Merge "Revert "Revert "Adds a new prop context for choosing between mul..."" am: 0dd5118c74 am: a8570d7e9c am: 8d50c9d1a9

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1894203

Change-Id: I7291a7bf46690584bba8a0963399423e51947eee

private/apexd.te

@@ -155,6 +155,10 @@ get_prop(apexd, cold_boot_done_prop)
 # Allow apexd to read per-device configuration properties.
 get_prop(apexd, apexd_config_prop)
 
+# Allow apexd to read apex selection properties.
+# These are used to choose between multi-installed APEXes at activation time.
+get_prop(apexd, apexd_select_prop)
+
 neverallow { domain -apexd -init } apex_data_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init } apex_metadata_file:dir no_w_dir_perms;
 neverallow { domain -apexd -init -kernel } apex_data_file:file no_w_file_perms;

private/compat/31.0/31.0.ignore.cil

@@ -5,6 +5,7 @@
 (typeattribute new_objects)
 (typeattributeset new_objects
   ( new_objects
+    apexd_select_prop
     artd_service
     attestation_verification_service
     camera2_extensions_prop

private/property_contexts

@@ -265,6 +265,8 @@ apexd.                  u:object_r:apexd_prop:s0
 apexd.config.dm_delete.timeout           u:object_r:apexd_config_prop:s0 exact uint
 apexd.config.dm_create.timeout           u:object_r:apexd_config_prop:s0 exact uint
 persist.apexd.          u:object_r:apexd_prop:s0
+persist.vendor.apex.    u:object_r:apexd_select_prop:s0
+ro.boot.vendor.apex.    u:object_r:apexd_select_prop:s0
 
 bpf.progs_loaded        u:object_r:bpf_progs_loaded_prop:s0
 

public/property.te

@@ -115,6 +115,7 @@ compatible_property_only(`
 
 # Properties which can be written only by vendor_init
 system_vendor_config_prop(apexd_config_prop)
+system_vendor_config_prop(apexd_select_prop)
 system_vendor_config_prop(aaudio_config_prop)
 system_vendor_config_prop(apk_verity_prop)
 system_vendor_config_prop(audio_config_prop)