Add persist.sysui.notification.builder_extras_ovrd
Adds persist.sysui.notification.builder_extras_override property
and associated permissions, which will be used to flag guard
a change in core/...Notification.java.
Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because Notification.java
is a core library), but setting should only be possible
internally (and via debug shell).
Test: manual flash+adb setprop/getprop
Bug: 169435530
Change-Id: I3f7e2220798d22c90f4326570732a52b0deeb54d
diff --git a/private/app.te b/private/app.te
index b6b4714..427d10d 100644
--- a/private/app.te
+++ b/private/app.te
@@ -46,6 +46,7 @@
get_prop(appdomain, adbd_config_prop)
get_prop(appdomain, dck_prop)
get_prop(appdomain, persist_wm_debug_prop)
+get_prop(appdomain, persist_sysui_builder_extras_prop)
# Allow ART to be configurable via device_config properties
# (ART "runs" inside the app process)
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 3b61f73..cb1eb5c 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -48,6 +48,7 @@
fuseblkd
fuseblkd_exec
permissive_mte_prop
+ persist_sysui_builder_extras_prop
prng_seeder
recovery_usb_config_prop
remote_provisioning_service
diff --git a/private/platform_app.te b/private/platform_app.te
index 5d16d85..6d49502 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -45,6 +45,10 @@
')
neverallow { domain -init -dumpstate userdebug_or_eng(`-domain') } persist_wm_debug_prop:property_service set;
+userdebug_or_eng(`
+ set_prop(platform_app, persist_sysui_builder_extras_prop)
+')
+
# com.android.captiveportallogin reads /proc/vmstat
allow platform_app {
proc_vmstat
@@ -122,5 +126,7 @@
### Neverallow rules
###
+neverallow { domain -init userdebug_or_eng(`-shell -platform_app') } persist_sysui_builder_extras_prop:property_service set;
+
# app domains which access /dev/fuse should not run as platform_app
neverallow platform_app fuse_device:chr_file *;
diff --git a/private/property.te b/private/property.te
index 9e49c30..1fdba27 100644
--- a/private/property.te
+++ b/private/property.te
@@ -54,6 +54,7 @@
# Properties which can't be written outside system
system_restricted_prop(device_config_virtualization_framework_native_prop)
system_restricted_prop(log_file_logger_prop)
+system_restricted_prop(persist_sysui_builder_extras_prop)
###
### Neverallow rules
diff --git a/private/property_contexts b/private/property_contexts
index 269442d..c54db3d 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1534,3 +1534,6 @@
# UVC Gadget property
ro.usb.uvc.enabled u:object_r:usb_uvc_enabled_prop:s0 exact bool
+
+# System UI notification properties
+persist.sysui.notification.builder_extras_override u:object_r:persist_sysui_builder_extras_prop:s0 exact bool
diff --git a/private/shell.te b/private/shell.te
index cdbf7c2..85d09f9 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -243,3 +243,7 @@
# Allow shell to write GWP-ASan properties even on user builds.
set_prop(shell, gwp_asan_prop)
+
+# Allow shell to set persist.sysui.notification.builder_extras_override property
+userdebug_or_eng(`set_prop(shell, persist_sysui_builder_extras_prop)')
+
diff --git a/private/system_server.te b/private/system_server.te
index 27e5594..515dd13 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -836,6 +836,9 @@
# Read persist.wm.debug. properties
get_prop(system_server, persist_wm_debug_prop)
+# Read persist.sysui.notification.builder_extras_override property
+get_prop(system_server, persist_sysui_builder_extras_prop)
+
# Read ro.tuner.lazyhal
get_prop(system_server, tuner_config_prop)
# Write tuner.server.enable