1# The flags_health_check command run by init. 2type flags_health_check, domain, coredomain; 3type flags_health_check_exec, system_file_type, exec_type, file_type; 4 5set_prop(flags_health_check, device_config_boot_count_prop) 6set_prop(flags_health_check, device_config_reset_performed_prop) 7set_prop(flags_health_check, device_config_runtime_native_boot_prop) 8set_prop(flags_health_check, device_config_runtime_native_prop) 9set_prop(flags_health_check, device_config_input_native_boot_prop) 10set_prop(flags_health_check, device_config_netd_native_prop) 11set_prop(flags_health_check, device_config_activity_manager_native_boot_prop) 12set_prop(flags_health_check, device_config_media_native_prop) 13set_prop(flags_health_check, device_config_storage_native_boot_prop) 14set_prop(flags_health_check, device_config_sys_traced_prop) 15set_prop(flags_health_check, device_config_window_manager_native_boot_prop) 16set_prop(flags_health_check, device_config_configuration_prop) 17 18allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms; 19allow flags_health_check server_configurable_flags_data_file:file create_file_perms; 20 21# system property device_config_boot_count_prop is used for deciding when to perform server 22# configurable flags related disaster recovery. Mistakenly set up by unrelated components can, at a 23# wrong timing, trigger server configurable flag related disaster recovery, which will override 24# server configured values of all flags with default values. 25neverallow { domain -init -flags_health_check } device_config_boot_count_prop:property_service set; 26 27# system property device_config_reset_performed_prop is used for indicating whether server 28# configurable flags have been reset during booting. Mistakenly modified by unrelated components can 29# cause bad server configurable flags synced back to device. 30neverallow { domain -init -flags_health_check } device_config_reset_performed_prop:property_service set; 31 32# server_configurable_flags_data_file is used for storing whether server configurable flags which 33# have been reset during current booting. Mistakenly modified by unrelated components can 34# cause bad server configurable flags synced back to device. 35neverallow { domain -init -flags_health_check } server_configurable_flags_data_file:file no_w_file_perms; 36