Give system_server / system_app ability to write some properties

Allow writing to persist.sys and debug. This addresses the following denials (which are actually being enforced): <4>[ 131.700473] avc: denied { set } for property=debug.force_rtl scontext=u:r:system_server:s0 tcontext=u:object_r:shell_prop:s0 tclass=property_service <3>[ 131.700625] init: sys_prop: permission denied uid:1000 name:debug.force_rtl <4>[ 132.630062] avc: denied { set } for property=persist.sys.dalvik.vm.lib scontext=u:r:system_app:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service <3>[ 132.630184] init: sys_prop: permission denied uid:1000 name:persist.sys.dalvik.vm.lib Change-Id: I5d114c0d963bf393f49f1bf13d1ed84137fbcca6

Give system_server / system_app ability to write some properties
dd1ec6d5 · Nick Kralevich · 58da198a · dd1ec6d5 · dd1ec6d5 · dd1ec6d5
Commit dd1ec6d5 authored 11 years ago by Nick Kralevich
--- a/property.te
+++ b/property.te
 type default_prop, property_type;
 type shell_prop, property_type;
+type debug_prop, property_type;
 type radio_prop, property_type;
 type system_prop, property_type;
 type vold_prop, property_type;

--- a/property_contexts
+++ b/property_contexts
@@ -26,7 +26,7 @@ wlan.                   u:object_r:system_prop:s0
 dhcp.                   u:object_r:system_prop:s0
 bluetooth.              u:object_r:bluetooth_prop:s0

-debug.                  u:object_r:shell_prop:s0
+debug.                  u:object_r:debug_prop:s0
 log.                    u:object_r:shell_prop:s0
 service.adb.root        u:object_r:shell_prop:s0
 service.adb.tcp.port    u:object_r:shell_prop:s0

--- a/system_app.te
+++ b/system_app.te
@@ -33,3 +33,6 @@ allow system_app sdcard_type:dir r_dir_perms;
 # Allow settings app to read from asec
 allow system_app asec_apk_file:dir search;
 allow system_app asec_apk_file:file r_file_perms;
+
+# Write to properties
+allow system_app system_prop:property_service set;
--- a/system_server.te
+++ b/system_server.te
@@ -147,6 +147,7 @@ allow system_server anr_data_file:dir relabelto;
 # Property Service write
 allow system_server system_prop:property_service set;
 allow system_server radio_prop:property_service set;
+allow system_server debug_prop:property_service set;

 # ctl interface
 allow system_server ctl_default_prop:property_service set;