commit 6cb91a086ebd642f3756152c0dbbc4314cc1f83c
author Jeongik Cha <jeongik@google.com> Wed Nov 15 22:51:14 2023 +0900
committer Jeongik Cha <jeongik@google.com> Fri Nov 17 01:22:37 2023 +0900
tree b3c1882f11ae82001cfbaeaaf772ac97af5777ea
parent 41f36eda49e1f56773e68b6c26cd4e467d850ce9

declare setupwizard_mode_prop as system_vendor_config_prop

1. declare setupwizard_mode_prop for ro.setupwizard.mode
2. that prop could be set during vendor_init, so changed prop type

Bug: 310208141
Test: boot and check if there is no sepolicy issue
Change-Id: I89246ab2c686db139cad48550b860d69a41106ff

private/compat/34.0/34.0.ignore.cil

diff --git a/private/compat/34.0/34.0.ignore.cil b/private/compat/34.0/34.0.ignore.cil
index d98d69e..2995f04 100644
--- a/private/compat/34.0/34.0.ignore.cil
+++ b/private/compat/34.0/34.0.ignore.cil
@@ -17,6 +17,7 @@
     ot_daemon_service
     remote_auth_service
     security_state_service
+    setupwizard_mode_prop
     sysfs_sync_on_suspend
     threadnetwork_service
     device_config_aconfig_flags_prop

private/coredomain.te

diff --git a/private/coredomain.te b/private/coredomain.te
index f9b47df..dfb08b1 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -15,6 +15,7 @@
 get_prop(coredomain, radio_control_prop)
 get_prop(coredomain, rollback_test_prop)
 get_prop(coredomain, setupwizard_prop)
+get_prop(coredomain, setupwizard_mode_prop)
 get_prop(coredomain, sqlite_log_prop)
 get_prop(coredomain, storagemanager_config_prop)
 get_prop(coredomain, surfaceflinger_color_prop)

private/property.te

diff --git a/private/property.te b/private/property.te
index e1b42a0..9eed4de 100644
--- a/private/property.te
+++ b/private/property.te
@@ -605,6 +605,12 @@
 neverallow {
   domain
   -init
+  -vendor_init
+} setupwizard_mode_prop:property_service set;
+
+neverallow {
+  domain
+  -init
 } setupwizard_prop:property_service set;
 
 # ro.product.property_source_order is useless after initialization of ro.product.* props.

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 69e4ec2..3ccc410 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1480,6 +1480,8 @@
 ro.setupwizard.rotation_locked u:object_r:setupwizard_prop:s0 exact bool
 ro.setupwizard.wifi_on_exit    u:object_r:setupwizard_prop:s0 exact bool
 
+ro.setupwizard.mode            u:object_r:setupwizard_mode_prop:s0 exact string
+
 setupwizard.enable_assist_gesture_training                         u:object_r:setupwizard_prop:s0 exact bool
 setupwizard.feature.avoid_duplicate_tos                            u:object_r:setupwizard_prop:s0 exact bool
 setupwizard.feature.baseline_setupwizard_enabled                   u:object_r:setupwizard_prop:s0 exact bool

public/property.te

diff --git a/public/property.te b/public/property.te
index 1a5b105..44b0aef 100644
--- a/public/property.te
+++ b/public/property.te
@@ -197,6 +197,7 @@
 system_vendor_config_prop(dck_prop)
 system_vendor_config_prop(tuner_config_prop)
 system_vendor_config_prop(usb_uvc_enabled_prop)
+system_vendor_config_prop(setupwizard_mode_prop)
 
 # Properties with no restrictions
 system_public_prop(adbd_config_prop)