Merge "Add sdcardfs variable to storage_config_props"

private/app.te

@@ -35,3 +35,6 @@ neverallow { appdomain -shell userdebug_or_eng(`-su') }
     { domain -appdomain -crash_dump -rs }:process { transition };
 neverallow { appdomain -shell userdebug_or_eng(`-su') }
     { domain -appdomain }:process { dyntransition };
+
+# Don't allow regular apps access to storage configuration properties.
+neverallow { appdomain -mediaprovider_app } storage_config_prop:file no_rw_file_perms;

private/mediaprovider_app.te

@@ -43,3 +43,6 @@ allowxperm mediaprovider_app media_rw_data_file:{ dir file } ioctl {
 allow mediaprovider_app { mnt_media_rw_file }:dir search;
 
 allow mediaprovider_app proc_filesystems:file r_file_perms;
+
+#Allow MediaProvider to see if sdcardfs is in use
+get_prop(mediaprovider_app, storage_config_prop)

private/property_contexts

@@ -419,6 +419,7 @@ ro.dalvik.vm.native.bridge u:object_r:dalvik_config_prop:s0 exact string
 
 external_storage.projid.enabled   u:object_r:storage_config_prop:s0 exact bool
 external_storage.casefold.enabled u:object_r:storage_config_prop:s0 exact bool
+external_storage.sdcardfs.enabled u:object_r:storage_config_prop:s0 exact bool
 
 ro.enable_boot_charger_mode u:object_r:exported3_default_prop:s0 exact bool
 

public/app.te

@@ -568,9 +568,6 @@ neverallow {
   -system_app
 } { bluetooth_audio_hal_prop bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
 
-# Don't allow apps access to storage configuration properties.
-neverallow appdomain storage_config_prop:file no_rw_file_perms;
-
 # Apps cannot access proc_uid_time_in_state
 neverallow appdomain proc_uid_time_in_state:file *;