commit 584a862df6cab610d10e32c3e795b8152ce07abd
author Alexander Roederer <aroederer@google.com> Wed May 31 21:25:50 2023 +0000
committer Alexander Roederer <aroederer@google.com> Wed Jun 07 22:31:00 2023 +0000
tree 16da380d06cf5c471985aca74a0e1000d71889d1
parent 394de71b25cec7bd5641b066b9f9a76c08447869

persist.sysui.notification.ranking_update_ashmem

Adds persist.syui.notification.ranking_update_ashmem property and
associated permissions, which will be used to flag guard a change in
core/...NotificationRankingUpdate.java.

Permissions are limited in scope to avoid unnecessary access.
Apps may need to read the flag (because NotificationRankingUpdate.java
is a core library), but setting should only be possible internally (and
via debug shell).

Test: manual flash+adb setprop/getprop
Bug: 249848655
Change-Id: I661644893714661d8c8b5553c943fa17d08c000c

private/app.te

diff --git a/private/app.te b/private/app.te
index 754c802..3f8560a 100644
--- a/private/app.te
+++ b/private/app.te
@@ -47,6 +47,7 @@
 get_prop(appdomain, dck_prop)
 get_prop(appdomain, persist_wm_debug_prop)
 get_prop(appdomain, persist_sysui_builder_extras_prop)
+get_prop(appdomain, persist_sysui_ranking_update_prop)
 
 # Allow the heap dump ART plugin to the count of sessions waiting for OOME
 get_prop(appdomain, traced_oome_heap_session_count_prop)

private/compat/33.0/33.0.ignore.cil

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index c73eefa..d84d8ea 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil
@@ -57,6 +57,7 @@
     ota_build_prop
     permissive_mte_prop
     persist_sysui_builder_extras_prop
+    persist_sysui_ranking_update_prop
     prng_seeder
     recovery_usb_config_prop
     remote_provisioning_service

private/platform_app.te

diff --git a/private/platform_app.te b/private/platform_app.te
index 6d49502..1bd0020 100644
--- a/private/platform_app.te
+++ b/private/platform_app.te
@@ -48,6 +48,9 @@
 userdebug_or_eng(`
   set_prop(platform_app, persist_sysui_builder_extras_prop)
 ')
+userdebug_or_eng(`
+  set_prop(platform_app, persist_sysui_ranking_update_prop)
+')
 
 # com.android.captiveportallogin reads /proc/vmstat
 allow platform_app {

private/property.te

diff --git a/private/property.te b/private/property.te
index 35f9bc7..66c9cea 100644
--- a/private/property.te
+++ b/private/property.te
@@ -55,6 +55,7 @@
 system_restricted_prop(device_config_virtualization_framework_native_prop)
 system_restricted_prop(log_file_logger_prop)
 system_restricted_prop(persist_sysui_builder_extras_prop)
+system_restricted_prop(persist_sysui_ranking_update_prop)
 
 ###
 ### Neverallow rules

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index 2399163..19bd51a 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -1562,4 +1562,5 @@
 ro.usb.uvc.enabled      u:object_r:usb_uvc_enabled_prop:s0 exact bool
 
 # System UI notification properties
+persist.sysui.notification.ranking_update_ashmem u:object_r:persist_sysui_ranking_update_prop:s0 exact bool
 persist.sysui.notification.builder_extras_override u:object_r:persist_sysui_builder_extras_prop:s0 exact bool

private/shell.te

diff --git a/private/shell.te b/private/shell.te
index 85d09f9..38ef373 100644
--- a/private/shell.te
+++ b/private/shell.te
@@ -246,4 +246,6 @@
 
 # Allow shell to set persist.sysui.notification.builder_extras_override property
 userdebug_or_eng(`set_prop(shell, persist_sysui_builder_extras_prop)')
+# Allow shell to set persist.sysui.notification.ranking_update_ashmem property
+userdebug_or_eng(`set_prop(shell, persist_sysui_ranking_update_prop)')
 

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 4356c26..d30f657 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -842,6 +842,8 @@
 
 # Read persist.sysui.notification.builder_extras_override property
 get_prop(system_server, persist_sysui_builder_extras_prop)
+# Read persist.sysui.notification.ranking_update_ashmem property
+get_prop(system_server, persist_sysui_ranking_update_prop)
 
 # Read ro.tuner.lazyhal
 get_prop(system_server, tuner_config_prop)

private/zygote.te

diff --git a/private/zygote.te b/private/zygote.te
index d61a431..71f6dc3 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -247,9 +247,11 @@
 # preloaded classes
 get_prop(zygote, persist_wm_debug_prop)
 
-# Allow zygote to read persist_sysui_builder_extras_prop to toggle experimental features in
-# core preloaded classes
+# Allow zygote to read persist_sysui_builder_extras_prop
+# and persist_sysui_ranking_update_prop
+# to toggle experimental features in core preloaded classes
 get_prop(zygote, persist_sysui_builder_extras_prop)
+get_prop(zygote, persist_sysui_ranking_update_prop)
 
 # Allow zygote to read /apex/apex-info-list.xml
 allow zygote apex_info_file:file r_file_perms;