From f66fbab253c0a8730df144070f53a590f5de07c4 Mon Sep 17 00:00:00 2001
From: Dan Cashman <dcashman@google.com>
Date: Mon, 15 May 2017 09:50:17 -0700
Subject: [PATCH] Partially revert "Sepolicy: Give asan_extract access to
 powerctl"

This is a partial revert of commit 8267208921a6240b438f2cf65e043c11ebce1a8b.
The previous commit removed a public type, which is a version-incompatible
change to the SELinux vendor API.  Since the 2017 devices are meant to be
launching with the previous version, this is unacceptable.  Revert the
version-incompatible parts of the change, but keep the other parts to enable
existing system functionality to persist and become part of MR1.  Leave TODOs
to remove the other parts when a version bump is acceptable.

Bug: 38241921
Test: Policy builds and device boots with ASAN enabled.
Change-Id: I0dd3673b8ed7fb86abd79cd04982396000e986f1
---
 public/asan_extract.te | 6 +++++-
 public/property.te     | 1 +
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/public/asan_extract.te b/public/asan_extract.te
index 15c5a09fd..46b755776 100644
--- a/public/asan_extract.te
+++ b/public/asan_extract.te
@@ -31,6 +31,10 @@ with_asan(`
   # Restorecon will actually already try to run with sanitized libraries (libpackagelistparser).
   allow asan_extract system_data_file:file execute;
 
-  # We need to signal a reboot when done.
+  # TODO - remove (b/38241921):
+  # We use asan.restore_reboot to signal a reboot is required.
+  set_prop(asan_extract, asan_reboot_prop)
+
+  # We need to signal a reboot when done
   set_prop(asan_extract, powerctl_prop)
 ')
diff --git a/public/property.te b/public/property.te
index daac0fb5c..c633dabe2 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,3 +1,4 @@
+type asan_reboot_prop, property_type; # TODO - remove (b/38241921)
 type audio_prop, property_type, core_property_type;
 type boottime_prop, property_type;
 type bluetooth_prop, property_type;
-- 
GitLab