Hide ro.debuggable and ro.secure from app zygote Present rule doesn't cover all cases because apps can still access these props when preloading app_zygote. Change-Id: I521f1a5f3cb006d3ffad035342a973b6f0d1e914

commit: 994245af7ee73323d58eaf273b181301aaa1204d [log] [tgz]
author: Han Wang <wanghan1995315@gmail.com> Fri Sep 13 12:00:55 2024 +0000
committer: Han Wang <wanghan1995315@gmail.com> Fri Sep 13 12:09:13 2024 +0000
tree: 21babb37b16748baafe186162121d4ffaa7b1040
parent: dae6a45066e55a082fee0f02db99cd61d27d7da4 [diff]
diff --git a/private/domain.te b/private/domain.te
index d6f86f4..e9cc7f5 100644
--- a/private/domain.te
+++ b/private/domain.te

@@ -501,7 +501,7 @@
 get_prop(domain, surfaceflinger_prop)
 get_prop(domain, telephony_status_prop)
 get_prop(domain, timezone_prop)
-get_prop({domain -untrusted_app_all -isolated_app_all -ephemeral_app },  userdebug_or_eng_prop)
+get_prop({domain -untrusted_app_all -isolated_app_all -ephemeral_app -app_zygote },  userdebug_or_eng_prop)
 get_prop(domain, vendor_socket_hook_prop)
 get_prop(domain, vndk_prop)
 get_prop(domain, vold_status_prop)
commit	994245af7ee73323d58eaf273b181301aaa1204d	[log] [tgz]
author	Han Wang <wanghan1995315@gmail.com>	Fri Sep 13 12:00:55 2024 +0000
committer	Han Wang <wanghan1995315@gmail.com>	Fri Sep 13 12:09:13 2024 +0000
tree	21babb37b16748baafe186162121d4ffaa7b1040
parent	dae6a45066e55a082fee0f02db99cd61d27d7da4 [diff]