Add apexd_payload_metadata_prop This should be read-only and corresponds to apexd.payload_metadata.path Bug: 191097666 Test: android-sh -c 'setprop apexd.payload_metadata.path' See permission denied atest MicrodroidHostTestCases Change-Id: Ifcb7da1266769895974d4fef86139bad5891a4ec

commit: 0c7c2679b0565e78a3ff23f7316d547ca5c64e7f [log] [tgz]
author: Richard Fung <richardfung@google.com> Mon Nov 08 20:09:54 2021 +0000
committer: Richard Fung <richardfung@google.com> Thu Dec 16 03:00:06 2021 +0000
tree: 97e96956b6898d04fce90e5cf2b63e46e787e783
parent: e3f20ee1e651b81dbe033760be5fd148df5756ec [diff] [blame]
diff --git a/microdroid/system/private/property.te b/microdroid/system/private/property.te
index c36875c..7911753 100644
--- a/microdroid/system/private/property.te
+++ b/microdroid/system/private/property.te

@@ -41,3 +41,9 @@
     -microdroid_manager
     -apkdmverity
 } microdroid_manager_roothash_prop:file no_rw_file_perms;
+
+# apexd_payload_metadata_prop can only set by init
+neverallow {
+  domain
+  -init
+} apexd_payload_metadata_prop:property_service set;
commit	0c7c2679b0565e78a3ff23f7316d547ca5c64e7f	[log] [tgz]
author	Richard Fung <richardfung@google.com>	Mon Nov 08 20:09:54 2021 +0000
committer	Richard Fung <richardfung@google.com>	Thu Dec 16 03:00:06 2021 +0000
tree	97e96956b6898d04fce90e5cf2b63e46e787e783
parent	e3f20ee1e651b81dbe033760be5fd148df5756ec [diff] [blame]