commit 6f2280dba99f95374b60655d236d72be9893ee8a
author Florian Mayer <fmayer@google.com> Thu Sep 15 22:34:03 2022 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Sep 15 22:34:03 2022 +0000
tree 237dd6f4672bf3ceb11cd8cbd32773de1abf814c
parent cba09e29631156a3cc21b6bac3201b0314f4d913
parent f99eeb6bd902bca52afcbfb0444df4b22c7259cf

Update prebuilts to fix sepolicy_freeze_test am: f99eeb6bd9

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2201137

Change-Id: I2848699e579daefe2ef542c6f01b81c9471c6a88
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

prebuilts/api/31.0/private/property.te

diff --git a/prebuilts/api/31.0/private/property.te b/prebuilts/api/31.0/private/property.te
index 29f4f1a..e72693a 100644
--- a/prebuilts/api/31.0/private/property.te
+++ b/prebuilts/api/31.0/private/property.te
@@ -395,10 +395,12 @@
 
 # Allow the shell to set MTE props, so that non-root users with adb shell
 # access can control the settings on their device.
+# Allow system apps to set MTE props, so Developer Options can set them.
 neverallow {
   domain
   -init
   -shell
+  -system_app
 } {
   arm64_memtag_prop
 }:property_service set;

prebuilts/api/31.0/private/system_app.te

diff --git a/prebuilts/api/31.0/private/system_app.te b/prebuilts/api/31.0/private/system_app.te
index 239686e..41fac62 100644
--- a/prebuilts/api/31.0/private/system_app.te
+++ b/prebuilts/api/31.0/private/system_app.te
@@ -34,6 +34,7 @@
 allow system_app icon_file:file r_file_perms;
 
 # Write to properties
+set_prop(system_app, arm64_memtag_prop)
 set_prop(system_app, bluetooth_a2dp_offload_prop)
 set_prop(system_app, bluetooth_audio_hal_prop)
 set_prop(system_app, bluetooth_prop)

prebuilts/api/32.0/private/property.te

diff --git a/prebuilts/api/32.0/private/property.te b/prebuilts/api/32.0/private/property.te
index 587cf5e..77e1a7d 100644
--- a/prebuilts/api/32.0/private/property.te
+++ b/prebuilts/api/32.0/private/property.te
@@ -396,10 +396,12 @@
 
 # Allow the shell to set MTE props, so that non-root users with adb shell
 # access can control the settings on their device.
+# Allow system apps to set MTE props, so Developer Options can set them.
 neverallow {
   domain
   -init
   -shell
+  -system_app
 } {
   arm64_memtag_prop
 }:property_service set;

prebuilts/api/32.0/private/system_app.te

diff --git a/prebuilts/api/32.0/private/system_app.te b/prebuilts/api/32.0/private/system_app.te
index 239686e..41fac62 100644
--- a/prebuilts/api/32.0/private/system_app.te
+++ b/prebuilts/api/32.0/private/system_app.te
@@ -34,6 +34,7 @@
 allow system_app icon_file:file r_file_perms;
 
 # Write to properties
+set_prop(system_app, arm64_memtag_prop)
 set_prop(system_app, bluetooth_a2dp_offload_prop)
 set_prop(system_app, bluetooth_audio_hal_prop)
 set_prop(system_app, bluetooth_prop)