Merge "Allow people service to publish apis"
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index a566eaa..202baaf 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -33,6 +33,7 @@
bluetooth_a2dp_offload_prop
bpfloader
bpfloader_exec
+ build_bootimage_prop
build_odm_prop
build_prop
build_vendor_prop
diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 52e212d..d46cd15 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1403,6 +1403,7 @@
(typeattributeset exported_default_prop_30_0
( exported_default_prop
aaudio_config_prop
+ build_bootimage_prop
build_odm_prop
build_vendor_prop
surfaceflinger_prop
diff --git a/private/file_contexts b/private/file_contexts
index e59ff51..c228b37 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -30,6 +30,7 @@
/postinstall u:object_r:postinstall_mnt_dir:s0
/postinstall/apex u:object_r:postinstall_apex_mnt_dir:s0
/proc u:object_r:rootfs:s0
+/second_stage_resources u:object_r:tmpfs:s0
/sys u:object_r:sysfs:s0
/apex u:object_r:apex_mnt_dir:s0
diff --git a/private/property_contexts b/private/property_contexts
index 0316161..361db3e 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -663,6 +663,13 @@
ro.vendor.build.version.incremental u:object_r:build_vendor_prop:s0 exact string
ro.vendor.build.version.sdk u:object_r:build_vendor_prop:s0 exact int
+# Boot image build props set by /{second_stage_resources/,}boot/etc/build.prop
+ro.bootimage.build.date u:object_r:build_bootimage_prop:s0 exact string
+ro.bootimage.build.date.utc u:object_r:build_bootimage_prop:s0 exact int
+ro.bootimage.build.fingerprint u:object_r:build_bootimage_prop:s0 exact string
+ro.bootimage.build.version.incremental u:object_r:build_bootimage_prop:s0 exact string
+ro.bootimage.build.version.sdk u:object_r:build_bootimage_prop:s0 exact int
+
ro.product.board u:object_r:build_vendor_prop:s0 exact string
ro.product.first_api_level u:object_r:build_vendor_prop:s0 exact int
ro.product.vendor.brand u:object_r:build_vendor_prop:s0 exact string
diff --git a/private/shell.te b/private/shell.te
index cea5301..f40f89d 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -145,6 +145,9 @@
# Allow reading the outcome of perf_event_open LSM support test for CTS.
get_prop(shell, init_perf_lsm_hooks_prop)
+# Allow shell to read boot image timestamps and fingerprints.
+get_prop(shell, build_bootimage_prop)
+
userdebug_or_eng(`set_prop(shell, persist_debug_prop)')
# Allow to issue control commands to profcollectd binder service.
diff --git a/public/property.te b/public/property.te
index 8b18a8b..2849160 100644
--- a/public/property.te
+++ b/public/property.te
@@ -62,6 +62,7 @@
system_restricted_prop(bootloader_prop)
system_restricted_prop(boottime_public_prop)
system_restricted_prop(bq_config_prop)
+system_restricted_prop(build_bootimage_prop)
system_restricted_prop(build_prop)
system_restricted_prop(charger_status_prop)
system_restricted_prop(fingerprint_prop)
diff --git a/public/update_engine_common.te b/public/update_engine_common.te
index d332771..d110238 100644
--- a/public/update_engine_common.te
+++ b/public/update_engine_common.te
@@ -82,6 +82,7 @@
# Allow to read GKI related flags.
get_prop(update_engine_common, ab_update_gki_prop)
+get_prop(update_engine_common, build_bootimage_prop)
# Allow to read/write/create OTA metadata files for snapshot status and COW file status.
allow update_engine_common metadata_file:dir search;