commit 8b65b0b12db79ed492706251eec45497bd75e8e0
author Victor Hsieh <victorhsieh@google.com> Wed Nov 27 10:06:03 2019 -0800
committer Victor Hsieh <victorhsieh@google.com> Tue Dec 03 10:09:35 2019 -0800
tree e19bcd0d6d44a5a06078a883d514098074881ad0
parent d6a91453d87767058633cb768e067162c62e44be

sepolicy: allow rules for apk verify system property

ro.apk_verity.mode was introduced in P on crosshatch. This change
changes the label from default_prop to a new property, apk_verity_prop.

ro.apk_verity.mode is set by vendor_init per build.prop, in order to
honor Treble split.  It is also read by system_server and installd
currently.

Test: verify functioning without denials in dmesg
Bug: 142494008
Bug: 144164497
Change-Id: I1f24513d79237091cf30025bb7ca63282e23c739

private/compat/29.0/29.0.cil

diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index c447715..5eddc4e 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1143,7 +1143,7 @@
 (typeattributeset default_android_hwservice_29_0 (default_android_hwservice))
 (typeattributeset default_android_service_29_0 (default_android_service))
 (typeattributeset default_android_vndservice_29_0 (default_android_vndservice))
-(typeattributeset default_prop_29_0 (default_prop))
+(typeattributeset default_prop_29_0 (default_prop apk_verity_prop))
 (typeattributeset dev_cpu_variant_29_0 (dev_cpu_variant))
 (typeattributeset device_29_0 (device))
 (typeattributeset device_config_activity_manager_native_boot_prop_29_0 (device_config_activity_manager_native_boot_prop))