Allow CTS DeviceInfo to read VAB prop. Test: adb shell am instrument -w \ com.android.compatibility.common.deviceinfo/androidx.test.runner.AndroidJUnitRunner Fixes: 179427873 Change-Id: I1dd2c480408b7695ab0285645de5b06b8b6137c5

commit: 809eb755537ef21ae3c5b3a622c59a5855e3e028 [log] [tgz]
author: Yifan Hong <elsk@google.com> Thu Feb 04 16:20:11 2021 -0800
committer: Yifan Hong <elsk@google.com> Thu Feb 04 19:56:07 2021 -0800
tree: 9763f002e5a8491bcdf21c8bf036697fb4597871
parent: 3d4a5081ca6183822a00f7c4c8991c2196510844 [diff] [blame]
diff --git a/private/app.te b/private/app.te
index c635aed..710b94d 100644
--- a/private/app.te
+++ b/private/app.te

@@ -71,6 +71,9 @@
 allow appdomain { apex_art_data_file apex_module_data_file }:dir search;
 allow appdomain apex_art_data_file:file r_file_perms;
 
+# Allow APFE device info to read Virtual A/B props.
+get_prop(appdomain, virtual_ab_prop)
+
 # Sensitive app domains are not allowed to execute from /data
 # to prevent persistence attacks and ensure all code is executed
 # from read-only locations.
@@ -88,3 +91,4 @@
   -system_data_file # shared libs in apks
   -apk_data_file
 }:file no_x_file_perms;
+
commit	809eb755537ef21ae3c5b3a622c59a5855e3e028	[log] [tgz]
author	Yifan Hong <elsk@google.com>	Thu Feb 04 16:20:11 2021 -0800
committer	Yifan Hong <elsk@google.com>	Thu Feb 04 19:56:07 2021 -0800
tree	9763f002e5a8491bcdf21c8bf036697fb4597871
parent	3d4a5081ca6183822a00f7c4c8991c2196510844 [diff] [blame]