Merge changes from topic "cherrypicker-L58100000960054695:N31200001359782734"
* changes:
Allow system_server to verify installed apps
Fix denial for ioctl FS Verity
diff --git a/private/sdk_sandbox.te b/private/sdk_sandbox.te
index fc4fce3..4806e6d 100644
--- a/private/sdk_sandbox.te
+++ b/private/sdk_sandbox.te
@@ -92,6 +92,7 @@
-pan_result_prop
-permissive_mte_prop
-persist_debug_prop
+ -persist_sysui_builder_extras_prop
-pm_prop
-powerctl_prop
-property_service_version_prop
diff --git a/private/system_server.te b/private/system_server.te
index aab36d9..df0dfa7 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -321,6 +321,7 @@
hal_client_domain(system_server, hal_input_classifier)
hal_client_domain(system_server, hal_input_processor)
hal_client_domain(system_server, hal_ir)
+hal_client_domain(system_server, hal_keymint)
hal_client_domain(system_server, hal_light)
hal_client_domain(system_server, hal_memtrack)
hal_client_domain(system_server, hal_neuralnetworks)
diff --git a/private/zygote.te b/private/zygote.te
index 9c47468..d61a431 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -247,6 +247,10 @@
# preloaded classes
get_prop(zygote, persist_wm_debug_prop)
+# Allow zygote to read persist_sysui_builder_extras_prop to toggle experimental features in
+# core preloaded classes
+get_prop(zygote, persist_sysui_builder_extras_prop)
+
# Allow zygote to read /apex/apex-info-list.xml
allow zygote apex_info_file:file r_file_perms;