commit 04f435ca525d70464fc7924ca728cf6e243dbf02
author Inseob Kim <inseob@google.com> Tue Jul 07 12:46:24 2020 +0900
committer Inseob Kim <inseob@google.com> Tue Jul 07 12:46:24 2020 +0900
tree 0054a5cb899f4e9218eb74010ae0579b7c657a6b
parent 66158f98174d29caddb95092ead3144cd9b9b522

Add keyguard_config_prop for keyguard property

keyguard.no_require_sim becomes keyguard_config_prop to remove
exported*_default_prop

Bug: 155844385
Test: boot and see no denials
Change-Id: Icffa88b650a1d35d8c1cd29f89daf0644a79ddd3

private/compat/27.0/27.0.ignore.cil

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 59b93da..a42538f 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -111,6 +111,7 @@
     iorapd_exec
     iorapd_service
     iorapd_tmpfs
+    keyguard_config_prop
     last_boot_reason_prop
     libc_debug_prop
     llkd

private/compat/30.0/30.0.cil

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 4c2a7a2..c99cecd 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -1361,6 +1361,7 @@
     camera_config_prop
     drm_service_config_prop
     hdmi_config_prop
+    keyguard_config_prop
     lmkd_config_prop
     media_config_prop
     mediadrm_config_prop

private/platform_app.te

diff --git a/private/platform_app.te b/private/platform_app.te
index ba6de5b..8163d15 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -87,6 +87,9 @@
 # allow platform apps to connect to the property service
 set_prop(platform_app, test_boot_reason_prop)
 
+# allow platform apps to read keyguard.no_require_sim
+get_prop(platform_app, keyguard_config_prop)
+
 # allow platform apps to create symbolic link
 allow platform_app app_data_file:lnk_file create_file_perms;
 

private/property.te

diff --git a/private/property.te b/private/property.te
index 77d3dff..6f984ec 100644
--- a/private/property.te
+++ b/private/property.te
@@ -412,3 +412,8 @@
   -appdomain
   -vendor_init
 } packagemanager_config_prop:file no_rw_file_perms;
+
+neverallow {
+  -coredomain
+  -vendor_init
+} keyguard_config_prop:file no_rw_file_perms;

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index d56c89c..ae55b31 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -342,7 +342,7 @@
 
 persist.sys.dalvik.vm.lib.2 u:object_r:dalvik_runtime_prop:s0 exact string
 
-keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
+keyguard.no_require_sim u:object_r:keyguard_config_prop:s0 exact bool
 
 media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
 

public/property.te

diff --git a/public/property.te b/public/property.te
index aeb83f6..4d002a6 100644
--- a/public/property.te
+++ b/public/property.te
@@ -119,6 +119,7 @@
 system_vendor_config_prop(graphics_config_prop)
 system_vendor_config_prop(hdmi_config_prop)
 system_vendor_config_prop(incremental_prop)
+system_vendor_config_prop(keyguard_config_prop)
 system_vendor_config_prop(lmkd_config_prop)
 system_vendor_config_prop(media_config_prop)
 system_vendor_config_prop(media_variant_prop)