e822545909
Add a domain for derive_sdk which is allowed to set persist.com.android.sdkext.sdk_info, readable by all apps (but should only be read by the BCP). Bug: 137191822 Test: run derive_sdk, getprop persist.com.android.sdkext.sdk_info Change-Id: I389116f45faad11fa5baa8d617dda30fb9acec7a
12 lines
408 B
Text
12 lines
408 B
Text
|
|
# Domain for derive_sdk
|
|
type derive_sdk, domain, coredomain;
|
|
type derive_sdk_exec, system_file_type, exec_type, file_type;
|
|
init_daemon_domain(derive_sdk)
|
|
|
|
# Read /apex
|
|
allow derive_sdk apex_mnt_dir:dir r_dir_perms;
|
|
|
|
# Prop rules: writable by derive_sdk, readable by bootclasspath (apps)
|
|
set_prop(derive_sdk, module_sdkext_prop)
|
|
neverallow {domain -init -derive_sdk} module_sdkext_prop:property_service set;
|