Define sepolicy for locale filter property
Bug: 154133013
Test: Manual
Change-Id: I28ae279e4fd47553fcf4ab9421944f552490b49f
diff --git a/private/coredomain.te b/private/coredomain.te
index 92efa47..6062bc0 100644
--- a/private/coredomain.te
+++ b/private/coredomain.te
@@ -7,6 +7,7 @@
get_prop(coredomain, hdmi_config_prop)
get_prop(coredomain, init_service_status_private_prop)
get_prop(coredomain, lmkd_config_prop)
+get_prop(coredomain, localization_prop)
get_prop(coredomain, pm_prop)
get_prop(coredomain, surfaceflinger_color_prop)
get_prop(coredomain, systemsound_config_prop)
diff --git a/private/property.te b/private/property.te
index 6f984ec..db43ae3 100644
--- a/private/property.te
+++ b/private/property.te
@@ -10,6 +10,7 @@
system_internal_prop(init_service_status_private_prop)
system_internal_prop(init_svc_debug_prop)
system_internal_prop(last_boot_reason_prop)
+system_internal_prop(localization_prop)
system_internal_prop(netd_stable_secret_prop)
system_internal_prop(pm_prop)
system_internal_prop(system_adbd_prop)
@@ -417,3 +418,9 @@
-coredomain
-vendor_init
} keyguard_config_prop:file no_rw_file_perms;
+
+neverallow {
+ -init
+} {
+ localization_prop
+}:property_service set;
diff --git a/private/property_contexts b/private/property_contexts
index 524cd05..9979fae 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -844,6 +844,9 @@
persist.dbg.vt_avail_ovr u:object_r:telephony_config_prop:s0 exact int
persist.dbg.wfc_avail_ovr u:object_r:telephony_config_prop:s0 exact int
+# System locale list filter configuration
+ro.localization.locale_filter u:object_r:localization_prop:s0 exact string
+
# Graphics related properties
ro.gfx.driver.0 u:object_r:graphics_config_prop:s0 exact string
ro.gfx.driver.1 u:object_r:graphics_config_prop:s0 exact string