1typeattribute flags_health_check coredomain; 2 3init_daemon_domain(flags_health_check) 4 5set_prop(flags_health_check, device_config_boot_count_prop) 6set_prop(flags_health_check, device_config_core_experiments_team_internal_prop) 7set_prop(flags_health_check, device_config_edgetpu_native_prop) 8set_prop(flags_health_check, device_config_reset_performed_prop) 9set_prop(flags_health_check, device_config_runtime_native_boot_prop) 10set_prop(flags_health_check, device_config_runtime_native_prop) 11set_prop(flags_health_check, device_config_input_native_boot_prop) 12set_prop(flags_health_check, device_config_lmkd_native_prop) 13set_prop(flags_health_check, device_config_netd_native_prop) 14set_prop(flags_health_check, device_config_nnapi_native_prop) 15set_prop(flags_health_check, device_config_activity_manager_native_boot_prop) 16set_prop(flags_health_check, device_config_media_native_prop) 17set_prop(flags_health_check, device_config_mglru_native_prop) 18set_prop(flags_health_check, device_config_profcollect_native_boot_prop) 19set_prop(flags_health_check, device_config_statsd_native_prop) 20set_prop(flags_health_check, device_config_statsd_native_boot_prop) 21set_prop(flags_health_check, device_config_storage_native_boot_prop) 22set_prop(flags_health_check, device_config_swcodec_native_prop) 23set_prop(flags_health_check, device_config_sys_traced_prop) 24set_prop(flags_health_check, device_config_window_manager_native_boot_prop) 25set_prop(flags_health_check, device_config_configuration_prop) 26set_prop(flags_health_check, device_config_connectivity_prop) 27set_prop(flags_health_check, device_config_surface_flinger_native_boot_prop) 28set_prop(flags_health_check, device_config_aconfig_flags_prop) 29set_prop(flags_health_check, device_config_vendor_system_native_prop) 30set_prop(flags_health_check, device_config_vendor_system_native_boot_prop) 31set_prop(flags_health_check, device_config_virtualization_framework_native_prop) 32set_prop(flags_health_check, device_config_memory_safety_native_boot_prop) 33set_prop(flags_health_check, device_config_memory_safety_native_prop) 34set_prop(flags_health_check, device_config_remote_key_provisioning_native_prop) 35set_prop(flags_health_check, device_config_camera_native_prop) 36set_prop(flags_health_check, device_config_tethering_u_or_later_native_prop) 37set_prop(flags_health_check, device_config_mmd_native_prop) 38set_prop(flags_health_check, next_boot_prop) 39 40allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms; 41allow flags_health_check server_configurable_flags_data_file:file create_file_perms; 42 43### 44### Neverallow rules 45### 46 47# server_configurable_flags_data_file is used for storing whether server configurable flags which 48# have been reset during current booting. Mistakenly modified by unrelated components can 49# cause bad server configurable flags synced back to device. 50neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms; 51 52# system property device_config_boot_count_prop is used for deciding when to perform server 53# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a 54# wrong timing, trigger server configurable flag related disaster recovery, which will override 55# server configured values of all flags with default values. 56neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set; 57 58# system property device_config_reset_performed_prop is used for indicating whether server 59# configurable flags have been reset during booting. Mistakenly modified by unrelated components can 60# cause bad server configurable flags synced back to device. 61neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set; 62