Add prop to control PM appcompat
We need to explicitly disable app compat so that apk
alignment status can be detected.
Test: m
Bug: 381949453
Change-Id: Ief0df075a7b65c8c2300c5f9fed57b16092b70b9
diff --git a/private/init.te b/private/init.te
index 9e51a73..012ef0b 100644
--- a/private/init.te
+++ b/private/init.te
@@ -84,6 +84,8 @@
# Allow init to set 16kb app compatibility props
set_prop(init, bionic_linker_16kb_app_compat_prop)
+set_prop(init, pm_16kb_app_compat_prop)
+
# Allow init to set/get prefetch boot prop to initiate record/replay
set_prop(init, ctl_prefetch_prop);
diff --git a/private/property.te b/private/property.te
index ccea344..525754f 100644
--- a/private/property.te
+++ b/private/property.te
@@ -87,6 +87,8 @@
system_restricted_prop(persist_sysui_builder_extras_prop)
system_restricted_prop(persist_sysui_ranking_update_prop)
system_restricted_prop(page_size_prop)
+system_restricted_prop(pm_16kb_app_compat_prop)
+
# Properties with no restrictions
until_board_api(202504, `
@@ -877,3 +879,10 @@
-shell
userdebug_or_eng(`-su')
} bionic_linker_16kb_app_compat_prop:property_service set;
+
+neverallow {
+ domain
+ -init
+ -shell
+ userdebug_or_eng(`-su')
+} pm_16kb_app_compat_prop:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 721f88b..b67fbff 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -762,6 +762,8 @@
pm.dexopt. u:object_r:future_pm_prop:s0 prefix
+pm.16kb.app_compat.disabled u:object_r:pm_16kb_app_compat_prop:s0 exact bool
+
ro.apk_verity.mode u:object_r:apk_verity_prop:s0 exact int
ro.bluetooth.a2dp_offload.supported u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
diff --git a/private/shell.te b/private/shell.te
index 6372609..890d6f4 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -114,6 +114,9 @@
# Allow shell to enable 16 KB backcompat globally.
set_prop(shell, bionic_linker_16kb_app_compat_prop)
+# Allow shell to disable compat in package manager
+set_prop(shell, pm_16kb_app_compat_prop)
+
# Allow shell to get encryption policy of /data/local/tmp/, for CTS
allowxperm shell shell_data_file:dir ioctl {
FS_IOC_GET_ENCRYPTION_POLICY
diff --git a/private/system_server.te b/private/system_server.te
index a764df4..9528071 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -823,6 +823,9 @@
# staged flag properties
set_prop(system_server, next_boot_prop)
+# Allow system server to read pm.16kb.app_compat.disabled
+get_prop(system_server, pm_16kb_app_compat_prop)
+
# Allow query ART device config properties
get_prop(system_server, device_config_runtime_native_boot_prop)
get_prop(system_server, device_config_runtime_native_prop)