diff --git a/private/property_contexts b/private/property_contexts index df8222313..51b9ff8c6 100644 --- a/private/property_contexts +++ b/private/property_contexts @@ -56,6 +56,8 @@ persist.sys.audit_safemode u:object_r:safemode_prop:s0 persist.service. u:object_r:system_prop:s0 persist.service.bdroid. u:object_r:bluetooth_prop:s0 persist.security. u:object_r:system_prop:s0 +persist.vendor.overlay. u:object_r:overlay_prop:s0 +ro.boot.vendor.overlay. u:object_r:overlay_prop:s0 # Boolean property set by system server upon boot indicating # if device owner is provisioned. diff --git a/public/property.te b/public/property.te index 379320fd1..26b6a7ec7 100644 --- a/public/property.te +++ b/public/property.te @@ -41,5 +41,6 @@ type config_prop, property_type, core_property_type; type device_logging_prop, property_type; type safemode_prop, property_type; type hwservicemanager_prop, property_type; +type overlay_prop, property_type; allow property_type tmpfs:filesystem associate; diff --git a/public/system_server.te b/public/system_server.te index 275ee712f..c58c50496 100644 --- a/public/system_server.te +++ b/public/system_server.te @@ -357,6 +357,7 @@ set_prop(system_server, fingerprint_prop) set_prop(system_server, device_logging_prop) set_prop(system_server, wifi_prop) set_prop(system_server, dumpstate_options_prop) +set_prop(system_server, overlay_prop) userdebug_or_eng(`set_prop(system_server, wifi_log_prop)') # ctl interface diff --git a/public/zygote.te b/public/zygote.te index bb411e82b..08e6e3c1b 100644 --- a/public/zygote.te +++ b/public/zygote.te @@ -88,6 +88,9 @@ userdebug_or_eng(` allow zygote ion_device:chr_file r_file_perms; allow zygote tmpfs:dir r_dir_perms; +# Let the zygote access overlays so it can initialize the AssetManager +get_prop(zygote, overlay_prop) + ### ### neverallow rules ###