Add selinux policy for the new net.464xlat.cellular.enabled prop.
This property is written by an .rc file - see aosp/1553819 - and
read by the connectivity mainline code in the system server.
Test: m
Bug: 182333299
Change-Id: Ibac622f6a31c075b64387aadb201ad6cdd618ebd
diff --git a/private/property.te b/private/property.te
index 88f3ec0..e4cbd7a 100644
--- a/private/property.te
+++ b/private/property.te
@@ -19,6 +19,7 @@
system_internal_prop(last_boot_reason_prop)
system_internal_prop(localization_prop)
system_internal_prop(lower_kptr_restrict_prop)
+system_internal_prop(net_464xlat_fromvendor_prop)
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(pm_prop)
system_internal_prop(rollback_test_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 35bf7eb..d643021 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -279,6 +279,9 @@
com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
persist.com.android.sdkext. u:object_r:module_sdkextensions_prop:s0
+# Connectivity module
+net.464xlat.cellular.enabled u:object_r:net_464xlat_fromvendor_prop:s0 exact bool
+
# Userspace reboot properties
sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
persist.sys.userspace_reboot.log. u:object_r:userspace_reboot_log_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 349a0b8..e1f97e9 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -734,6 +734,9 @@
# Read ro.control_privapp_permissions and ro.cp_system_other_odex
get_prop(system_server, packagemanager_config_prop)
+# Read the net.464xlat.cellular.enabled property (written by init).
+get_prop(system_server, net_464xlat_fromvendor_prop)
+
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;