Adds system_user_mode_emulation_prop property.
It will be used by system_server only (i.e., not even Shell) to let
developers change the system user mode (to be headless or full).
Test: sesearch --allow -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy
Bug: 226643927
Change-Id: Iaba42fd56dce0d8d794ef129634df78f9599260f
diff --git a/private/property.te b/private/property.te
index ccf6040..396fd25 100644
--- a/private/property.te
+++ b/private/property.te
@@ -49,6 +49,7 @@
# Properties which can't be written outside system
system_restricted_prop(device_config_vendor_system_native_prop)
system_restricted_prop(device_config_virtualization_framework_native_prop)
+system_restricted_prop(system_user_mode_emulation_prop)
###
### Neverallow rules
@@ -121,6 +122,7 @@
-restorecon_prop
-shell_prop
-system_prop
+ -system_user_mode_emulation_prop
-usb_prop
-vold_prop
}:file no_rw_file_perms;
diff --git a/private/property_contexts b/private/property_contexts
index 1ad19c1..2fafdf5 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -57,6 +57,7 @@
persist.nfc. u:object_r:nfc_prop:s0
persist.nfc_cfg. u:object_r:nfc_prop:s0
persist.debug. u:object_r:persist_debug_prop:s0
+persist.debug.user_mode_emulation u:object_r:system_user_mode_emulation_prop:s0
logd. u:object_r:logd_prop:s0
persist.logd. u:object_r:logd_prop:s0
ro.logd. u:object_r:logd_prop:s0
diff --git a/private/system_server.te b/private/system_server.te
index 8fc032f..c9dcbc5 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -713,6 +713,7 @@
set_prop(system_server, retaildemo_prop)
set_prop(system_server, dmesgd_start_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
+userdebug_or_eng(`set_prop(system_server, system_user_mode_emulation_prop)')
# ctl interface
set_prop(system_server, ctl_default_prop)