Add external_storage properties.
Since these need to be set from a vendor context.
Bug: 152170470
Bug: 153525566
Test: N/A
Change-Id: I2e90ad08fa0a5bd2b4759d92f95d35cec2b316df
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index c67db50..fa3c332 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -90,6 +90,7 @@
snapshotctl_log_data_file
socket_hook_prop
soundtrigger_middleware_service
+ storage_config_prop
sysfs_dm_verity
system_adbd_prop
system_config_service
diff --git a/private/property_contexts b/private/property_contexts
index a63ac64..2c1ef17 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -407,6 +407,9 @@
ro.dalvik.vm.native.bridge u:object_r:exported_dalvik_prop:s0 exact string
+external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
+
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
ro.gfx.driver.0 u:object_r:exported3_default_prop:s0 exact string
diff --git a/private/recovery.te b/private/recovery.te
index eee1698..b522230 100644
--- a/private/recovery.te
+++ b/private/recovery.te
@@ -20,5 +20,8 @@
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)
+ # Read storage properties (for correctly formatting filesystems)
+ get_prop(recovery, storage_config_prop)
+
set_prop(recovery, gsid_prop)
')
diff --git a/private/vold.te b/private/vold.te
index 3210779..3332d63 100644
--- a/private/vold.te
+++ b/private/vold.te
@@ -20,6 +20,7 @@
# Property Service
get_prop(vold, vold_config_prop)
+get_prop(vold, storage_config_prop);
set_prop(vold, vold_prop)
set_prop(vold, vold_status_prop)
diff --git a/public/app.te b/public/app.te
index e5b9fd6..5fcdec7 100644
--- a/public/app.te
+++ b/public/app.te
@@ -566,6 +566,9 @@
-system_app
} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
+# Don't allow apps access to storage configuration properties.
+neverallow appdomain storage_config_prop:file no_rw_file_perms;
+
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/public/domain.te b/public/domain.te
index 8a747ed..e6c6834 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -531,6 +531,7 @@
neverallow { domain -init } exported2_default_prop:property_service set;
neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
')
compatible_property_only(`
diff --git a/public/property.te b/public/property.te
index cbf17bf..932dfab 100644
--- a/public/property.te
+++ b/public/property.te
@@ -107,6 +107,7 @@
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(exported3_default_prop)
system_vendor_config_prop(media_variant_prop)
+system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(surfaceflinger_prop)
system_vendor_config_prop(systemsound_config_prop)
system_vendor_config_prop(userspace_reboot_config_prop)