Skip to content
Snippets Groups Projects
Commit ee54161d authored by Mark Salyzyn's avatar Mark Salyzyn Committed by android-build-merger
Browse files

bootstat: lock down *_boot_reason_prop am: 397b07b3 am: 67ec37a3 am: 23e37c3d

am: 9d55d901

Change-Id: I79548c3e8bde92e1550546f95424d539c2be9f19
parents d1c89b06 9d55d901
No related branches found
No related tags found
No related merge requests found
...@@ -30,3 +30,31 @@ allow bootstat kernel:system syslog_read; ...@@ -30,3 +30,31 @@ allow bootstat kernel:system syslog_read;
read_logd(bootstat) read_logd(bootstat)
# ToDo: end # ToDo: end
neverallow {
domain
-bootanim
-bootstat
-dumpstate
-init
-recovery
-shell
-system_server
} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
# ... and refine, as these components should not set the last boot reason
neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
neverallow {
domain
-bootstat
-init
-system_server
} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
# ... and refine ... for a ro propertly no less ... keep this _tight_
neverallow system_server bootloader_boot_reason_prop:property_service set;
neverallow {
domain
-bootstat
-init
} system_boot_reason_prop:property_service set;
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment