commit cb23ab4618166a41b1c35f8ca67db73fe7be7480
author Yifan Hong <elsk@google.com> Mon Sep 21 20:04:00 2020 -0700
committer Yifan Hong <elsk@google.com> Tue Sep 22 14:09:49 2020 -0700
tree d80e1bdc70e5c4c9b243c44324264ac9aee299d6
parent 5f8de11daea087993bfcd5d61411ccad21e88966

Add gki.prevent_downgrade_*

Add ro.build.ab_update.gki.prevent_downgrade_{version,spl} for
update_engine to determine whether downgrade in kernel version or SPL is
considered an error or not.

Bug: 162623577
Test: update_engine_unittest
Test: apply OTA

Change-Id: If602924d50a2d5cfb3c256b82491c413a9d39f9d

private/compat/30.0/30.0.ignore.cil

diff --git a/private/compat/30.0/30.0.ignore.cil b/private/compat/30.0/30.0.ignore.cil
index 690350c..a63a50e 100644
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    ab_update_gki_prop
     adbd_config_prop
     apex_info_file
     debugfs_kprobes

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 3d02e97..b9f252b 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -703,7 +703,11 @@
 
 ro.boringcrypto.hwrand u:object_r:exported_default_prop:s0 exact bool
 
-ro.build.ab_update         u:object_r:exported_default_prop:s0 exact string
+# Update related props
+ro.build.ab_update                                u:object_r:exported_default_prop:s0 exact string
+ro.build.ab_update.gki.prevent_downgrade_version  u:object_r:ab_update_gki_prop:s0 exact bool
+ro.build.ab_update.gki.prevent_downgrade_spl      u:object_r:ab_update_gki_prop:s0 exact bool
+
 ro.build.expect.baseband   u:object_r:exported_default_prop:s0 exact string
 ro.build.expect.bootloader u:object_r:exported_default_prop:s0 exact string
 

public/property.te

diff --git a/public/property.te b/public/property.te
index 34ed999..c93621a 100644
--- a/public/property.te
+++ b/public/property.te
@@ -76,6 +76,7 @@
 system_restricted_prop(socket_hook_prop)
 system_restricted_prop(system_boot_reason_prop)
 system_restricted_prop(system_jvmti_agent_prop)
+system_restricted_prop(ab_update_gki_prop)
 system_restricted_prop(usb_prop)
 system_restricted_prop(userspace_reboot_exported_prop)
 system_restricted_prop(vold_status_prop)

public/update_engine_common.te

diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index 57d8e7e..d332771 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -80,6 +80,9 @@
 # Allow to read Virtual A/B feature flags.
 get_prop(update_engine_common, virtual_ab_prop)
 
+# Allow to read GKI related flags.
+get_prop(update_engine_common, ab_update_gki_prop)
+
 # Allow to read/write/create OTA metadata files for snapshot status and COW file status.
 allow update_engine_common metadata_file:dir search;
 allow update_engine_common ota_metadata_file:dir rw_dir_perms;