From 0d7f2a8c0199fd20d625c179199b065523e737cb Mon Sep 17 00:00:00 2001
From: Nikita Ioffe <ioffe@google.com>
Date: Fri, 2 Oct 2020 18:06:37 +0100
Subject: [PATCH] Allow apexd to read ro.cold_boot_done prop

Test: presubmit
Bug: 169092045
Change-Id: Iae8d7ae80cba3bdda1ff113b623862a03d05f515
---
 private/apexd.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/private/apexd.te b/private/apexd.te
index 7fc11836a..417504b34 100644
--- a/private/apexd.te
+++ b/private/apexd.te
@@ -146,6 +146,10 @@ allow apexd file_contexts_file:file r_file_perms;
 # Allow apexd to execute toybox for snapshot & restore
 allow apexd toolbox_exec:file rx_file_perms;
 
+# Allow apexd to read ro.cold_boot_done prop.
+# apexd uses it to decide whether it needs to keep retrying polling for loop device.
+get_prop(apexd, cold_boot_done_prop)
+
 neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;