commit b85242c00f3ecfed92cfc737f3ad2d56c2c8e2d4
author Felipe Leme <felipeal@google.com> Thu Apr 21 17:49:05 2022 -0700
committer Felipe Leme <felipeal@google.com> Thu Apr 21 18:49:12 2022 -0700
tree 5f0bf7bb20192d834a9b5d60c132f9dca33891fe
parent 800e948e616bd898721bb9a14bf41442a7e7ecf6

Allow apps to read system_user_mode_emulation_prop.

As it's used by UserManager...

Test: sesearch --allow -s appdomain -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy
Bug: 226643927

Change-Id: I1134a9e0b8ae758e3ebef054b96f9e3237a2401f

private/app.te

diff --git a/private/app.te b/private/app.te
index 5570544..7033cb6 100644
--- a/private/app.te
+++ b/private/app.te
@@ -73,6 +73,9 @@
 # Allow to read db.log.detailed, db.log.slow_query_threshold*
 get_prop(appdomain, sqlite_log_prop)
 
+# Allow to read system_user_mode_emulation_prop, which is used by UserManager.java
+userdebug_or_eng(`get_prop(appdomain, system_user_mode_emulation_prop)')
+
 # Allow font file read by apps.
 allow appdomain font_data_file:file r_file_perms;
 allow appdomain font_data_file:dir r_dir_perms;

private/compat/32.0/32.0.ignore.cil

diff --git a/private/compat/32.0/32.0.ignore.cil b/private/compat/32.0/32.0.ignore.cil
index d29a3d3..b3805ed 100644
--- a/private/compat/32.0/32.0.ignore.cil
+++ b/private/compat/32.0/32.0.ignore.cil
@@ -69,6 +69,7 @@
     sysfs_gpu
     sysfs_lru_gen_enabled
     system_dlkm_file
+    system_user_mode_emulation_prop
     tare_service
     tv_iapp_service
     untrusted_app_30

private/property.te

diff --git a/private/property.te b/private/property.te
index 63081bf..15a46a2 100644
--- a/private/property.te
+++ b/private/property.te
@@ -49,7 +49,6 @@
 # Properties which can't be written outside system
 system_restricted_prop(device_config_vendor_system_native_prop)
 system_restricted_prop(device_config_virtualization_framework_native_prop)
-system_restricted_prop(system_user_mode_emulation_prop)
 
 ###
 ### Neverallow rules
@@ -122,7 +121,6 @@
   -restorecon_prop
   -shell_prop
   -system_prop
-  -system_user_mode_emulation_prop
   -usb_prop
   -vold_prop
 }:file no_rw_file_perms;

public/property.te

diff --git a/public/property.te b/public/property.te
index 6024f07..8ddc774 100644
--- a/public/property.te
+++ b/public/property.te
@@ -218,6 +218,7 @@
 system_public_prop(serialno_prop)
 system_public_prop(surfaceflinger_color_prop)
 system_public_prop(system_prop)
+system_public_prop(system_user_mode_emulation_prop)
 system_public_prop(telephony_status_prop)
 system_public_prop(usb_control_prop)
 system_public_prop(vold_post_fs_data_prop)