Add context for ro.product.property_source_order
Any partitions should be able to write this property with build.prop.
This adds a new context for ro.product.property_source_order so it can
be set from any build.prop, e.g. vendor/build.prop, product/build.prop,
etc.
Bug: 172459064
Test: PRODUCT_VENDOR_PROPERTIES can set this property
Change-Id: Ibf85a4ad02d8454f621428b271e8e298067aa126
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 592a1f9..9cc23b4 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1299,6 +1299,7 @@
(typeattributeset default_android_vndservice_30_0 (default_android_vndservice))
(typeattributeset default_prop_30_0 (
default_prop
+ build_config_prop
init_service_status_private_prop
setupwizard_prop
verity_status_prop
diff --git a/private/property.te b/private/property.te
index b14ab4e..6cc4100 100644
--- a/private/property.te
+++ b/private/property.te
@@ -515,3 +515,11 @@
neverallow {
-init
} setupwizard_prop:property_service set;
+
+# ro.product.property_source_order is useless after initialization of ro.product.* props.
+# So making it accessible only from init and vendor_init.
+neverallow {
+ -init
+ -dumpstate
+ -vendor_init
+} build_config_prop:file no_rw_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index 1b378f7..ac340c4 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -787,6 +787,9 @@
ro.product.bootimage.model u:object_r:build_bootimage_prop:s0 exact string
ro.product.bootimage.name u:object_r:build_bootimage_prop:s0 exact string
+# ro.product.property_source_order is settable from any build.prop
+ro.product.property_source_order u:object_r:build_config_prop:s0 exact string
+
ro.crypto.state u:object_r:vold_status_prop:s0 exact enum encrypted unencrypted unsupported
ro.crypto.type u:object_r:vold_status_prop:s0 exact enum block file none