Add sepolicy for microdroid_mgr to read sysprop servicemanager.installed
Allow it to read the servicemanager.installed prop so servicemanager API
calls aren't stuck waiting for a servicemanager process to become ready.
There is no servicemanager process on microdroid.
Test: atest vm_accessor_test
Bug: 358427181
Change-Id: Id500dcf03461a1d911c95e5457118d7d8bc7f167
diff --git a/microdroid/system/private/microdroid_payload.te b/microdroid/system/private/microdroid_payload.te
index e4315a2..822797c 100644
--- a/microdroid/system/private/microdroid_payload.te
+++ b/microdroid/system/private/microdroid_payload.te
@@ -14,6 +14,10 @@
# Allow to set debug prop
set_prop(microdroid_payload, debug_prop)
+# Allow to use service manager APIs without waiting for the servicemanager
+# process because it's not installed in microdroid
+get_prop(microdroid_payload, servicemanager_prop)
+
# Allow microdroid_payload to use vsock inherited from microdroid_manager
allow microdroid_payload microdroid_manager:vsock_socket { read write };
diff --git a/microdroid/system/private/property_contexts b/microdroid/system/private/property_contexts
index 2bd5a22..13c3ed8 100644
--- a/microdroid/system/private/property_contexts
+++ b/microdroid/system/private/property_contexts
@@ -121,6 +121,9 @@
microdroid_manager.config_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
microdroid_manager.init_done u:object_r:microdroid_lifecycle_prop:s0 exact bool
+# servicemanager property to avoid waiting for servicemanager process
+servicemanager.installed u:object_r:servicemanager_prop:s0 exact bool
+
init_debug_policy.adbd.enabled u:object_r:init_debug_policy_prop:s0 exact bool
dev.mnt.blk.root u:object_r:dev_mnt_prop:s0 exact string
diff --git a/microdroid/system/public/property.te b/microdroid/system/public/property.te
index 7db53d0..26b1a3e 100644
--- a/microdroid/system/public/property.te
+++ b/microdroid/system/public/property.te
@@ -49,6 +49,7 @@
type usb_control_prop, property_type;
type vendor_default_prop, property_type;
type powerctl_prop, property_type;
+type servicemanager_prop, property_type;
# public is for vendor-facing type and attribute definitions.
# DO NOT ADD allow, neverallow, or dontaudit statements here.
diff --git a/private/property_contexts b/private/property_contexts
index 41ae9a2..c74c373 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -239,7 +239,8 @@
traced.oome_heap_session.count u:object_r:traced_oome_heap_session_count_prop:s0 exact uint
# servicemanager properties
-servicemanager.ready u:object_r:servicemanager_prop:s0 exact bool
+servicemanager.ready u:object_r:servicemanager_prop:s0 exact bool
+servicemanager.installed u:object_r:servicemanager_prop:s0 exact bool
# hwservicemanager properties
hwservicemanager. u:object_r:hwservicemanager_prop:s0