Merge "Allow the remote provisioner app to set rkp_only properties"

private/init.te

@@ -105,9 +105,6 @@ neverallow { domain -init } property_service_version_prop:property_service set;
 # Only init can set keystore.boot_level
 neverallow { domain -init } keystore_listen_prop:property_service set;
 
-# Only init can set the ro.remote_provisioning.* props
-neverallow { domain -init } remote_prov_prop:property_service set;
-
 # Allow accessing /sys/kernel/tracing/instances/bootreceiver to set up tracing.
 allow init debugfs_bootreceiver_tracing:file w_file_perms;
 

private/property.te

@@ -615,6 +615,13 @@ neverallow {
 # Property types having both attributes won't be accessible from anywhere.
 neverallow domain system_and_vendor_property_type:{file property_service} *;
 
+neverallow {
+  # Only init and the remote provisioner can set the ro.remote_provisioning.* props
+  domain
+  -init
+  -remote_prov_app
+} remote_prov_prop:property_service set;
+
 neverallow {
   # Only allow init and shell to set rollback_test_prop
   domain

private/property_contexts

@@ -1256,9 +1256,9 @@ zygote.critical_window.minute u:object_r:zygote_config_prop:s0 exact int
 
 ro.zygote.disable_gl_preload u:object_r:zygote_config_prop:s0 exact bool
 
-# Store the URL that the provisioning code should point at.
-ro.remote_provisioning.strongbox.rkp_only u:object_r:remote_prov_prop:s0 exact bool
-ro.remote_provisioning.tee.rkp_only u:object_r:remote_prov_prop:s0 exact bool
+# Allows a device to run without batch attestation keys
+remote_provisioning.strongbox.rkp_only u:object_r:remote_prov_prop:s0 exact bool
+remote_provisioning.tee.rkp_only u:object_r:remote_prov_prop:s0 exact bool
 
 # Broadcast boot stages, which keystore listens to
 keystore.boot_level u:object_r:keystore_listen_prop:s0 exact int

private/remote_prov_app.te

@@ -4,7 +4,7 @@ typeattribute remote_prov_app coredomain;
 app_domain(remote_prov_app)
 net_domain(remote_prov_app)
 
-get_prop(remote_prov_app, remote_prov_prop)
+set_prop(remote_prov_app, remote_prov_prop)
 # The app needs access to properly build a DeviceInfo package for the verifying server
 get_prop(remote_prov_app, vendor_security_patch_level_prop)