commit c347dc28fa7caeb1e70dcf40b057dcb3299161f5
author Andrew Scull <ascull@google.com> Fri Oct 28 11:35:49 2022 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Oct 28 11:35:49 2022 +0000
tree 3bafd83427102ce487429c08aa42f5a8dbf62190
parent 7bff1e56bb599bddcd4f4c401445965051c495cc
parent a87c7be41929f7cea8e4ed09bf1a17402dcc1e9b

Merge "Allow vendors to set remote_prov_prop properties"

private/compat/33.0/33.0.ignore.cil

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index a5d5f98..ff84b96 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -24,6 +24,7 @@
     keystore_config_prop
     permissive_mte_prop
     prng_seeder
+    remote_prov_prop
     servicemanager_prop
     system_net_netd_service
     timezone_metadata_prop

private/property.te

diff --git a/private/property.te b/private/property.te
index cac04d3..eda66c8 100644
--- a/private/property.te
+++ b/private/property.te
@@ -34,7 +34,6 @@
 system_internal_prop(pm_prop)
 system_internal_prop(profcollectd_node_id_prop)
 system_internal_prop(radio_cdma_ecm_prop)
-system_internal_prop(remote_prov_prop)
 system_internal_prop(rollback_test_prop)
 system_internal_prop(setupwizard_prop)
 system_internal_prop(snapuserd_prop)
@@ -627,9 +626,10 @@
 neverallow domain system_and_vendor_property_type:{file property_service} *;
 
 neverallow {
-  # Only init and the remote provisioner can set the ro.remote_provisioning.* props
+  # Only init, vendor_init and the remote provisioner can set the ro.remote_provisioning.* props
   domain
   -init
+  -vendor_init
   -remote_prov_app
 } remote_prov_prop:property_service set;
 

public/property.te

diff --git a/public/property.te b/public/property.te
index a9e61b5..a24e482 100644
--- a/public/property.te
+++ b/public/property.te
@@ -226,6 +226,7 @@
 system_public_prop(qemu_sf_lcd_density_prop)
 system_public_prop(radio_control_prop)
 system_public_prop(radio_prop)
+system_public_prop(remote_prov_prop)
 system_public_prop(serialno_prop)
 system_public_prop(surfaceflinger_color_prop)
 system_public_prop(system_prop)

public/vendor_init.te

diff --git a/public/vendor_init.te b/public/vendor_init.te
index 61fa686..74bf488 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -246,6 +246,7 @@
 set_prop(vendor_init, qemu_hw_prop)
 set_prop(vendor_init, radio_control_prop)
 set_prop(vendor_init, rebootescrow_hal_prop)
+set_prop(vendor_init, remote_prov_prop)
 set_prop(vendor_init, serialno_prop)
 set_prop(vendor_init, soc_prop)
 set_prop(vendor_init, surfaceflinger_color_prop)