Allow apexd to read ro.cold_boot_done prop

Test: presubmit Bug: 169092045 Change-Id: Iae8d7ae80cba3bdda1ff113b623862a03d05f515
2020-10-02 18:06:37 +01:00 · 2020-10-02 18:06:37 +01:00 · 0d7f2a8c01
commit 0d7f2a8c01
parent 1e6e2b135f
1 changed files with 4 additions and 0 deletions
--- a/private/apexd.te
+++ b/private/apexd.te
@ -146,6 +146,10 @@ allow apexd file_contexts_file:file r_file_perms;
 # Allow apexd to execute toybox for snapshot & restore
 allow apexd toolbox_exec:file rx_file_perms;

+# Allow apexd to read ro.cold_boot_done prop.
+# apexd uses it to decide whether it needs to keep retrying polling for loop device.
+get_prop(apexd, cold_boot_done_prop)
+
 neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;