Allow SystemServer to set service.adb.tcp.* properties

Required for network adb enable/disable to function

Change-Id: I3e2aacb6b8e9b107dcd229187a5dd76128e20001

5 files changed, 9 insertions, 0 deletions

diff --git a/sepolicy/property.te b/sepolicy/property.te
new file mode 100644
index 00000000..68920104
--- /dev/null
+++ b/sepolicy/property.te
@@ -0,0 +1 @@
+type adbtcp_prop, property_type;
diff --git a/sepolicy/property_contexts b/sepolicy/property_contexts
new file mode 100644
index 00000000..dc77194d
--- /dev/null
+++ b/sepolicy/property_contexts
@@ -0,0 +1 @@
+service.adb.tcp.              u:object_r:adbtcp_prop:s0
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index ee217ffb..04fcac71 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -10,13 +10,16 @@ BOARD_SEPOLICY_UNION += \
     file.te \
     file_contexts \
     genfs_contexts \
+    property_contexts \
     seapp_contexts \
     service_contexts \
     auditd.te \
     healthd.te \
     installd.te \
     netd.te \
+    property.te \
     recovery.te \
+    shell.te \
     su.te \
     sysinit.te \
     system.te \
diff --git a/sepolicy/shell.te b/sepolicy/shell.te
new file mode 100644
index 00000000..48b4777f
--- /dev/null
+++ b/sepolicy/shell.te
@@ -0,0 +1 @@
+allow shell adbtcp_prop:property_service set;
diff --git a/sepolicy/system.te b/sepolicy/system.te
index 01972d48..02d9e095 100644
--- a/sepolicy/system.te
+++ b/sepolicy/system.te
@@ -1,2 +1,5 @@
 allow system_server wallpaper_file:file relabelto;
 allow system_server dalvikcache_data_file:file write;
+
+# allow adb related properties to be set
+allow system_server adbtcp_prop:property_service set;