Allow apps to read system_user_mode_emulation_prop.

As it's used by UserManager...

Test: sesearch --allow -s appdomain -t system_user_mode_emulation_prop $ANDROID_PRODUCT_OUT/vendor/etc/selinux/precompiled_sepolicy
Bug: 226643927

Change-Id: I1134a9e0b8ae758e3ebef054b96f9e3237a2401f
This commit is contained in:
Felipe Leme 2022-04-21 17:49:05 -07:00
parent 800e948e61
commit b85242c00f
4 changed files with 5 additions and 2 deletions

View file

@ -73,6 +73,9 @@ get_prop(appdomain, camera_calibration_prop)
# Allow to read db.log.detailed, db.log.slow_query_threshold*
get_prop(appdomain, sqlite_log_prop)
# Allow to read system_user_mode_emulation_prop, which is used by UserManager.java
userdebug_or_eng(`get_prop(appdomain, system_user_mode_emulation_prop)')
# Allow font file read by apps.
allow appdomain font_data_file:file r_file_perms;
allow appdomain font_data_file:dir r_dir_perms;

View file

@ -69,6 +69,7 @@
sysfs_gpu
sysfs_lru_gen_enabled
system_dlkm_file
system_user_mode_emulation_prop
tare_service
tv_iapp_service
untrusted_app_30

View file

@ -49,7 +49,6 @@ system_internal_prop(virtualizationservice_prop)
# Properties which can't be written outside system
system_restricted_prop(device_config_vendor_system_native_prop)
system_restricted_prop(device_config_virtualization_framework_native_prop)
system_restricted_prop(system_user_mode_emulation_prop)
###
### Neverallow rules
@ -122,7 +121,6 @@ neverallow * {
-restorecon_prop
-shell_prop
-system_prop
-system_user_mode_emulation_prop
-usb_prop
-vold_prop
}:file no_rw_file_perms;

View file

@ -218,6 +218,7 @@ system_public_prop(radio_prop)
system_public_prop(serialno_prop)
system_public_prop(surfaceflinger_color_prop)
system_public_prop(system_prop)
system_public_prop(system_user_mode_emulation_prop)
system_public_prop(telephony_status_prop)
system_public_prop(usb_control_prop)
system_public_prop(vold_post_fs_data_prop)