Add apexd_payload_metadata_prop This should be read-only and corresponds to apexd.payload_metadata.path Bug: 191097666 Test: android-sh -c 'setprop apexd.payload_metadata.path' See permission denied atest MicrodroidHostTestCases Change-Id: Ifcb7da1266769895974d4fef86139bad5891a4ec

commit: 0c7c2679b0565e78a3ff23f7316d547ca5c64e7f [log] [tgz]
author: Richard Fung <richardfung@google.com> Mon Nov 08 20:09:54 2021 +0000
committer: Richard Fung <richardfung@google.com> Thu Dec 16 03:00:06 2021 +0000
tree: 97e96956b6898d04fce90e5cf2b63e46e787e783
parent: e3f20ee1e651b81dbe033760be5fd148df5756ec [diff] [blame]
diff --git a/private/property.te b/private/property.te
index b196a1b..7033a06 100644
--- a/private/property.te
+++ b/private/property.te

@@ -1,5 +1,6 @@
 # Properties used only in /system
 system_internal_prop(adbd_prop)
+system_internal_prop(apexd_payload_metadata_prop)
 system_internal_prop(ctl_snapuserd_prop)
 system_internal_prop(device_config_lmkd_native_prop)
 system_internal_prop(device_config_profcollect_native_boot_prop)
@@ -376,6 +377,15 @@
 }:property_service set;
 
 neverallow {
+  # Only allow init to set apexd_payload_metadata_prop
+  domain
+  -init
+} {
+  apexd_payload_metadata_prop
+}:property_service set;
+
+
+neverallow {
   # Only allow init and shell to set userspace_reboot_test_prop
   domain
   -init
commit	0c7c2679b0565e78a3ff23f7316d547ca5c64e7f	[log] [tgz]
author	Richard Fung <richardfung@google.com>	Mon Nov 08 20:09:54 2021 +0000
committer	Richard Fung <richardfung@google.com>	Thu Dec 16 03:00:06 2021 +0000
tree	97e96956b6898d04fce90e5cf2b63e46e787e783
parent	e3f20ee1e651b81dbe033760be5fd148df5756ec [diff] [blame]