Merge "Add external_storage properties." into rvc-dev
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 4733042..8b23ea5 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -88,6 +88,7 @@
snapshotctl_log_data_file
socket_hook_prop
soundtrigger_middleware_service
+ storage_config_prop
sysfs_dm_verity
system_adbd_prop
system_config_service
diff --git a/public/app.te b/public/app.te
index e5b9fd6..9c635aa 100644
--- a/public/app.te
+++ b/public/app.te
@@ -566,6 +566,10 @@
-system_app
} { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
+
+# Don't allow apps access to storage configuration properties.
+neverallow appdomain storage_config_prop:file no_rw_file_perms;
+
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/public/domain.te b/public/domain.te
index c7f851d..c9ee4d9 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -530,6 +530,7 @@
neverallow { domain -init } exported2_default_prop:property_service set;
neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
+ neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
')
# Only core domains are allowed to access package_manager properties
diff --git a/public/property.te b/public/property.te
index d403d82..f69f2e7 100644
--- a/public/property.te
+++ b/public/property.te
@@ -118,6 +118,7 @@
system_vendor_config_prop(exported_default_prop)
system_vendor_config_prop(exported3_default_prop)
system_vendor_config_prop(media_variant_prop)
+system_vendor_config_prop(storage_config_prop)
system_vendor_config_prop(userspace_reboot_config_prop)
system_vendor_config_prop(vehicle_hal_prop)
system_vendor_config_prop(vendor_security_patch_level_prop)
diff --git a/public/property_contexts b/public/property_contexts
index 6e097b0..fdac303 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -70,6 +70,8 @@
dalvik.vm.usejitprofiles u:object_r:exported_dalvik_prop:s0 exact bool
dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
+external_storage.projid.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
media.stagefright.cache-params u:object_r:exported3_default_prop:s0 exact string
diff --git a/public/recovery.te b/public/recovery.te
index 55568d4..16b670f 100644
--- a/public/recovery.te
+++ b/public/recovery.te
@@ -125,6 +125,9 @@
# Read ro.boot.bootreason
get_prop(recovery, bootloader_boot_reason_prop)
+ # Read storage properties (for correctly formatting filesystems)
+ get_prop(recovery, storage_config_prop)
+
# Use setfscreatecon() to label files for OTA updates.
allow recovery self:process setfscreate;
diff --git a/public/vendor_init.te b/public/vendor_init.te
index 935c314..c070dff 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -233,6 +233,7 @@
set_prop(vendor_init, log_prop)
set_prop(vendor_init, rebootescrow_hal_prop)
set_prop(vendor_init, serialno_prop)
+set_prop(vendor_init, storage_config_prop)
set_prop(vendor_init, userspace_reboot_config_prop)
set_prop(vendor_init, vehicle_hal_prop)
set_prop(vendor_init, vendor_default_prop)
diff --git a/public/vold.te b/public/vold.te
index 9391649..e298567 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -201,6 +201,7 @@
set_prop(vold, ota_prop)
set_prop(vold, boottime_prop)
set_prop(vold, boottime_public_prop)
+get_prop(vold, storage_config_prop)
# ASEC
allow vold asec_image_file:file create_file_perms;