Allow the remote provisioner app to set rkp_only properties The properties for rkp_only are no longer read only. This allows remote provisioner unit tests to enable/disable the remote provisioning only mode, which is required to fully verify functionality. Test: RemoteProvisionerUnitTests Bug: 227306369 Change-Id: I8006712a49c4d0605f6268068414b49714bbd939

commit: 8bfdd82123d617bd5134dde4312cc8dc6c0bfe82 [log] [tgz]
author: Seth Moore <sethmo@google.com> Wed Apr 20 10:10:49 2022 -0700
committer: Seth Moore <sethmo@google.com> Wed Apr 20 17:15:20 2022 -0700
tree: 3e48201fd7e4640806f0e343393d80936bcc5cc5
parent: 47bddcd065d6b13a9e8048330286bb54a25582a8 [diff] [blame]
diff --git a/private/property.te b/private/property.te
index ccf6040..5f565da 100644
--- a/private/property.te
+++ b/private/property.te

@@ -614,6 +614,13 @@
 neverallow domain system_and_vendor_property_type:{file property_service} *;
 
 neverallow {
+  # Only init and the remote provisioner can set the ro.remote_provisioning.* props
+  domain
+  -init
+  -remote_prov_app
+} remote_prov_prop:property_service set;
+
+neverallow {
   # Only allow init and shell to set rollback_test_prop
   domain
   -init
commit	8bfdd82123d617bd5134dde4312cc8dc6c0bfe82	[log] [tgz]
author	Seth Moore <sethmo@google.com>	Wed Apr 20 10:10:49 2022 -0700
committer	Seth Moore <sethmo@google.com>	Wed Apr 20 17:15:20 2022 -0700
tree	3e48201fd7e4640806f0e343393d80936bcc5cc5
parent	47bddcd065d6b13a9e8048330286bb54a25582a8 [diff] [blame]