Merge "Add policies for ro.kernel.watermark_scale_factor property"
diff --git a/private/extra_free_kbytes.te b/private/extra_free_kbytes.te
index af3088b..d210884 100644
--- a/private/extra_free_kbytes.te
+++ b/private/extra_free_kbytes.te
@@ -1,3 +1,6 @@
typeattribute extra_free_kbytes coredomain;
init_daemon_domain(extra_free_kbytes)
+
+# Only extra_free_kbytes script is allowed to store these properties
+set_prop(extra_free_kbytes, init_storage_prop)
diff --git a/private/property.te b/private/property.te
index 27a8e38..bb49742 100644
--- a/private/property.te
+++ b/private/property.te
@@ -18,6 +18,7 @@
system_internal_prop(gsid_prop)
system_internal_prop(init_perf_lsm_hooks_prop)
system_internal_prop(init_service_status_private_prop)
+system_internal_prop(init_storage_prop)
system_internal_prop(init_svc_debug_prop)
system_internal_prop(keystore_crash_prop)
system_internal_prop(keystore_listen_prop)
@@ -150,6 +151,12 @@
neverallow {
domain
-init
+ -extra_free_kbytes
+} init_storage_prop:property_service set;
+
+neverallow {
+ domain
+ -init
} init_svc_debug_prop:property_service set;
neverallow {
diff --git a/private/property_contexts b/private/property_contexts
index b2586f9..c76fe09 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1147,6 +1147,9 @@
ro.kernel.qemu. u:object_r:exported_default_prop:s0
ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
+# This property is used by init to store the original value or /proc/sys/vm/watermark_scale_factor
+ro.kernel.watermark_scale_factor u:object_r:init_storage_prop:s0 exact int
+
ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
ro.product.vndk.version u:object_r:vndk_prop:s0 exact string