Add persist.vendor.overlay. to properties
Allow the system_server to change. Allow the zygote to read it as well.
Test: Have system_server set a property
Change-Id: Ie90eec8b733fa7193861026a3a6e0fb0ba5d5318
diff --git a/private/property_contexts b/private/property_contexts
index df82223..51b9ff8 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -56,6 +56,8 @@
persist.service. u:object_r:system_prop:s0
persist.service.bdroid. u:object_r:bluetooth_prop:s0
persist.security. u:object_r:system_prop:s0
+persist.vendor.overlay. u:object_r:overlay_prop:s0
+ro.boot.vendor.overlay. u:object_r:overlay_prop:s0
# Boolean property set by system server upon boot indicating
# if device owner is provisioned.
diff --git a/public/property.te b/public/property.te
index 379320f..26b6a7e 100644
--- a/public/property.te
+++ b/public/property.te
@@ -41,5 +41,6 @@
type device_logging_prop, property_type;
type safemode_prop, property_type;
type hwservicemanager_prop, property_type;
+type overlay_prop, property_type;
allow property_type tmpfs:filesystem associate;
diff --git a/public/system_server.te b/public/system_server.te
index 275ee71..c58c504 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -357,6 +357,7 @@
set_prop(system_server, device_logging_prop)
set_prop(system_server, wifi_prop)
set_prop(system_server, dumpstate_options_prop)
+set_prop(system_server, overlay_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
# ctl interface
diff --git a/public/zygote.te b/public/zygote.te
index bb411e8..08e6e3c 100644
--- a/public/zygote.te
+++ b/public/zygote.te
@@ -88,6 +88,9 @@
allow zygote ion_device:chr_file r_file_perms;
allow zygote tmpfs:dir r_dir_perms;
+# Let the zygote access overlays so it can initialize the AssetManager
+get_prop(zygote, overlay_prop)
+
###
### neverallow rules
###