From f40afcb1b487724f98e8e33997c11c6c3d4454aa Mon Sep 17 00:00:00 2001
From: Sami Tolvanen <samitolvanen@google.com>
Date: Fri, 5 Feb 2016 15:42:32 -0800
Subject: [PATCH] Allow logd.auditd to reboot to safe mode

Bug: 26902605
Change-Id: Ica825cf2af74f5624cf4091544bd24bb5482dbe7
(cherry picked from commit 9c168711d5f79642a5357cd4c58ad5e88a9795ba)
---
 logd.te           | 4 ++++
 property.te       | 1 +
 property_contexts | 2 ++
 system_server.te  | 1 +
 4 files changed, 8 insertions(+)

diff --git a/logd.te b/logd.te
index aa24c0531..95a30efa9 100644
--- a/logd.te
+++ b/logd.te
@@ -22,6 +22,10 @@ userdebug_or_eng(`
 allow logd pstorefs:dir search;
 allow logd pstorefs:file r_file_perms;
 
+# Set persist.sys. and sys.powerctl
+set_prop(logd, safemode_prop)
+set_prop(logd, powerctl_prop)
+
 # Access device logging gating property
 get_prop(logd, device_logging_prop)
 
diff --git a/property.te b/property.te
index c649a9013..26d15ff40 100644
--- a/property.te
+++ b/property.te
@@ -33,5 +33,6 @@ type nfc_prop, property_type, core_property_type;
 type dalvik_prop, property_type, core_property_type;
 type config_prop, property_type, core_property_type;
 type device_logging_prop, property_type;
+type safemode_prop, property_type;
 
 allow property_type tmpfs:filesystem associate;
diff --git a/property_contexts b/property_contexts
index 9e936caa4..fed44dfaf 100644
--- a/property_contexts
+++ b/property_contexts
@@ -43,6 +43,8 @@ persist.logd.security   u:object_r:device_logging_prop:s0
 persist.log.tag         u:object_r:logd_prop:s0
 persist.mmc.            u:object_r:mmc_prop:s0
 persist.sys.            u:object_r:system_prop:s0
+persist.sys.safemode    u:object_r:safemode_prop:s0
+persist.sys.audit_safemode      u:object_r:safemode_prop:s0
 persist.service.        u:object_r:system_prop:s0
 persist.service.bdroid. u:object_r:bluetooth_prop:s0
 persist.security.       u:object_r:system_prop:s0
diff --git a/system_server.te b/system_server.te
index 2e131b34f..1bbe9efb6 100644
--- a/system_server.te
+++ b/system_server.te
@@ -295,6 +295,7 @@ allow system_server system_data_file:dir relabelfrom;
 
 # Property Service write
 set_prop(system_server, system_prop)
+set_prop(system_server, safemode_prop)
 set_prop(system_server, dhcp_prop)
 set_prop(system_server, net_radio_prop)
 set_prop(system_server, system_radio_prop)
-- 
GitLab