Merge "Revert^2 "Add pm.archiving.enabled system property"" into main

prebuilts/api/202404/private/compat/34.0/34.0.ignore.cil

@@ -27,6 +27,7 @@
     virtual_camera_service
     ot_daemon_service
     ot_daemon_socket
+    pm_archiving_enabled_prop
     remote_auth_service
     security_state_service
     sensitive_content_protection_service

prebuilts/api/202404/private/priv_app.te

@@ -296,3 +296,6 @@ neverallow priv_app *:{
 
 # Allow priv apps to report off body events to keystore2.
 allow priv_app keystore:keystore2 report_off_body;
+
+# Allow priv_apps to check if archiving is enabled
+get_prop(priv_app, pm_archiving_enabled_prop)

prebuilts/api/202404/private/property.te

@@ -750,3 +750,10 @@ neverallow {
   -system_app
   -device_as_webcam
 } usb_uvc_enabled_prop:file no_rw_file_perms;
+
+neverallow {
+  domain
+  -init
+  -vendor_init
+} pm_archiving_enabled_prop:property_service set;
+

prebuilts/api/202404/private/property_contexts

@@ -1642,6 +1642,9 @@ sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop
 # Properties for game manager service
 persist.graphics.game_default_frame_rate.enabled  u:object_r:game_manager_config_prop:s0 exact bool
 
+# Properties for app archiving
+pm.archiving.enabled      u:object_r:pm_archiving_enabled_prop:s0 exact bool
+
 # Properties for ThreadNetworkService
 threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string
 

prebuilts/api/202404/private/system_app.te

@@ -174,6 +174,9 @@ get_prop(system_app, oem_unlock_prop)
 # Settings app reads ro.usb.uvc.enabled
 get_prop(system_app, usb_uvc_enabled_prop)
 
+# Settings and Launcher apps read pm.archiving.enabled
+get_prop(system_app, pm_archiving_enabled_prop)
+
 ###
 ### Neverallow rules
 ###

prebuilts/api/202404/private/system_server.te

@@ -1602,6 +1602,10 @@ neverallow {
   -system_server
 } threadnetwork_config_prop:file no_rw_file_perms;
 
+# Allow system server to read pm.archiving.enabled prop
+# TODO(azilio): Remove system property after archiving testing is completed.
+get_prop(system_server, pm_archiving_enabled_prop)
+
 # Do not allow any domain other than init or system server to get or set the property
 neverallow { domain -init -system_server } crashrecovery_prop:property_service set;
 neverallow { domain -init -dumpstate -system_server } crashrecovery_prop:file no_rw_file_perms;

prebuilts/api/202404/public/property.te

@@ -200,6 +200,7 @@ system_vendor_config_prop(dck_prop)
 system_vendor_config_prop(tuner_config_prop)
 system_vendor_config_prop(usb_uvc_enabled_prop)
 system_vendor_config_prop(setupwizard_mode_prop)
+system_vendor_config_prop(pm_archiving_enabled_prop)
 
 # Properties with no restrictions
 system_public_prop(adbd_config_prop)

private/compat/202404/202404.cil

@@ -813,6 +813,7 @@
 (expandtypeattribute (pipefs_202404) true)
 (expandtypeattribute (platform_app_202404) true)
 (expandtypeattribute (platform_compat_service_202404) true)
+(expandtypeattribute (pm_archiving_enabled_prop_202404) true)
 (expandtypeattribute (pmsg_device_202404) true)
 (expandtypeattribute (port_202404) true)
 (expandtypeattribute (port_device_202404) true)
@@ -2204,6 +2205,7 @@
 (typeattributeset pipefs_202404 (pipefs))
 (typeattributeset platform_app_202404 (platform_app))
 (typeattributeset platform_compat_service_202404 (platform_compat_service))
+(typeattributeset pm_archiving_enabled_prop_202404 (pm_archiving_enabled_prop))
 (typeattributeset pmsg_device_202404 (pmsg_device))
 (typeattributeset port_202404 (port))
 (typeattributeset port_device_202404 (port_device))

private/compat/34.0/34.0.ignore.cil

@@ -27,6 +27,7 @@
     virtual_camera_service
     ot_daemon_service
     ot_daemon_socket
+    pm_archiving_enabled_prop
     remote_auth_service
     security_state_service
     sensitive_content_protection_service

private/priv_app.te

@@ -293,3 +293,6 @@ neverallow priv_app *:{
   bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
   alg_socket nfc_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
 } *;
+
+# Allow priv_apps to check if archiving is enabled
+get_prop(priv_app, pm_archiving_enabled_prop)

private/property.te

@@ -798,3 +798,9 @@ neverallow {
   -system_app
   -device_as_webcam
 } usb_uvc_enabled_prop:file no_rw_file_perms;
+
+neverallow {
+  domain
+  -init
+  -vendor_init
+} pm_archiving_enabled_prop:property_service set;

private/property_contexts

@@ -1656,6 +1656,9 @@ sensors.aosp_low_power_sensor_fusion.maximum_rate u:object_r:sensors_config_prop
 # Properties for game manager service
 persist.graphics.game_default_frame_rate.enabled  u:object_r:game_manager_config_prop:s0 exact bool
 
+# Properties for app archiving
+pm.archiving.enabled      u:object_r:pm_archiving_enabled_prop:s0 exact bool
+
 # Properties for ThreadNetworkService
 threadnetwork.country_code u:object_r:threadnetwork_config_prop:s0 exact string
 

private/system_app.te

@@ -174,6 +174,9 @@ get_prop(system_app, oem_unlock_prop)
 # Settings app reads ro.usb.uvc.enabled
 get_prop(system_app, usb_uvc_enabled_prop)
 
+# Settings and Launcher apps read pm.archiving.enabled
+get_prop(system_app, pm_archiving_enabled_prop)
+
 # Settings app reads and writes the wifi blob database
 allow system_app connectivityblob_data_file:dir rw_dir_perms;
 allow system_app connectivityblob_data_file:file create_file_perms;

private/system_server.te

@@ -1629,6 +1629,10 @@ neverallow {
   -system_server
 } threadnetwork_config_prop:file no_rw_file_perms;
 
+# Allow system server to read pm.archiving.enabled prop
+# TODO(azilio): Remove system property after archiving testing is completed.
+get_prop(system_server, pm_archiving_enabled_prop)
+
 # Allow accessing /mnt/pre_reboot_dexopt/chroot, to load the new service-art.jar
 # in Pre-reboot Dexopt.
 allow system_server pre_reboot_dexopt_file:dir { getattr search };

public/property.te

@@ -202,6 +202,7 @@ system_vendor_config_prop(dck_prop)
 system_vendor_config_prop(tuner_config_prop)
 system_vendor_config_prop(usb_uvc_enabled_prop)
 system_vendor_config_prop(setupwizard_mode_prop)
+system_vendor_config_prop(pm_archiving_enabled_prop)
 
 # Properties with no restrictions
 system_public_prop(adbd_config_prop)