Add sepolicy for sdkext module prop Add a domain for derive_sdk which is allowed to set persist.com.android.sdkext.sdk_info, readable by all apps (but should only be read by the BCP). Bug: 137191822 Test: run derive_sdk, getprop persist.com.android.sdkext.sdk_info Change-Id: I389116f45faad11fa5baa8d617dda30fb9acec7a

commit: e82254590982037ccfcda9a1a6bb13dc7679cc28 [log] [tgz]
author: Anton Hansson <hansson@google.com> Mon Nov 25 13:10:10 2019 +0000
committer: Anton Hansson <hansson@google.com> Thu Dec 05 14:11:50 2019 +0000
tree: b52c6824a798315ab194fbc866a12cfee49fba4a
parent: fe55f30397da4f928672e0c39b4dc813b818a010 [diff] [blame]
diff --git a/apex/com.android.sdkext-file_contexts b/apex/com.android.sdkext-file_contexts
index f3a65d4..2d59dda 100644
--- a/apex/com.android.sdkext-file_contexts
+++ b/apex/com.android.sdkext-file_contexts

@@ -1 +1,2 @@
 (/.*)?                u:object_r:system_file:s0
+/bin/derive_sdk       u:object_r:derive_sdk_exec:s0
commit	e82254590982037ccfcda9a1a6bb13dc7679cc28	[log] [tgz]
author	Anton Hansson <hansson@google.com>	Mon Nov 25 13:10:10 2019 +0000
committer	Anton Hansson <hansson@google.com>	Thu Dec 05 14:11:50 2019 +0000
tree	b52c6824a798315ab194fbc866a12cfee49fba4a
parent	fe55f30397da4f928672e0c39b4dc813b818a010 [diff] [blame]