• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1typeattribute bootstat coredomain;
2
3init_daemon_domain(bootstat)
4
5# Collect metrics on boot time created by init
6get_prop(bootstat, boottime_prop)
7
8# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty)
9set_prop(bootstat, bootloader_boot_reason_prop)
10set_prop(bootstat, system_boot_reason_prop)
11set_prop(bootstat, last_boot_reason_prop)
12
13neverallow {
14  domain
15  -bootanim
16  -bootstat
17  -dumpstate
18  userdebug_or_eng(`-incidentd')
19  -init
20  -recovery
21  -shell
22  -system_server
23} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms;
24# ... and refine, as these components should not set the last boot reason
25neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms;
26
27neverallow {
28  domain
29  -bootstat
30  -init
31  -system_server
32} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set;
33# ... and refine ... for a ro propertly no less ... keep this _tight_
34neverallow system_server bootloader_boot_reason_prop:property_service set;
35