From 809eb755537ef21ae3c5b3a622c59a5855e3e028 Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Thu, 4 Feb 2021 16:20:11 -0800
Subject: [PATCH] Allow CTS DeviceInfo to read VAB prop.

Test: adb shell am instrument -w \
  com.android.compatibility.common.deviceinfo/androidx.test.runner.AndroidJUnitRunner
Fixes: 179427873
Change-Id: I1dd2c480408b7695ab0285645de5b06b8b6137c5
---
 private/app.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/private/app.te b/private/app.te
index c635aed6b..710b94d0a 100644
--- a/private/app.te
+++ b/private/app.te
@@ -71,6 +71,9 @@ allow appdomain font_data_file:dir r_dir_perms;
 allow appdomain { apex_art_data_file apex_module_data_file }:dir search;
 allow appdomain apex_art_data_file:file r_file_perms;
 
+# Allow APFE device info to read Virtual A/B props.
+get_prop(appdomain, virtual_ab_prop)
+
 # Sensitive app domains are not allowed to execute from /data
 # to prevent persistence attacks and ensure all code is executed
 # from read-only locations.
@@ -88,3 +91,4 @@ neverallow {
   -system_data_file # shared libs in apks
   -apk_data_file
 }:file no_x_file_perms;
+