Add persist.sysui.notification.builder_extras_ovrd Adds persist.sysui.notification.builder_extras_override property and associated permissions, which will be used to flag guard a change in core/...Notification.java. Permissions are limited in scope to avoid unnecessary access. Apps may need to read the flag (because Notification.java is a core library), but setting should only be possible internally (and via debug shell). Test: manual flash+adb setprop/getprop Bug: 169435530 Change-Id: I3f7e2220798d22c90f4326570732a52b0deeb54d

commit: 829d97450584473a7e5321352eb55be4e2b0cd76 [log] [tgz]
author: Alexander Roederer <aroederer@google.com> Thu Mar 23 02:19:22 2023 +0000
committer: Alexander Roederer <aroederer@google.com> Wed Mar 29 16:35:39 2023 +0000
tree: 45a48593345739271c88df31ecb34455c39e87d3
parent: 3e86cee7c4d45771e712fe623721efb2eaaf99ab [diff] [blame]
diff --git a/private/platform_app.te b/private/platform_app.te
index 5d16d85..6d49502 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te

@@ -45,6 +45,10 @@
 ')
 neverallow { domain -init -dumpstate userdebug_or_eng(`-domain') } persist_wm_debug_prop:property_service set;
 
+userdebug_or_eng(`
+  set_prop(platform_app, persist_sysui_builder_extras_prop)
+')
+
 # com.android.captiveportallogin reads /proc/vmstat
 allow platform_app {
   proc_vmstat
@@ -122,5 +126,7 @@
 ### Neverallow rules
 ###
 
+neverallow { domain -init userdebug_or_eng(`-shell -platform_app') } persist_sysui_builder_extras_prop:property_service set;
+
 # app domains which access /dev/fuse should not run as platform_app
 neverallow platform_app fuse_device:chr_file *;
commit	829d97450584473a7e5321352eb55be4e2b0cd76	[log] [tgz]
author	Alexander Roederer <aroederer@google.com>	Thu Mar 23 02:19:22 2023 +0000
committer	Alexander Roederer <aroederer@google.com>	Wed Mar 29 16:35:39 2023 +0000
tree	45a48593345739271c88df31ecb34455c39e87d3
parent	3e86cee7c4d45771e712fe623721efb2eaaf99ab [diff] [blame]