Set apex. property as "system_restricted" Since the property is supposed to be used by vendor-side .rc file as read-only (especially by vendor apex), it should be "system_restricted". Also allow vendor_init to read the property. Bug: 232172382 Test: boot cuttlefish (with vendor apex using the property) Change-Id: I502388e550e0a3c961a51af2e2cf11335a45b992

commit: cae2368d2d8626077ad909f0bd16c0880367486e [log] [tgz]
author: Jooyung Han <jooyung@google.com> Fri Sep 02 16:26:27 2022 +0900
committer: Jooyung Han <jooyung@google.com> Fri Sep 02 18:11:33 2022 +0900
tree: 7ba34aa1d3dca2cbd35020ddd9d52dfb87065a64
parent: ba80cd59a7faf34cd13769aa7bf6bf9618a69bd9 [diff] [blame]
diff --git a/private/property.te b/private/property.te
index 90db686..27a8e38 100644
--- a/private/property.te
+++ b/private/property.te

@@ -47,7 +47,6 @@
 system_internal_prop(ctl_odsign_prop)
 system_internal_prop(virtualizationservice_prop)
 system_internal_prop(ctl_apex_load_prop)
-system_internal_prop(apex_ready_prop)
 
 # Properties which can't be written outside system
 system_restricted_prop(device_config_virtualization_framework_native_prop)
@@ -655,6 +654,7 @@
   -coredomain
   -dumpstate
   -apexd
+  -vendor_init
 } apex_ready_prop:file no_rw_file_perms;
 
 neverallow {
commit	cae2368d2d8626077ad909f0bd16c0880367486e	[log] [tgz]
author	Jooyung Han <jooyung@google.com>	Fri Sep 02 16:26:27 2022 +0900
committer	Jooyung Han <jooyung@google.com>	Fri Sep 02 18:11:33 2022 +0900
tree	7ba34aa1d3dca2cbd35020ddd9d52dfb87065a64
parent	ba80cd59a7faf34cd13769aa7bf6bf9618a69bd9 [diff] [blame]