Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 0299faf7cd91f2a2900e014b3010930d86f350db^1..0299faf7cd91f2a2900e014b3010930d86f350db / .
commit0299faf7cd91f2a2900e014b3010930d86f350db[log] [tgz]
authorYifan Hong <elsk@google.com>Wed Sep 23 23:25:35 2020 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Sep 23 23:25:35 2020 +0000
treee073b4fd3f69e09a8e15fa02e097a8058ce4aa32
parent7c837afe7d08ade0eace94dd9f2fcdac9df056c3 [diff]
parentcb23ab4618166a41b1c35f8ca67db73fe7be7480 [diff]
Merge "Add gki.prevent_downgrade_*"
diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 9539add..d26644f 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil

@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    ab_update_gki_prop
     adbd_config_prop
     apex_info_file
     cgroup_v2

diff --git a/private/property_contexts b/private/property_contexts
index 11e9905..1fe3e0c 100644
--- a/private/property_contexts
+++ b/private/property_contexts

@@ -707,7 +707,11 @@
 
 ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
 
-ro.build.ab_update         u:object_r:exported_default_prop:s0 exact string
+# Update related props
+ro.build.ab_update                                u:object_r:exported_default_prop:s0 exact string
+ro.build.ab_update.gki.prevent_downgrade_version  u:object_r:ab_update_gki_prop:s0 exact bool
+ro.build.ab_update.gki.prevent_downgrade_spl      u:object_r:ab_update_gki_prop:s0 exact bool
+
 ro.build.expect.baseband   u:object_r:exported_default_prop:s0 exact string
 ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string
 

diff --git a/public/property.te b/public/property.te
index 708fc38..06df3d7 100644
--- a/public/property.te
+++ b/public/property.te

@@ -79,6 +79,7 @@
 system_restricted_prop(surfaceflinger_display_prop)
 system_restricted_prop(system_boot_reason_prop)
 system_restricted_prop(system_jvmti_agent_prop)
+system_restricted_prop(ab_update_gki_prop)
 system_restricted_prop(usb_prop)
 system_restricted_prop(userspace_reboot_exported_prop)
 system_restricted_prop(vold_status_prop)

diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index 57d8e7e..d332771 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te

@@ -80,6 +80,9 @@
 # Allow to read Virtual A/B feature flags.
 get_prop(update_engine_common, virtual_ab_prop)
 
+# Allow to read GKI related flags.
+get_prop(update_engine_common, ab_update_gki_prop)
+
 # Allow to read/write/create OTA metadata files for snapshot status and COW file status.
 allow update_engine_common metadata_file:dir search;
 allow update_engine_common ota_metadata_file:dir rw_dir_perms;