sepolicy: add rules for bionic.linker.16kb.app_compat.enabled This property serves as the global toggle for 16kb app compat. It must be world readable since the linker is executed in the context of the process requesting the dynamic linking. Currently, only init and root shell are allowed to set the property. This may be modified later to also allow toggling from the settings app. Bug: 339709616 Test: m Change-Id: Ie0fd4132477460d88c3cf2f09aa59084f54cfea7 Signed-off-by: Kalesh Singh <kaleshsingh@google.com>

commit: f3fb64a8636226f3a8da2e5b8616f773b6319ea2 [log] [tgz]
author: Kalesh Singh <kaleshsingh@google.com> Wed Aug 28 16:53:37 2024 +0000
committer: Kalesh Singh <kaleshsingh@google.com> Thu Aug 29 15:59:33 2024 +0000
tree: bbbde2c03a8187e8b4841b988f7e2392269e7094
parent: 686ddaf5bd9a3066c5af0f4f067a885a6a5e8319 [diff] [blame]
diff --git a/private/property.te b/private/property.te
index 1f94608..7c2d6d1 100644
--- a/private/property.te
+++ b/private/property.te

@@ -71,6 +71,7 @@
 
 
 # Properties which can't be written outside system
+system_restricted_prop(bionic_linker_16kb_app_compat_prop)
 system_restricted_prop(device_config_virtualization_framework_native_prop)
 system_restricted_prop(fstype_prop)
 system_restricted_prop(log_file_logger_prop)
@@ -834,3 +835,9 @@
   -init
   -vendor_init
 } pm_archiving_enabled_prop:property_service set;
+
+neverallow {
+  domain
+  -init
+  userdebug_or_eng(`-su')
+} bionic_linker_16kb_app_compat_prop:property_service set;
commit	f3fb64a8636226f3a8da2e5b8616f773b6319ea2	[log] [tgz]
author	Kalesh Singh <kaleshsingh@google.com>	Wed Aug 28 16:53:37 2024 +0000
committer	Kalesh Singh <kaleshsingh@google.com>	Thu Aug 29 15:59:33 2024 +0000
tree	bbbde2c03a8187e8b4841b988f7e2392269e7094
parent	686ddaf5bd9a3066c5af0f4f067a885a6a5e8319 [diff] [blame]