Add bootloader_prop for ro.boot. properties
ro.boot. properties assigned as "exported2_default_prop" are now
"bootloader_prop", to remove bad context name "exported2_default_prop".
Two things to clarify:
1) We have both the prefix entry and the exact entries. Although the
exact entries may be redundant, we may want to keep them. Vendors are
still allowed to have properties starting with "ro.boot." on
vendor_property_contexts file. The exact entries can prevent vendors
from modifying them to random contexts.
2) ro.boot. is special as it is originally for kernel command line
"androidboot.". But some ro.boot. properties are being used as if they
were normal. To avoid regression, ro.boot. properties having contexts
other than "exported2_default_prop" are not changed here. They will be
tracked later.
Bug: 155844385
Test: m selinux_policy
Change-Id: Ic0f4117ae68a828787304187457b5e1e105a52c7
Merged-In: Ic0f4117ae68a828787304187457b5e1e105a52c7
diff --git a/private/init.te b/private/init.te
index 49a98e0..453e8a4 100644
--- a/private/init.te
+++ b/private/init.te
@@ -63,3 +63,6 @@
# Only init can write vts.native_server.on
set_prop(init, vts_status_prop)
neverallow { -init } vts_status_prop:property_service set;
+
+# Only init can write normal ro.boot. properties
+neverallow { -init } bootloader_prop:property_service set;