Define sepolicy with property for linker
To support linker-specific property, sys.linker.* has been defined as
linker_prop. This will have get_prop access from domain so all binaries
can start with linker using proper property access level.
Bug: 138920271
Test: m -j && Confirmed from cuttlefish that get_prop errors are no longer found
Change-Id: Iaf584e0cbdd5bca3d5667e93cf9a6401e757a314
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 4067843..b784fd8 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -13,6 +13,7 @@
hal_can_bus_hwservice
hal_can_controller_hwservice
init_svc_debug_prop
+ linker_prop
ota_metadata_file
runtime_apex_dir
system_ashmem_hwservice
diff --git a/private/domain.te b/private/domain.te
index 81a4550..ee0ef6e 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -42,6 +42,9 @@
# if memfd support can be used if device supports it
get_prop(domain, use_memfd_prop);
+# Allow to read properties for linker
+get_prop(domain, linker_prop);
+
# For now, everyone can access core property files
# Device specific properties are not granted by default
not_compatible_property(`
diff --git a/private/property_contexts b/private/property_contexts
index d1a97d9..55445ec 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -23,6 +23,7 @@
ro.hw. u:object_r:system_prop:s0
sys. u:object_r:system_prop:s0
sys.cppreopt u:object_r:cppreopt_prop:s0
+sys.linker. u:object_r:linker_prop:s0
sys.lpdumpd u:object_r:lpdumpd_prop:s0
sys.powerctl u:object_r:powerctl_prop:s0
sys.usb.ffs. u:object_r:ffs_prop:s0
diff --git a/private/shell.te b/private/shell.te
index 02b01f5..8a933a5 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -74,3 +74,8 @@
# Allow shell to start and comminicate with lpdumpd.
set_prop(shell, lpdumpd_prop);
binder_call(shell, lpdumpd)
+
+# Allow shell to set linker property
+userdebug_or_eng(`
+ set_prop(shell, linker_prop)
+')