Add property contexts for vts props
vts_config_prop and vts_status_prop are added to remove exported*_prop.
ro.vts.coverage becomes vts_config_prop, and vts.native_server.on
becomes vts_status_prop.
Bug: 155844385
Test: Run some vts and then getprop, e.g. atest \
VtsHalAudioEffectV4_0TargetTest && adb shell getprop
Test: ro.vts.coverage is read without denials
Change-Id: Ic3532ef0ae7083db8d619d80e2b73249f87981ce
diff --git a/private/app.te b/private/app.te
index a42b60e..9eb396a 100644
--- a/private/app.te
+++ b/private/app.te
@@ -51,3 +51,6 @@
# Allow to read graphics related properties.
get_prop(appdomain, graphics_config_prop)
+
+# Allow to read vts related properties.
+get_prop(coredomain, vts_status_prop)
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 92ff8d7..b00ad45 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -223,6 +223,8 @@
vold_service
vold_status_prop
vrflinger_vsync_service
+ vts_config_prop
+ vts_status_prop
wait_for_keymaster
wait_for_keymaster_exec
wait_for_keymaster_tmpfs
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index b54644f..138d65d 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1370,6 +1370,7 @@
recovery_config_prop
telephony_config_prop
tombstone_config_prop
+ vts_status_prop
zram_config_prop))
(typeattributeset exported3_radio_prop_30_0 (exported3_radio_prop))
(typeattributeset exported3_system_prop_30_0
@@ -1387,7 +1388,8 @@
aaudio_config_prop
build_odm_prop
build_vendor_prop
- surfaceflinger_prop))
+ surfaceflinger_prop
+ vts_config_prop))
(typeattributeset exported_dumpstate_prop_30_0 (exported_dumpstate_prop))
(typeattributeset exported_ffs_prop_30_0
( exported_ffs_prop
diff --git a/private/coredomain.te b/private/coredomain.te
index 6062bc0..d04b862 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -12,11 +12,11 @@
get_prop(coredomain, surfaceflinger_color_prop)
get_prop(coredomain, systemsound_config_prop)
get_prop(coredomain, telephony_config_prop)
-
get_prop(coredomain, usb_config_prop)
get_prop(coredomain, usb_control_prop)
get_prop(coredomain, userspace_reboot_config_prop)
get_prop(coredomain, vold_config_prop)
+get_prop(coredomain, vts_status_prop)
full_treble_only(`
neverallow {
diff --git a/private/init.te b/private/init.te
index 7a2e0b3..49a98e0 100644
--- a/private/init.te
+++ b/private/init.te
@@ -59,3 +59,7 @@
# SELinux hooks were detected.
set_prop(init, init_perf_lsm_hooks_prop)
neverallow { domain -init } init_perf_lsm_hooks_prop:property_service set;
+
+# Only init can write vts.native_server.on
+set_prop(init, vts_status_prop)
+neverallow { -init } vts_status_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 7fe47ef..57696e0 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -489,8 +489,6 @@
vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int
-vts.native_server.on u:object_r:exported3_default_prop:s0 exact bool
-
wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
@@ -748,7 +746,9 @@
ro.vndk.lite u:object_r:vndk_prop:s0 exact bool
ro.vndk.version u:object_r:vndk_prop:s0 exact string
-ro.vts.coverage u:object_r:exported_default_prop:s0 exact int
+ro.vts.coverage u:object_r:vts_config_prop:s0 exact int
+
+vts.native_server.on u:object_r:vts_status_prop:s0 exact bool
wifi.active.interface u:object_r:exported_wifi_prop:s0 exact string
wifi.aware.interface u:object_r:exported_wifi_prop:s0 exact string