Merge "Making sys.boot.reason.last restricted" into android14-tests-dev

prebuilts/api/34.0/private/bootstat.te

@@ -17,6 +17,7 @@ neverallow {
   -dumpstate
   userdebug_or_eng(`-incidentd')
   -init
+  -platform_app
   -recovery
   -shell
   -system_server

prebuilts/api/34.0/private/platform_app.te

@@ -113,6 +113,9 @@ get_prop(platform_app, keyguard_config_prop)
 # allow platform apps to read qemu.hw.mainkeys
 get_prop(platform_app, qemu_hw_prop)
 
+# allow platform apps to read sys.boot.reason.last
+get_prop(platform_app, last_boot_reason_prop)
+
 # allow platform apps to create symbolic link
 allow platform_app app_data_file:lnk_file create_file_perms;
 

private/bootstat.te

@@ -17,6 +17,7 @@ neverallow {
   -dumpstate
   userdebug_or_eng(`-incidentd')
   -init
+  -platform_app
   -recovery
   -shell
   -system_server

private/platform_app.te

@@ -113,6 +113,9 @@ get_prop(platform_app, keyguard_config_prop)
 # allow platform apps to read qemu.hw.mainkeys
 get_prop(platform_app, qemu_hw_prop)
 
+# allow platform apps to read sys.boot.reason.last
+get_prop(platform_app, last_boot_reason_prop)
+
 # allow platform apps to create symbolic link
 allow platform_app app_data_file:lnk_file create_file_perms;