Merge "sepolicy: unify *_contexts file install location"
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 351ed54..ee9a99e 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -39,6 +39,7 @@
device_config_boot_count_prop
device_config_reset_performed_prop
device_config_flags_health_check_prop
+ device_config_netd_native_prop
e2fs
e2fs_exec
exfat
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index da1eaa9..bf273f3 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -37,6 +37,7 @@
device_config_boot_count_prop
device_config_reset_performed_prop
device_config_flags_health_check_prop
+ device_config_netd_native_prop
exfat
exported2_config_prop
exported2_default_prop
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 57e6876..960d5fc 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -25,6 +25,7 @@
dev_cpu_variant
device_config_boot_count_prop
device_config_flags_health_check_prop
+ device_config_netd_native_prop
device_config_reset_performed_prop
device_config_service
face_service
diff --git a/private/property_contexts b/private/property_contexts
index 06c2822..8d87262 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -170,6 +170,7 @@
device_config.reset_performed u:object_r:device_config_reset_performed_prop:s0
persist.device_config.attempted_boot_count u:object_r:device_config_boot_count_prop:s0
persist.device_config.global_settings.native_flags_health_check_enabled u:object_r:device_config_flags_health_check_prop:s0
+persist.device_config.netd_native. u:object_r:device_config_netd_native_prop:s0
apexd. u:object_r:apexd_prop:s0
persist.apexd. u:object_r:apexd_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 46fb591..0baf4d6 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -581,6 +581,7 @@
# STOPSHIP: Remove the ability for system_server to set property
# device_config_flags_health_check_prop before release. (b/119627143)
set_prop(system_server, device_config_flags_health_check_prop)
+set_prop(system_server, device_config_netd_native_prop)
# BootReceiver to read ro.boot.bootreason
get_prop(system_server, bootloader_boot_reason_prop)
@@ -931,6 +932,7 @@
-flags_health_check
} {
device_config_flags_health_check_prop
+ device_config_netd_native_prop
}:property_service set;
# system_server should never be executing dex2oat. This is either
diff --git a/public/flags_heatlh_check.te b/public/flags_heatlh_check.te
index a626895..bcae192 100644
--- a/public/flags_heatlh_check.te
+++ b/public/flags_heatlh_check.te
@@ -8,6 +8,7 @@
# STOPSHIP: Remove the ability for flags_health_check to set property
# device_config_flags_health_check_prop before release. (b/119627143)
set_prop(flags_health_check, device_config_flags_health_check_prop)
+set_prop(flags_health_check, device_config_netd_native_prop)
allow flags_health_check server_configurable_flags_data_file:dir rw_dir_perms;
allow flags_health_check server_configurable_flags_data_file:file create_file_perms;
diff --git a/public/init.te b/public/init.te
index 59d500d..10a0c68 100644
--- a/public/init.te
+++ b/public/init.te
@@ -40,6 +40,7 @@
# restorecon for early mount device symlinks
allow init tmpfs:lnk_file { getattr read relabelfrom };
allow init {
+ metadata_block_device
misc_block_device
recovery_block_device
system_block_device
diff --git a/public/netd.te b/public/netd.te
index 39864f6..72d8483 100644
--- a/public/netd.te
+++ b/public/netd.te
@@ -111,6 +111,7 @@
add_hwservice(netd, system_net_netd_hwservice)
hwbinder_use(netd)
get_prop(netd, hwservicemanager_prop)
+get_prop(netd, device_config_netd_native_prop)
###
### Neverallow rules
diff --git a/public/property.te b/public/property.te
index 5a22340..f67a506 100644
--- a/public/property.te
+++ b/public/property.te
@@ -31,6 +31,7 @@
type device_config_boot_count_prop, property_type;
type device_config_reset_performed_prop, property_type;
type device_config_flags_health_check_prop, property_type;
+type device_config_netd_native_prop, property_type;
type device_logging_prop, property_type;
type dhcp_prop, property_type, core_property_type;
type dumpstate_options_prop, property_type;
@@ -400,6 +401,7 @@
-device_config_reset_performed_prop
-device_config_boot_count_prop
-device_config_flags_health_check_prop
+ -device_config_netd_native_prop
-heapprofd_enabled_prop
-heapprofd_prop
-hwservicemanager_prop
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 9aa1194..9f0dab2 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -177,6 +177,7 @@
-device_config_boot_count_prop
-device_config_reset_performed_prop
-device_config_flags_health_check_prop
+ -device_config_netd_native_prop
-restorecon_prop
-netd_stable_secret_prop
-firstboot_prop