Merge "Add sdcardfs variable to storage_config_props"
diff --git a/private/app.te b/private/app.te
index a03bcb0..9964605 100644
--- a/private/app.te
+++ b/private/app.te
@@ -35,3 +35,6 @@
{ domain -appdomain -crash_dump -rs }:process { transition };
neverallow { appdomain -shell userdebug_or_eng(`-su') }
{ domain -appdomain }:process { dyntransition };
+
+# Don't allow regular apps access to storage configuration properties.
+neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;
diff --git a/private/mediaprovider_app.te b/private/mediaprovider_app.te
index fea903e..9afbadd 100644
--- a/private/mediaprovider_app.te
+++ b/private/mediaprovider_app.te
@@ -43,3 +43,6 @@
allow mediaprovider_app { mnt_media_rw_file }:dir search;
allow mediaprovider_app proc_filesystems:file r_file_perms;
+
+#Allow MediaProvider to see if sdcardfs is in use
+get_prop(mediaprovider_app, storage_config_prop)
diff --git a/private/property_contexts b/private/property_contexts
index 5d30621..3f15983 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -419,6 +419,7 @@
external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
diff --git a/public/app.te b/public/app.te
index 2c8e335..433bb7d 100644
--- a/public/app.te
+++ b/public/app.te
@@ -568,9 +568,6 @@
-system_app
} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
-# Don't allow apps access to storage configuration properties.
-neverallow appdomain storage_config_prop:file no_rw_file_perms;
-
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;