Add sepolicy for ro.build.ab_update.ab_ota_partitions
Bug: 283042235
Test: th
Change-Id: Ie2296b75c91fbeb83cb0f3e61d5013b106fb78d0
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 3a49745..d06db62 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -52,6 +52,7 @@
fuseblkd_untrusted_exec
fuseblkd
fuseblkd_exec
+ ota_build_prop
permissive_mte_prop
persist_sysui_builder_extras_prop
prng_seeder
diff --git a/private/property_contexts b/private/property_contexts
index 102c111..5093d10 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -337,6 +337,7 @@
snapuserd.test.io_uring.force_disable u:object_r:snapuserd_prop:s0 exact bool
ro.product.ab_ota_partitions u:object_r:ota_prop:s0 exact string
+ro.vendor.build.ab_ota_partitions u:object_r:ota_build_prop:s0 exact string
# Property to set/clear the warm reset flag after an OTA update.
ota.warm_reset u:object_r:ota_prop:s0
# The vbmeta digest for the inactive slot. It can be set after installing
diff --git a/private/update_engine.te b/private/update_engine.te
index 8d6341c..c9511f7 100644
--- a/private/update_engine.te
+++ b/private/update_engine.te
@@ -14,6 +14,7 @@
# Allow to set the OTA related properties, e.g. ota.warm_reset.
set_prop(update_engine, ota_prop)
+get_prop(update_engine, ota_build_prop)
# Allow to get the DSU status
get_prop(update_engine, gsid_prop)