Merge "Add property for MTE permissive mode."

private/compat/33.0/33.0.ignore.cil

@@ -7,6 +7,7 @@
   ( new_objects
     device_config_vendor_system_native_prop
     hal_bootctl_service
+    permissive_mte_prop
     system_net_netd_service
     virtual_face_hal_prop
     virtual_fingerprint_hal_prop

private/domain.te

@@ -77,6 +77,9 @@ get_prop(domain, module_sdkextensions_prop)
 # Read access to bq configuration values
 get_prop(domain, bq_config_prop);
 
+# Allow all domains to check whether MTE is set to permissive mode.
+get_prop(domain, permissive_mte_prop);
+
 # For now, everyone can access core property files
 # Device specific properties are not granted by default
 not_compatible_property(`

private/property_contexts

@@ -742,6 +742,7 @@ net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
 
 persist.sys.locale       u:object_r:exported_system_prop:s0 exact string
 persist.sys.timezone     u:object_r:exported_system_prop:s0 exact string
+persist.sys.mte.permissive u:object_r:permissive_mte_prop:s0 exact string
 persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
 
 ro.arch u:object_r:build_prop:s0 exact string

private/su.te

@@ -27,4 +27,6 @@ userdebug_or_eng(`
   # Do not audit accesses to keystore2 namespace for the su domain.
   dontaudit su keystore2_key_type:{ keystore2 keystore2_key } *;
 
+  # Allow root to set MTE permissive mode.
+  set_prop(su, permissive_mte_prop);
 ')

public/property.te

@@ -212,6 +212,7 @@ system_public_prop(log_tag_prop)
 system_public_prop(lowpan_prop)
 system_public_prop(nfc_prop)
 system_public_prop(ota_prop)
+system_public_prop(permissive_mte_prop)
 system_public_prop(powerctl_prop)
 system_public_prop(qemu_hw_prop)
 system_public_prop(qemu_sf_lcd_density_prop)