Modifed sepolicy for new apex ready prop

Bug: 232172382
Test: atest ApexTestCases
Change-Id: I2947b2c9b1d983bdbc410e67509508f73efff1f4

private/apexd.te

@@ -209,3 +209,6 @@ allow apexd proc_filesystems:file r_file_perms;
 
 # Allow calling derive_classpath to gather BCP information for staged sessions
 domain_auto_trans(apexd, derive_classpath_exec, apexd_derive_classpath);
+
+# Allow set apex ready property
+set_prop(apexd, apex_ready_prop)

private/coredomain.te

@@ -1,3 +1,4 @@
+get_prop(coredomain, apex_ready_prop)
 get_prop(coredomain, boot_status_prop)
 get_prop(coredomain, camera_config_prop)
 get_prop(coredomain, dalvik_config_prop)

private/property.te

@@ -46,6 +46,7 @@ system_internal_prop(ctl_mediatranscoding_prop)
 system_internal_prop(ctl_odsign_prop)
 system_internal_prop(virtualizationservice_prop)
 system_internal_prop(ctl_apex_load_prop)
+system_internal_prop(apex_ready_prop)
 
 # Properties which can't be written outside system
 system_restricted_prop(device_config_virtualization_framework_native_prop)
@@ -642,6 +643,19 @@ neverallow {
   -apexd
 } ctl_apex_load_prop:file no_rw_file_perms;
 
+neverallow {
+  domain
+  -init
+  -apexd
+} apex_ready_prop:property_service set;
+
+neverallow {
+  domain
+  -coredomain
+  -dumpstate
+  -apexd
+} apex_ready_prop:file no_rw_file_perms;
+
 neverallow {
   # Only allow init and profcollectd to access profcollectd_node_id_prop
   domain

private/property_contexts

@@ -284,6 +284,9 @@ persist.apexd.          u:object_r:apexd_prop:s0
 persist.vendor.apex.    u:object_r:apexd_select_prop:s0
 ro.boot.vendor.apex.    u:object_r:apexd_select_prop:s0
 
+# Property that indicates if an apex is ready: apex.<apex-name>.ready
+apex.                   u:object_r:apex_ready_prop:s0 prefix bool
+
 bpf.progs_loaded        u:object_r:bpf_progs_loaded_prop:s0 exact bool
 
 gsid.                   u:object_r:gsid_prop:s0