Add setupwizard_esim_prop to access ro.setupwizard.esim_cid_ignore
bug: 279548423
Test: http://fusion2/b7c803be-2dca-4195-b91f-6c4939746b5b, http://fusion2/bb76429b-7d84-4e14-b127-8458abb3e2ed
Ignore-AOSP-First: will merge in AOSP aosp/2571810
Change-Id: I4b190fca2f3825a09d27cfc74e8a528831f4f15b
diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index 3bfdcc8..a663761 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -59,6 +59,7 @@
remote_provisioning_service
rkpdapp
servicemanager_prop
+ setupwizard_esim_prop
shutdown_checkpoints_system_data_file
stats_config_data_file
sysfs_fs_fuse_features
diff --git a/private/property.te b/private/property.te
index 35f9bc7..928f86c 100644
--- a/private/property.te
+++ b/private/property.te
@@ -598,6 +598,10 @@
-init
} setupwizard_prop:property_service set;
+neverallow {
+ domain
+ -init
+} setupwizard_esim_prop:property_service set;
# ro.product.property_source_order is useless after initialization of ro.product.* props.
# So making it accessible only from init and vendor_init.
neverallow {
diff --git a/private/property_contexts b/private/property_contexts
index 4fb5ee0..d7523c6 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1446,8 +1446,8 @@
partition.vendor.verified.root_digest u:object_r:verity_status_prop:s0 exact string
partition.odm.verified.root_digest u:object_r:verity_status_prop:s0 exact string
+ro.setupwizard.esim_cid_ignore u:object_r:setupwizard_esim_prop:s0 exact string
ro.setupwizard.enterprise_mode u:object_r:setupwizard_prop:s0 exact bool
-ro.setupwizard.esim_cid_ignore u:object_r:setupwizard_prop:s0 exact string
ro.setupwizard.rotation_locked u:object_r:setupwizard_prop:s0 exact bool
ro.setupwizard.wifi_on_exit u:object_r:setupwizard_prop:s0 exact bool