b/public/te_macros
index 0eba3ff3f..0a423acf0 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -217,6 +217,12 @@ allow hwservicemanager $1:binder { call transfer };
 allow hwservicemanager $1:dir search;
 allow hwservicemanager $1:file { read open };
 allow hwservicemanager $1:process getattr;
+# TODO(b/34274385): hals wait for data to be mounted so they can
+# start only if persist.hal.binderization is enabled. (for dogfood
+# stability). getService must also check for data to be mounted
+# if the vintf promises the hal will be registered over hwbinder.
+get_prop($1, hal_binderization_prop)
+get_prop($1, vold_prop)
 # rw access to /dev/hwbinder and /dev/ashmem is presently granted to
 # all domains in domain.te.
 ')
-- 
GitLab