Give system_server / system_app ability to write some properties Allow writing to persist.sys and debug. This addresses the following denials (which are actually being enforced): <4>[ 131.700473] avc: denied { set } for property=debug.force_rtl scontext=u:r:system_server:s0 tcontext=u:object_r:shell_prop:s0 tclass=property_service <3>[ 131.700625] init: sys_prop: permission denied uid:1000 name:debug.force_rtl <4>[ 132.630062] avc: denied { set } for property=persist.sys.dalvik.vm.lib scontext=u:r:system_app:s0 tcontext=u:object_r:system_prop:s0 tclass=property_service <3>[ 132.630184] init: sys_prop: permission denied uid:1000 name:persist.sys.dalvik.vm.lib Change-Id: I5d114c0d963bf393f49f1bf13d1ed84137fbcca6

commit: dd1ec6d557e80c688f7f1e4aef522b6441e8151a [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Nov 01 10:45:03 2013 -0700
committer: Nick Kralevich <nnk@google.com> Fri Nov 01 10:45:03 2013 -0700
tree: 838604a9d3102017969e3efe9564b0400e4aafb5
parent: 58da198a9071ca0797081579762955346621816e [diff] [blame]
diff --git a/system_server.te b/system_server.te
index cae5cb0..782c27f 100644
--- a/system_server.te
+++ b/system_server.te

@@ -147,6 +147,7 @@
 # Property Service write
 allow system_server system_prop:property_service set;
 allow system_server radio_prop:property_service set;
+allow system_server debug_prop:property_service set;
 
 # ctl interface
 allow system_server ctl_default_prop:property_service set;
commit	dd1ec6d557e80c688f7f1e4aef522b6441e8151a	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Nov 01 10:45:03 2013 -0700
committer	Nick Kralevich <nnk@google.com>	Fri Nov 01 10:45:03 2013 -0700
tree	838604a9d3102017969e3efe9564b0400e4aafb5
parent	58da198a9071ca0797081579762955346621816e [diff] [blame]