1# bootstat command 2type bootstat, domain; 3type bootstat_exec, exec_type, file_type; 4 5read_runtime_log_tags(bootstat) 6 7# Allow persistent storage in /data/misc/bootstat. 8allow bootstat bootstat_data_file:dir rw_dir_perms; 9allow bootstat bootstat_data_file:file create_file_perms; 10 11# Collect metrics on boot time created by init 12get_prop(bootstat, boottime_prop) 13 14# Read/Write [persist.]sys.boot.reason and ro.boot.bootreason (write if empty) 15set_prop(bootstat, bootloader_boot_reason_prop) 16set_prop(bootstat, system_boot_reason_prop) 17set_prop(bootstat, last_boot_reason_prop) 18 19# ToDo: TBI move access for the following to a system health HAL 20 21# Allow access to /sys/fs/pstore/ and syslog 22allow bootstat pstorefs:dir search; 23allow bootstat pstorefs:file r_file_perms; 24allow bootstat kernel:system syslog_read; 25 26# Allow access to reading the logs to read aspects of system health 27read_logd(bootstat) 28 29# ToDo: end 30 31neverallow { 32 domain 33 -bootanim 34 -bootstat 35 -dumpstate 36 -init 37 -recovery 38 -shell 39 -system_server 40} { bootloader_boot_reason_prop last_boot_reason_prop }:file r_file_perms; 41# ... and refine, as these components should not set the last boot reason 42neverallow { bootanim recovery } last_boot_reason_prop:file r_file_perms; 43 44neverallow { 45 domain 46 -bootstat 47 -init 48 -system_server 49} { bootloader_boot_reason_prop last_boot_reason_prop }:property_service set; 50# ... and refine ... for a ro propertly no less ... keep this _tight_ 51neverallow system_server bootloader_boot_reason_prop:property_service set; 52 53neverallow { 54 domain 55 -bootstat 56 -init 57} system_boot_reason_prop:property_service set; 58